The Ultimate Windows Server 1002003 System Administrators Guide [Electronic resources] نسخه متنی

INTERFACE BASICS

The Windows Server 2003 provides two alternative user interfaces. The new interface mirrors the more visual approach first introduced in Windows XP. It is recommended that this view be used whenever possible. The second user interface, which we call the "classic view," should be familiar to anyone who has used Windows 98 or Windows NT with Internet Explorer 4.0 or later. Throughout this book, we alternate screen shots to reflect these two user interfaces. In the unlikely event that you have not used these products, this section provides a view of the user interface from 30,000 feet. Even for experienced users, there may be a few tips worthy of brief review. While the options available to an administrator and the typical user are different, the underlying interface is the same.

The Windows Management Services interface is based on the industry initiative Web-Based Enterprise Management (WBEM), which attempts to establish infrastructure management across heterogeneous environments. It identifies the underlying methods for accessing data on a variety of platforms. WBEM is derived from the Common Information Model (CIM) as defined by the Distribution Management Task Force (DMTF).

Microsoft's implementation of WBEM is called the Windows Management Instrumentation (WMI). WMI supports traditional administration that uses scripts that kick off other applications. It also goes further by permitting the use of scripts at the object level. WMI can be thought of as the method in which things get done. The Windows Scripting Host, discussed in Chapter 17, automates the action. Finally, the Microsoft Management Console (MMC) discussed in this chapter determines how the administrative tools are to be presented. The MMC user interface creates linkages to the WMI.

The Windows Server 2003 interface is basically a desktop comprising a customizable toolbar and a group of icons that serve as shortcuts to applications, folders, files, and other objects. As menus or iconic items are opened, Microsoft Explorer windows are launched and objects are displayed with a Web browser look and feel.

In Chapter 8, "Group Policies," we discuss how a system administrator can standardize the desktop to add or restrict the menu and desktop items available to a user or group.

The Toolbar and Cascading Menu System

All Microsoft Windows environments provide a Start toolbar and cascading pull-down menus (Figure 4.1). If you have not already played with toolbar and menu setups, take a few moments to get acquainted with them. Also, take the time to customize the Start toolbar and menus by clicking Start then select Settings select Taskbar and Start Menu. One of the first changes a user will notice when working with Windows XP or Windows Server 2003 is the new look and feel of the Start menu. It has been redesigned to reflect important and frequently used tasks better. There is now a Frequently Used Programs list that displays the most frequently used programs. The Start menu and toolbar can be customized by right-clicking it and selecting Properties. Alternatively, the Start menu can be modified as follows: Start Control Panel Appearance and Themes Taskbar and Start Menu select Start Menu or Taskbar tab. At this stage, any item can be added to the Start menu or toolbar by clicking it in the dialog box. Other modifications are possible, including changing the location of the Start toolbar itself. (Its default location is at the bottom of the screen, as it appears in Figures 4.1 and 4.2 where the new and classic menu views are shown, respectively.)

Desktop Icons

The desktop displays default icons and others added by the user or system administrator. They are mere representations of the programs, folders, and files. The typical desktop icons include

My Documents
a shortcut to the user's default directory that displays files and folders resident in the folder. Among the new folders located in each user's My Documents are media folders called My Pictures and My Music, both of which are designed to organize multimedia files.

My Computer
a shortcut to resources available on the local computer, including disk drives, CD drives, removable media, and the like.

NOTEWindows XP and Windows Server 2003 provide a Desktop Cleanup Wizard to help users keep desktops free of shortcuts they don't use. The Cleanup Wizard periodically checks the desktop for unused shortcuts and provides a means to remove those shortcuts without harming the installed program. The Desktop Cleanup Wizard runs automatically every 60 days. It can be manually invoked by clicking Start More Programs Accessories System Tools Disk Cleanup.

My Network Places
a display of connected network resources that provides access to resources the user has permission to use.

Recycle Bin
a temporary storage area for documents marked for removal. This is basically a safety measure that permits the retrieval of documents deleted by mistake. Users should be instructed to empty the Recycle Bin periodically, thereby permanently removing the files and freeing disk space.

Internet Explorer
access to Microsoft's Web browser. If connected to the Internet, the browser permits surfing to sites on the World Wide Web. It also permits viewing objects on the local system or internal network to which the user has permission.

