In-Depth

Unveiling the Windows Server 2003 Resource Kit

The latest edition of Microsoft's venerable resource for Windows networking admins can be summed up in two words: best practices.

• By Derek Melber
• 01/26/2006

The resource kit was developed with the various disciplines that make up the Windows Server product team and some of the industry’s leading consultants and practitioners. Most of the industry authors are also Windows MVPs, which was no mistake by Microsoft.

The kit is comprised of seven books and the always popular Resource Kit CD. I can honestly say that I refer to tools that come on the Resource Kit CD almost every time I do training, perform consulting, or answer questions on Group Policy or Active Directory topics. We will go over more details regarding the CD later in the article.

The Resource Kit is comprised of the following books:

• Microsoft Windows Group Policy Guide
• Microsoft Windows Registry Guide, Second Edition
• Microsoft Windows Server 2003 Troubleshooting Guide
• Microsoft Windows Security Resource Kit, Second Edition
• Windows Administrator’s Automation Toolkit
• Windows Server 2003 Performance Guide
• Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server 2003, Windows XP, and Windows 2000

Microsoft Windows Group Policy Guide
The Group Policy Guide is one of the Resource Kit books that's unique to the suite, as it's the first book -- ever -- that Microsoft has produced on Group Policy. It took five years since the first introduction of Group Policy for the book to finally be produced. Every Active Directory enterprise uses Group Policy and most organizations rely on Group Policy to standardize desktops, configure security on clients/servers, and automate routine tasks that used to be controlled by scripts.

As you scan through the Group Policy Guide, you will see one common theme very clearly: best practices. The entire book is written with best practice configurations as the foundation to each chapter. From that point, you will see that the book is broken down into distinct sections:

• Getting Started with Group Policy
• Group Policy Implementation and Scenarios
• Group Policy Customization
• Group Policy Troubleshooting
• Appendix

All but the second chapter deals with core Group Policy technical concepts and features. It's here you'll get into the nitty gritty, how Group Policy works from the ground up. You will read about how a typical Group Policy Object is structured and how to manage them. You will also dive into the inner depths of Group Policy and learn how to customize templates, both for Registry settings and security settings.

The second section is by far the biggest part of the book and takes you into different ways to implement the areas of Group Policy, through best practices and scenarios. Each section focuses on the appropriate key areas of design, deployment, configuring, managing, and optimizing to build and fulfill the scenario.

Make sure you don’t let the Appendix slip by you. There are some excellent topics and details tucked away, such as GPMC scripting and the details related to what's included in Windows Server 2003 Service Pack 1 with regard to Group Policy.

Tip: The best advice that I got from the Group Policy Guide was in relation to Group Policy replication and convergence. The book goes over why this is a problem and how to troubleshoot and fix it if it occurs. Tools such as the GPMC and Replmon are used to track down the GPO versions and last time they replicated. Since Group Policy replicates under two different services, it's nice to see an in-depth discussion and solution on how to solve these problems.

Microsoft Windows Registry Guide, Second Edition
Some feel that the Registry is no longer important due to Active Directory’s database, but it's just not true. The Registry is a vital part of every client, server, and domain controller. The Registry Guide goes into the multitude of Registry concepts and features that you need to master in order to keep your computers running and stable. With the operating system, applications, and control panel applets making constant changes to the Registry, you'll need to know how the details are laid out in order to keep things running.

The book is laid out into a very logical format, with a simple structure for learning the basics, managing the Registry, deploying settings that are stored in the Registry. Finally, some key points are discussed in the Appendix.

The first section is almost solely dedicated to working with the Registry. If you're new to the Registry, you must read this section. It can save you hours of time and frustration. You'll get the inside scoop on the best and proper ways to back up, restore, manage, and modify the Registry keys, values, and data.

The management section has a bit of overlap with the Group Policy Guide, since a large portion of Group Policy is nothing but a fancy way to manage Registry settings centrally. However, this section gives you insight into how to configure security in the Registry, as well as how to troubleshoot any settings that you make in the Registry that seem to be causing problems or not having the affect you desire. Finally, you will be given the best methods on how to script Registry settings to semi-automate Registry changes.

The section on deployment dives into how the Registry is designed and updated. Windows has many features that utilize the Registry for storage. This includes user profiles, Windows installer, and Microsoft Office. Getting these features installed, as well as the main operating system, can be done with answer files, which is covered in detail.

Tip: One thing that jumped out at me here was the discussion on how to remove programs from the Registry. It describes how to remove errant programs from both their location in the folder structure and the Registry. The folder structure is usually easy, but getting all of the Registry information takes some work. The steps included removing Registry entries for the application folder pointer, all entries containing the applications name, and all executables related to the application that were in the application folders. The tip continues on by mentioning a tool named MSIZAP.EXE, which can help clean up errant MSI installations.

