Technically Speaking

Nowadays it is pretty common for most people to carry some type of cellular phone with them wherever they go.

Active Directory (AD) has been around since Windows 2000 and has changed the way that many administrators think about and actually manage domain environments. Microsoft has upped the ante again for the Windows Server 2008 version of AD. This tip will look at some of the newly reshaped services for Active Directory included with Windows Server 2008.

The 2008 release of AD has allowed Microsoft to configure more server side items to function as a part of the directory service. Active Directory for Windows Server 2008 includes the following services:

• Active Directory Certificate Services (AD CS) – provides functionality within AD to manage the issuing and revocation of certificates for users, client computers, and servers.
• Active Directory Domain Services (AD DS) – provides essential services for domain creation and data storage within the directory service. This service is the core of Active Directory and has been retooled for Windows Server 2008.
• Active Directory Federation Services (AD FS) – compliments domain services by allowing web clients to authenticate internally hosted web applications using the credentials authenticated by Active Directory. This will allow web applications to make use of Active Directory logons rather than requiring users to authenticate separately to access web services.
• Active Directory Lightweight Directory Services (AD LDS) – provides a data store for Active Directory enabled applications that do not require installation on a Domain Controller. AD LDS does not run as a service and will operate in both domain and workgroup environments. All applications that run on a server can make use of their own data store if necessary.
• Active Directory Rights Management Services (AD RMS) – allows data to be protected inside and outside of the enterprise. Email messages, internet content, and internal documents can be protected against unauthorized access. AD RMS uses a certificate to verify the user, computer, or service should be able to access the resource. When AD RMS trusts a resource, users can assign rights to information.

The newly integrated services have existed in previous versions of Windows as individual server components, however in Windows Server 2008 the functionalities have been Active Directory Integrated for simplified management and control.

Now that Windows Server 2008 has been released and I have had a chance or two to dig into some of the new Server OS I will be posting here as I learn more about the new platform and feel confident that information I learn will be of use to someone.

I have a few posts scheduled for release this week and the Windows 2008 items among them will be posted hopefully with a good deal more to follow.

But enough with the administrative babble let’s get back to regularly scheduled content.

In Windows Server 2003 R2 you can centralize the storage of user data so that information stored by a user within your environment is stored on the network rather than on each of their desktops. This will allow the data to be backed up during normal disaster recovery planning and backup operations and keep everything in a central location in case the user needs to change PCs.

This tip will look at the basics for redirecting folders in Windows Server 2003 R2.

To configure folder redirection throughout your environment in Windows Server 2003 R2, you can use a group policy object.

Note: Before configuring a Group Policy Object to manage Folder Redirection, you will need to create a share on the server that will hold the redirected folders.

1. Open the Active Directory Users and Computers Management Console and select the Domain or Organizational Unit (OU) for which you want to configure Folder Redirection.
2. Right click the domain or OU object and select properties from the context menu
3. Then select the Group Policy tab and choose edit to open the group policy object editor
4. Expand User Configuration and then expand Windows Settings
5. Finally expand Folder Redirection

Here you will see the following choices for user folder redirection:

· Application Data –

· Desktop –

· My Documents –

· Start Menu –

The redirection for each of these user folders can be configured separately, allowing you to redirect only the My Documents folder for the Accounting OU and the Start Menu for the IT OU.

1. Right click the folder you want to redirect and select properties

This will display the Properties Dialog for the selected folder providing options for the redirection.

1. Select the Basic – Redirect Everyone’s Folder to the same location option in the Setting dropdown list
2. Select the settings for the target folder location from the following choices:

· Redirect to The User’s Home Folder – using this option will place the contents of the My Documents folder within the Home Folder configured in the users account settings. This option only applies to My Documents.

· Create a Folder for Each User under the Root Path – using this option will create a folder for each affected user under the root path (also specified in this dialog). A common setting, this can help keep all of the user’s redirected folder data in the same location. This setting is not available for the Start Menu folder.

· Redirect to the following location – this will allow all of the redirected user folders to exist in the same location, adding %UserName% to the path can also create individual folders for each user, similar to the second option above. If a user specific environment variable such as %UserName% is not included, all of the redirected content will be moved to the same folder.

· Redirect to the local user profile location – using this setting will redirect the folder content to the location of the local user profile. This is the default setting.

Once the target settings are selected you will need to specify a root share for the data redirection. You will enter the Root Path in the format of \\Servername\sharename . This path should point to the share you configured earlier.

If you select the advanced setting for this folder in the setting dropdown you would also be able to specify settings independently for groups of users. For example, you can redirect the My Documents folder for Domain Admins to a different location than the My Documents folder for the Accounting group. This target location may be configured so that permissions prevent other users from seeing or accessing the contents. The other settings remain the same.

