traffic21

I’m not going to dive into explaining what each of the features do.  So, if you’re not familiar with any of them, or why I’ve included them here, please research them at your convenience.  Whatever you discover, please be sure to read more than one source, so as to minimize the chances of being “kool-aided” with a biased viewpoint.

Many of these suggestions have been around for a long, long, long time now.  At least by IT time reference.  So don’t assume that I’m claiming these to be “brand new” or anything.  I’ve employed these in lab and production environments many times and they can save you a ton of repetitive effort and frustration.

Note: The items with (*) indicate that you can skip these if you have other products in place to provide this capability.  For example, System Center Operations Manager, or System Center Configuration Manager.

  1. Enable WinRM via GPO
    1. See http://www.grouppolicy.biz/2014/05/enable-winrm-via-group-policy/
    2. While this is automatic for domain-based Windows Server 2012 machines, it is not enabled be default for older versions, nor is it enabled by default for Windows desktop operating systems, even Windows 10.
  2. Establish an Event Collection Process *
    1. See https://msdn.microsoft.com/en-us/library/cc748890.aspx
  3. Implement PowerShell Web Access
    1. See http://blogs.technet.com/b/canitpro/archive/2013/11/14/step-by-step-deploy-powershell-web-access.aspx
  4. Configure and Customize Server Manager
    1. See http://blogs.technet.com/b/askpfeplat/archive/2014/01/27/how-to-customize-server-manager-in-windows-server-2012-and-2012-r2-get-creative.aspx
  5. Install and Configure Remote Desktop Manager
    1. See http://blogs.msdn.com/b/stuartleeks/archive/2014/01/15/using-remote-desktop-connection-manager-rdc-man-with-windows-azure-virtual-machines.aspx
  6. Populate the Start Menu
    1. See http://www.morgantechspace.com/2014/12/Add-start-menu-shortcut-via-Group-Policy.html
    2. Suggested Shortcuts: Computer Management (compmgmt.msc), Registry Editor (regedit.exe), Command Console (cmd.exe), Performance Monitor (perfmon.msc /s), Live Sysinternals (URL to https://live.sysinternals.com)
  7. Populate Server Desktop Shortcuts
    1. In addition to populating the Start menu, it can be helpful (optional, of course) to add shortcuts to the desktop on servers for things like:
      1. Restart (shutdown.exe /r /t 0)
      2. Shut Down (shutdown.exe /s /t 0)
      3. Log Off (logoff.exe)
  8. Leverage AD Group Hierarchy Security
    1. This goes without saying, but a LOT of environments still don’t do this.  Instead of adding individual user accounts into the local Administrators group on each server, create a set of groups based on server roles or organizational services, whichever suits your environment best.  Add those groups to the local Administrators group using a Group Policy Object.  Then, when personnel changes occur, you can modify one group and update access on all of the servers at once.  This holds true for managing end-user devices as well.
    2. See http://social.technet.microsoft.com/wiki/contents/articles/7833.how-to-make-a-domain-user-the-local-administrator-for-all-pcs.aspx
    3. See http://social.technet.microsoft.com/wiki/contents/articles/7833.how-to-make-a-domain-user-the-local-administrator-for-all-pcs.aspx
  9. Enable NIC Teaming
    1. Enable NIC teaming for Windows Server 2012 R2 (and later) to create an abstraction layer for services and applications.  Even if you only have one NIC, you can use this to hide the physical NIC from consuming services.  This allows you to swap NIC’s, if needed, and not require reconfiguration of services.  This can be done from Command Line or in Server Manager as well.
  10. Use Event-driven Task Actions *
    1. See http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Attaching-Tasks-Event-Viewer-Logs-Events.html

Cheers!

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s