A number of actions can be taken to manage desktop icons, including the following:

Moving icons to the desktop.
When a file, folder, or application is in common use, it should be added to the desktop. You can move it there directly simply by holding the right mouse button down on it and "dragging" it across the screen to where you want it.

Creating shortcuts from the desktop.
Another method of gaining access to a commonly used object is to create a pointer, known as a shortcut, to it. This duplicate iconic representation can then be dragged to the desktop. A shortcut is created by selecting the target object then right-click the object select Create Shortcut.

Reorganizing the desktop icons.
Icons can be dragged to any location on the desktop.

Adding desktop icons to the Start toolbar.
It is sometimes convenient to list desktop icons on the Start toolbar. Selecting the target icon and dragging it to the Start toolbar accomplishes this action.

Deleting icons from the desktop.
Deleting the actual object deletes the access to the application, folder, or file. However, shortcut icons can be deleted and the actual program, folder, or file remains. The deletion is accomplished by clicking the icon, pressing the DELETE key, and confirming by pressing Yes when prompted.

THE MY COMPUTER TOOL

Double-clicking the desktop My Computer icon provides a view of the resources available on the local computer system. Alternatively, the Microsoft Explorer view provides a default two-panel view: On the right is an icon view of objects and folders, and on the left is the cascading menu view. The Microsoft Explorer view is obtained by a right-clicking My Computers select Explorer. To drill down to either panel, simply select the folder and double-click. Alternatively, the cascading menu can be opened or closed by selecting the PLUS SIGN, +, or the MINUS SIGN, , respectively.

Expanding the View of Folders and Files

Windows Server 2003 presents default files that are generally visible to the user or system administrator. The view can be expanded to include hidden (Figure 4.3) and operating system files. To view such files from the Tools menu, select Folder Options from the toolbar of the My Computer or other Explorer window, select the View tab, and select the items to be modified. (This dialog box is also available from the Control Panel under Folder Options.)

File Association User Interface Improvements

In order for a file to be usable, it must be associated with a specific application in a recognized format. The File Association User Interface feature enhances the control of file associations at installation and the inclusion of certain basic file types (.zip, .pdf, .cab, and .css). It also controls reserved file classes such as Audio CD. When unassociated files are detected, the operating system will suggest possible applications that support the file type. If the user can confirm the association between the file and the suggested application, then that match will be retained the next time a file of that type is discovered. In the event that no suitable applications are found on the system, an Internet-connected computer can search an online database of candidates.

Another use of this feature is to permit the user to designate an alternative application to associate with a particular file type. For example, a user might have a preferred photo editor. When a GIF file is opened, the associated photo editor will be launched.

To invoke the file association feature: Start Control Panel Appearance and Themes Folder Options File Types.

File Management Improvements

The Windows XP and Windows Server 2003 user interface leverages WebView and ListView technologies. Although the classic views familiar to users of earlier Windows versions can still be invoked, Microsoft believes these new views deliver a higher level of usability. This interface exposes common folder and file tasks dynamically in WebView, a technology that uses HTML to display information. The facility also provides new grouping behavior and visuals. For example, files may be displayed graphically. Sorting of files is also improved so that greater refinement is possible. To invoke file management options: Start Control Panel Appearance and Themes Folder Options.

My Computer Customization

The Tools pull-down menu on the My Computer (Figure 4.4) and any Explorer window permits three important local system views and accessibility:

Map Network Drive.
This option permits the local "mounting" of a remote disk drive. From a user's perspective, the remote drive looks local.

Disconnect Network Drive.
This option disconnects a previously mapped drive.

Synchronize.
This option permits the synchronization of data that was changed while working offline with information on the server. It is possible to define the data to be synchronized and schedule the process.

MY NETWORK PLACES

Known in previous Windows versions as the Network Neighborhood, My Network Places is an improved network interface. When opened, it typically reveals several icons. One of them is Entire Network, with which you can drill down to lower levels of the present network. To view resources in the Microsoft Windows Network, double-click that icon. This will display all the connected Microsoft-based workgroups and domains (Figure 4.5).

Network Directory Search

By selecting the Directory icon, the system administrator is shown the Domain User and Computers folders (Figure 4.6). You can drill down any of the folders to view and manage associated users, groups, computers, and other objects. As discussed later, this method can be used for some remote administration.

