Windows Services 1 free

1
Windows Services - 1free useful add-ons from
MS

• Tech Coordinator Feast
• 2006
• DuPage Session
• Tom Steele ( tsteele_at_manteno5.org )
• Technology Director -Manteno School District
• Terry Sullivan ( tsulliva_at_comwares.net)
• Technology Director - Shiloh CUSD1 Edgar CUD6

2
Introduction

• MSBSA
• QChain.exe and Update.exe
• Windows Update Service
• WSUS
• SharePoint Services
• Free Service v. Portal Server
• Backup Utilities
• NTBackup
• Other (addressed in other sessions)
• VSC, Scheduler, Drive Quota, Remote Desktop
• Terminal Services
• IIS-6
• AntiSpyware - beta

3
Microsoft Windows Update - V6
4
MSBSA 2.0

• http//www.microsoft.com/technet/security/tools/mb
  sahome.mspx
• Uses the new Windows Update Agent
• Users who primarily have
• Windows 2000 SP3 and later
• Office XP and later
• Exchange 2000 and later
• SQL Server 2000 SP4
• Will analyze, report, and can be used to install
  updates

5
User Access for MSBSA

• MUST have access to Client
• user credentials
• and FIREWALL issues
• Can use GPOs to turn off Firewall
• Script Line to turn off XPsp2 Firewall
• netsh firewall set opmode DISABLE

6
MSBSA - Testing
7
MSBSA - Results
8
Security Bulletins

• Tue release cycle
• Release notice and explanation 3 days before full
  release
• Latest Tue Mar 14, 2006
• 1 Critical
• 1 Important

http//www.microsoft.com/technet/security/
9
Patch Management - WHY

• PandaSoftware reported 278 increase in new
  virus/worms since third quarter 2004
• Release patches on Tuesday
• 2nd Tue Patch Tuesday (started Oct 2003)
• Oct 2004
• 10 patches
• Feb 2005
• 11 patches
• June 2005
• 10 patches

• History -- network administrators have 7 to 21
  days from the release of a security bulletin
  before hacker tools to exploit are freely
  available on the Internet

10
Deploy patches across network

• Manual
• Determine which patches are required
• Download Windows Update Catalog
• Store in share on server
• Use login or logout script to apply
• Update.exe QChain.exe
• Automate
• SMS maximum control but additional cost.
• Windows Software Update Server (WSUS)

11
How It Works
WSUSServer
Microsoft Update
Desktop ClientsTarget Group 1
Server ClientsTarget Group 2
WSUS Administrator
Agents install administrator approved updates
Administrator subscribes to update categories
Server downloads updates from Microsoft Update
Clients register themselves with the server
Administrator puts clients in different target
groups
Administrator approves updates
12
Next Generation

• WSUS (ver 2.0 of initial SUS product)
• Will handle updates for
• Windows
• 2000, XP, XPhome, Server 2000, Server 2003
• Microsoft Office XP, 2003
• SQL Server 2000 MSDE 2000
• Exchange Server 2003

13
WSUS - Installation

• Recommended system requirements
• The following system requirements can support up
  to 500 clients
• 750 MHz Pentium III or higher processor 1 GHz
  Pentium III or higher processor recommended.
• Operating System - Microsoft Windows Server 2003
  (Standard or Enterprise Edition). Microsoft
  Windows 2000 Server or Advanced Server with
  Service Pack 4 (SP4) or later.
• 512 megabytes (MB) of RAM 1 gigabyte (GB) or
  more is recommended.
• An NTFS file system partition with at least 200
  megabyte (MB) of available free space for
  installing WSUS, and a minimum of 8 GB of
  available storage on an NTFS partition for the
  updates (if the administrator decides to host the
  updates locally). Need 6 GB for updates and 2 GB
  for SQL config files and reports.
• WSUS requires .NET Framework 1.1 with SP1
  installed.
• WSUS requires BITS 2.0 and WinHTTP 5.1.
• Microsoft Internet Explorer 6 with SP1 installed
• WSUS requires IIS 5.0 for servers running Windows
  2000 and IIS 6.0 for servers running Windows
  Server 2003.
• WSUS requires MSSQL database software (desktop
  for full version)

14
WSUS - Windows Software Update Server

• WSUS
• http//technet2.microsoft.com/windowsserver/en/tec
  hnologies/featured/wsus/default.mspx
• http//www.microsoft.com/windowsserversystem/updat
  eservices/default.mspx

15
Installation

• Accept License
• Choose install location
• Install locallyneed 6 Gigfree spacefor Updates

16
Install Cont.

• Install SQLdesktop engineor redirect
  toexisting SQL
• Need 2 Gigfree space(8 Gig total)

