本站域名:http://goxia.maytide.net or http://sufan.maytide.net
移动设备请访问:http://goxia.maytide.net/m转载文章,请务必保留出处与作者信息,未经许可严禁用于商业用途!
[SBS] Windows Server Solutions BPA 迎来2012年2月更新
Windows Server Solution BPA 迎来2012年2月更新
2012年2月微软再次更新了 Windows Server Solutions BPA,新添加了 46 个规则的检查及对应的解决方案。目前各 SKU 的总数分别为:
Small Business Server 2011 Standard Edition 143
Small Business Server 2011 Essentials 90
Windows Storage Server 2008 R2 Essentials 38
Windows MultiPoint Server 2011 7
下面是摘自官方 Blog 的更新说明:
Small Business Server 2011 Standard Edition
- ADWSStartModeSection - Active Directory Web Services is not set to the default start mode
- ADWSStartedSection - Active Directory Web Services is not started
- ADWSStartNameSection - Active Directory Web Services is not the default logon account
- ConsoleLogSection - The Console.Log file is larger than 1 GB in size
- NoChecksSection - You have completed {0} checks by using the Windows Server Solutions BPA
- ModelVersionSection - You are running Windows Server Solutions BPA version {0}
- SPSearchStartNameSection - SPSearch account not default account
- SPCentAdminAppPoolIdentitySection - The SharePoint Central Admin app pool is not using the spfarm account
- SPAcctPassValidSection - The username or password for one or more SharePoint managed account is not valid
- SPDBUpgradeSection - Use psconfig.exe to upgrade one or more SharePoint databases
- SPUpgradeSection - Use psconfig.exe to upgrade SharePoint
- RWALogSection - The RemoteAccess.log file is larger than 1 GB in size
- POP3LogSection - The POP3service.log file is larger than 1 GB in size
- SMTPRecLogSection - The SmtpReceive log directory is larger than 1 GB in size
- SMTPSendLogSection - The SmtpSend log directory is larger than 1 GB in size
- DefWebLogDirSection - Default Web site's log directory is over 1gb in size
- CompanywebLogDirSection - The Companyweb site log directory is over 1gb in size
- SBSSharePointLogDirSection - The log directory for the SBS SharePoint site is larger than 1 GB in size
- SAHomeMDBSection - The HomeMDB attribute is not set to the default value
- UpdateRollupSection - The most recent Update Rollup is not installed
- CASPortSection - CAS port not at default port 443
- CASSchemeSection - CAS scheme not default HTTPS
- CASAbsolutePathSection - CAS Absolute Path not default
- CASHostSection - CAS Host does not match
- OABHostSection - OAB Host does not match
- EWSHostSection - EWS Host does not match
- AutoHostSection - Autodiscover Host does not match
- OAnyHostSection - Outlook Anywhere Host does not match
- OAnyAuthMethodsSection - Outlook Anywhere authentication settings not default
- SSLBindingSection - No binding for SSL on all IP addresses
- DefWebSSLBindingSection - No binding for SSL on the Default Web Site
- CertExpirationSection - A certificate expires within 30 days
- CertSubjectSection - Certificate subject does not match the name configured by a wizard
- AutoDiscoverAuthSection - Authentication settings for the /autodiscover virtual directory are not default
- WebSvcAuthSection - Authentication settings for the /ews virtual directory are not default
- OABAuthSection - Authentication settings for the /OAB virtual directory are not default
- RPCAuthSection - Authentication settings for the /rpc virtual directory are not default
- RPCWithCertAuthSection - SSL settings for the /RPCWithCert virtual directory are not default
- MaxAllowedContentSection - Max allowed content length for the /Rpc virtual directory is not default
- MaxAllowedContentWithCertSection - Max allowed content length for the /RpcWithCert virtual directory is not default
- PathEnvVarSection - The Path environment variable is missing the Exchange Server bin directory
- ExchInstPathEnvVarSection - The ExchangeInstallPath environment variable is missing
- DupCNNameSection - One or more user accounts have duplicate CN names
- ConflictingWebSiteSection - A different web site is conflicting with the Default Web Site
Small Business Server 2011 Essentials
- ADWSStartModeSection - Active Directory Web Services is not set to the default start mode
