Cert Guide - MCSA 70-740 Chapter 19 Maintaining Servers
Windows Firewall (MpsSvc)
Microsoft reccomends leaving Windows Firewall Service Enabled.
Configure Automatic Updates and Specify Intranet Microsoft Update Service Location.
This is the main settings for WSUS client behavior
The following are installed when WSUS is installed
- .NET API and Windows Powershell cmdlts - Windows Internal Database (WID), which is used by WSUS - Services used by WSUS, includeing the following: + Updating Services + Reporting Web Service + Client Web Service + Simple Web Authentication Web Service + Server Synchronization Service + DSS Authentication Web Service
WSUS system requirements
- 1.4 GHz x64 (2GHz or faster is recommended.) - Additional 2GB of RAM over what is required by the server and all other services or software. - 20 GB (40 GB or greater recommended) - 100 Mbps or greater following is required in some cases - For viewing reports, WSUS required Microsoft Report Viewer Redistributable 2008. - Microsoft .NET Framework 4.0 must be installed on the server where the WSUS server role will be installed. - Te account you plan to use to install WSUS must be a member of the local administrator's group.
Other settings to control the behavior of WSUS clients.
- Automatic updates detection frequency - Allow Signed updates from an untranet Microsoft Update Service Location.
Settings for restarts
- Delay restart for Scheduled Installations - Re-Prompt for Restart with Scheduled Installations - No Auto-Restart with with Logged on users for Scheduled Automatic Updates Installations
Windows Server Backup features
- Drive Support: Doesn't support tape or optical drives that aren't accessible through file system. - Scheduling: Can schedule only a single job and is limited to running the job either daily or multiple times per day. - Job Types: Windows Server Backup DOES NOT enable you to perform full, incremental, and differential backups on a per-job basis. - Different Backup Format: Windows Server backup writes its backup files in VHDX format, which makes them accessible using hyper-v or disk management snap-in
Settings for when client computer is shut down
- Enabling Windows update power management to automatically wake up the system to install scheduled updates - Reschedule Automatic Updates scheduled installations
2 types of system state restores
- Non-authoritative: This restores replace active directory from the backup but then allow its overwriting from the active directory synchronization process from other domain controllers. - Authoritative: This restores require you to restart the computer in Directory Services Restore mode by pressing F8 during boot. You restore the system state by using Wbadmin followed by Ntdsutil.exe to specify active directory objects to selectively restore.
Backup for web (IIS) server
- Static files are not a problem for Windows Server backup - Web servers connected to backend databases (IE: SQL) might be accessing databases stored on other servers. Windows Backup performs VSS backups of SQL Server databases for this purpose. - Configuration files (XML) for an IIS web server are located in Windows\System32\intserv; you must remember to back up these files to properly backup IIS.
WSUS role installed on a separate computer
- The Database server cannot be configured as a domain controller - The WSUS server cannot run Remote Desktop Services - The database Server must be in the same Active Directory domain as the WSUS server, or must have a trust relationship with the Active Directory domain of the WSUS server. - The WSUS server and the database server must be in the same time zone or must be synced to the same coordinated universal time (Greenwich Mean time) source.
Manage Windows defender
- WMI - Windows PowerShell - Group Policy
Microsoft recommendation for protection against malware
- Windows Defender Network Inspection service - Windows Error Reporting Service - Windows Update Service
Change how Windows updates download
- Windows Update in Control Panel, Install updates automatically - Group Policy: Use the path: Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates. - AUOptions registry key: The following 2 values allow Windows Update to automatically download and install definition updates: + Install updates automatically + Download updates but let me choose whether to install them
Hyper-V backups methods
- You can backup Virtual machines as though there are separate systems, by running Windows Server Backup in the guest OS - You can back them up as part of the host server, by backing up the virtual machine files and the virtual hard disks.
Wbadmin get versions
Lists details of backup recoverable from the local computer or, if another location is specified, from another computer
Wbadmin get disks
Lists disks that are now online
Best practice for Test environment
Create at least one computer group to test updates before you deploy the updates to other computers.
Wbadmin get items
Lists the items included in a backup
Wbadmin disable backup
Disables the backups
Wbadmin restore catalog
Recovers a backup catalog from a specified storage location in the case where the backup catalog on the local computer has been corrupted.
Wbadmin delete catalog
Removed the backup catalog on the local computer
Wbadmin delete systemstatebackup
Removes one or more system state backups
Wbadmin start backup
Runs a one-time backup
Wbadmin start systemrecovery
Runs a recovery of the full system (at least all the volumes that hold the OSs state)
Wbadmin start recovery
Runs a recovery of the volumes, applications, files, or folder specified
Wbadmin start systemstatebackup
Runs a system state backup
Wbadmin start systemstaterecovery
Runs a system state recovery
Wbadmin get status
Shows the status of the running backup or recovery operations
Wbadmin stop job
Stops the running backup or recovery operation
WSUS groups
This allows you to test and target updates to specific computers. There are 2 default groups: - All Computers - Unassigned computers
Install-WindowsFeature -Name Windows-Defender-GUI
This command installs Windows Defender on PowerShell
Install-WindowsFeature -Name Windows-Server-Antimalware
This command will disable Windows Defender, by uninstalling it.
sc query Windefend
This command will verify that Windows Defender is rinning on the server.
Windows Server Backup
This is a backup software program that you can use to back up your volumes with the following as destinations: - Internal Hard Drive - External Hard drive - Writable DVD drive - Network share
Windows Defender
This is malware protection that is included with and built into Windows 8. This software helps identify and remove viruses, spyware, and other malicious software. It runs in the background and notifies you when you need to take specific action. However, you can use it anytime to scan for malware if your computer isn't working properly or if you clicked a suspicious link online or in an email message.
Windows Defender Service (Windefend)
This is the main Windows defender service that needs to be running at all times
Windows Server Update Services (WSUS)
This permits you to deploy the latest Microsoft product updates in a more controlled and flexible manner than how clients and servers might ordinarily receive these enhancements.
Windows Defender Network Inspection Service (Wdnissvc)
This service is innvoked when Windows Defender encounters a trigger to load it.
Windows Error Reporting Service (Wersvc)
This service sends error reports to Microsoft.
Wbadmin.exe
This will selectively restore just the system state.
Client-Side Targeting
To move computers from the unassigned group, use group policy to cause systems to automatically add themselves to the group you want updated; the Group Policy setting is Enable Client-Side Targeting.
Server-Side Targeting
To move computers from unassigned group right-click the system in the update service console and choose change membership.
Windows Update (Wuauserv)
Windows update is needed to get definition updates and anti-malware engine updates.
Wbadmin enable backup
configures and enables a regular scheduled backup