Category: Monitoring and Maintaining Servers

MCTS 70-646 Monitor and maintain security and policies

Monitor and maintain security and policies

May include but is not limited to: remote access, monitor and maintain NPAS, network access, server security, firewall rules and policies, authentication and authorization, data security, auditing

Which information should be protected and how sensitive is business critical

what information needs to be protected, how sensitive it the data, and is it business critical, who should be authorised to access the data, implement a workable monitoring policy.

MCTS 70-646 Monitor servers for performance evaluation and optimisation

Monitor servers for performance evaluation and optimisation

May include but is not limited to: server and service monitoring, optimization, event management, trending and baseline analysis

A baseline of a computer systems performance and reliability should be captured when a system is first deployed for a number of weeks and if applicable when month end processes run; it is advisable to define quiet, busy and business as usual periods. Baselines should be re-analysed when a computer system is changed i.e. more resource is added or a new application is deployed.

Performance Monitor

Performance monitor allows you to view real time data and data collected over a longer period using a data collector set; see data collector sets under performance monitor here for more info.

By default the real time data in performance monitor is overwritten every 140 seconds, to change this behaviour select properties > graph > scrolling type > scroll.

System diagnostic reports

These reports can be created using perfmon /report or by reviewing the reports within the performance monitor GUI.

Action Center

Monitors the computer and reports problems with security, maintenance and other related settings such as firewall, anti virus, anti spyware and windows firewall configuration.

Task Manager

Task manager can be used for viewing process utilisation.

Resource Monitor

Resource monitor is accessible from Task Manager and can be used to stop, start, suspend or resume processes and services, useful for troubleshooting and can be used to highlight CPU, memory, disk and network usage for a particular process or service.

MCTS 70-646 Implement patch management strategy

Implement patch management strategy

Microsoft Baseline Security Analyser (MBSA) can be used to scan Windows operating systems for missing security patches and incorrectly configured settings which could render the Windows vulnerable to known attacks.

The System Center suite can be used to baseline and apply security patches.

Windows Server Update Services (WSUS) is a free patch deployment application available as a role in Windows Server 2008 R2 and a separate download for Windows Server 2008. The version of WSUS available for both revisions of Windows is 3.0 SP2 but note that upgrading a Windows Server 2008 computer running WSUS 3.0 SP2 to Windows Server 2008 R2 will fail.

WSUS 3.0 SP2 has support for the branch cache feature of Windows Server 2008 R2 and also support BITS peer caching, this allows Windows updates to be retrieve off neighbouring systems rather than directly from the WSUS server.

Approval deadlines can be used to force patches to be installed immediately; setting the deadline to a date in the past forces the Windows Update Agent (WUA) to install the update immediately.

Update strategy for roaming clients; point the clients to a DNS name and have that DNS resolve to the local site which the roaming client is currently located.

For application patch level maintenance you should consider looking at the System Center Configuration Manager editions.

More on WSUS here