Using folder redirection takes only a few minutes to configure and can help keep user data in your environment in a centrally managed location instead of scattered across desktop computers.

Monitoring resources on your system is not limited to functions available in the previously mentioned Performance Monitor. Using this method will provide you with a plethora of information about your system and should not be ignored, but here I want to focus on disks.

Windows Server 2003 includes another tool in the Computer Management Console for working with Disks that are connected to the system. This snap-in is called Disk Management and aides in changing drive letters, managing partitions, viewing free space and other things.

The Disk Management snap-in can perform the following tasks from a central view:

· Display a listing all of the drives connected to the system

· Displaying used/free space and drive size in text and GUI format

· Display the status of each drive

· Display the Disk type and File System of each drive

· Assist with changing drive letters for connected drives

· Change disk type from Basic to Dynamic

· Delete, Manage, Create partitions

To use the Disk Management snap-in open the Computer Management Console by right clicking My Computer from the Windows Server 2003 Start Menu and selecting Manage.

From here, select the Disk Management snap-in from the left pane of the console, this will display it in the right pane with a list of detected drives in the top portion and a graphical representation of the free space for each in the lower portion of the right pane.

The following information is presented in the initial view:

• Volume – Displays the name of the drive and drive letter if assigned
• Layout – Displays the current layout used on the disk, the selected logical drive may be a simple volume, a partition, a mirror, or other configuration
• Type – Displays the type of each disk, basic or dynamic
• File System – Displays the file system each disk has been formatted with
• Status – Displays the current status of the disk and the partitions the disk contains (system, boot, etc)
• Capacity – Displays the total amount of space on the disk
• Free Space – Displays the amount of space that is free on the disk
• % free – Displays the percentage of the space on the disk that is free
• Fault Tolerance – Displays if the disk is configured for fault tolerance

These options are displayed in the lower portion of the console’s right pane in a graphical format.

What other things can Disk Management do?

Showing information about connected disks is a good starting point, but the Disk Management Snap-in can perform other functions as well. For example, you can change the drive letter of any of the connected disks from this snap-in.

To do so, simply right click the drive (in the list or the GUI) that you wish to change and select Change Drive Letter or Path. This will produce a dialog listing the drive you selected and the following action buttons:

• Add – this allows you to select additional drive letters that will reference this drive
• Change – this allows you to select a different drive letter or path for the selected drive
• Remove – this allows you to remove access to a drive via an existing drive mapping

Select the drive letter you wish to change and click the change button. A dialog will appear allowing you to always mount the drive with a letter or to mount the drive as an empty folder.

The currently used drive letter will be selected in the drop down list. Simply select a new letter (or enter a path for the folder mount point) and click OK all the way out to the Computer Management Console.

One of the reasons this can be handy is because Windows doesn’t always follow the next lowest drive letter available policy. If you have a network drive mapped to a certain letter, and attach a USB drive, the USB drive will take the next lowest available letter on the local system, which may be mapped to a network resource. The mapped drive is not updated or changed to reflect this, so the USB device may need to be reassigned to a different letter.

You can also use the snap-in to handle partitions. Creating a partition is as simple as right clicking the free space in the GUI representation for a drive and selecting the action you want to perform on the drive.

New Partition – starts the new partition wizard to create a new partition in available space

New Logical Drive – starts the partition wizard to create a new mountable drive on a partition

Once the partition wizard starts click next on the welcome screen and complete the following steps to create a new primary partition:

1. Select the type of partition you wish to create, for this example, choose primary and click next
2. Enter the size of the partition in MB, click next to continue
3. Choose to assign a drive letter manually, automatically enumerate the drive letter, or do not assign a letter and click next
4. Select the file system to use in formatting the new partition, NTFS, FAT, or FAT32, or do not format the partition. You can also assign a volume label to the partition here if desired and choose between a quick format and full format, after your selections are made, click next.
5. Review your selections and click finish to create the partition.

Note: While in the new partition wizard you can also choose to create an extended partition or a logical drive, the creation steps are the same for an extended partition and begin with drive letter selection and formatting for a logical drive.

You can also mark partitions as active from the Disk Management Snap-in by right clicking an item in the list that does not have an active status and selecting Mark partition active. This will allow the BIOS of the system to see this as a valid system partition and is only valid on partitions.

Hopefully this look at the Disk Management snap-in has pointed out some of the usefulness of this tool, managing Windows Server 2003 system disks can be quite a challenge, but this tool can provide a great deal of help.

Note: This snap-in is available on all Windows 2000 and later Operating Systems.