Microsoft Windows Server 2003 Troubleshooting Guide
It'd be nice if we never had to troubleshoot clients and servers, but it is a reality that we must live with every day. If you can become proficient in troubleshooting problems efficiently and quickly, you'll be an invaluable commodity for your company and career. The tools, techniques, and tips that are presented here will get you well on your way to mastering the most difficult and tricky aspects of the Windows operating system.

The Troubleshooting Guide follows a logical format, basically outlining the procedures that you will need to master to become a true Windows troubleshooting guru. You'll first learn about the basic concepts and terms related to troubleshooting, then you're introduced to the suite of tools. What follows are sections on troubleshooting startup, stop errors, disks, and the file system, which are all key for any computer to run. TCP/IP is in section all by itself. The book finishes with a detailed section on managing system services.

If you have not spent much time troubleshooting computers, the first section is where you must begin. This section covers the proper procedures in order to tackle almost any problem. Computer problems should be approached in a logical and systematic manner, in order to get to the root of the problem efficiently. This section covers the full range of steps that should be taken when troubleshooting.

The tools section is one of the most important here, since the tools will help you troubleshoot problems faster. Understanding the tools from both a systematic and logistical standpoint will help you pick the right tool for the job at hand. Knowing where to acquire the tool, how to install it, and the details for using the tool are all covered here.

After having given you an understanding of the core troubleshooting procedures and tools suite, the book immediately dives into scenarios for troubleshooting, from the time the computer starts up through the time it's used in production. Whether the system is displaying a stop error or not allowing access to a file, this section covers the concepts and tools to resolve the problem.

The final two sections on TCP/IP and system services are essential. With Active Directory requiring TCP/IP and running as a service, it makes sense that you'll need to troubleshoot a variety of issues for both. Whether you need to get a computer to ping a server in another site, or you need to configure the correct service account for a highly security-sensitive service, this chapter will give you those tips and techniques.

Tip: What grabbed my attention here was the in-depth discussion on using the sc.exe command to troubleshoot services. The book describes how to use the command to get binary information for each service, query service status, and find service dependencies. This information should be acquired as a baseline for each computer in the event that a service fails or a suspect service needs to be investigated.

Microsoft Windows Security Resource Kit, Second Edition
Security is and should be on the forefront of every administrators mind. With new viruses, worms, and Trojans being developed and deployed every day, every possible measure must be taken to protect clients, servers, Active Directory, services, and the entire enterprise.

The Security Resource Kit is organized to introduce you to all of the security concepts that you will need to protect every node within your organization: security details for securing Active Directory, the core operating system, common Windows services, and security updates. The book ends with a rigorous explanation and plan for performing security assessments and how to respond to them.

The book will first get you well acquainted with key security principals and how they are exploited by the various enemies that you are up against. There is a variety of enemies that are out to attack clients, servers, and domain controllers in every environment. The attacks might be from within the walls of the company or from outside the firewall. Regardless, securing the enterprise is not a menial task and takes an in-depth knowledge that this section offers.

Securing Active Directory is a necessity and requires broad knowledge of many aspects of the Active Directory enterprise. The book covers all aspects of the user’s interaction with Active Directory, including passwords, authentication protocols, and access to resources. With Group Policy being at the center of Active Directory security, an entire section is dedicated to how, when, and why you should use Group Policy to ensure a secure environment. The book covers why the forest is the top level of security and details design and implementation best practices for this level of Active Directory.

The book goes over, in great detail, how to secure the core operating system, including key features such as IP Security, security templates, Internet Explorer, Office, and mobile computing technologies. There is also in depth coverage for all of the key services that run in and with Active Directory. These services include DNS, DHCP, WINS, RRAS, Certificates, IIS, and 802.1x authentications. If any of these services are left unprotected, the risk to the enterprise is great.

With the latest string of Zotob worms that have attacked the Windows platform, the section on security updates is invaluable. If everyone were to read this section and protect their computers quickly and faithfully, worms and viruses would have a hard time penetrating Windows.

The last section covers how to properly assess and remediate security within a Windows environment. Much of these concepts are new to most IT professionals, but should become second nature.

Tip: One section in the book, on best practices for protecting DNS in a Windows environment, is a goldmine. The best suggestion is to control the DNS cache to not allow outside attackers from adding incorrect DNS responses to the cache of the DNS server. This is done by enabling the Secure Cache Against Pollution option within the properties of all of the DNS servers.

Windows Administrator’S Automation Toolkit
To put it simply, this book is a collection of tools. If you don't like to script much but really need some scripts to use for your day-to-day tasks, this book is made for you. It compiles more than 80 ready-to use scripts designed to make an administrator’s job easier.

