Windows Server 2008 R2 Unleashed (136 page)

An attempt was made to access an object.

Subject:

Security ID: COMPANYABC\Administrator

Account Name: Administrator

Account Domain: COMPANYABC

Logon ID: 0x2586e

Object:

Object Server: Security

Object Type: File

Object Name: C:\Confidential\Secret.txt

Handle ID: 0xec

Process Information:

Process ID: 0xfd8

Process Name: C:\Windows\System32\notepad.exe

Access Request Information:

ptg

Accesses: WriteData (or AddFile)

AppendData (or AddSubdirectory or CreatePipeInstance)

Access Mask: 0x6

The event is well organized into Subject (whom attempted the access), Object (what was

acted on), Process Information (what program was used), and Access Request Information

(what was done). If the event was Audit Success, the attempt was successful. If the event

was Audit Failure, the attempt failed. You can see from the event that the administrator

wrote to the file Secret.txt at 6:22:56 p.m. and even that the program Notepad was used.

Auditing Printers

Printer auditing operates on the same basic principles as file and folder auditing. In fact,

the same step-by-step procedures for configuring file and folder auditing apply to print-

ers. The difference lies in what successes and failures can be audited. These events include

the following:

. Print

20

. Manage printers

. Manage documents

. Read permissions

. Change permissions

. Take ownership

These events are stored in Event Viewer’s security log, as are all audit events.

674

CHAPTER 20

Windows Server 2008 R2 Management and Maintenance Practices

To audit a printer, do the following:

1. In the Printers Control Panel applet, right-click the printer to audit, and select

Properties.

2. Select the Security tab and then click the Advanced button.

3. In the Advanced Security Settings window, select the Auditing tab, and click the

Edit button.

4. Click the Add button to display the Select User or Group window.

5. Enter the name of the user or group to audit when accessing the file or folder. Click

the Check Names button to verify the name.

6. Click OK to open the Auditing Entries window.

7. In the Auditing Entry window, select which events to audit for successes or failures.

The objects to audit will be different than the auditing available for files and folders,

as the printer is a different class of object.

8. Click OK three times to exit.

Now access to the printer will generate security log events, depending on the events that

were selected to be audited.

ptg

Managing Windows Server 2008 R2 Remotely

Windows Server 2008 R2’s built-in feature set allows it to be easily managed remotely. This

capability reduces administration time, expenses, and energy by allowing administrators to

manage systems from remote locations rather than having to be physically at the system.

Server Manager Remote Management

New to Windows Server 2008 R2 is the Server Manager Remote Management, which

allows the Server Manager console to remotely manage another server. This makes avail-

able all the features of Server Manager to the remote computer, allowing administrators to

easily manage Windows Server 2008 R2 servers from a central location.

Server Manager Remote Management is disabled by default. This is a security feature,

much like Remote Desktop, and so Windows Server 2008 R2 defaults to a more secure

state out of the box. To enable the Server Manager Remote Management, execute the

following steps:

1. Launch Server Manager.

2. Click on the Configure Server Manager Remote Management link.

3. Select the Enable Remote Management of This Server from Other Computers check

box.

4. Click OK.

Now the system is ready to accept connections from remote Server Manager consoles. To

connect to a remote computer with the Server Manager console, right-click on the Server

Managing Windows Server 2008 R2 Remotely

675

Manager root and select Connect to Another Computer. Enter the remote computer name

and click OK.

Remote Server Administration Tools

The Remote Server Administration Tools include a number of tools to manage Windows

Server 2008 R2 remotely. This set of tools replaced the Adminpack.msi set of tools that

shipped with Windows Server 2003.

There are different tools for the roles (see Table 20.7) and for the features (see Table 20.8).

TABLE 20.7

Remote Server Administration Tools for Roles

Tool

Description

Active Directory Certificate Services

Active Directory Certificate Services Tools include the

Tools

Certification Authority, Certificate Templates, Enterprise

PKI, and Online Responder Management snap-ins.

Active Directory Domain Services

Active Directory Domain Services Tools include Active

(AD DS) Tools

Directory Users and Computers, Active Directory Domains

and Trusts, Active Directory Sites and Services, and other

ptg

snap-ins and command-line tools for remotely managing

Active Directory Domain Services.

Active Directory Lightweight Directory Active Directory Lightweight Directory Services Tools

Services (AD LDS) Tools

include Active Directory Sites and Services, ADSI Edit,

Schema Manager, and other snap-ins and command-line

tools for managing Active Directory Lightweight Directory

Services.

Active Directory Rights Management

Active Directory Rights Management Services (AD RMS)

Services (AD RMS) Tools

Tools includes the Active Directory Rights Management

Services (AD RMS) snap-in.

DHCP Server Tools

DHCP Server Tools include the DHCP snap-in.

DNS Server Tools

DNS Server Tools include the DNS Manager snap-in and

dnscmd.exe command-line tool.

Fax Server Tools

Fax Server Tools include the Fax Service Manager snap-in.

File Services Tools

File Services Tools include the following: Distributed File

System Tools, which include the DFS Management snap-

20

in, and the dfsradmin.exe, dfscmd.exe, dfsdiag.exe,

and dfsutil.exe command-line tools. File Server

Resource Manager Tools include the File Server Resource

Manager snap-in, and the filescrn.exe and

storrept.exe command-line tools. Services for Network

File System Tools include the Network File System snap-

in, and the nfsadmin.exe, showmount.exe, and

rpcinfo.exe command-line tools.

676

CHAPTER 20

Windows Server 2008 R2 Management and Maintenance Practices

TABLE 20.7

Remote Server Administration Tools for Roles

Tool

Description

Hyper-V Tools

Hyper-V Tools include the snap-ins and tools for managing

the Hyper-V role.

