610 likes | 769 Views
Windows Services - 1 “free” & useful add-ons from MS. Tech Coordinator Feast 2006 DuPage Session Tom Steele ( tsteele@manteno5.org ) Technology Director -Manteno School District Terry Sullivan ( tsulliva@comwares.net ) Technology Director - Shiloh CUSD#1 & Edgar CUD#6. Introduction.
E N D
Windows Services - 1“free” & useful add-ons from MS Tech Coordinator Feast 2006 DuPage Session Tom Steele ( tsteele@manteno5.org ) Technology Director -Manteno School District Terry Sullivan ( tsulliva@comwares.net) Technology Director - Shiloh CUSD#1 & Edgar CUD#6
Introduction • MSBSA • QChain.exe and Update.exe • Windows Update Service • WSUS • SharePoint Services • Free Service v. Portal Server • Backup Utilities • NTBackup • Other (addressed in other sessions) • VSC, Scheduler, Drive Quota, Remote Desktop • Terminal Services • IIS-6 • AntiSpyware - beta
MSBSA 2.0 • http://www.microsoft.com/technet/security/tools/mbsahome.mspx • Uses the new Windows Update Agent • Users who primarily have: • Windows 2000+ SP3 and later • Office XP+ and later • Exchange 2000+ and later • SQL Server 2000 SP4+ • Will analyze, report, and can be used to install updates
User Access for MSBSA • MUST have access to Client • user credentials • and FIREWALL issues • Can use GPOs to turn off Firewall • Script Line to turn off XPsp2 Firewall • netsh firewall set opmode DISABLE
Security Bulletins • Tue release cycle • Release notice and explanation 3 days before full release • Latest: Tue Mar 14, 2006 • 1 Critical • 1 Important http://www.microsoft.com/technet/security/
Patch Management - WHY • PandaSoftware reported 278% increase in new virus/worms since third quarter 2004 • Release patches on Tuesday • 2nd Tue – Patch Tuesday (started Oct 2003) • Oct 2004 • 10 patches • Feb 2005 • 11 patches • June 2005 • 10 patches • History -- network administrators have 7 to 21 days from the release of a security bulletin before hacker tools to exploit are freely available on the Internet
Deploy patches across network • Manual • Determine which patches are required • Download Windows Update Catalog • Store in share on server • Use login or logout script to apply • Update.exe & QChain.exe • Automate • SMS – maximum control but additional cost. • Windows Software Update Server (WSUS)
How It Works Microsoft Update WSUSServer Desktop ClientsTarget Group 1 Server ClientsTarget Group 2 WSUS Administrator Agents install administrator approved updates Administrator subscribes to update categories Server downloads updates from Microsoft Update Clients register themselves with the server Administrator puts clients in different target groups Administrator approves updates
Next Generation • WSUS (ver 2.0 of initial SUS product) • Will handle updates for • Windows • 2000, XP, XPhome, Server 2000, Server 2003 • Microsoft Office XP, 2003 • SQL Server 2000 & MSDE 2000 • Exchange Server 2003
WSUS - Installation Recommended system requirements The following system requirements can support up to 500 clients: • 750 MHz Pentium III or higher processor; 1 GHz Pentium III or higher processor recommended. • Operating System - Microsoft Windows Server 2003 (Standard or Enterprise Edition). Microsoft Windows 2000 Server or Advanced Server with Service Pack 4 (SP4) or later. • 512 megabytes (MB) of RAM; 1 gigabyte (GB) or more is recommended. • An NTFS file system partition with at least 200 megabyte (MB) of available free space for installing WSUS, and a minimum of 8 GB of available storage on an NTFS partition for the updates (if the administrator decides to host the updates locally). Need 6 GB for updates and 2 GB for SQL config files and reports. • WSUS requires .NET Framework 1.1 with SP1 installed. • WSUS requires BITS 2.0 and WinHTTP 5.1. • Microsoft Internet Explorer 6 with SP1 installed • WSUS requires IIS 5.0 for servers running Windows 2000 and IIS 6.0 for servers running Windows Server 2003. • WSUS requires MSSQL database software (desktop for full version)
WSUS - Windows Software Update Server • WSUS • http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx • http://www.microsoft.com/windowsserversystem/updateservices/default.mspx
Installation • Accept License • Choose install location • Install locallyneed 6 Gigfree spacefor Updates
Install Cont. • Install SQLdesktop engineor redirect toexisting SQL • Need 2 Gigfree space(8 Gig total)
WSUS Install Cont • Choose Websiteto manageWSUS • And whereclients connectfor updates
WSUS Install Cont • At this pointWSUS isinstalled • ContinueConfiguration &Managementvia Browser
Features: Reporting • Reporting • Summary status and alerts (home page) • Per computer, per update with printable compliance reports • Drilldown capabilities • Synchronization reports • What’s new, what changed • Event log integration • Agent and server status events sent to local event log