The book is very well organized, covering all aspects that an administrator will face in any given day, week, or month when dealing with a Windows environment. It starts off giving a brief overview and description of the concepts of automation. The book is not a “how to script book”, so expect a high-level discussion. It then goes into specific areas of administration, breaking down the areas into the following categories:

• Computer management
• Disk and file management
• Security and network management
• IIS

The book dives a bit deeper and discusses some advanced scripting tools. These tools are meant to help the administrator work with custom interfaces and communicate with databases.

Tip: One of the best scripts I discovered here was one dealing with security logs. As a long-time trainer and consultant for both administrators and security auditors, I constantly get questions regarding security log and the number one question is how to archive them. Since Windows stores the logs on each computer where the event occurs, getting the log files into a central location for reviewing is not easy. Also, it is important to archive the log file before the contents are overwritten. The book gives a detailed script on how to both archive the log file and then clear the security log when the archive is completed. This will reduce the overlap from file to file, to reduce time in reviewing the contents.

Windows Server 2003 Performance Guide
Even though we have servers that are loaded with amazing hardware, there is still a need to monitor and improve performance on every server whenever possible. For those that feel that performance monitoring and optimization was too complex, this book will make you feel at ease and allow you to become a pro at it.

The Performance Guide is broken down into six primary sections, each one building an amazing array of tips, techniques, and tools for you to become a performance wizard. The book starts with an overview section, which is very detailed in its discussion of performance. The next section covers performance tools, which are at the foundation of any good performance regiment. The next three sections focus on what needs to be monitored, the procedures for monitoring performance, and how to troubleshoot performance problems. The book wraps up with an advanced performance section.

As the book begins, you are given full details on monitoring and performance from the ground up. There is no definition or concept left undone. You're to concepts from the performance side of the house, which are related to the system architecture that is essential for getting the best results from your analysis and optimization.

The tools that you are introduced to include system monitor, task manager, event logs, and network monitor. These tools have many options and configurations that can become overwhelming when you are in a pinch to get a server up and running correctly. This section streamlines the process, allowing you to quickly monitor and fix the problem.

Knowing what to monitor is essential for the performance optimization process. With hundreds of counters and analysis points, you must be able to pinpoint only a few counters that will get you the information that you need. Once the key counters or analysis points are determined, there is a process for gathering the key information you need. The book goes over in great detail this process so you don’t miss a step. The book also details how to troubleshoot bottlenecks, processors, memory, disks, and network issues.

The final section dives deeper into processor and memory performance, which are by far two of the most important components in your computer that need to be evaluated and monitored. The book ends with an advanced discussion on setting up the system monitor automation interface.

Tip: I've been working with System Monitor (Performance Monitor in NT) and Task Manger for such a long time, so I dug deep to find a cool tip. What I discovered: a full-blown discussion on how to use the automation interface for System Monitor. The book goes over how to create custom, dynamic graphics that can indicate printer performance, any performance monitor counters, and communicate via e-mail with the administrator when certain thresholds are broken.

Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server 2003, Windows XP and Windows 2000
Well, if you were looking for a diamond in the rough, you just stumbled upon it. This book is in its fourth revision and has not lost a beat along the way. I don’t know of too many people that have such a great understanding of the “under the hood” processes within Windows, who can also teach the information so eloquently. If you've ever heard these authors speak at a conference, you will know the information that is jammed into their book.

The Internals book is structured to take you through the inner depths of the Windows operating system and mechanisms. The goal is to get you familiar with how the system works, so that you can analyze, manage, configure, develop, and troubleshoot it with greater accuracy and results. The sections cover all areas of the operating system including:

• Startup and shutdown
• Processes, threads, and jobs
• Memory
• Security
• I/O System
• Storage
• Cache
• File system
• Networking

To be honest, there are very few books on the market that will give you the insight that the Internals book will with regard to the Windows operating system. There is no need to go section by section, just imagine that the book dives deeper into these sections that you have ever gone before.

Tip: The Internals book is worth its weight in gold just for the crash dump analysis information it provides. As a first step in the chapter, a tool named Notmyfault is discussed. This tool is ideal for performing basic crash dump analysis and allows you to crash your system in various ways to obtain certain information from your system. The crash options represent the most common ones that are seen by the Microsoft product support team.

You Must Buy This Book
The Microsoft Windows Resource Kits are always full of great information related to the operating systems that are on the market at the time. The Windows Server 2003 Resource Kit is different in that it takes the typical resource kit information to a new level, trying to help every administrator tackle day-to-day problems. The books cover a wide range of topics that are essential for every enterprise, small and large, that use Windows products. The examples taken from each book here just give you a very small view as to what you can solve by purchasing the Resource Kit. With the Resource Kit costing less than a single call to Microsoft PSS, the kit can pay off with just one problem being solved. It's well worth the purchase price and great resources to have available to you at all times.