17
WSUS Install Cont

• Choose Websiteto manageWSUS
• And whereclients connectfor updates

18
WSUS Install Cont

• At this pointWSUS isinstalled
• ContinueConfiguration Managementvia
  Browser

19
WSUS Management
20
Features Reporting

• Reporting
• Summary status and alerts (home page)
• Per computer, per update with printable
  compliance reports
• Drilldown capabilities
• Synchronization reports
• Whats new, what changed
• Event log integration
• Agent and server status events sent to local
  event log

21
(No Transcript)
22
(No Transcript)
23
WSUS Active Directory
24
WSUS GPOs
25
Manually Configuring registry settings via
regedit or script

• In a non-Active Directory environment, an
  administrator can set registry settings to
  configure Automatic Updates.
• Note You will need to manually create these
  registry keys.
• You can set these registry keys in several ways
• By manually editing the registry using
  Regedit.exe.
• By centrally deploying these registry keys using
  Windows NT 4-style System Policy.
• You can add the settings below to the registry at
  this location HKEY_LOCAL_MACHINE\Software\Poli
  cies\Microsoft\Windows\WindowsUpdate\AU
• RescheduleWaitTime
• Range n where n time in minutes (1-60)
• Registry value type REG_DWORD
• NoAutoRebootWithLoggedOnUsers
• Set this to 1 if you want the logged on users to
  choose whether or not to reboot their system
• Registry value type REG_DWORD
• NoAutoUpdate
• Range 01. 0 Automatic Updates is enabled
  (default), 1  Automatic Updates is disabled.
• Registry Value Type Reg_DWORD
• AUOptions
• Range 234. 2  notify of download and
  installation, 3  automatically download and
  notify of installation, and 4  automatic
  download and scheduled installation. All options
  notify the local administrator.
• Registry Value Type Reg_DWORD
• ScheduledInstallDay

26
Using WSUS in non-AD networks

• Script Writer to create registry entries
• http//techdocs.r0ar.com/sus/sus.php
• Will create a .reg or a .bat file
• If interested the php source used
• http//techdocs.r0ar.com/sus/sus.php.txt

27

• _at_ECHO OFF
• SET tmpfiletemp\random.reg
• ECHO Stopping Automatic Updates
• NET STOP "wuauserv" gtNUL
• ECHO Creating the temporary registry file
  tmpfile
• ECHO Windows Registry Editor Version 5.00 gt
  tmpfile
• ECHO. gtgt tmpfile
• ECHO HKEY_LOCAL_MACHINE\Software\Policies\Microso
  ft\Windows\WindowsUpdate\ gtgt tmpfile
• ECHO "WUServer""http//unitsussrv1" gtgt tmpfile
• ECHO "WUStatusServer""http//unitsussrv1" gtgt
  tmpfile
• ECHO. gtgt tmpfile
• ECHO HKEY_LOCAL_MACHINE\Software\Policies\Microso
  ft\Windows\WindowsUpdate\AU\ gtgt tmpfile
• ECHO "AUOptions"dword00000004 gtgt tmpfile
• ECHO "NoAutoRebootWithLoggedOnUsers"dword0000000
  1 gtgt tmpfile
• ECHO "NoAutoUpdate"dword00000000 gtgt tmpfile
• ECHO "RescheduleWaitTime"dword00000005 gtgt
  tmpfile
• ECHO "ScheduledInstallDay"dword00000000 gtgt
  tmpfile

28
WSUS Cone/Imaging

• Q. Why don't the cloned or imaged PCs register
  with a WSUS server?
• A.This can happen if the machines share the same
  ClientID. You can work around this by deleting
  the following registry keys and rebooting the
  clients
• HKLM\Software\Microsoft\Windows\CurrentVersion\Wi
  ndowsupdate
• Delete the following entries, if present
• AccountDomainSID
• SusClientID
• PingID
• Before you clone the OS image, consider using
• SysPrep reseal
• to make sure the SIDs are generated.
• Machines that are sysprepped will automatically
  get a new ClientID when they are first booted.
• WSUS Script to remove duplicate SID
• http//support.microsoft.com/kb/555452

29
Windows SharePoint Service
30
What is Sharepoint

• Windows SharePoint Services (WSS) is a free
  add-on to Windows Server 2003 made available by
  Microsoft. It offers basic web portal and
  intranet functionality, including portal pages
  made up of web parts (developed in ASP.NET),
  team, document or project sub-sites,
  version-controlled document storage, and basic
  search functionality. It is made up of an ASP.NET
  web site hosted on Internet Information Services,
  using a Microsoft Desktop Engine (MSDE) or
  Microsoft SQL Server database back-end to store
  data.
• Windows SharePoint Services also forms the basis
  for Microsoft Office SharePoint Portal Server.
• The development of Windows SharePoint Services
  was inspired by the first Wiki, the Portland
  Pattern Repository.
• Source http//en.wikipedia.org/wiki/Windows_Sh
  arePoint_Services

