Managing and Maintaining a Server Environment

Previous page
Table of content
Next page

The purpose of this objective is to teach you how to use the various tools available in Windows Server 2003 to manage your servers.

Remote Assistance

In a Remote Assistance session, you can grant a remote user the ability to observe your desktop as you are working. You can exchange messages via a chat session, or you can talk to each other if you both have the required sound cards and microphones. You can even grant a remote user the ability to take over your desktop to make changes and run programs. After enabling Remote Assistance, you must issue an invitation before anyone can connect to your machine. This invitation can be sent to the other user via one of the following methods:

  • Windows Messenger (the preferred method)

  • Email

  • Disk

If you are accessing a Remote Assistance computer that is behind a firewall, port 3389 must be open.

Internet Information Services (IIS)

IIS is no longer installed as a default component. In addition, even after it is installed, it will present only static pages. If your website requires the use of ASP or other dynamic content, you must manually enable the support for each feature.

During an upgrade from a previous version of Windows, IIS will be installed; however, the service will be disabled, and you must start it manually.

IIS 6.0 allows you to run your web applications in either of two modes:

  • IIS 5.0 Isolation Mode

  • Worker Process Isolation Mode

IIS 5.0 Isolation Mode is used to run older IIS 5.0compatible applications that will not run natively in IIS 6.0. By default, a web server that is upgraded from a previous version of IIS will be enabled in IIS 5.0 Isolation Mode.

In Worker Process Isolation Mode, applications and processes can be separated into application pools, which are sets of one or more applications assigned to a set of one or more worker processes. An application pool can contain websites, applications, and virtual directories. Each application pool is isolated from the others. Because of this, a failure or memory leak will affect only the processes running in that application pool and will have no effect on any of the other functions in other application pools.

In Windows Server 2003, you can run either in IIS 5.0 Isolation Mode or Worker Process Isolation Mode, but not both simultaneously on the same server. IIS 6.0 can be managed via the following four methods:

  • The IIS Manager MMC

  • Administration scripting

  • Manually editing the configuration file

  • The Remote Administration website

IIS Metabase

The IIS Metabase is used to store most configuration information for IIS. The Metabase can be backed up using the IIS Manager MMC. The backup is stored in the %systemroot%\system32\inetsrv\ folder. By default, IIS will keep the last 10 Metabase backups; these previous backups are stored in the %systemroot%\system32\inetsrv\history folder. To restore the IIS Metabase, select Backup, Restore Configuration from the IIS Manager MMC. The backups will be displayed by filename as well as by the date and time they were backed up. The metabase is now an XML file, which makes it easier to edit.

Virtual Servers

When you're hosting multiple websites on a single server, each website must have a unique identity. This is accomplished by using the following identifiers:

  • Unique IP address Commonly used for websites accessed over the Internet. Required when Secure Sockets Layer (SSL) is being used.

  • Host header name Commonly used over both the Internet and intranets.

  • TCP port number Rarely used on production web servers.

When using multiple IP addresses to identify the websites on your server, you can either install multiple network interface cards (NICs), each with a unique IP address, or just assign multiple IP addresses to a single NIC.

Authentication Mechanisms

Authenticated access is used to integrate the web server with Windows security. The user is required to present a user ID and password to access website resources. These user IDs and passwords are stored either as local accounts on the web server or in the Active Directory domain database. When anonymous access is disabled, all users who attempt to access the website will be prompted for a user ID and password. Authentication is also required when the website resources are protected via NTFS permissions.

Four types of authenticated access are available:

  • Integrated Windows authentication If the web server and the client are members of trusted domains, the browser will pass the user ID and password to the web server automatically and the user will not be prompted for a password. This method does not work through some firewalls but is fine for intranets. The password is transmitted as a hash value.

  • Digest authentication This method is supported only if the client is using Internet Explorer 5 or later, in an Active Directory domain, and the password must be stored in clear text. However, this method will work through most firewalls. The password is transmitted as an MD5 hash value.

  • Basic authentication This is the least-secure method because it transmits the password as clear text. However, it is supported by just about any browser available. Basic authentication is usually used in combination with SSL so that the passwords are encrypted.

  • .NET Passport authentication This is a new feature in Windows Server 2003. This method uses the Passport authentication system that Microsoft is marketing to e-commerce websites. It allows a user to create a single sign-on that is honored across various Passport-enabled sites. Authentication is performed by a central Passport authentication server. When Passport authentication is selected, a default domain must be specified.

Windows Server Update Services (WSUS)

Windows Server Update Services (WSUS) can be installed on an internal Windows 2000 with SP4 or Windows Server 2003 server that can download all critical updates as they are posted to Windows Update. Administrators can also receive email notification when new critical updates have been posted.

The client computers and servers can be configured through Group Policy or the Registry to contact the internal WSUS server for updates, instead of going out over the Internet to the Microsoft servers. The WSUS clients can be configured to point to a specific SUS server. This way, in a WAN environment, they will always receive updates from the server that is closest to them. The client is configured to often check its local WSUS server for updates. Older versions of the Automatic Update client do not support WSUS. The supported versions of the Automatic Update client are included with the following:

  • Windows XP Service Pack 1 or later

  • Windows 2000 Service Pack 3 or later

  • All versions of Windows Server 2003



Previous page
Table of content
Next page
MCSA. MCSE 70-290 Exam Prep. Managing and Maintaining a MicrosoftR Windows ServerT 2003 Environment
MCSA/MCSE 70-290 Exam Prep: Managing and Maintaining a Microsoft Windows Server 2003 Environment (2nd Edition)
ISBN: 0789736489
EAN: 2147483647
Year: 2006
Pages: 219
Authors: Lee Scales
BUY ON AMAZON
Certified Ethical Hacker Exam Prep
101 Microsoft Visual Basic .NET Applications
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Junos Cookbook (Cookbooks (OReilly))
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy