Windows Server: Proactive Windows Server Maintenance
You can simplify server maintenance with any of these tools and techniques that help you take a proactive approach.
Joshua Hoffman
All too often, server maintenance is an afterthought. It ends up being the steps we take in the wake of a disaster or as part of a reactive troubleshooting effort. By considering maintenance tools and techniques through a proactive lens, however, you can address potential issues before they become problems. You have considerable opportunities to save time, money and, most importantly, headaches.
A variety of tools and a plethora of guidance exist to help you perform proactive maintenance on your Windows servers. Here’s a look at some of the free utilities and best practices to help minimize downtime, enhance performance and prevent problems before they occur.
Best Practices Analyzer
The collective experience of industry luminaries, colleagues and peers is one of the most valuable resources in the IT world. How can you capture that broad array of wisdom and experience and put it to use in a practical way? The answer lies in the Best Practices Analyzer (BPA), a server management tool built into Windows Server 2008 R2.
The BPA gives you an on-demand assessment of your server’s configuration against a collection of best practices that define ideal configurations and thresholds in a variety of categories (see Figure 1).
| Category Name | Description |
| Security | Security rules measure a role’s relative risk for exposure to threats such as unauthorized or malicious users, or loss or theft of confidential or proprietary data. |
| Performance | Performance rules measure a role’s ability to process requests and perform its prescribed duties in the enterprise, within expected periods of time given the role’s workload. |
| Configuration | Configuration rules identify role settings that might require modification for optimal performance. Configuration rules can help prevent setting conflicts that result in error messages or prevent the role from performing its prescribed duties in an enterprise. |
| Policy | Policy rules identify Group Policy or Windows Registry settings that might require modification for the role to operate optimally and securely. |
| Operation | Operation rules identify possible failures of a role to perform its prescribed tasks in the enterprise. |
| Pre-Deployment | Pre-deployment rules applied before an installed role is deployed in the enterprise allow administrators to evaluate whether best practices were satisfied before they use the role in production. |
| Post-Deployment | Post-deployment rules applied after all required services have started for a role—and the role is running in the enterprise—ensure proper configuration. |
| BPA Prerequisites | BPA Prerequisite rules explain configuration settings, policy settings and features required for the role before BPA can apply specific rules from other categories. A prerequisite in scan results indicates that an incorrect setting, a missing role, role service, feature, incorrectly enabled or disabled policy, a registry key setting or other configuration has prevented BPA from applying one or more rules during a scan. A prerequisite result doesn’t imply compliance or noncompliance. It means that a rule couldn’t be applied, and therefore is not part of the scan results. |
Figure 1 Rule categories in the Best Practices Analyzer
The BPA is integrated directly into the Summary section of the Roles screen in Server Manager, which you can find in the Windows Server 2008 R2 Administrative Tools. The BPA will analyze the server’s current configuration based on installed Roles and Role Services. It will then return a report identifying any areas in which the server’s configuration is noncompliant with known best practices, and providing guidance for correcting the situation.
To simplify the process of regular BPA scans and analysis, you can also run it using Windows PowerShell cmdlets. You can execute scans from the command line, include multiple servers in the scan, schedule remote scans and so on. For more information on using Windows PowerShell to conduct BPA scans, see Running and Filtering Scans in Best Practices Analyzer.
Performance Monitoring and Tuning
Tracking server performance and reliability can be one of the more challenging maintenance tasks you’ll face. The amount of variables required to thoroughly track servers continues to increase. Fortunately, Windows Server 2008 R2 includes a number of enhancements to its performance and reliability monitoring. The most notable is arguably the Windows Resource Monitor (see Figure 2).
The Windows Resource Monitor lets you track resource utilization on your server, including active processes (along with their processor, memory and disk utilization). Besides monitoring resource usage in real time, Windows Resource Monitor can also help you analyze unresponsive processes, identify which applications are using files and control processes and services.
.jpg "Figure 2 The Windows Resource Monitor")
Figure 2 The Windows Resource Monitor
Windows Resource Monitor can help you keep better track of resource statistics, but what should you do with that information? How do you know when your servers are performing at their optimal range? Once again, the collective wisdom of Windows Server experts proves to be a valuable asset.
The white paper, “Performance Tuning Guidelines for Windows Server 2008 R2,” provides comprehensive guidance for tuning all aspects of a Windows Server installation—including hardware, file services, Web services, Active Directory, virtualization services and so on. This guide can help you identify areas where your server may not be performing optimally, and make recommendations for how to remedy your configuration for ideal results.