31
What is Sharepoint

• Website with all content stored in a database.
• Uses ASP pages to access the data and build the
  pages.
• Optimized for collaboration
• Shared documents, calendars, contacts,
  discussions, etc.
• Optimized for integration with MS Office
• Highly proprietary to MS products

32
SharePoint Services

• Managed Collaboration
• Integration with MS Office
• Control access/management of each SharePoint site
• Shared Links
• Shared Documents (with management)
• Shared Calendar
• Shared Tasklist (ability to assign tasks)
• Shared Meeting agendas
• Shared Events (registration, documents, agenda)
• Create and manage online surveys
• Shared work/discussion space
• PRICE 39.95 MD

33
SharePoint Versions History

• Sharepoint Portal Services
• Portal 2003
• Portal 2001 (no longer available)
• Sharepoint Services
• Current version is 2.0 SP2
• Tight integration with MS Office family
• Team Services 1.0 (no longer available)

34
Sharepoint Minimum Requirements

• Server Hardware
• Intel Pentium III-compatible processor
• 512 megabytes (MB) of RAM
• 550 MB of available hard disk drive space
• Server Software
• One of the 2003 operating systems
• A Web application server with the following
  components
• Microsoft ASP.NET
• Internet Information Services (IIS) 6.0 with the
  following components
• Common files
• Simple Mail Transfer Protocol (SMTP) service
• World Wide Web service
• Server Databases
• One of the versions of SQL Server (full or
  desktop)
• Client Browser
• Standard browser to access site
• IE 5 or better, Netscape 6 or better, Mozilla 1.4
  or better

35
SharePoint and SQL

• SharePoint uses a SQL database to store and
  manage all content
• Can use full SQL 2000 or MSDE 2000 (assume 2005)
• MSDE does not allow full text searching
• Backup/Restore
• Migrate-Transfer a site

36
Features which work with Office 11

• File Open and Save Integration
• Document Versioning and Check-in/Check-out
  Integration.
• Document Workspaces (Shared attachment)
• Meeting Workspaces (scheduling etc)
• Synchronizing Calendar and Contacts Lists with
  Outlook
• Alerts Integration with Outlook
• Using Excel and Access to Edit and Analyze
  SharePoint List Data
• Web Discussions Integration (inline discussion
  comments)
• Online presence awareness and indicator

37
SharePoint Service Office Integration

• Office XP Office 2003 built in tools
• Integrated Document Management and Sharing
• File Menu Integration open/save to document
  library
• Document Check-in and Check-out
• Version Tracking
• Integrated Web Discussions
• Document Workspace and Meeting Workspace Sites
• Shared Calendars
• Shared Task lists
• Email alerts
• User Presence notification

38
Sharepoint sp2 Download

• http//www.microsoft.com/downloads/details.aspx?Fa
  milyIdB922B28D-806A-427B-A4C5-AB0F1AA0F7F9displa
  ylangen

39
SharePoint Install

• SharePoint 2.0 runs under IIS-6 worker process
  isolation mode rather than the old IIS-5
  isolation mode. This means IIS uses the new
  isolated Application Process model for isolating
  and securing processes
• ISSUES
• FrontPage Server Extensions NO!!
• Use SharePoint Admin panel to create and manage
  websites rather than directly using IIS Manager

40
SharePoint Installation

• Will install to system drive by default
• Installation is automated
• will install/configure WMSDTK-SQL
• will install/configure Sharepoint Services
• will configure Sharepoint site
• TO manage Central Admin access via Web Browser
• http//localhost7893/ -- the port is assigned
  but can be configured with IIS management
• OR http//xxx.xxx.xxx.xxx7893/

41
Installing

• Extract Run - stsv2.exe
• NEED -- application server -- IIS6
• ASP-NET must be installed
• NO FP extensions

42
Installing - Typical v Server Farm

• Choose databasetype and location
• Full SQL
• Multiple servers
• Full text searching
• MSDE
• Single server
• Small organization
• Can convert later

43
Install use 44 meg on Sys Drive
44
Install finish

• Will install - copy files to folders
• Will install and preconfigure MSDE (sql desktop
  engine
• Will preconfigure Sharepoint Services 2.0
• Will configure Sharepoint SITE (admin and top
  level site)
• Will launch browser and connect to Admin site
• http//localhost/default.aspx

45
SharePoint Assistance Center
http//www.microsoft.com/sharepoint/assistance/def
ault.asp
46
SharePoint Administrators Guide
http//www.microsoft.com/resources/documentation/w
ss/2/all/adminguide/en-us/default.mspx
47
(No Transcript)
48
Site Security

• Each site or subsite can have separate security
  settings
• Default is no access outside AD and read only for
  permitted users inside AD.
• User members of a site are tightly integrated
  with AD users and groups
• If desired a site can be opened as a public site
  but the default is to maintain as an Intranet site

