Post on 04-Feb-2016
description
11
MAINTAINING THE OPERATING SYSTEM
Chapter 5
Chapter 5: MAINTAINING THE OPERATING SYSTEM 2
CHAPTER OVERVIEW
• Understand the difference between service packs and hot-fixes and the process of applying both using Windows Update, Automatic Updates, and group policies.
• Use Microsoft Baseline Security Analyzer.• Install and configure a Microsoft Software
Update Services server.• Understand Per Server and Per Device or Per
User licensing.• Configure licenses using the Choose
Licensing Mode tool in Control Panel and using the Licensing tool.
Chapter 5: MAINTAINING THE OPERATING SYSTEM 3
WINDOWS OPERATING SYSTEM UPDATES
• Update• A minor revision to a software product,
usually intended to address specific performance issues rather than add new features
• Upgrade• A major revision to a product that might
include new features as well as all of the existing patches for the previous version of the product
Chapter 5: MAINTAINING THE OPERATING SYSTEM 4
SERVICE PACK
• A collection of patches and other updates that are tested and packaged as a single unit.
• Service packs are cumulative: SP3 contains all updates from SP1 and SP2.
• Service pack releases are not on a schedule.
Chapter 5: MAINTAINING THE OPERATING SYSTEM 5
SERVICE PACK RELEASES
• CD-ROM• Entire service pack on CD• Cost
• Express download• Analyzes system and downloads only
required components• Requires Internet connection
• Network download• Entire service pack in a single .exe file• For network administrator
Chapter 5: MAINTAINING THE OPERATING SYSTEM 6
HOTFIXES
• Designed to address a specific issue• Downloadable as a single executable• Normally directly associated with a
KnowledgeBase article
Chapter 5: MAINTAINING THE OPERATING SYSTEM 7
WHEN SHOULD YOU UPDATE?
Chapter 5: MAINTAINING THE OPERATING SYSTEM 8
WHEN SHOULD YOU UPDATE?
• Remain aware of new update releases• Determine which computers need to be
updated• Test update releases on multiple system
configurations• Deploy update releases on large fleets• Test and apply security patches
Chapter 5: MAINTAINING THE OPERATING SYSTEM 9
UNINSTALLING SERVICE PACKS
• Requires considerable disk space• Service packs can be uninstalled through
Add/Remove Programs in Control Panel• Should be done only if the service pack
installation is causing new issues• Stored in folder $ntservicepackuninstall$
Chapter 5: MAINTAINING THE OPERATING SYSTEM 10
USING MICROSOFT BASELINE SECURITY ANALYZER
Chapter 5: MAINTAINING THE OPERATING SYSTEM 11
USING WINDOWS UPDATE
Chapter 5: MAINTAINING THE OPERATING SYSTEM 12
USING AUTOMATIC UPDATES
• Available in Windows Server 2003, Windows XP (Service Pack 1), Windows 2000 (Service Pack 3).
• Default is to automatically download updates and prompt the user to install them.
• Configured via the Automatic Updates tab in System Properties. In Windows 2000, it is configured via the Automatic Updates control panel.
Chapter 5: MAINTAINING THE OPERATING SYSTEM 13
INSTALLING SERVICE PACKS MANUALLY
Chapter 5: MAINTAINING THE OPERATING SYSTEM 14
INSTALLING HOTFIXES MANUALLY
• Hotfix filenames are formatted as:• OperatingSystem-KnowledgeBase#-Platform-
Language.exe• Example:
• WindowsServer2003-KB823980-x86-ENU.exe
• Backup folder $NtUninstallKB823980$
Chapter 5: MAINTAINING THE OPERATING SYSTEM 15
CHAINING HOTFIXES
• Use Qchain.exe to install multiple hotfixes at a single time.
• All hot-fix includes Qchain.exe• Use /Z switch to prevent restarts.• Qchain.exe ensures that the system uses the
correct version of that file when the installation is complete.
• Can also use Update.exe /Z /U batch option• Update.exe /Z /U• WIndowsServer2003-KB123456-x86-ENU /Z /U• WIndowsServer2003-KB124686-x86-ENU /U
Chapter 5: MAINTAINING THE OPERATING SYSTEM 16
SLIPSTREAMING
• Slipstreaming a service pack• Slipstreaming hotfixes• Example:
• Update.exe /s:DistributionFolder• W2K3SP1.exe /s:DistributionFolder
Chapter 5: MAINTAINING THE OPERATING SYSTEM 17
USING GROUP POLICIES
Chapter 5: MAINTAINING THE OPERATING SYSTEM 18
USING MICROSOFT SOFTWARE UPDATE SERVICES
• Allows software updates to be downloaded once for the entire organization
• Provides administrative control over what updates are applied to clients
• Does not update clients• Reduces Internet usage• Not on installation CD – must be download
• http://www.microsoft.com/windowsserversystems/sus/default.mspx.