Network Policy and Access Services

Network Policy and Access Services Tools include the

Tools

Routing and Remote Access and Health Registration

Authority snap-ins.

Print and Document Services Tools

Print Services Tools include the Print Management snap-

in.

Remote Desktop Services Tools

Remote Desktop Services Tools include the TS

RemoteApp Manager, TS Gateway Manager, and TS

Licensing Manager snap-ins.

Web Server (IIS) Tools

Web Server (IIS) Tools include the Internet Information

Services (IIS) 6.0 Manager and IIS Manager snap-ins.

Windows Deployment Services Tools

Windows Deployment Services Tools include the Windows

Deployment Services snap-in, wdsutil.exe command-line

tool, and Remote Install extension for the Active Directory

Users and Computers snap-in.

ptg

TABLE 20.8

Remote Server Administration Tools for Features

Tool

Description

BitLocker Drive

BitLocker Drive Encryption Tools include the manage-bde.wsf script.

Encryption Tools

BITS Server Extensions

BITS Server Extensions Tools include the Internet Information Services

Tools

(IIS) 6.0 Manager and IIS Manager snap-ins.

Failover Clustering

Failover Clustering Tools include the Failover Cluster Manager snap-in

Tools

and the cluster.exe command-line tool.

Network Load

Network Load Balancing Tools include the Network Load Balancing

Balancing Tools

Manager snap-in and the nlb.exe and wlbs.exe command-line tools.

SMTP Server Tools

SMTP Server Tools include the Internet Information Services (IIS) 6.0

Manager snap-in.

WINS Server Tools

Windows Internet Naming Service (WINS) Server Tools include the

WINS snap-in.

The tools are installed as a feature. You can install all the tools or only the specific ones that

you need. To install the Remote Server Administration Tools, execute the following steps:

1. Launch Server Manager.

2. Select the Features folder.

Managing Windows Server 2008 R2 Remotely

677

3. Click the Add Features link.

4. Locate the Remote Server Administration Tools feature.

5. Select the desired tools (more than one can be selected).

6. Click Next to accept the selected tools.

7. Click Install to install the selected tools.

8. Click Close to exit the wizard.

9. Close the Server Manager window.

After the tools are installed, you can manage remote computers by selecting the Connect

to Another Computer command from the Action menu.

Windows Remote Management

Windows Remote Management (WinRM) enables an administrator to run command lines

remotely on a target server. When WinRM is used to execute the command remotely, the

command executes on the target server and the output of the command is piped to the

local server. This allows administrators to see the output of those commands.

The commands run securely, as the WinRM requires authentication and also encrypts the

ptg

network traffic in both directions.

WinRM is both a service and a command-line interface for remote and local management

of servers. The service implements the WS-Management protocol on Windows Server 2008

R2. WS-Management is a standard web services protocol for management of software and

hardware remotely.

In Windows Server 2008 R2, the WinRM service establishes a Listener on the HTTP and

HTTPS ports. It can coexist with Internet Information Services (IIS) and share the ports,

but uses the /wsman URL to avoid conflicts. The IIS role does not have to be installed for

this to work.

The WinRM service must be configured to allow remote management of the target server

and the Windows Firewall must be configured to allow Windows Remote Management

traffic inbound. The WinRM service can be configured through GPO or via the WinRM

command line. To have the WinRM service listen on port 80 for all IP addresses on the

server and to configure the Windows Firewall, execute the following commands on the

target server:

1. Select Start, Run.

20

2. Enter the command winrm quickconfig.

3. Click OK to run the command.

4. Read the output from WinRM. Answer y to the prompt that asks: “Make These

Changes [y/n]?”

Now the target server is ready to accept commands. For example, suppose an administra-

tor is logged on to a server dc1.companyabc.com and needs to remotely execute a

command on branch office server dc3.companyabc.com. These steps assume that WinRM

678

CHAPTER 20

Windows Server 2008 R2 Management and Maintenance Practices

has been configured and the firewall rule has been enabled. Use the following steps to

remotely execute the command:

1. Open a command prompt on DC1.

2. Enter the command winrs –r: dc3.companyabc.com ipconfig /all.

The output of the command will be shown on the local server (DC1)—in this case, the IP

configuration of the target server (DC3).

This is particularly useful when executing a command or a set of commands on numer-

ous servers. Rather than having to log on to an RDP session on each server and execute

the command, the command can be remotely executed in a batch file against all the

target servers.

PowerShell

The powerful new command-line shell is now integrated into Windows Server 2008 R2.

PowerShell 2.0 is an administrator-focused shell and scripting language that has a consis-

tent syntax that makes it easy to use. It operates on a cmdlet paradigm, which is, in effect,

mini command-line tools. The syntax for the cmdlets is the same as for the PowerShell

scripting language, reducing the learning curve of the administrator. In the Windows

Server 2008 R2, the PowerShell 2.0 allows for shells to run against remote systems. This

ptg

enables administrators to execute cmdlets and scripts across the organization from a

central console.

PowerShell can run its own scripts and cmdlets, as well as legacy scripts such as VBScript

(.vbs), batch files (.bat), and Perl scripts (.perl). The shell can even run Windows-based

command-line tools. Many of Microsoft’s new applications, such as Microsoft Exchange

Other books

Deathskull Bombshell by Bethny Ebert
Legend Beyond The Stars by S.E. Gilchrist
Born of Silence by Sherrilyn Kenyon
Hyper-chondriac by Brian Frazer
Ancient Enemy by Lukens, Mark
Dangerous Promises by Roberta Kray
Dead Money by Grant McCrea
Celebration by Fern Michaels