Windows Server 2008 R2 Unleashed (136 page)
Read Windows Server 2008 R2 Unleashed Online
Authors: Noel Morimoto
An attempt was made to access an object.
Subject:
Security ID: COMPANYABC\Administrator
Account Name: Administrator
Account Domain: COMPANYABC
Logon ID: 0x2586e
Object:
Object Server: Security
Object Type: File
Object Name: C:\Confidential\Secret.txt
Handle ID: 0xec
Process Information:
Process ID: 0xfd8
Process Name: C:\Windows\System32\notepad.exe
Access Request Information:
ptg
Accesses: WriteData (or AddFile)
AppendData (or AddSubdirectory or CreatePipeInstance)
Access Mask: 0x6
The event is well organized into Subject (whom attempted the access), Object (what was
acted on), Process Information (what program was used), and Access Request Information
(what was done). If the event was Audit Success, the attempt was successful. If the event
was Audit Failure, the attempt failed. You can see from the event that the administrator
wrote to the file Secret.txt at 6:22:56 p.m. and even that the program Notepad was used.
Auditing Printers
Printer auditing operates on the same basic principles as file and folder auditing. In fact,
the same step-by-step procedures for configuring file and folder auditing apply to print-
ers. The difference lies in what successes and failures can be audited. These events include
the following:
. Print
20
. Manage printers
. Manage documents
. Read permissions
. Change permissions
. Take ownership
These events are stored in Event Viewer’s security log, as are all audit events.
674
CHAPTER 20
Windows Server 2008 R2 Management and Maintenance Practices
To audit a printer, do the following:
1. In the Printers Control Panel applet, right-click the printer to audit, and select
Properties.
2. Select the Security tab and then click the Advanced button.
3. In the Advanced Security Settings window, select the Auditing tab, and click the
Edit button.
4. Click the Add button to display the Select User or Group window.
5. Enter the name of the user or group to audit when accessing the file or folder. Click
the Check Names button to verify the name.
6. Click OK to open the Auditing Entries window.
7. In the Auditing Entry window, select which events to audit for successes or failures.
The objects to audit will be different than the auditing available for files and folders,
as the printer is a different class of object.
8. Click OK three times to exit.
Now access to the printer will generate security log events, depending on the events that
were selected to be audited.
ptg
Managing Windows Server 2008 R2 Remotely
Windows Server 2008 R2’s built-in feature set allows it to be easily managed remotely. This
capability reduces administration time, expenses, and energy by allowing administrators to
manage systems from remote locations rather than having to be physically at the system.
Server Manager Remote Management
New to Windows Server 2008 R2 is the Server Manager Remote Management, which
allows the Server Manager console to remotely manage another server. This makes avail-
able all the features of Server Manager to the remote computer, allowing administrators to
easily manage Windows Server 2008 R2 servers from a central location.
Server Manager Remote Management is disabled by default. This is a security feature,
much like Remote Desktop, and so Windows Server 2008 R2 defaults to a more secure
state out of the box. To enable the Server Manager Remote Management, execute the
following steps:
1. Launch Server Manager.
2. Click on the Configure Server Manager Remote Management link.
3. Select the Enable Remote Management of This Server from Other Computers check
box.
4. Click OK.
Now the system is ready to accept connections from remote Server Manager consoles. To
connect to a remote computer with the Server Manager console, right-click on the Server
Managing Windows Server 2008 R2 Remotely
675
Manager root and select Connect to Another Computer. Enter the remote computer name
and click OK.
Remote Server Administration Tools
The Remote Server Administration Tools include a number of tools to manage Windows
Server 2008 R2 remotely. This set of tools replaced the Adminpack.msi set of tools that
shipped with Windows Server 2003.
There are different tools for the roles (see Table 20.7) and for the features (see Table 20.8).
TABLE 20.7
Remote Server Administration Tools for Roles
Tool
Description
Active Directory Certificate Services
Active Directory Certificate Services Tools include the
Tools
Certification Authority, Certificate Templates, Enterprise
PKI, and Online Responder Management snap-ins.
Active Directory Domain Services
Active Directory Domain Services Tools include Active
(AD DS) Tools
Directory Users and Computers, Active Directory Domains
and Trusts, Active Directory Sites and Services, and other
ptg
snap-ins and command-line tools for remotely managing
Active Directory Domain Services.
Active Directory Lightweight Directory Active Directory Lightweight Directory Services Tools
Services (AD LDS) Tools
include Active Directory Sites and Services, ADSI Edit,
Schema Manager, and other snap-ins and command-line
tools for managing Active Directory Lightweight Directory
Services.
Active Directory Rights Management
Active Directory Rights Management Services (AD RMS)
Services (AD RMS) Tools
Tools includes the Active Directory Rights Management
Services (AD RMS) snap-in.
DHCP Server Tools
DHCP Server Tools include the DHCP snap-in.
DNS Server Tools
DNS Server Tools include the DNS Manager snap-in and
dnscmd.exe command-line tool.
Fax Server Tools
Fax Server Tools include the Fax Service Manager snap-in.
File Services Tools
File Services Tools include the following: Distributed File
System Tools, which include the DFS Management snap-
20
in, and the dfsradmin.exe, dfscmd.exe, dfsdiag.exe,
and dfsutil.exe command-line tools. File Server
Resource Manager Tools include the File Server Resource
Manager snap-in, and the filescrn.exe and
storrept.exe command-line tools. Services for Network
File System Tools include the Network File System snap-
in, and the nfsadmin.exe, showmount.exe, and
rpcinfo.exe command-line tools.