Chapter 5: MAINTAINING THE OPERATING SYSTEM 19
DEPLOYING SUS
• SUS components• Synchronize server• Intranet Windows update server
• Install a SUS server• Synchronize SUS server with Windows
updates• Approve updates• Configure automatic updates clients
Chapter 5: MAINTAINING THE OPERATING SYSTEM 20
INSTALLING SUS
Chapter 5: MAINTAINING THE OPERATING SYSTEM 21
SYNCHRONIZING SUS
Chapter 5: MAINTAINING THE OPERATING SYSTEM 22
APPROVING UPDATES
Chapter 5: MAINTAINING THE OPERATING SYSTEM 23
CONFIGURING AUTOMATIC UPDATES
Chapter 5: MAINTAINING THE OPERATING SYSTEM 24
SUS Configuration
• SUS files• Patch files• Metafile specifying platform and language
• Language settings for locally stored files• Update approval settings
• Automatic update• Wait for approval
Chapter 5: MAINTAINING THE OPERATING SYSTEM 25
Configuring SUS Automatic Updates
• Automatic update options• Notify For Download and Notify For Install• Auto Download and Notify For Install• Auto Download and Schedule The Install
• Specify where clients obtain updates• Automatic update scheduling
• Time 1 to 60 minutes• Next schedule if client is offline
• No Auto-Restart for scheduled automatic updates
Chapter 5: MAINTAINING THE OPERATING SYSTEM 26
BUILDING SUS TOPOLOGY
• Multiple-server topology• Each SUS server synchronize with WUS
• Strict parent/child topology• SUS servers synchronize with bridge head
• Loose parent/child topology• Mix the above
Chapter 5: MAINTAINING THE OPERATING SYSTEM 27
SUS MONITORING
• On the server, SUS monitoring information can be viewed through: • Monitor Server page• Synchronization Log• Approval Log• IIS statistic file “wutrack.bin”
• On the client, SUS-related information can be viewed through:• Windows Update Log
Chapter 5: MAINTAINING THE OPERATING SYSTEM 28
SUS SYSTEM EVENTS
• SUS-generated events are written to System log of Event Viewer:• Each time a synchronization is performed
• Unable to connect• Install ready – no recurring schedule• Install ready – recurring schedule• Installation success• Installation failure• Restart required – no recurring schedule• Restart required – recurring schedule
• When updates are approved
Chapter 5: MAINTAINING THE OPERATING SYSTEM 29
TROUBLESHOOTING SUS
• Reloading the memory cache• No new update
• Restarting the synchronization service• Possible restart due to problem
• Restarting IIS
Chapter 5: MAINTAINING THE OPERATING SYSTEM 30
ADMINISTERING SOFTWARE LICENSES
• The End-User License Agreement (EULA) is a binding contract that gives you the legal right to use a piece of software.
• In an enterprise environment, managing software licenses is critically important.
Chapter 5: MAINTAINING THE OPERATING SYSTEM 31
OBTAINING A CLIENT ACCESS LICENSE
• A Client Access License (CAL) is required for each user or device that will connect to the server.
• CALs are normally obtained in bundles (5, 10, 25, 50, 100).
• CALs are not a physical object, but an entitlement to connect to a Windows network.
Chapter 5: MAINTAINING THE OPERATING SYSTEM 32
PER SERVER LICENSING
• Each server permits a certain number of concurrent connections.
• Once the limit is reached, connections are refused.
• Usually only practical in environments with a single server.
Chapter 5: MAINTAINING THE OPERATING SYSTEM 33
PER DEVICE OR PER USER LICENSING
• Each user or device requires a license.• Licensed users or devices can connect to
any number of servers.• Common in environments with multiple
servers.
Chapter 5: MAINTAINING THE OPERATING SYSTEM 34
LICENSING TOOLS
• Licensing in Control Panel• Manages licensing for a single computer
running Windows Server 2003• Licensing in Administrative Tools
• Centralized control of licensing and license replication in a site-based model
Chapter 5: MAINTAINING THE OPERATING SYSTEM 35
ADMINISTERING SITE LICENSING
• License Logging service assigns and tracks licenses.
• Licensing information is replicated to a centralized licensing database.
• Use the Licensing tool in the Administrative Tools program group to view and manage licensing for an entire site.
Chapter 5: MAINTAINING THE OPERATING SYSTEM 36
THE SITE LICENSE SERVER
Chapter 5: MAINTAINING THE OPERATING SYSTEM 37
ADMINISTERING SITE LICENSES
Chapter 5: MAINTAINING THE OPERATING SYSTEM 38
LICENSE GROUPS
• A license group is a collection of users who share one or more CALs.
• License groups are created when:• A single user uses more than one device,
such as a computer.• More than one user uses a single device,
such as a computer.
Chapter 5: MAINTAINING THE OPERATING SYSTEM 39
SUMMARY
• A service pack is a collection of updates that have been tested together and approved for installation on all computers.
• A hotfix is a patch that addresses a single issue. Hotfixes are intended only for computers that perform certain tasks or are experiencing a particular problem.
• Microsoft Software Update Services enables you to centralize and manage the approval and distribution of Windows critical updates and Windows security rollups.
• Tracking and managing licenses and compliance is an important part of an administrator’s job.