Windows Server 2003 brings forward many of the features first introduced in Windows 2000 one of those applications is the Removable Storage snap-in available in the Computer Management Console.

This tip will look at this snap-in and how it can make maintaining a Windows Server 2003 system a little easier.

The snap-in can be accessed by right clicking My Computer (on the Windows Server 2003 Start Menu) and selecting Manage. This will start the Computer Management Console. In the left pane you will find both the Removable Storage Object. Selecting it with a single left click will put its contents in the larger right pane of the console.

Removable Storage

The removable storage snap-in allows administrators to manage tape backup libraries and media sets within Windows Server 2003, the snap-in also contains CD-Rom drives. The categories of devices listed within the removable storage snap-in are as follows:

• Media – displays a listing of all of the media used with the system
• Media Pools – displays a listing of the available media pools, which when expanded show the media assigned to each pool
• Libraries – displays a listing of libraries available for use by the system; also allows access to libraries and their media
• Work Queue – displays the status of current operations in process on the Windows Server 2003 system
• Operator Requests – displays a listing of the requests submitted via the removable storage snap-in and other applications

A media pool is a collection of media units that can be managed together. The existing media pools available in Windows Server 2003 are:

· Unrecognized – This pool contains media that removable storage does not recognize or that has not been written to as of yet.

· Free – Media contained in this media pool are available for use and do not contain data

· Import – Media contained in this pool has been used before by removable storage, perhaps with another server

· Application – User created media pools associated with and managed by specific applications, for example Windows Backup

Automated and non-automated libraries require different techniques to mount and begin using media. When using a non-automated library, you will insert a tape manually, if removable storage recognizes the media it will mount it and place it in the correct media pool. If the media is not mounted you can mount it by right clicking on the media within the media group in Removable Storage and select Mount.

Disabling media and devices

Within Removable Storage you can disable both individual tapes and tape drives. You might disable a specific tape to prevent use temporarily or to remove bad tapes from rotation.

To disable a piece of media, complete the following steps:

1. Double click the libraries object in the left pane of the Computer Management Console under Removable Storage
2. Expand the correct library and drive by double clicking first the library object and then the drive object beneath it
3. Right click the media you wish to disable (or enable) and select properties
4. On the general tab of the Properties dialog for the media, clear the enable media checkbox to disable the media (check the box to enable this media).

Disabling a drive follows a similar process detailed below:

1. Double click the libraries object in the left pane of the Computer Management Console under Removable Storage
2. Expand the correct library by double clicking the library object
3. Right click the device within the library that you wish to disable
4. Select properties
5. On the general tab of the Properties dialog for the drive, clear the enable drive check box to disable the drive (check the box to enable this drive).

As you can see the Removable Storage snap-in allows simple maintenance of removable media for backup and other uses within Windows Server 2003. In future tips I will explore each aspect of the snap-in in greater detail.

Occasionally file system fragmentation can cause the system administrator tons of frustration. Slow running systems, non functioning applications or processes, and a host of other issues.

Windows Server 2003 includes the Windows Disk Defragmenter to help combat these fragmentation problems. The GUI version of this utility is included in the Computer Management Console and will be the focus of this tip.

Previous mention: In a tip at TechRepublic, I looked at the disk defragmenter as a scheduled task. http://blogs.techrepublic.com.com/datacenter/?p=169

Note: Before beginning with the Disk Defragmentation utility, make sure to disable the screen saver on the Windows Server 2003 system. A running screensaver can cause the Windows Defrag utility to stop when the screensaver activates and restart when it turns off.

What is defragmentation?

When Windows computers are used the day to day use of files on the system can cause files to be spread out across disks, known as fragmentation. Stated simply, this is the noncontiguous placement of files on a disk. Using the Defragmentation utility Windows can reorganize files to put like files together on disk and free space near the end.

This will reduce disk movement and overall wear and tear on the hard disk.

Other Utilities

I will take this opportunity to mention that there are commercially available utilities that will also defragment your system(s). These can be helpful in constantly preventing defragmentation, or providing central administration for the process, which is not available with the utility shipped with Windows. In most cases, a commercial utility is not necessary to accomplish the task of defragmentation.

So where do I start?

To get started with the Windows Disk Defragmenter, open the Computer Management Console on your Windows Server 2003 system by right clicking My Computer on the Start Menu and selecting Manage from the context menu.

Within this console, you can select Disk Defragmenter from the left pane. This will load the snap-in into the console’s right pane.

From there you can select the disk to defragment, provided the Windows Server 2003 you are working on has multiple disks.