The Directory icon can also be used to find resources within the domain. For example, to find a printer, follow these steps (see Figure 4.7):

Right-click any Directory icon (and domain name) select Find.

Select Advanced Tab from the Find dialog box.

Select Printer from the Find pull-down menu complete whatever data is known in the three tabs.

Click Find Now.

Another option for finding network resources from the My Network Places interface is to use the Search button on the toolbar. Complete the information in the left pane and click Search (Figure 4.8). The Search Companion will be activated.

DUALVIEW MONITORING FACILITY

The DualView Monitoring Facility extends the multimonitor feature of Windows 2000. This is a hardware-dependent facility that requires high-end display adapters that support two interfaces. In mobile computers, this takes the form of internal display and the external connector for a monitor or other display. DualView enables these two interfaces to display different outputs simultaneously. This feature is activated as follows: Start Control Panel Printers and Other Hardware Add New Hardware.

Microsoft Management Console

One of the strengths of Windows Server 2003 is its consolidation of many administrative tools into a single interface. The Microsoft Management Console has the familiar look and feel of the Microsoft Explorer. By default, it is divided into two panels: On the left is a list of the tools that have been added to the console; on the right are details for the selected administrative tool.

Administrative tools are called snap-ins and are hosted in the MMC framework. All components in an MMC snap-in are organized hierarchically in order to view relationships and provide a logical structure for administration. Each MMC can contain one or more administrative tools. It is also possible to create multiple MMCs and to group similar snap-in functions in a cluster. The decision to add or remove snap-ins is the system administrator's. The snap-ins include both those bundled with Windows Server 2003 and others from third-party vendor applications that adhere to API guidelines.

The MMC also facilitates the delegation of administrative responsibility. As discussed in later chapters, Windows Server 2003 permits the creation of organizational units, the smaller administrative components in which specific and granular responsibility can be assigned. An MMC can be created for a specific set of responsibilities and provided to the administrator of the OU.

CREATING AND USING MMCS

MMCs provide a consistent and single point of access for administrating Windows 2000/.NET. The initial step is to create the first Microsoft Management Console (Figure 4.9): click Start select Run type MMC click OK. This procedure can be used to create additional consoles, or you can create a new MMC from within an existing console.

The MMC permits a number of methods to interact with snap-ins. The toolbar is used to select the following options:

Console, used in the author mode, primarily adds or removes snap-ins and provides other customizations.

Action lists the possible actions that can be taken for each snap-in. The options are different for each one.

View provides a list of methods to customize the view of each administrative task. Each snap-in has a different view.

Favorites is used in much the same way as Web browser favorite links for rapid maneuvering to snap-in components.

ADDING A SNAP-IN

As shown in Figure 4.10, the MMC snap-ins are added by following these steps:

While in the author mode, open a new or existing MMC.

Click Console select Add/Remove Snap-in.

From the dialog box listing the current snap-ins (Figure 4.11), click Add.

Select the destination snap-in click Add.

Repeat this for all additional snap-ins click Close.

Click OK to complete the addition of snap-ins.

MMC MODES

The Microsoft Management Console operates in two primary modes. Author mode is used for the creation of an MMC and the setting of options, and offers full control over the MMC and all related snap-ins. User mode comprises three levels ranging from internal full access to strictly delegated utilization; its purpose is to restrict the addition, removal, and modification of snap-ins. The three levels of the user mode assign the following rights:

Full Access.
The user can customize the MMC with the snap-ins provided. The only Console option is to exit, so this user cannot add or remove other snap-ins.

Delegated Access.
The Console, Window menu, Help menu, and main toolbar are not displayed.

SDI Delegated Access.
The user is provided one view or window to administrative tasks. SDI has the same restrictions as its non-SDI delegated counterpart; plus, it removes the Console System menu controls.

Setting MMC Modes

Modes can be set only by an individual with author mode control. They are set in a very straightforward fashion. Once the MMC is open, select Options from the Files menu select the desired level from the Console mode drop-down list box (Figure 4.12). The four options for default access to a console:

Author mode

User modefull access

User modelimited access, multiple window

User modelimited access, single window

SAVING MMC LOCALLY OR TO DELEGATED ADMINISTRATORS

Once the console has been created with the mode set, it can be saved to the system administrator's desktop or to a delegated administrator. If the MMC is to be saved on the author's desktop, Save is the only action necessary. To save the MMC to another administrator's desktop, select Save As change the name of the console if desired select the drive location select Documents and Settings select the user's folder select Desktop click OK.

