Jump to content
  • entries
    47
  • comments
    3
  • views
    26207

Windows Server Solutions BPA Updated September 2011


Ioannis Zontos

1011 views

 Share

Το νέο update για το WSSG BPA(windows server solution Best practice ) που δημοσιεύτηκε τον Σεπτέμβριο έχει προσθέσει αρκετά νέα rules για ελέγχους στο δίκτυο μας.Αναλυτικά ο συνολικός αριθμός ελέγχον ανά έκδοση server είναι

Small Business Server 2011 Standard Edition 102

Small Business Server 2011 Essentials 78

Windows Storage Server 2008 R2 Essentials 30

Windows MultiPoint Server 2011 5

Ο BPA μπορεί να ειδοποιεί από διαφορετικά σημεία όταν υπάρχει διαθέσιμο update

Τον BPA μπορούμε να τον <<δέσουμε>> με την κονσόλα του SBS2011 που θα μας δίνει ένα critical alert μέχρι να εγκαταστήσουμε την ενημέρωση

clip_image002

Επίσης μας ειδοποιεί για νέο update όταν τρέχουμε τον ίδιο τον BPA

An update for the Windows Server Solutions BPA is available” η ειδοποίηση θα υπάρχει μέχρι να εγκαταστήσουμε το νέο update για τον BPA

clip_image004

Τα νέα rules και οι έλεγχοι που έχουν προστεθεί ανά έκδοση server είναι αναλυτικά τα εξής