To defragment your system, complete the following steps:

1. Highlight the drive letter you wish to defragment

2. Click the Defragment button to begin analysis and defragmentation of the selected drive

Note: When you select Defragment, Windows will first analyze the drive to see if it needs to run a defragmentation, and then proceed with defragmenting the drive. If you select the Analyze button, Windows will check for the need to defragment the drive and display its findings.

How do I know if defragging is needed?

The best way to know if your system needs to defrag is to run an analysis of your computer and let Windows tell you one is needed. More practically, you might notice things are very slow, read/write becomes slow all the time, and some applications will be painfully slow or fail to open at all.

It is unlikely that fragmentation will pop up frequently, but proactive measures can certainly keep things moving in the right direction. It is a good idea to include fragmentation analysis in your monthly routine, that way you are likely to catch the problem before it becomes serious.

In a post at http://www.techrepublic.com I previously provided an overview of the Performance Logs and Alerts Snap-in within Windows Server 2003. The goal here is to look at the Performance Logs exclusively and create logs for counters and traces.

What is the difference which method I use?

The system monitor is a live look at counter activity. It is active until you close it, once closed it will need counters added again.

Performance logs work a little differently, recording events to log files or databases for later review. This will allow you to configure a log and review it on a weekly basis.

Logging types

Performance logs differ from the system monitor in another way as well. They can be configured to work with counters (covered in another tip) which will show specific continual data about a system object, but they can also be created for traces.

Traces are instances of an event that happens to an object. For example, if you wanted to create a trace log to monitor processor activity, as activity occurred it would be recorded.

Another nice thing about trace logs is that they can be started and stopped; when a trace is stopped its settings are still saved.

Counters are snapshots of a given object at set points in time. A counter log will work nicely, however if no activity happens when the object is sampled, there will be very little recorded.

Creating performance counter logs

To create a performance log for counters monitoring, for example, the CPU complete the following steps:

1. Expand the performance Logs and Alerts section in the Computer Management Console
2. Right Click the Counter Logs object
3. Choose New Log Settings
4. Enter a name for your log
5. Click OK
6. Select the Local PC for monitoring at the top of the add counters dialog
7. Choose the performance object you wish to monitor, in this case processor

Note: You will need to choose to add all counters for the Processor object or to add only select counters.

1. Choose Select counters from a list
2. Choose the counters that you wish to use by highlighting each counter and clicking add, for this example choose the % Processor Time counter

If the counter you have added has multiple instances you will need to decide if you want to use all instances of the counter or to use selected instances.

1. Choose to use selected instances
2. Highlight the Total instance
3. Click close to close the Add counter dialog and add the counter to the log
4. Specify a sample interval for the counter in the text box labeled Sample Data Every…

The sample interval specifies how often a sample for this log will be taken.

1. Click the Log files tab to specify the details for log file output
   1. Specify the log file type
   2. Choose a number to end log file names with (if desired)
   3. Specify the starting number for number appended to the end of file names
   4. Add comments to the log file if needed
   5. Check the Overwrite existing file if you would like to overwrite old data with ne
2. Click the configure button after choosing a log type to specify output file location. If you select the output to be stored in a SQL database you will need to supply connection and table information for the output.
3. Create a schedule for the log using the schedule tab

On the schedule tab you can choose to start and stop the log at a given time or manually using the shortcut menu. For reviewing purposes you might choose to set a start and stop time for the log to make things a bit easier.

1. Click OK to close and save the log

Creating performance trace logs

Creating trace logs for events is very similar to creating logs for counters. A trace log can be created by completing the following steps:

1. In the left pane of the Computer Management Console, with Performance Logs and Alerts expanded, right click Trace logs and choose New Log Settings
2. Enter a name for the trace file and click OK

Doing this will open a dialog box allowing you to configure the settings for your new trace

1. Select the Events Logged by System Provider option button
2. Select the checkboxes for the properties you wish to log

If you want to monitor other non-system provided objects, select the Non-system Providers option button and click Add to add new providers that can be traced.

1. In the Run As box, enter the username of the account you want to run this log
2. Click the Set Password button to specify a password for the account
3. Click the log files tab to specify output options.

Note: These options are the same as the log file options discussed above with two exceptions:

Sequential trace file – writes entries in the log file sequentially up to the maximum file size, if specified

Circular trace file – Overwrites old data with new data when the file reaches a specified size limit

1. Click the Schedule tab to specify a start and stop time for the trace, or to start and stop it manually
2. Click OK to save and close the trace

Counter and Trace logs can be very helpful in monitoring your Windows Server 2003 systems at consistent intervals. When used with the System Monitor these logs can aide in finding long term system issues and determining if they have been happening consistently.