Whichever way you choose to use this book, you will probably first want to familiarize yourself with the contents, so here's a brief synopsis of each chapter and what you'll find:
Think of this chapter as the removable top drawer of your toolbox?usually cluttered, but containing your favorite, indispensable tools. The topics in this chapter include ways of hacking the Run As command, collecting event log information, running commands, extending your environment, shutting down processes, renaming mapped drives, and more. You'll also learn how to disable file encryption if you don't need or want it, collect configuration settings from remote machines, use automatic logon where it's safe to do so, and make it easier for users to access Remote Assistance when they need to. We'll also list some of our favorite third-party tools and a terrific online resource for Microsoft management technologies.
Most of the time, when you're administering Active Directory, you'll find the GUI tools are easy to use but ill suited for complex or repetitive tasks. That's where scripts come in, and this chapter includes scripts that leverage ADSI and WMI to make your life easier. These scripts can be used to perform tasks such as searching for old computer accounts, creating organizational units (OUs), delegating authority over OUs, and displaying information about objects stored in Active Directory.
A large part of day-to-day administration of an Active Directory environment is managing users and their accounts. The usual way of doing this is by using the GUI, but when it comes to organizations with hundreds or even thousands of users, this approach can be frustrating. This chapter is mostly about alternatives?ways of doing things faster using scripts. You'll find scripts for displaying information about users, finding specific users on your network, changing user passwords, unlocking user accounts, getting a list of disabled accounts, displaying which groups a user belongs to, and more. If you're familiar with VBScript, you can also customize these scripts further to meet the specific needs of your own networking environment.
Under the hood of Windows are the core networking services and components that enable systems to communicate across a network. These components include services such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), Windows Internet Name Service (WINS), and other services that run on top of TCP/IP. Configuring these services can be complex, and it can be hard to pinpoint the problem when things go wrong. This chapter is about managing such services and other networking components. You'll learn how to use a script to manage services on remote computers, how to ensure DHCP server availability so your clients can communicate, how DNS aging and scavenging work and can be configured, how to troubleshoot common DNS problems when Active Directory is deployed, how to perform complicated network configuration tasks using scripts and from the command line, and several other important tasks.
File and print is the traditional bread and butter of networking, and while it's gradually being overtaken by more advanced document-management solutions, not many companies are planning on retiring their file servers anytime soon. Managing shared folders and printers also makes up a major component of an administrator's daily routine, and a high proportion of calls to help desk as well. So it's worth examining some new ways of doing old tasks, such as mapping drives or configuring default printers, as well as some ways to perform tasks that are not easy using standard Windows tools, including mapping the structure of a directory or determining who has a certain file open on the network. That's what this chapter is about?doing old tasks in new ways and making complex tasks simple.
Internet Information Services (IIS) is one of the more popular features of Windows server platforms. Whether you're running IIS 5 (Windows 2000 Server) or IIS 6 (Windows Server 2003), the ability to hack the metabase (the place where IIS stores its configuration settings) lets you do things that are impossible to do using the standard GUI tool for managing IIS?namely, Internet Services Manager. Before you start hacking the metabase, however, you better be sure you've backed it up properly and know your way around inside it. Several hacks in this chapter deal with these topics, including how to restore the metabase when you have no working backup. Also included are tips on hiding the metabase from attackers to make it more secure, managing different aspects of IIS by using scripts, and allowing other HTTP services, such as the Apache web server, to run on Windows and coexist with IIS.
Administering Windows-based networks begins with deployment, and the focus of this chapter is on how to manage the installation (and uninstallation) of Windows 2000/XP/2003 and its individual components. In particular, the first several articles deal with Remote Installation Services (RIS) and Sysprep, two powerful but complex tools for installing Windows images on large numbers of machines. Other articles deal with removing unneeded components manually from the command line and during unattended setup, and creating a network boot disk for unattended installation of Windows. These tips and tools are designed to make the job of deploying Windows easier, so you can get on with the day-to-day job of configuring, maintaining, and troubleshooting systems on your network.
Probably no aspect of the system administrator's job is more important these days than security, and this is especially so with systems running Windows. The ever-increasing threats of viruses, worms, Trojans, and other exploits means administrators have to spend time and energy learning how to protect their company's networks against the wiles of malicious hackers on the Internet. This chapter looks at some of the ways you can protect your network from these threats. It includes coverage of best practices in virus protection, protecting Administrator accounts, securing backups, protecting domain controllers, and finding machines with automatic logon enabled. A security FAQ and a review of security tools you can download from Microsoft's web site round out this chapter and help you build an arsenal of best practices and tools that can help keep your network secure.
Patch management is a way of life for system administrators nowadays. With the proliferation of Internet worms and other threats, new patches are being released for Windows platforms on an almost weekly basis. It takes time and energy to test these patches and deploy them on production systems, and occasionally something goes wrong and a patch designed to correct one problem actually creates another. The first key to effective patch management is proper business practices: test, deploy, and verify. The second key is proper tools; Windows platforms come with several built-in tools, while others can be obtained from Microsoft's web site and third-party vendors. The third key is knowledge?knowing how patch-management tools work and how to troubleshoot them when things go wrong. The hacks in this chapter touch on all three keys to effective patch management and help enlarge your understanding and skills in this crucial area of a system administrator's job description.
Finally, this chapter looks at the backup process and examines how to back up specific entities, such as your System State, certificate authority (CA) information, Encrypting File System (EFS) keys, and Distributed File System (DFS) namespace. We also look at how to back up something as simple as an individual file from the command line, to something as complicated as an entire system using the new Automated System Recover (ASR) feature of Windows Server 2003. Also included is a script that can be used to collect disaster recovery files and event logs from remote Windows 2000 servers. We also map out procedures you can try to recover a failed system, short of restoring everything from backup, navigating through a maze of options like Safe Mode, Emergency Repair, Last Known Good Configuration, and the Recovery Console. Finally, we mention a few services you can call on when your worst nightmare happens and you need to recover your business data from a failed disk that has no backup.