Monitoring Events
The Windows Event Logs generate a treasure trove of information about your servers, but that volume of information can be overwhelming. Two features in Windows Server 2008 R2 help you manage the flood of data.
Event triggers let you automate task execution. The task might display a message, run a program or even send an e-mail. You can specify the Event IDs you wish to track, a schedule to restrict when the action is taken, the To and From addresses, the subject line if you’re sending an e-mail and so on.
To create an Event trigger, open Event Viewer, browse to the log that contains the event you’d like to track, right-click on the log and select “Attach Task to This Event.” The “Create Basic Task Wizard” will walk you through the steps of configuring your alert.
You can also configure Custom Views in the Event Viewer. Custom Views let you filter the content of the Event Viewer to display only selected information. This might include only specific Event IDs, task categories, processes, and so on.
This approach helps you reduce the “noise” of events related to processes or services for which you’re not responsible. For example, as the Exchange administrator, you might create a Custom View to display only events related to Exchange. This makes it easier to focus on the most important events.
Active Directory Recycle Bin
Simple human error is a common cause of downtime. One of the more challenging mistakes to recover from is accidentally deleting an Active Directory object. In Windows Server 2008 R2, there’s a proactive step you can take to ensure easy recovery.
Windows Server 2008 R2 introduces the Active Directory Recycle Bin, which helps you preserve and restore accidentally deleted Active Directory objects. You don’t have to restore Active Directory data from backups, restart Active Directory Domain Services (AD DS) or reboot domain controllers.
The Active Directory Recycle Bin preserves all link-valued and non-link-valued attributes of the deleted Active Directory objects. The objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion.
Be aware, though, that the Active Directory Recycle Bin in Windows Server 2008 R2 is disabled by default. To enable it, you must first raise the forest functional level of your AD DS or Active Directory Lightweight Directory Services (AD LDS) environment to Windows Server 2008 R2.
This requires all your forest domain controllers or all servers hosting instances of AD LDS configuration sets to run Windows Server 2008 R2. After you set the forest functional level of your environment to Windows Server 2008 R2, you can use the instructions in the Active Directory Recycle Bin Step-By-Step Guide to enable the Active Directory Recycle Bin.
Server Core
One of the most effective ways to prevent issues before they occur is to reduce the “surface area” upon which problems might occur. The Server Core option in Windows Server 2008 R2 provides a minimal environment for running specific server roles. This reduces the maintenance and management requirements, and reduces the potential attack surface for those server roles.
Server Core is ideal in environments that require specific functionality, such as AD DS, File Services or Hyper-V. In these instances, like branch offices, a complete installation may not be necessary. By limiting the installed components on the server, you reduce the amount of maintenance and oversight required for that server. This saves time and money in managing your infrastructure.
A Server Core installation doesn’t include a traditional GUI. You manage it entirely from the command line. To help with common server-management tasks, however, Server Core installations of Windows Server 2008 R2 include a utility called SConfig (see Figure 3). SConfig can help you join a domain or workgroup, rename a computer, configure remote management, download and install updates, and more. To access SConfig, simply execute SConfig.cmd from a Server Core command prompt.
For more information on deploying Server Core installations, see the Server Core Installation Getting Started Guide.
.jpg "Figure 3 SConfig running on Server Core")
Figure 3 SConfig running on Server Core
System Center
While these Windows Server maintenance tools are built-in or freely available, there are also valuable tools available for a relatively low cost. The System Centersuite of products provides a more comprehensive approach to proactive operations and maintenance.
System Center Essentials (SCE) can help you manage up to 50 Windows Server devices. SCE provides real-time operational data, a unified management console, simplified update and application deployment, and more.
For larger organizations, System Center Operations Manager is an even more powerful platform for collecting infrastructure state, health and performance data. It also has tools for proactive maintenance and troubleshooting.
Windows Server maintenance need not be a reactive task performed in the wake of a difficult situation. A proactive approach to server maintenance that leverages the tools and guidance we’ve discussed in this article can go a long way to helping you save both time and money. You can avoid difficult situations before they occur.
Thanks to Justin Graham and Joey Snow of the Windows Server product team for their assistance with this article.
.jpg "Joshua Hoffman")
Joshua Hoffman* is the former editor in chief of TechNet Magazine. He’s now an independent author and consultant, advising clients on technology and audience-oriented marketing. Hoffman also serves as editor in chief of ResearchAccess.com, a site devoted to growing and enriching the market research community. He lives in New York City.*