From monthly reboots to "retreating" from your network, here are 10 tasks you can perform to keep all your systems running smoothly throughout the year.

Monthly and Yearly Maintenance Tasks

From monthly reboots to "retreating" from your network, here are 10 tasks you can perform to keep all your systems running smoothly throughout the year.

• By Harry Brelsford
• 09/01/2000

After all the designing, planning, and implementation work is done and the high-priced consultants have done their work, it's time for you to serve as a network administrator. Logically following last month's column, in which we discussed how to maintain a happy and healthy network through daily maintenance tasks, I follow it up this time with ten of the most important monthly and annual tasks. Here's a list of 10 that I consider to be the most important.

1: The Monthly Reboot

Microsoft considers Windows 2000 Server a significant improvement over Windows NT Server in the area of system stability. Still, old habits are hard to break and I still love to do a monthly reboot. Not that Windows 2000 Server implicitly needs such a reboot, but I need the reboot.

The monthly reboot accomplishes several things. First, the reboot flushes primary memory, so I know that any RAM memory leaks are effectively cured. Second, the monthly reboot is a controlled reboot, typically occurring during a safe period (after hours when the worker bees have gone home). Better to know that you can safely take your Windows 2000 Server machine up and down instead of being surprised. The point is, if your machine has a shutdown or startup problem, it needs to be discovered and cured. Making such a discovery as your server is the busiest is not good management.

2: Auditing

You can perform four types of audits with Windows 2000:

• Logon/Logoff user type activity—This is one of the most popular uses of auditing in Windows 2000.
• File and folder access activity—Another popular form of auditing, this tells when a file or folder has been accessed, modified, etc.
• Processes and other code-related auditing stuff—This is bit-head stuff, which developers use to see when a process is spawned in an application, etc.
• DHCP auditing—Really just a form of logging DHCP activity.

The logon/logoff user activity auditing occurs via Group Policy using the following steps:

1. Logon to the Windows 2000 Server machine as an administrator.
2. Launch Active Directory Users and Computers from the Administrative Tools program group.
3. Right-click on the domain object in the left pane and select Properties.
4. Select the Group Policy tab.
5. Expand the following: Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy.
6. The audit-related options will be displayed, allowing you to select audit policy objects to modify. Double-click one of the audit policy objects, for example, Audit logon events. The Security Policy Setting dialog box appears.
7. Configure the Audit logon events policy to audit successful and failed logon attempts (see Figure 1).

Figure 1. Configuring Windows 2000 Server to record logon and logoff events at the computer-level. (Click image to view larger version.)

For network logon/logoff activity, you should configure the Audit account logon events policy object. If you do so, the Audit Policy details pane in the Group Policy MMC should look like Figure 2.

Figure 2. Setting the audit policy in Group Policy. (Click image to view larger version.)

The auditing of file and folders activity is similar to what you'd do in Windows NT. This is configured via the Advanced button the Security tab of Properties for a file or folder.

Master Tip: I'm assuming you're working on a Windows 2000 Server domain controller (DC). Albeit this is a pompous assumption, it's also where you'd be if you're thinking about meaningful network-related auditing. Otherwise, much of the auditing configuration discussion in this section occurs at a different location if you're at a member server or Windows 2000 Professional machine: the Local Security Policy icon in the Computer Management MMC. Be advised that if your non-DC computer using local policy is a member of a Windows 2000 domain, the auditing settings may be overwritten by policies received by the domain.

I've elected not to discuss the other two auditing capabilities here, since the other two auditing types are actually covered well in the Windows 2000 Server online help system and the Windows 2000 Server Resource Kit.

3: Security Review

Should your users change their passwords each month? They should certainly do this once per year. Also, take a moment to test your network for weaknesses. First, can you browse your internal Windows 2000 network from an outside location? One quick test is to try to map a drive to an internal share point from a machine connected on the Internet. If you can do this at all, perhaps your firewall isn't up to snuff in terms of protecting the private network from public snooping. If you can do this without being challenged by a network logon box, you've got even bigger troubles.