Small Business Server 2011 Standard Edition

  • CACertNameCheck9Section - The name of your certification authority contains one or more periods, or includes either the word "remote" or "mail."
  • CheckOrigName9Section - The value set for the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL
  • CheckOrigName10Section - The value set for the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL
  • ExchangeSPSection - The server is running the original release of Exchange Server 2010. However, Exchange Server 2010 Service Pack 1 (SP1) is now available.
  • JournalEventExist9Section - The server is in a journal wrap condition.
  • RPCExtAuthSection - Exchange Server 2010 is not set to use the default method for external authentication
  • RPCIntAuthSection - Exchange Server 2010 is not set to use the default method for internal authentication.
  • OSRTMSection - This server is running the original release of Windows Server 2008 R2. However, Service Pack 1 for Windows Server 2008 R2 is available.
  • SMTPInstalledSection - The Simple Mail Transfer Protocol (SMTP) service is installed.
  • EmptyServersContainerSection - One or more Servers containers in your Exchange organization are empty.
  • AcceptedDomainSection - The name of the default accepted domain contains one or more spaces.
  • SharepointAppPoolIdentitySection - The SBS SharePoint AppPool application pool is not running with the default account.
  • SharepointAppPoolFrameworkSection - The SBS SharePoint AppPool application pool is not running with the default .NET Framework version.
  • SharepointAppPoolPipelineSection - The SBS SharePoint AppPool application pool is not running with the default Managed Pipeline Mode.
  • SharepointAppPoolBitnessSection - The SBS SharePoint AppPool application pool is not running with the default Bitness level.
  • RWAAppPoolBitnessSection - The SBS Web Workplace AppPool application pool is not running with the default Bitness level
  • RWAAppPoolPipelineSection - The SBS Web Workplace AppPool application pool is not running with the default Managed Pipeline Mode
  • RWAAppPoolFrameworkSection - The SBS Web Workplace AppPool application pool is not running with the default .NET Framework version.
  • RWAAppPoolIdentitySection - The SBS Web Workplace AppPool application pool is not running with the default account.
  • WebGardensSection - The number of Maximum Worker Processes for the DefaultAppPool Application Pool is not set to the default value of 1.
  • WarningDiskSpaceVeryLowSection - One or more volumes has less than 20% of free space available.
  • SysvolSection - The Sysvol share does not exist
  • RDPPortSection - The PortNumber registry key for the Terminal Server port has been changed.
  • SysvolRdySection - The value of the SysvolReady registry key is not equal to 1. This indicates that there is a problem with the domain.
  • PingDCFailsSection - This server cannot ping one or more domain controllers.
  • OldRootVerSection - The value of the RootVer registry key for .NET Framework may be incorrect.
  • NotSchemaMasterSection - This server running Windows SBS is not the Schema Master.
  • NotSBSDNSSection - The DNS client is not configured to point only to the internal IP address of the server.
  • NotRIDMasterSection - This server running Windows SBS is not the RID Master.
  • NotPreWin2Section - The Authenticated Users group is not a member of the Pre-Windows 2000 Compatible Access group.
  • NotPDCMasterSection - This server running Windows SBS is not the Primary Domain Controller Master.
  • NotInfraMasterSection - This server running Windows SBS is not the Infrastructure Master.
  • NotDomMasterSection - This server running Windows SBS is not the Domain Naming Master.
  • NoNSRecs3Section - There are no DNS name server (NS) resource records for the delegated _msdcs forward lookup zone.
  • NoNSRecs2Section - There are no DNS name server (NS) resource records in the _msdcs zone for Windows SBS 2011 (for example: _msdcs.contoso.local).
  • NoNSRecsSection - There are no DNS name server (NS) resource records in the forward lookup zone for Windows SBS 2011.
  • NoDefaultDomainPolicySection - The Default Domain Policy group policy is missing.
  • MaxCacheTTLSection - The DNS parameter MaxCacheTTL is not set.
  • LeftSrcSvrinOUSection - The Source Server that is running Windows SBS still exists in Active Directory Users and Computers in the MyBusiness/Computers/SBSComputers organizational unit.
  • LeftSrcSvrSection - The source server that is running Windows SBS still exists in Active Directory Sites and Services in the Default-First-Site-Name.
  • IsSchemaMasterSection - This server running Windows SBS is the Schema Master.
  • IsRIDMasterSection - This server running Windows SBS is the Relative ID (RID) Master.
  • IsPDCMasterSection - This server running Windows SBS is the Primary Domain Controller Master.
  • IsInfraMasterSection - This server running Windows SBS is the Infrastructure Master.
  • IsDomMasterSection - This server running Windows SBS is the Domain Naming Master.
  • IEHardenUsersSection - Internet Explorer Enhanced Security Configuration (IE ESC) is currently not enabled for the Users group.
  • IEHardenAdminSection - Internet Explorer Enhanced Security Configuration (IE ESC) is currently not enabled for the Administrators group.
  • ForwardDNSAllowUpdatesMSDCSSection - You should configure the forward lookup zone for the _msdcs.* zone to allow only secure dynamic updates
  • ForwardDNSAllowUpdatesSection - You should configure the forward lookup zone to allow only secure dynamic updates.
  • EDNSEnabledSection - Some routers and firewall devices do not support EDNS. You should disable EDNS on this server. To disable EDNS, from a command prompt, type dnscmd /Config /EnableEdnsProbes 0, and then restart the DNS Server service.
  • DNSTimeOutsSection - The value of the DNS ForwardingTimeout registry key should not be the same as the value of the RecursionTimeout registry key.
  • DNSRegEnabledSection - The internal network adapter is not configured to register its IP address in DNS.
  • DNSAforInternalSection - The host (A) resource record points to an incorrect IP address.
  • CheckFirewallSection - Windows Firewall is turned on in the default installation of Windows Small Business Server.
  • CheckAdminSection - The built-in Administrators group does not have the right to log on as a batch job.
  • PowershellAppPoolBitnessSection - The MSExchangePowerShellAppPool application pool is not running with the default Bitness level
  • PowershellAppPoolPipelineSection - The MSExchangePowerShellAppPool application pool is not running with the default Managed Pipeline Mode.
  • PowershellAppPoolFrameworkSection - The MSExchangePowerShellAppPool application pool is not running with the default .NET Framework version
  • PowershellAppPoolIdentitySection - The MSExchangePowerShellAppPool application pool is not running with the default account.
  • CheckAdminSection - The built-in Administrators group does not have the right to log on as a batch job.
  • CheckFirewallSection - Windows Firewall is turned on in the default installation of Windows Small Business Server.
  • DNSAforInternalSection - The host (A) resource record points to an incorrect IP address
  • DNSRegEnabledSection - The internal network adapter is not configured to register its IP address in DNS.
  • DNSTimeOutsSection - The value of the DNS ForwardingTimeout registry key should not be the same as the value of the RecursionTimeout registry key.
  • EDNSEnabledSection - Some routers and firewall devices do not support EDNS. You should disable EDNS on this server. To disable EDNS, from a command prompt, type dnscmd /Config /EnableEdnsProbes 0, and then restart the DNS Server service.
  • ForwardDNSAllowUpdatesSection - You should configure the forward lookup zone to allow only secure dynamic updates.
  • ForwardDNSAllowUpdatesMSDCSSection - You should configure the forward lookup zone for the _msdcs.* zone to allow only secure dynamic updates.
  • IEHardenAdminSection - Internet Explorer Enhanced Security Configuration (IE ESC) is currently not enabled for the Administrators group.
  • IEHardenUsersSection - Internet Explorer Enhanced Security Configuration (IE ESC) is currently not enabled for the Users group.
  • IsDomMasterSection - This server running Windows SBS is the Domain Naming Master.
  • IsInfraMasterSection - This server running Windows SBS is the Infrastructure Master.
  • IsRIDMasterSection - This server running Windows SBS is the Relative ID (RID) Master.
  • IsPDCMasterSection - This server running Windows SBS is the Primary Domain Controller Master.
  • IsSchemaMasterSection - This server running Windows SBS is the Schema Master.
  • LeftSrcSvrSection - The source server that is running Windows SBS still exists in Active Directory Sites and Services in the Default-First-Site-Name.
  • LeftSrcSvrinOUSection - The Source Server that is running Windows SBS still exists in Active Directory Users and Computers in the MyBusiness/Computers/SBSComputers organizational unit
  • MaxCacheTTLSection - The DNS parameter MaxCacheTTL is not set.
  • NoDefaultDomainPolicySection - The Default Domain Policy group policy is missing.
  • NoNSRecsSection - There are no DNS name server (NS) resource records in the forward lookup zone for Windows SBS 2011.
  • NoNSRecs2Section - There are no DNS name server (NS) resource records in the _msdcs zone for Windows SBS 2011 (for example: _msdcs.contoso.local).
  • NoNSRecs3Section - There are no DNS name server (NS) resource records for the delegated _msdcs forward lookup zone.
  • NotDomMasterSection - This server running Windows SBS is not the Domain Naming Master.
  • NotInfraMasterSection - This server running Windows SBS is not the Infrastructure Master.
  • NotPDCMasterSection - This server running Windows SBS is not the Primary Domain Controller Master.