Manually Configuring – registry settings via regedit or script • In a non-Active Directory environment, an administrator can set registry settings to configure Automatic Updates. • Note: You will need to manually create these registry keys. • You can set these registry keys in several ways: • By manually editing the registry using Regedit.exe. • By centrally deploying these registry keys using Windows NT 4-style System Policy. • You can add the settings below to the registry at this location: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU • RescheduleWaitTime • Range: n; where n = time in minutes (1-60) • Registry value type: REG_DWORD • NoAutoRebootWithLoggedOnUsers • Set this to 1 if you want the logged on users to choose whether or not to reboot their system • Registry value type: REG_DWORD • NoAutoUpdate • Range = 0|1. 0 = Automatic Updates is enabled (default), 1 = Automatic Updates is disabled. • Registry Value Type: Reg_DWORD • AUOptions • Range = 2|3|4. 2 = notify of download and installation, 3 = automatically download and notify of installation, and 4 = automatic download and scheduled installation. All options notify the local administrator. • Registry Value Type: Reg_DWORD • ScheduledInstallDay • Range = 0|1|2|3|4|5|6|7. 0 = Every day; 1 through 7 = the days of the week from Sunday (1) to Saturday (7). • Registry Value Type: Reg_DWORD • ScheduledInstallTime • Range = n; where n = the time of day in 24-hour format (0-23). • Registry Value Type: Reg_DWORD • UseWUServer • Set this to 1 to enable Automatic Updates to use the server running Software Update Services as specified in WUServer below. • Registry Value Type: Reg_DWORD • Note: When configuring Automatic Updates directly though the policy registry keys, the policy will override the preferences set by the local administrative user to configure the client. If the administrator removes the registry keys at a later date, the preferences set by the local administrative user will be used again. • To determine which server running Software Update Services your client computers and servers go to for their updates, place the following two settings in the registry at this location: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate • WUServer • Sets the SUS server by HTTP name (for example, http://IntranetSUS). • Registry Value Type: Reg_SZ • WUStatusServer • Sets the SUS statistics server by HTTP name (for example, http://IntranetSUS). • Registry Value Type: Reg_SZ
Using ‘WSUS’ in non-AD networks • Script Writer to create registry entries • http://techdocs.r0ar.com/sus/sus.php • Will create a “.reg” or a “.bat” file • If interested the ‘php’ source used • http://techdocs.r0ar.com/sus/sus.php.txt
@ECHO OFF • SET tmpfile=%temp%\%random%.reg • ECHO Stopping Automatic Updates • NET STOP "wuauserv" >NUL • ECHO Creating the temporary registry file: %tmpfile% • ECHO Windows Registry Editor Version 5.00 > %tmpfile% • ECHO. >> %tmpfile% • ECHO [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\] >> %tmpfile% • ECHO "WUServer"="http://unitsussrv1" >> %tmpfile% • ECHO "WUStatusServer"="http://unitsussrv1" >> %tmpfile% • ECHO. >> %tmpfile% • ECHO [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\] >> %tmpfile% • ECHO "AUOptions"=dword:00000004 >> %tmpfile% • ECHO "NoAutoRebootWithLoggedOnUsers"=dword:00000001 >> %tmpfile% • ECHO "NoAutoUpdate"=dword:00000000 >> %tmpfile% • ECHO "RescheduleWaitTime"=dword:00000005 >> %tmpfile% • ECHO "ScheduledInstallDay"=dword:00000000 >> %tmpfile% • ECHO "ScheduledInstallTime"=dword:00000000 >> %tmpfile% • ECHO "UseWUServer"=dword:00000001 >> %tmpfile% • ECHO Applying the registry settings • reedit /s %tmpfile% • ECHO Deleting the temporary registry file: %tmpfile% • del %tmpfile% >NUL • ECHO Starting Automatic Updates • NET START "wuauserv" >NUL
WSUS & Cone/Imaging Q. Why don't the cloned or imaged PCs register with a WSUS server? A.This can happen if the machines share the same ClientID. You can work around this by deleting the following registry keys and rebooting the clients: HKLM\Software\Microsoft\Windows\CurrentVersion\Windowsupdate • Delete the following entries, if present: • AccountDomainSID • SusClientID • PingID • Before you clone the OS image, consider using • SysPrep – reseal • to make sure the SIDs are generated. • Machines that are sysprepped will automatically get a new ClientID when they are first booted. • WSUS Script to remove duplicate SID • http://support.microsoft.com/kb/555452
What is Sharepoint • Windows SharePoint Services (WSS) is a free add-on to Windows Server 2003 made available by Microsoft. It offers basic web portal and intranet functionality, including portal pages made up of web parts (developed in ASP.NET), team, document or project sub-sites, version-controlled document storage, and basic search functionality. It is made up of an ASP.NETweb site hosted on Internet Information Services, using a Microsoft Desktop Engine (MSDE) or Microsoft SQL Server database back-end to store data. • Windows SharePoint Services also forms the basis for Microsoft Office SharePoint Portal Server. • The development of Windows SharePoint Services was inspired by the first Wiki, the Portland Pattern Repository. Source: http://en.wikipedia.org/wiki/Windows_SharePoint_Services