When creating an MCC for another user, the use of task pads is helpful to provide a restricted or simplified view of a selected number of tasks. In order to create console task pads, the following procedures should be followed using the target tool (in this example, we will use Computer Management):

Launch the MMC and select the target management tools (in this case, select Computer Management).

From Computer Management open System Tools open System select Event Viewer right-click System select New Taskpad.

Use the wizard to set the properties and other configuration items.

NOTEMany of the MMC Snap-in tools provide data logging functions. Windows Server 2003 provides an expanded log management facility. Full read and write support is now available for log files bigger than 1 GB. A new log file format supports performance data to be appended to an existing log file format. The old format will also be supported with the new format becoming the default binary log file format type. This feature is launched automatically with the operating system.

Working with Individual Administrative Tools

Windows Server 2003 administrative tools can be used as standalone applications or as snap-ins to Microsoft's Management Console. In most cases, they are presented in the same console format as the MMC, which guarantees a consistent and familiar interface. Other administrative tools are also available from Control Panel and through character-based command-line utilities.

CONTROL PANEL

In an attempt to make Windows Server 2003 more administrator "friendly," the selection of Control Panel from the Start menu now displays a long list of options by default. If preferred, the administrator or server user can change back to a more graphical environment. In Windows Server 2003, Control Panel (Figure 4.13) has a different look and feel from previous Windows versions. As with the Start menu, you can return to the older look and feel by selecting Switch to Class View. While the control panels are similar for the client and server versions of Windows, the tools available in the Windows XP version are different from those in the Standard and Enterprise Server Editions. For Windows XP, the most important tools are available individually from Control Panel. Server versions of Windows Server 2003 can access major applications by double-clicking the Administrative Tools icon in Control Panel.

To gain access, click Start select Settings select Control Panel. Then double-click the item you want to open.

NOTEWindows XP and Windows Server 2003 use Microsoft WebView technology to display the contents of Control Panel. WebView is the Hypertext Markup Language (HTML) view of file folders. If you prefer the old look and feel of Control Panel, you can easily revert to it by invoking the following: Start Control Panel Switch to Classic View or Category View.

Administrative Tools

There are a number of ways for an administrator to access Administrative Tools. As discussed, these tools can be launched from the Start Programs Administrative Tools menu or as MMC snap-ins. They can also be launched from the command prompt or through Control Panel (Figure 4.14). As shown in Figure 4.13, double-clicking the Administrative Tools icon will display a secondary window containing the available management applications. (In Windows XP Control Panel is the primary method for accessing Administrative Tools.) To launch an administrative tool, simply double-click its icon.

Add Hardware Example

A good example of Control Panel tools operation is the Add/Remove Hardware Wizard. One of the first things to notice about this tool is its automatic detection of hardware. With this feature, Windows Server 2003 can determine both the presence and the health of attached system devices and components. Once the detection process is complete, the system administrator can analyze the hardware device or subcomponent. If a new device is found, the wizard will prompt the system administrator to have it automatically added to the found device drivers (Figure 4.15). Alternatively, the administrator can manually select drivers if, say, they are not fully Plug and Play compatible. One of the nice aspects of this wizard is that it always attempts to load the most current drivers for a given device.

Computer Management Example

To illustrate the use of individual administrative tools, we briefly review the Computer Management application, which looks at the health of the local computer or member server and performs appropriate management actions (Figure 4.16). This chapter is designed as an overview, so we will not walk through each of the powerful management options.

CHARACTER-BASED ADMINISTRATIVE INTERFACE

Windows Server 2003 provides a primary graphical user interface, but it is also possible to perform most administrative activities through a character-based interface. For seasoned UNIX system administrators, this will be a much more familiar approach. The text interface is required for some administrative tasks, as illustrated in the appendix, "Windows Server 2003 Commands and Utilities."

The command prompt is the interface to the character-based world (Command Prompt.

The appendix provides a review of the most common graphical and character-based administrative tools. Chapter 17 also reviews aspects of the Windows Scripting Host environment. However, it seems appropriate to list some of the most useful character-based administrative tools here. New command-line tools or utilities are provided in Windows Server 2003 to improve management and administration of computers. These tools are available from Start More Programs Accessories Command Prompt or Start Run cmd.exe. Common command-line tools include:

Bootcfg.exe
View or set the properties of the boot.ini file on a local or remote server (not on 64-bit).

