11 maintaining the operating system chapter 5. chapter 5: maintaining the operating system2 chapter...

11

MAINTAINING THE OPERATING SYSTEM

Chapter 5

Chapter 5: MAINTAINING THE OPERATING SYSTEM 2

CHAPTER OVERVIEW

• Understand the difference between service packs and hot-fixes and the process of applying both using Windows Update, Automatic Updates, and group policies.

• Use Microsoft Baseline Security Analyzer.• Install and configure a Microsoft Software

Update Services server.• Understand Per Server and Per Device or Per

User licensing.• Configure licenses using the Choose

Licensing Mode tool in Control Panel and using the Licensing tool.


WINDOWS OPERATING SYSTEM UPDATES

• Update• A minor revision to a software product,

usually intended to address specific performance issues rather than add new features

• Upgrade• A major revision to a product that might

include new features as well as all of the existing patches for the previous version of the product


SERVICE PACK

• A collection of patches and other updates that are tested and packaged as a single unit.

• Service packs are cumulative: SP3 contains all updates from SP1 and SP2.

• Service pack releases are not on a schedule.


SERVICE PACK RELEASES

• CD-ROM• Entire service pack on CD• Cost

• Express download• Analyzes system and downloads only

required components• Requires Internet connection

• Network download• Entire service pack in a single .exe file• For network administrator


HOTFIXES

• Designed to address a specific issue• Downloadable as a single executable• Normally directly associated with a

KnowledgeBase article


WHEN SHOULD YOU UPDATE?


WHEN SHOULD YOU UPDATE?

• Remain aware of new update releases• Determine which computers need to be

updated• Test update releases on multiple system

configurations• Deploy update releases on large fleets• Test and apply security patches


UNINSTALLING SERVICE PACKS

• Requires considerable disk space• Service packs can be uninstalled through

Add/Remove Programs in Control Panel• Should be done only if the service pack

installation is causing new issues• Stored in folder $ntservicepackuninstall$


USING MICROSOFT BASELINE SECURITY ANALYZER


USING WINDOWS UPDATE


USING AUTOMATIC UPDATES

• Available in Windows Server 2003, Windows XP (Service Pack 1), Windows 2000 (Service Pack 3).

• Default is to automatically download updates and prompt the user to install them.

• Configured via the Automatic Updates tab in System Properties. In Windows 2000, it is configured via the Automatic Updates control panel.


INSTALLING SERVICE PACKS MANUALLY


INSTALLING HOTFIXES MANUALLY

• Hotfix filenames are formatted as:• OperatingSystem-KnowledgeBase#-Platform-

Language.exe• Example:

• WindowsServer2003-KB823980-x86-ENU.exe

• Backup folder $NtUninstallKB823980$


CHAINING HOTFIXES

• Use Qchain.exe to install multiple hotfixes at a single time.

• All hot-fix includes Qchain.exe• Use /Z switch to prevent restarts.• Qchain.exe ensures that the system uses the

correct version of that file when the installation is complete.

• Can also use Update.exe /Z /U batch option• Update.exe /Z /U• WIndowsServer2003-KB123456-x86-ENU /Z /U• WIndowsServer2003-KB124686-x86-ENU /U


SLIPSTREAMING

• Slipstreaming a service pack• Slipstreaming hotfixes• Example:

• Update.exe /s:DistributionFolder• W2K3SP1.exe /s:DistributionFolder


USING GROUP POLICIES


USING MICROSOFT SOFTWARE UPDATE SERVICES

• Allows software updates to be downloaded once for the entire organization

• Provides administrative control over what updates are applied to clients

• Does not update clients• Reduces Internet usage• Not on installation CD – must be download

• http://www.microsoft.com/windowsserversystems/sus/default.mspx.

http://www.microsoft.com/


DEPLOYING SUS

• SUS components• Synchronize server• Intranet Windows update server

• Install a SUS server• Synchronize SUS server with Windows

updates• Approve updates• Configure automatic updates clients


INSTALLING SUS


SYNCHRONIZING SUS


APPROVING UPDATES


CONFIGURING AUTOMATIC UPDATES


SUS Configuration

• SUS files• Patch files• Metafile specifying platform and language

• Language settings for locally stored files• Update approval settings

• Automatic update• Wait for approval


Configuring SUS Automatic Updates

• Automatic update options• Notify For Download and Notify For Install• Auto Download and Notify For Install• Auto Download and Schedule The Install

• Specify where clients obtain updates• Automatic update scheduling

• Time 1 to 60 minutes• Next schedule if client is offline

• No Auto-Restart for scheduled automatic updates


BUILDING SUS TOPOLOGY

• Multiple-server topology• Each SUS server synchronize with WUS

• Strict parent/child topology• SUS servers synchronize with bridge head

• Loose parent/child topology• Mix the above


SUS MONITORING

• On the server, SUS monitoring information can be viewed through: • Monitor Server page• Synchronization Log• Approval Log• IIS statistic file “wutrack.bin”

• On the client, SUS-related information can be viewed through:• Windows Update Log


SUS SYSTEM EVENTS

• SUS-generated events are written to System log of Event Viewer:• Each time a synchronization is performed

• Unable to connect• Install ready – no recurring schedule• Install ready – recurring schedule• Installation success• Installation failure• Restart required – no recurring schedule• Restart required – recurring schedule

• When updates are approved


TROUBLESHOOTING SUS

• Reloading the memory cache• No new update

• Restarting the synchronization service• Possible restart due to problem

• Restarting IIS


ADMINISTERING SOFTWARE LICENSES

• The End-User License Agreement (EULA) is a binding contract that gives you the legal right to use a piece of software.

• In an enterprise environment, managing software licenses is critically important.


OBTAINING A CLIENT ACCESS LICENSE

• A Client Access License (CAL) is required for each user or device that will connect to the server.

• CALs are normally obtained in bundles (5, 10, 25, 50, 100).

• CALs are not a physical object, but an entitlement to connect to a Windows network.


PER SERVER LICENSING

• Each server permits a certain number of concurrent connections.

• Once the limit is reached, connections are refused.

• Usually only practical in environments with a single server.


PER DEVICE OR PER USER LICENSING

• Each user or device requires a license.• Licensed users or devices can connect to

any number of servers.• Common in environments with multiple

servers.


LICENSING TOOLS

• Licensing in Control Panel• Manages licensing for a single computer

running Windows Server 2003• Licensing in Administrative Tools

• Centralized control of licensing and license replication in a site-based model


ADMINISTERING SITE LICENSING

• License Logging service assigns and tracks licenses.

• Licensing information is replicated to a centralized licensing database.

• Use the Licensing tool in the Administrative Tools program group to view and manage licensing for an entire site.


THE SITE LICENSE SERVER


ADMINISTERING SITE LICENSES


LICENSE GROUPS

• A license group is a collection of users who share one or more CALs.

• License groups are created when:• A single user uses more than one device,

such as a computer.• More than one user uses a single device,

such as a computer.


SUMMARY

• A service pack is a collection of updates that have been tested together and approved for installation on all computers.

• A hotfix is a patch that addresses a single issue. Hotfixes are intended only for computers that perform certain tasks or are experiencing a particular problem.

• Microsoft Software Update Services enables you to centralize and manage the approval and distribution of Windows critical updates and Windows security rollups.

• Tracking and managing licenses and compliance is an important part of an administrator’s job.

11 maintaining the operating system chapter 5. chapter 5: maintaining the operating system2 chapter...

Documents

service packs

operating system4 service

product slide

windows update

software product

licensing tool

aware of new update

automatic updates