Tips and Tools for Deploying Windows 7–Part 5- Managing and Securing Your Clients and Critical Server Infrastructure


Tips and Tools for Managing and Securing Your Clients and Critical Server Infrastructure

Like everyone else, you love Windows 7 and can’t wait to get it deployed throughout your organization. Let’s take a look at the many tips and tools available today to ease your burden of deployment. I have broken it down into several steps (or categories of steps). While writing all of this, it became obvious really fast that there is way too much stuff for a single post so I have broken it down into 5 parts. They are:

If you like this post, please contact me on Twitter @ITProGuru to let me know. To keep from missing other posts, make sure you add an RSS to my blog.

Part 5: Management

Let’s kick this article off with a look at the best free tool on the planet to manage your infrastructure. That tool is Group Policy Management Console (GPMC).

WindowsFeaturesGroupPolicyManagementTools1) Group Policy Management Console – You can get the GPMC when you install Remote Server Administration Tools for Windows 7. Remote Server Administration Tools for Windows® 7 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server 2003/2008/2008R2 and Windows 7. In a nutshell, you will want to install the application (installs as a hotfix) then add the features from “Turn Windows features on or off”. Detailed installation steps are included at the bottom of the install page. With this tool you can configure group policy to manage your entire domain infrastructure. Group policy has been around for years and there are literally thousands of settings that can be forced out to clients and servers giving you real “control” … I mean “flexibility” in how your network is configured and managed. You can get a wealth of information about group policies from the Group Policy Home Page. If you want to read more about Group Policy or some of the newer capabilities with Group Policy Preferences, check out these blog posts:

2) PowerShell – Windows PowerShell™ is a command-line shell and scripting language designed especially for system administration. Built on the Microsoft .NET Framework, Windows PowerShell helps IT professionals control and automate the administration of Windows operating systems and of applications that run on Windows.

The simple command tools in Windows PowerShell, called cmdlets, let you manage the computers in your enterprise from the command line. Windows PowerShell providers let you access data stores, such as the registry and the certificate store, as easily as you access the file system. In addition, Windows PowerShell has full support for all Windows Management Instrumentation (WMI) classes. (What’s WMI? Glad you asked!)

Windows PowerShell is fully extensible. You can write your own cmdlets, providers, functions, and scripts, and you can package them in modules to share with other users.

Windows® 7 includes Windows PowerShell 2.0. It also includes other cmdlets, providers, and tools that you can add to Windows PowerShell so that you can use and manage other Windows technologies such as Active Directory® Domain Services, Windows® BitLocker™ Drive Encryption, the DHCP Server service, Group Policy, Remote Desktop Services, and Windows Server Backup.

If you have a specific question about how to do something in PowerShell you need only ask Bing.com. I am pretty confident you will find your answer there. If you just want to see the magic people have worked with PowerShell check out www.PowerShell.com. If you have not yet started playing with PowerShell, what are you waiting for? It is not going away, and give it a little bit of your time, and it will give you a whole bunch of time back. The only tool I know of that when you put a little bit of time in and it gives you a whole bunch of time out J

clip_image0043) System Center Operations Manager – [SCOM] Now this is a tool you have to pay for but it is well worth the money! Microsoft System Center Operations Manager 2007 R2 {current released version} delivers end-to-end service management of applications and IT services running across your datacenter, providing you greater control and insight into the health and performance of your Microsoft, UNIX, and Linux servers, and the workloads running on them. With Operations Manager 2007 R2, you can reduce the cost of managing your datacenter, and assure delivery of IT services to expected and agreed levels. In addition to an almost real time customizable dashboard and alerting system, you have great graphic and reporting capabilities.clip_image006

Not only can you monitor your servers but when a service goes down or does not meet the performance benchmarks defined, it will let you know via an email, SMS message, or whatever. In some cases, you can even have it fix the problem for you. If you are more of a “hands on” person, you can go in and fix it. Perhaps the detailed “knowledge” that it provides you (like a link to the TechNet article to resolve that particular issue) will help.

The tool has great features to help you solve problems before they impact your servers, clients or users. As an example, when is the best time to find out that you are out of disk space on the volume that contains your SQL Server DB’s? Answer: Before you are out of disk space! So you set thresholds and SCOM watches your systems for you. It can also integrate with some other really cool tools like Visio, Excel, Access, Opalis, etc.

4) clip_image008Visio and Excel – Speaking of Visio, that brings me to me to another great tool. Visio 2010 is an advanced diagramming tool from Microsoft. It allows you to simplify complexity with dynamic, data-driven visuals and new ways to share on the Web. Let me tell you from experience, people who own the purse strings relate much better to data given to them graphically than they do to data handed to them in a spreadsheet or on post it notes. Also, if you already have that data in Excel (or can put it in excel using any number of other tools like the MDT) you can use that data in excel, link to it in Visio and always have a dynamic visual representation of you network, servers, IP addresses, user name, machine name, department, MAC address or any other data points you want to have handy.

5) System Center Configuration Manager (SCCM) – SCCM does way more than just zero touch deployment. When it comes to continuing to manage your network it has some really great capabilities. You will want to keep it running post deployment to do software updates, client inventory, machine refreshes and the like. It leverages a whole slew of other tools. If you want to learn more about SCCM, start with Screencast: Master Your Environment with System Center Configuration Manager 2007 (Four-part Series). If you still want more go here!

There are a bunch of other tools that I have in my toolbox. For now, I will leave you with just these top 5 and if you want to learn more about other tools for managing and securing you network watch my blog in the coming months. I will be putting posts out about Opalis, SCVMM, Forefront Protection and a whole bunch more. One thing I want to tempt you with is a tool that is not on the market yet but looks like it could end up being pretty high on my top 10 list once it is out. That tool is Windows Intune. It is an online service for managing workstation remotely via a web service. I am really looking forward to sharing more details about this and other great tools in the near future. If you have some suggestions on what posts or video’s I should create, send me a message via twitter @ITProGuru or send me an email. Keep in touch as John Baker and I will be doing a TechNet Management and Deployment Roadshow soon so watch our blogs to find out when we will be in a city near you. I bit more details provided about the roadshow can be found here.

If you like this post, please contact me on Twitter @ITProGuru to let me know. To keep from missing other posts, make sure you add an RSS to my blog.