How can I use the best practice analyzer to test server roles?

Source: Internet
Author: User

Considering the complexity of the Windows Server 2008 R2 operating system, check whether one Server is properly installed or whether one or two steps are skipped during Server configuration. To address these concerns, a tool built in Windows Server 2008 R2 allows administrators to scan individual Server roles to determine whether they are configured according to Microsoft's best practices.

In Windows Server 2008 R2, Microsoft created a role-specific version of the Best Practices Analyzer, Best Practices Analyzer, and therefore integrated them into Server Manager. You can open the Server Manager to access a specific role and navigate to the console tree to the Server Manager/role you want to analyze ). When turned on, BPA is listed in role overview section 1 ).

 
: Dedicated role version

To test a role to ensure it complies with Microsoft's best practices, click the "scan this role" link, as shown in. The scan duration varies depending on the role you selected and the speed at which you connect to the Internet. However, in most cases, scanning should be completed within one minute. When the scan is completed, the scan results are displayed in the BPA frame.

 
: Scan results

The scan itself is based on a series of rules. Comparing the role configurations and various rules of the role to determine whether the server is compatible with each rule. For example, the displayed scan shows that the server is compatible with 32 rules, but not 9 other rules. The console displays compatibility and compatibility rules with different labels, making it easier to view.

The listed incompatibility rules have been broken down into a series of errors and warnings. As expected, the warning is not serious. For example, some warnings are generated in a scan that includes the following content:
• All domains should have at least two functional functioning for redundancy) domain controllers.
• Directory partition DC = Lab and DC = COM should be backed up within 6 days.
• All OU in this domain should be protected against accidental deletion.

The error message displayed during the scan implies that the PDC competitor manager Lab-DC.lab.com should be configured in the forest to correctly synchronize time from the valid time source.

If this is not a lab server, all the problems listed may become relatively serious. So what makes the error worse than the warning? The Kerberos protocol uses the timestamp during authentication. If the clock stops synchronization, the entire Active Directory may be suspended. This is why the time synchronization problem column is incorrect, not a warning.

Double-click the error to display the detailed information and solution ).

 
: Details and Solutions

Some incompatible rules may not be applied to the Administrator's environment.

In this case, you can select the rule and double-click the "exclude result" link to exclude the rule from the result list. This causes the error or warning to be removed from the incompatible tag and added to the exclusion tag. To add the result to an incompatible tag, enter the exclusion tag, select the error or warning, and click "include result.

It makes it easy to correct any role-specific configuration issues. However, it is not a one-time task to confirm the configuration problem. After the Administrator modifies any reported problems, he or she should periodically rescan each role as Microsoft keeps changing its recommended best practices.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.