There are many ways to probe for weaknesses in your network security. My free advice? Keep a close eye on Roberta Bragg's monthly "Security Advisor" column in MCP Magazine.

4: Baselining and Monitoring Performance

Periodically-monthly, quarterly, or, at the very least, annually-you'll want to use System Monitor to log critical performance information about your system. Viewed as charts over time, these logs show baseline and subsequent improvements and declines in performance. I discuss this activity in much more detail in an upcoming column (part of a "Boosting Performance" series). For now, take some time out of your busy day to read Part 6: Performance Monitoring in the Windows 2000 Professional Resource Kit.

5: Disk Space Management

Two things I like to do each month at my site is monitor the hard disk space on the Windows 2000 Server machines and then perform defragmentation of that disk space to boost performance. Monitoring hard disk space is easy to do. Simply use a tool like Windows Explorer or the Computer Management MMC to record a before and after measurement of hard disk space in something like your network notebook.

To defragment your hard disks, use Disk Defragmenter (found in the System Tools folder from the Start menu; see Figure 3). Remember that a defragmented hard disk is a happy hard disk.

Figure 3. Windows 2000 has a built-in disk defragmentation tool similar to Windows 9x. This is used in place of the CHKDSK command from the old Windows NT era. (Click image to view larger version.)

6: Disaster Recovery Simulation

With this and the remaining tasks, my discussion shifts to tasks that are considered annual, not monthly.

One of the bigger challenges facing Windows 2000 MCSEs is the unexpected network crash. These events occur for a number of reasons including bad software, hardware failure, power outages and bad luck. My thought is that, if you're facing impending lemons, make lemonade. Once a year simulate a crash to test your fitness as a Windows 2000 MCSE and to remind users what a network crash is (and, to be responsible, do this with some warning). The benefit to you is that you'll learn have some practice recovering from doom and gloom with ease, such as restoring a backup from tape (with your eyes closed). Your users will also be less freaked out when a real network disaster hits, and they'll get in some practice using the telephone and fax machines.

7: Budgeting

Money not only makes the world go around, it makes your network hum. Too many super-smart MCSEs get caught up in the technology side of the business and forget about the budget needed to keep the the network good times rolling. Make it a major priority to participate in the technology budgeting process. No need to make a simple mistake that results in the flow of dollars being cut off.

8: Upgrades

During my career as an MCSE, I can't recall any twelve-month period having passed in which some type of significant upgrade didn't occur. If it wasn't an accounting system upgrade, it was a Microsoft operating system upgrade (perhaps you've done this recently with Windows 2000?). You've also probably replaced some or all of your hardware one year. The point is that one annual activity you'll most assuredly participate in is upgrades to your Windows 2000 network, whether it's system or application software or hardware.

9: Training Yourself and Others

Don't forget to take care of yourself and users noggins with computer training. For you many training decisions are made for you with Microsoft aggressive Windows 2000 MCSE recertification schedule. Your users may need a little more plodding to get into the classroom. A popular training course for users is a one-day class on how to use Outlook better (including shared calendars, contacts and Exchange-based public folders).

Even if all you do in any twelve-month period is purchase and read cover-to-cover the 7,200-page Windows 2000 Server Resource Kit, you're engaging in some form of training to better your MCSE soul.

10: The Annual Retreat

Most companies conduct an annual planning retreat for strategic planning purposes. It might not be directly related to your Windows 2000 network implementation, but it's a great chance to solicit some feedback and seek ideas for features to implement. For example, users might want to implement Outlook Team Folders or instant messaging. If you're lucky and the retreat is held out of town at a golf course, or seaside or ski resorts (hint-hint!), the annual retreat is a great way to get away on the company dime!

Summary

This ends my two-month series on administrative duties on a Windows 2000 network. Once you've got your list of daily, monthly, and annual tasks jotted into your calendar, it's time to look at performance-boosting issues, which I begin next time.