DriverQuery.exe
View the currently loaded device drivers and their memory usage.

bitscli.exe
Manage Background Intelligent Transfer Service (BITS) downloads.

Dsadd
Create an object instance of a specified type to the Active Directory.

Dsmod
Modify select attributes of an existing object in the Active Directory.

Dsrm
Remove an object or the complete subtree under an object in the Active Directory.

Dsmove
Move an object from its current location to a new parent location within the same naming context or to rename an object in the Active Directory.

Dsquery
Find objects in the Active Directory that match search criteria.

Dsget
Get or view select properties of an object in the Active Directory when the location of the object to be viewed is known.

Eventtriggers.exe
Launch a process based on the occurrence of an event written to the event log.

Eventquery.vbs
Specify the type of events to extract from the event log; the selected events can be displayed on the screen or saved to a file.

Eventcreate.exe
Create a user-defined event to any event log.

GPresult.exe
Launch the Resulting Set of Policies (RSoP) and list of policies that are applied to a computer.

IIS scripts
Provide command-line tools to configure, provision, and manage IIS server and Active Server Pages (ASP) applications.

Ipseccmd.exe
View and modify the policies and properties of Internet Protocol (IP) security.

NetDom.exe
Get and set the Machine Name, set the computer name and DNS first label of a machine.

NetSh.exe
Access a configuration tool, which now adds the basic network diagnostic features provided by the older NetDiag.exe tool.

Openfiles.exe
View the list of connected users and files in use per share on a computer.

Pagefileconfig.vbs
Get the current pagefile size or set a new pagefile size.

Print scripts
Manage printer services, drivers, and queues.

Reg.exe
View, set, and edit registry keys.

SC.exe
Start and stop and manage Win32 services.

SchTasks.exe
Get, set, or edit a scheduled task using the existing Win32 scheduling service.

Shutdown.exe
Shut down or restart a computer; allows a restart explanation to be written to the event log.

Systeminfo.exe
View basic properties of a machine (such as CPU and memory).

TaskKill.exe
Kill or stop a running process.

TaskList.exe
View or identify all running processes with PIDs.

Tsecimp.exe
Import Telephony Application Programming Interface (TAPI) user account properties and access rights.

Windows Server 2003 makes standard other command-line tools and utilities that were previously found in the Resource Kit:

Choice.exe
Select batch file execution from a menu.

Clip.exe
Redirect cmd line output to the clipboard for copy/paste into GUI applications.

Forfiles.exe
Restrict operations to selected file types.

Freedisk.exe
Permit operation if x% disk space is free.

Gettype.exe
Determine product type.

Inuse.exe
Permit the removal of file loaded into memory on reboot.

PowerCfg.exe
Enable power management.

Setx.exe
Set environment variables with batch files.

Takeown.exe
Administrator takes ownership of orphaned files.

Timeout.exe
Pause a batch file for a specified number of seconds.

Waitfor.exe
Pause batch files until a signal is received.

Whoami.exe
Identify logged-on user.

Where.exe
Locate files.

NOTEWindows Server 2003 adds a very useful command-line facility for any administrator engaged in a mixed operating system environment. The Windows Management Instrumentation Command (WMIC) utility is a command-line interface to the WMI infrastructure. It includes a set of commands and control functions to facilitate Windows management. In addition, it follows standard DOS and UNIX conventions. WMIC interoperates with existing shells and utility command. It can extend by scripts or other administration-based applications. Aliases are used to mediate between the WMI infrastructure and the command-line utility. Aliases can be used to rename classes, rename properties and methods, and arrange properties in named formats that include property values and are formatted in a manner appropriate to some specific presentation strategy or function.

INTERACTIVE MODE

$ wmic <CR> from command line or any shell

wmic:root\cli> <type a command or switch> or /? for help, which is implemented as progressive help disclosure. Examples:

wmic:root\cli> /?
lists the syntax and available aliases

wmic:root\cli> process /?
displays options available for Process Alias

NON-INTERACTIVE MODE

$ wmic /?<CR> for help

Launching Tools from the Run Menu

The Run dialog is provided specifically to launch applications, including administrative tools (Browser option will permit you to move between locations until you find the executable file.