676
CHAPTER 20
Windows Server 2008 R2 Management and Maintenance Practices
TABLE 20.7
Remote Server Administration Tools for Roles
Tool
Description
Hyper-V Tools
Hyper-V Tools include the snap-ins and tools for managing
the Hyper-V role.
Network Policy and Access Services
Network Policy and Access Services Tools include the
Tools
Routing and Remote Access and Health Registration
Authority snap-ins.
Print and Document Services Tools
Print Services Tools include the Print Management snap-
in.
Remote Desktop Services Tools
Remote Desktop Services Tools include the TS
RemoteApp Manager, TS Gateway Manager, and TS
Licensing Manager snap-ins.
Web Server (IIS) Tools
Web Server (IIS) Tools include the Internet Information
Services (IIS) 6.0 Manager and IIS Manager snap-ins.
Windows Deployment Services Tools
Windows Deployment Services Tools include the Windows
Deployment Services snap-in, wdsutil.exe command-line
tool, and Remote Install extension for the Active Directory
Users and Computers snap-in.
ptg
TABLE 20.8
Remote Server Administration Tools for Features
Tool
Description
BitLocker Drive
BitLocker Drive Encryption Tools include the manage-bde.wsf script.
Encryption Tools
BITS Server Extensions
BITS Server Extensions Tools include the Internet Information Services
Tools
(IIS) 6.0 Manager and IIS Manager snap-ins.
Failover Clustering
Failover Clustering Tools include the Failover Cluster Manager snap-in
Tools
and the cluster.exe command-line tool.
Network Load
Network Load Balancing Tools include the Network Load Balancing
Balancing Tools
Manager snap-in and the nlb.exe and wlbs.exe command-line tools.
SMTP Server Tools
SMTP Server Tools include the Internet Information Services (IIS) 6.0
Manager snap-in.
WINS Server Tools
Windows Internet Naming Service (WINS) Server Tools include the
WINS snap-in.
The tools are installed as a feature. You can install all the tools or only the specific ones that
you need. To install the Remote Server Administration Tools, execute the following steps:
1. Launch Server Manager.
2. Select the Features folder.
Managing Windows Server 2008 R2 Remotely
677
3. Click the Add Features link.
4. Locate the Remote Server Administration Tools feature.
5. Select the desired tools (more than one can be selected).
6. Click Next to accept the selected tools.
7. Click Install to install the selected tools.
8. Click Close to exit the wizard.
9. Close the Server Manager window.
After the tools are installed, you can manage remote computers by selecting the Connect
to Another Computer command from the Action menu.
Windows Remote Management
Windows Remote Management (WinRM) enables an administrator to run command lines
remotely on a target server. When WinRM is used to execute the command remotely, the
command executes on the target server and the output of the command is piped to the
local server. This allows administrators to see the output of those commands.
The commands run securely, as the WinRM requires authentication and also encrypts the
ptg
network traffic in both directions.
WinRM is both a service and a command-line interface for remote and local management
of servers. The service implements the WS-Management protocol on Windows Server 2008
R2. WS-Management is a standard web services protocol for management of software and
hardware remotely.
In Windows Server 2008 R2, the WinRM service establishes a Listener on the HTTP and
HTTPS ports. It can coexist with Internet Information Services (IIS) and share the ports,
but uses the /wsman URL to avoid conflicts. The IIS role does not have to be installed for
this to work.
The WinRM service must be configured to allow remote management of the target server
and the Windows Firewall must be configured to allow Windows Remote Management
traffic inbound. The WinRM service can be configured through GPO or via the WinRM
command line. To have the WinRM service listen on port 80 for all IP addresses on the
server and to configure the Windows Firewall, execute the following commands on the
target server:
1. Select Start, Run.
20
2. Enter the command winrm quickconfig.
3. Click OK to run the command.
4. Read the output from WinRM. Answer y to the prompt that asks: “Make These
Changes [y/n]?”
Now the target server is ready to accept commands. For example, suppose an administra-
tor is logged on to a server dc1.companyabc.com and needs to remotely execute a
command on branch office server dc3.companyabc.com. These steps assume that WinRM
678
CHAPTER 20
Windows Server 2008 R2 Management and Maintenance Practices
has been configured and the firewall rule has been enabled. Use the following steps to
remotely execute the command:
1. Open a command prompt on DC1.
2. Enter the command winrs –r: dc3.companyabc.com ipconfig /all.
The output of the command will be shown on the local server (DC1)—in this case, the IP
configuration of the target server (DC3).
This is particularly useful when executing a command or a set of commands on numer-
ous servers. Rather than having to log on to an RDP session on each server and execute
the command, the command can be remotely executed in a batch file against all the
target servers.
PowerShell
The powerful new command-line shell is now integrated into Windows Server 2008 R2.
PowerShell 2.0 is an administrator-focused shell and scripting language that has a consis-
tent syntax that makes it easy to use. It operates on a cmdlet paradigm, which is, in effect,
mini command-line tools. The syntax for the cmdlets is the same as for the PowerShell
scripting language, reducing the learning curve of the administrator. In the Windows
Server 2008 R2, the PowerShell 2.0 allows for shells to run against remote systems. This
ptg
enables administrators to execute cmdlets and scripts across the organization from a
central console.
PowerShell can run its own scripts and cmdlets, as well as legacy scripts such as VBScript
(.vbs), batch files (.bat), and Perl scripts (.perl). The shell can even run Windows-based
command-line tools. Many of Microsoft’s new applications, such as Microsoft Exchange