49
Sharepoint Templates

• What are they?
• Preconfigured sites built around a central theme,
  such as classroom, or equipment checkin/out
• How do you use them?
• Download and add the template to the main
  database, then use to create a new site or
  subsite.
• Where do you get them?
• http//www.microsoft.com/technet/prodtechnol/sppt/
  wssapps/default.mspx

50
Sample Templates

• http//www.microsoft.com/technet/prodtechnol/sppt/
  wssapps/default.mspx

51
Using Templates

• To install this download
• Note To complete the following installation, you
  must have Administrator rights to both the root
  of the Windows SharePoint Server and to the
  server on which it is installed.
• Download the file by clicking the Download button
  and saving the file to your server.
• Double-click the program file on your hard disk
  to extract the template files to a location on
  the server.
• Open the top-level Windows SharePoint Services
  site where you will install the template.
• On the link bar, click Site Settings.
• In the Administration section, click Go To Site
  Administration.
• In the Site Collection Galleries section, click
  Manage site template gallery.
• On the Site Template Gallery page, click Upload
  Template.
• Browse to the location where you extracted the
  template and select the template. Click the Open
  button.
• Click Save and Close to upload the template.
• Instructions for use
• Open your Windows SharePoint Services site.
• On the link bar, click Create.
• In the Web Pages section, select Sites and
  Workspaces.
• Complete the information and then click Create.
• On the Template Selection screen, select the new
  template from the list, and then click OK.

52
Removing Templates

• To remove a downloaded/installed template
• To uninstall the template, complete the
  following. You must have Administrator rights to
  the root of the Windows SharePoint Server.
• Note This will not remove the templates from any
  sites that were already created using this
  template. It will only prevent users from
  creating new sites based on that template.
• Open the top-level Windows SharePoint Services
  site where you will install the template.
• On the link bar, click Site Settings.
• In the Administration section, click Go To Site
  Administration.
• In the Site Collection Galleries section, click
  Manage site template gallery.
• Click the Edit icon of the template you will
  uninstall. Click Delete and then OK

53
Webparts

• What are they?
• Reuseable pieces of ASP code you can drop into
  any website and configure/format as needed
• Each sharepoint site is made up of webpages
  assembled from Webpart pieces
• Can configure directly in the website, IF you
  have admin permissions.
• How do you customize a Sharepoint site?
• Use the wizards to modify webparts
• Complete control with FrontPage 2003

54
Types of webparts

• Lists
• Events
• Announcements
• Links
• Members/contacts
• Document libraries
• Picture libraries
• Surveys
• Discussions
• RSS feed in and out capable
• Can create custom parts with code or by using FP

55
Site Organization

• Each Sharepoint site consists of a top level site
• Each site can have additional parts added to the
  page or additional pages added
• A Site can have Sub-sites with different sets of
  permissions and either linked or not linked from
  the top site
• Creating a 2nd Top Level Site also called
  Extending the virtual server
• Create a new site with IIS management
• Use WSS (central) Admin to extend the site

56
Customizing a Site

• Can use browser to drag/drop web parts on the
  page
• Can use built in editor to edit and customize the
  appearance or the content of each web part
• Can create links between pages in a site
• Subsites can be linked or maintained separately

57
NT Backup Service

• Start Programs Accessories System Tools
  Backup
• Backup Utility
• Backup to another drive, network share, NAS,
  CD-DVD, Tape
• Includes scheduler, but may have to tweak for
  tape changes (same old task scheduler)
• Backup local drives or network shares
• Can include modules for Exchange and other MS
  products

58
NTBackup

• Creates a scheduled job file list in
• Documents and Settings\username\Local
  Settings\Application Data\Microsoft\Windows NT\NT
  Backup\data\jobname.bks
• Creates a scheduled task which can be edited
• Either command line schtasks OR
  Accessories-System Tools-Scheduled Tasks
• Tasks are stored in the C\windows\Tasks
  folder

59
NTBackup

• Create a .bks text file with folders to be backed
  up one per line
• Example
• Text File daily.bks with one directory per line
• D\Pub\
• E\users\
• SystemState
• Can schedule with NTBackup
• with AT scheduler OR
• With schtasks (new XP scheduler service)
• Can run from NTBackup OR command line

60
NTBackup Command Line

• Cmd or Batch File version
• start /wait rsm.exe refresh /lf"Your_Library_Name"
  
• ntbackup.exe backup "daily.bks /vno /rno
  /rsno /hcon /m normal /j "daily.job" /lf
  /p 4mm DDS" /um
• /lf logical media friendly name
• /v verify
• /r restrict to owner or administrator group
• /rs removable storage database
• /hc hardware compression
• /m type normal, incremental,
• /j job name
• /l type of log file
• /p media pool
• /um magic bullet will find 1st media of
  defined type, format, and use.

61
QA