Small Business Server 2011 Essentials

  • NotRIDMasterSection - This server running Windows SBS is not the RID Master.
  • NotSBSDNSSection - The DNS client is not configured to point only to the internal IP address of the server.
  • NotSchemaMasterSection - This server running Windows SBS is not the Schema Master.
  • OldRootVerSection - The value of the RootVer registry key for .NET Framework may be incorrect.
  • PingDCFailsSection - This server cannot ping one or more domain controllers.
  • RDPPortSection - The PortNumber registry key for the Terminal Server port has been changed.
  • SysvolRdySection - The value of the SysvolReady registry key is not equal to 1. This indicates that there is a problem with the domain.
  • SysvolSection - The Sysvol share does not exist
  • WarningDiskSpaceVeryLowSection - One or more volumes has less than 20% of free space available.
  • WebGardensSection - The number of Maximum Worker Processes for the DefaultAppPool Application Pool is not set to the default value of 1.
  • NotPreWin2Section - The Authenticated Users group is not a member of the Pre-Windows 2000 Compatible Access group.
  • RWAAppPoolBitnessSection - The SBS Web Workplace AppPool application pool is not running with the default Bitness level
  • RWAAppPoolPipelineSection - The SBS Web Workplace AppPool application pool is not running with the default Managed Pipeline Mode.
  • RWAAppPoolFrameworkSection - The SBS Web Workplace AppPool application pool is not running with the default .NET Framework version.
  • RWAAppPoolIdentitySection - The SBS Web Workplace AppPool application pool is not running with the default account.

Windows Storage Server 2008 R2 Essentials

  • RWAAppPoolBitnessSection - The SBS Web Workplace AppPool application pool is not running with the default Bitness level
  • RWAAppPoolPipelineSection - The SBS Web Workplace AppPool application pool is not running with the default Managed Pipeline Mode.
  • RWAAppPoolFrameworkSection - The SBS Web Workplace AppPool application pool is not running with the default .NET Framework version.
  • RWAAppPoolIdentitySection - The SBS Web Workplace AppPool application pool is not running with the default account.

Σε περίπτωση που δεν έχουμε το update του BPA έχουμε τις εξής επιλογές

Αν το update δεν είναι διαθέσιμο μπορούμε να κάνουμε έλεγχο απευθείας από το windows update

Τρέχουμε το Windows Update και επιλεγούμε την επιλογή «check online for updates from Windows update.»

Στην συνέχεια επιλέγουμε την επιλογή "Get updates for other Microsoft products"

clip_image008clip_image006

clip_image010

Όταν ολοκληρωθεί η διαδικασία θα περιμένουμε 20-25 λεπτά για να ολοκληρωθεί ο συγχρονισμός. Μετά εκτελούμε τον BPA και το update θα είναι διαθέσιμο Επίσης θα πρέπει να ελέγξουμε στο μητρώο για το HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsServerSolutions\BPA\Update .Το κλειδί αυτό θα πρέπει να έχει την τιμή 1

 

 Share

0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...