What is Sharepoint • Website with all content stored in a database. • Uses ASP pages to access the data and build the pages. • Optimized for collaboration • Shared documents, calendars, contacts, discussions, etc. • Optimized for integration with MS Office • Highly proprietary to MS products
SharePoint Services • Managed Collaboration • Integration with MS Office • Control access/management of each SharePoint site • Shared Links • Shared Documents (with management) • Shared Calendar • Shared Tasklist (ability to assign tasks) • Shared Meeting agendas • Shared Events (registration, documents, agenda) • Create and manage online surveys • Shared work/discussion space • PRICE = 39.95 MD
SharePoint Versions & History • Sharepoint Portal Services • Portal 2003 • Portal 2001 (no longer available) • Sharepoint Services • Current version is 2.0 SP2 • Tight integration with MS Office family • Team Services 1.0 (no longer available)
Sharepoint Minimum Requirements • Server Hardware • Intel Pentium III-compatible processor • 512 megabytes (MB) of RAM • 550 MB of available hard disk drive space • Server Software • One of the 2003 operating systems • A Web application server with the following components: • Microsoft ASP.NET • Internet Information Services (IIS) 6.0 with the following components: • Common files • Simple Mail Transfer Protocol (SMTP) service • World Wide Web service • Server Databases • One of the versions of SQL Server (full or desktop) • Client Browser • Standard browser to access site • IE 5 or better, Netscape 6 or better, Mozilla 1.4 or better
SharePoint and SQL • SharePoint uses a SQL database to store and manage all content • Can use full SQL 2000 or MSDE 2000 (assume 2005) • MSDE does not allow full text searching • Backup/Restore • Migrate-Transfer a site
Features which work with Office 11 • File Open and Save Integration • Document Versioning and Check-in/Check-out Integration. • Document Workspaces (Shared attachment) • Meeting Workspaces (scheduling etc) • Synchronizing Calendar and Contacts Lists with Outlook • Alerts Integration with Outlook • Using Excel and Access to Edit and Analyze SharePoint List Data • Web Discussions Integration (inline discussion comments) • Online presence awareness and indicator
SharePoint Service & Office Integration • Office XP & Office 2003 built in tools • Integrated Document Management and Sharing • File Menu Integration – open/save to document library • Document Check-in and Check-out • Version Tracking • Integrated Web Discussions • Document Workspace and Meeting Workspace Sites • Shared Calendars • Shared Task lists • Email alerts • User “Presence” notification
Sharepoint sp2 Download • http://www.microsoft.com/downloads/details.aspx?FamilyId=B922B28D-806A-427B-A4C5-AB0F1AA0F7F9&displaylang=en
SharePoint Install • SharePoint 2.0 runs under IIS-6 worker process isolation mode rather than the old IIS-5 isolation mode. This means IIS uses the new isolated Application Process model for isolating and securing processes • ISSUES: • FrontPage Server Extensions – NO!! • Use SharePoint Admin panel to create and manage websites rather than directly using IIS Manager
SharePoint Installation • Will install to system drive by default • Installation is automated • will install/configure WMSDTK-SQL • will install/configure Sharepoint Services • will configure Sharepoint site • TO manage – Central Admin access via Web Browser • http://localhost:7893/ -- the port is assigned but can be configured with IIS management • OR http://xxx.xxx.xxx.xxx:7893/
Installing • Extract & Run - stsv2.exe • NEED -- application server -- IIS6 • ASP-NET must be installed • NO FP extensions
Installing - Typical v Server Farm • Choose databasetype and location • Full SQL • Multiple servers • Full text searching • MSDE • Single server • Small organization • Can convert later
Install finish • Will install - copy files to folders • Will install and preconfigure MSDE (sql desktop engine • Will preconfigure Sharepoint Services 2.0 • Will configure Sharepoint SITE (admin and top level site) • Will launch browser and connect to Admin site • http://localhost/default.aspx
SharePoint Assistance Center http://www.microsoft.com/sharepoint/assistance/default.asp
SharePoint Administrators Guide http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/default.mspx
Site Security • Each site or subsite can have separate security settings • Default is no access outside AD and read only for permitted users inside AD. • User members of a site are tightly integrated with AD users and groups • If desired a site can be opened as a public site but the default is to maintain as an Intranet site
Sharepoint Templates • What are they? • Preconfigured sites built around a central theme, such as classroom, or equipment checkin/out • How do you use them? • Download and add the template to the main database, then use to create a new site or subsite. • Where do you get them? • http://www.microsoft.com/technet/prodtechnol/sppt/wssapps/default.mspx
Sample Templates • http://www.microsoft.com/technet/prodtechnol/sppt/wssapps/default.mspx