- ADWSStartedSection - Active Directory Web Services is not started
- ADWSStartNameSection - Active Directory Web Services is not the default logon account
- NoChecksSection - You have completed {0} checks by using the Windows Server Solutions BPA
- ModelVersionSection - You are running Windows Server Solutions BPA version {0}
- RWALogSection - The RemoteAccess.log file is larger than 1 GB in size
- DefWebLogDirSection - Default Web site's log directory is over 1gb in size
- UpdateRollupSection - The most recent Update Rollup is not installed
- SSLBindingSection - No binding for SSL on all IP addresses
- DefWebSSLBindingSection - No binding for SSL on the Default Web Site
- CertExpirationSection - A certificate expires within 30 days
- CertSubjectSection - Certificate subject does not match the name configured by a wizard
- ConflictingWebSiteSection - A different web site is conflicting with the Default Web Site
Windows Storage Server 2008 R2 Essentials
- NoChecksSection - You have completed {0} checks by using the Windows Server Solutions BPA
- ModelVersionSection - You are running Windows Server Solutions BPA version {0}
- RWALogSection - The RemoteAccess.log file is larger than 1 GB in size
- DefWebLogDirSection - Default Web site's log directory is over 1gb in size
- UpdateRollupSection - The most recent Update Rollup is not installed
- SSLBindingSection - No binding for SSL on all IP addresses
- DefWebSSLBindingSection - No binding for SSL on the Default Web Site
- CertExpirationSection - A certificate expires within 30 days
- CertSubjectSection - Certificate subject does not match the name configured by a wizard
- ConflictingWebSiteSection - A different web site is conflicting with the Default Web Site
Windows MultiPoint Server 2011
- NoChecksSection - You have completed {0} checks by using the Windows Server Solutions BPA
- ModelVersionSection - You are running Windows Server Solutions BPA version {0}
- MMSUpdateRollupSection - An Update Rollup is not installed
- RDPUpdateSection - A recommended update is not installed
如需查看之前的更新说明可访问:Windows Server Solutions BPA Updated September 2011,Windows Server Solutions BPA(Best Practices Analyzer) 1.0 的下载地址是:http://www.microsoft.com/download/en/details.aspx?id=15556,在安装之前,必须先安装 Microsoft Baseline Configuration Analyzer 2.0,下载地址是:http://www.microsoft.com/download/en/details.aspx?id=16475。
[SBS] HOWTO: 修改并同步 SBS2011 的 SharePoint 账号密码
HOWTO: 修改并同步 SBS2011 的 SharePoint 账号密码
在 Windows Small Business Server 2011(SBS2011)中,系统会自动创建三个账号用于 SharePoint 服务,它们是:spfarm,、spsearch 和 spwebapp。用户会因为安全或维护等因素去修改其密码,那么就会导致出现 AD 内设置账号的密码与 SharePoint 无法同步的问题,而会引发服务故障。
gOxiA 就遇到了类似问题,需要重置三个账号的密码。幸好在微软 SBS 官方 Blog 给出了解决办法。要检查账号是否同步可以打开 SharePoint 2010 Management Shell,然后使用“Repair-SPManagedAccountDeployment”命令进行检查。如果账号密码没有同步,会给类似下图的警告,并会提示使用“Set-SPManagedAccount –UseExistingPassword”命令行修复。
为了重新修改并同步这些账号的密码,首先需要使用 ADUC 重置账号密码,注意:务必清除“用户下次登录时须更改密码”的选项。
然后打开 SharePoint 2010 Management Shell 执行“Set-SPManagedAccount –UseExistingPassword”,根据提示键入账号(domainusername)及密码,如下图所示:
最后我们可以再次运行“Repair-SPManagedAccountDeployment”检查账号密码是否已经同步。
[GPO] 利用 GPO 实施部署 BgInfo
利用 GPO 实施部署 BgInfo
Bginfo 是 Windows Sysinternals 系列的一个小工具,利用 Bginfo 我们可以生成一张包含系统信息的桌面背景。在桌面标准化应用方面非常有价值,此外在测试或评估环境下,也是 ITPro 常用的工具,例如 gOxiA 经常要搭建一个虚拟化测试环境,包含数台虚机,频繁在虚机间切换时能够获取到当前系统的相关信息就显得尤为重要,而 Bginfo 完全能够为我们解决此类的问题。
Bginfo 的使用非常简单,而且支持命令行,不用 gOxiA 再多介绍。常见的实施部署方法可以预先在 VHD Templates 的启动项添加命令行或脚本,如果环境是基于 AD(Active Directory)那么就可以使用 GPO 来统一的为客户端部署。
下面将就利用 GPO 实施部署 Bginfo 来与大家分享一下经验心得,gOxiA 当前的环境是基于 Windows Server 2008 R2 的 AD,环境中有 Windows Server 2008 R2 和 Windows 7,默认设置并启用了 UAC。要通过 GPO 实施部署 Bginfo,我们需要用到命令行、脚本文件以及 Bginfo 的模板。
首先,打开 Bginfo 创建一个标准的模板并将其另存为一个扩展名为 bgi 的文件,如:template.bgi,然后将这两个文件保存在“\\dc\netlogon\bginfo”子目录下,然后再单独创建一个批处理脚本文件,如:bginfo.bat,内容如下:
然后,在 DC 上打开组策略管理,找到“Default Domain Policy”这条 GPO 并进行编辑。展开“用户配置”-“策略”-“Windows 设置”-“脚本(登录/注销)”,编辑“登录”属性。在“脚本”选项卡下点击“显示文件”,就会打开登录脚本存储的目录,然后将之前已经做好的 bginfo.bat 拷贝到这个目录中,然后回到”脚本“选项卡进行”添加“选择 bginfo.bat,完成后确定退出。
最后在 DC 和 Client 上执行“gpupdate /force”之后 GPO 就生效了,重新注销登录 Client,就可以看到最终的效果。
