Once a month, you should also take the time to review new administration software. The objective of this task is to see if you can reduce your workload by integrating a new operational product. A good example of a highly productive operational tool is Microsoft Operations Management Server (MOM). MOM is highly effective because it monitors system events on servers and automatically corrects potentially damaging behavior as well as notifying you of the correction.
On the other hand, if your shop is of a size that does not warrant as sophisticated a tool as MOM, you might prefer to search for another tool with similar capabilities. Many of the automated administrative tasks you perform can be done through scripts, as you have already seen in a number of the tasks described previously. They can also be done with low-cost or public domain tools. Two good sources of tool information are www.MyITForum.com and www.TechRepublic.com.
Make sure you do not acquire tools that are significantly different in usage from one another. This will limit the number of tools or interfaces you and your fellow administrators will need to learn. Document any new addition to your network.
SCRIPT CENTER
Alternatively, you can use a script from the Microsoft TechNet Script Center to monitor specific events in the Event Log and generate alerts when they occur. This script can be found at http:// www.microsoft.com/technet/treeview/default.asp?url=/ technet/scriptcenter/monitor/ScrMon21.asp?frame=true.GS-16: Inventory Management
✔
Activity Frequency: MonthlyOne of the tasks you should perform on at least a monthly basis is inventory management. This includes both hardware and software inventories. You may or may not have an inventory management tool such as Systems Management Server in your network. If you do, great; your task is done. If you don’t, you’ll need to use other tools. Microsoft offers the Microsoft Inventory Analysis (MSIA) tool. It does not manage the inventory for all software, but, at least, it manages all Microsoft software. To download the MSIA, search for it at www.microsoft.com/downloads. MSIA is a wizard-based tool that lets you perform three tasks:
• Scan a local computer for Microsoft products.
• Prepare a command-line input file that includes all of the scan settings you want to use.
• Run a scan using a previously prepared command-line input file.
In addition, it lets you scan local systems, remote systems or an entire network all at once. Installation is based on the Windows Installer service. You can install it interactively or useProcedure DC-15to install it on target computers. To create a command-line input file:
1.LaunchMSIA(Start Menu | All Programs |
Microsoft Software Inventory Analyzer). ClickNext. 2.SelectScan using Custom settingsandCreate
Custom settings. ClickBrowseto select the output
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
folder and name the output file. It will have a .cli extension for command-line input. ClickSaveto create the file. ClickNextto continue.
3.Select the scope of the scan: Local Computer, Network or Report Consolidation. ClickNext.
SECURITY SCAN If you select Network, you willneed to provide proper credentials to run the scan on all systems. 4.In the Download Database Files dialog box, click Download. MSIA will go to the MS Web site and download the latest data files for MS products. You will be prompted to accept a Microsoft certificate for the installation of the database. ClickYes. ClickOK when the download is complete. ClickNext. 5.Select the products you want to scan for and click
Add. (You can useCTRL-click to select more than one product.) CheckSave these products as the default and then clickNext.
6.Select the report format(s). ClickBrowseto select the report folder and name the report file. ClickSave to create the file. ClickNextto continue.
7.You can choose to consolidate summary reports. These are useful for management. ClickNext.
8.You can select to send the summary report by email to someone (or you can send it later). If you need to send it to a group, create a distribution group and enter its email address here. Do not checkSave settings as defaultbecause you are creating a command-line input file.
9.ClickFinishto close the command-line input file. To run an MSIA scan:
1.LaunchMSIA(Start Menu | All Programs |
Microsoft Software Inventory Analyzer). ClickNext. 2.SelectScan using Custom settingsandLoad
existing Custom settings. If the file displayed is not the file you want to use, clickBrowseto select the folder and file you require. ClickOpento load the file. ClickNextto continue.
3.MSIA scans the systems based on the file settings. 4.CheckView Reports Nowand clickFinish.
This is a great tool for verifying the inventory of Microsoft software.
SCRIPT CENTER
The Microsoft TechNet Script Center includes two useful scripts for inventory management: Enumerate Installed Software at http:// www.microsoft.com/technet/treeview/default.asp?url=/ technet/scriptcenter/compmgmt/scrcm16.asp?frame=true and Inventory Computer Hardware at http://www.microsoft.com/technet/treeview/default.asp?url=/ technet/scriptcenter/compmgmt/ScrCM30.asp?frame=true.
GS-17: Global MMC Creation
✔
Activity Frequency: Ad hocAdministration and management is performed through the Microsoft Management Console in Windows Server 2003. The most useful of these is the Computer Management console found in Administrative Tools. You can also
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
right-click on theMy Computericon to select Manage from the context menu.
But while this is a good general-purpose console, it is not an all-encompassing tool. Thus, one of the ad hoc administrative activities you need to perform is the creation of a Global Management Console that will include all the snap-ins you require in a single MMC. In addition to all the features of the Computer Management console, this console should include the following snap-ins:
• .NET Framework 1.1 Configuration
• The three Active Directory snap-ins
• Authorization Manager
• Certification Authority (you must specify the server to manage)
• Component Services
• Distributed File System
• Group Policy Management (requires GPMC installation)
• Performance Logs and Alerts
• Remote Desktops
• Resultant Set of Policy
• Security Configuration and Analysis
• Security Templates
• Wireless Monitor To create this console:
1.UseStart | Runto execute the following command:
mmc /a %SystemRoot%\system32\compmgmt.msc
2.This launches the Computer Management console in editing mode. Begin by usingFile | Save Asto save the console asGlobal MMC.mscunder the
C:\Toolkit folder.
3.Then useFile | Add/Remove Snap-into open the dialog box, make sure you chooseComputer
ManagementunderSnap-ins added to, and click theAddbutton.
4.Double-click each of the snap-ins listed earlier. Click Closewhen done.
5.ClickOKto return to the console.
6.ClickFile | Options, name the consoleGlobal MMC Console, make sure it is set toUser mode - full accessand uncheckDo not save changes to this console. ClickOKwhen done.
7.UseFile | Saveto save your changes.
There are several uses to this console as you will see, but it is basically the most common tool you will use to manage your network of servers.
Create a shortcut to this console usingProcedure GS-01 and store it on the Quick Launch Area toolbar.
SECURITY SCAN Secure this template thoroughlybecause it is powerful, indeed.