Installing and configuring WSUS on Windows Server 2012

wsus2Windows Server Update Services (WSUS) is used to distribute Microsoft patches, hotfixes and security updates in an environment. WSUS is counted as a basis of security management  to make sure every computer is up to date and does not have any security vulnerabilities.

It is a role in Windows Server 2012, also it can be downloaded from Microsoft web site and installed on server.  

  1. Open Server Manager console, click Add roles and features, then Next
  2. Select Role-based or feature-based installation, and click Next
  3. Choose Select a server from the server pool, select your desired server, then click Next
  4. Scroll down to select Windows Server Update Services. Some features like .NET and IIS should be installed before WSUS installed. So hit Add Features button to install them. The click on Next 4 times.
  5. On Content Location selection, you should specify a path for the updates to be stored locally. I will use C:\WSUS, and click Next, then Install
  6. Wait some times for the installation to be completed. Then click on Close
  7. Click Notifications on Server Manager window, then click on Launch Post-Installation tasks,wait again some moments
  8. Go to Administrative Tools, and open Windows Server Update Services
  9. At the first time, a wizard starts. Click on Next  twice
  10. On next page, because it is the first WSUS server, select Synchronize from Microsoft Update, then click on Next
  11. If you use a proxy server to connect to the Internet, specify its settings, and click Next
  12. Click Start Connecting to download update information
  13. Select Download updates only in these languages, and select the languages for which you want updates, then click Next
  14. The next page lets you specify the products for which you want updates. Select them and click Next
  15. The classifications page allows you to specify the update classifications you want to obtain. Select them as required , then click Next
  16. If you choose Synchronize automatically, the WSUS server will synchronize at set intervals. Set the time of the First synchronization and specify the number of Synchronizations per day that you want this server to perform. And click Next
  17. Leave the check boxes intact, and click Finish
  18. The next step is to configure Group Policy to configure clients to be updated via WSUS server. So open Group Policy
  19. Expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update
  20. In the details pane, double-click Configure Automatic Updates. Click Enabled, then OK
  21. In the Windows Update details pane, double-click Specify intranet Microsoft update service location. Click Enabled, and specify the server name in both boxes. Here it is http://Server1.CyrusBesharat.local. Click OK
  22. The computers take a while to be located in WSUS console. Be sure to approve the updates before deploying to the clients

How to install IIS 8?

IIS 8If you want to host a web site in the Internet or intranets, you’ll need a web server. This article deals with Microsoft web server by the name of Internet Information Services (IIS). The version that is shipped with Windows Server 2012 is IIS 8. So keep reading through the end for installing IIS 8.

GUI:

  1. Click on Server Manager icon to open it
  2. Click Add roles and features, then click Next
  3. Select Role-based or feature-based installation, and click Next
  4. Choose Select a server from the server pool, select your server, then click Next
  5. Scroll down, select Web Server (IIS), click Add Features, click on Next three times
  6. Leave the default role services intact, then hit on Next, and Install
  7. Wait for the installation to be completed, then click Close
  8. To make sure that IIS is installed successfully, open Internet Explorer and type http://localhost, then hit enter. The result will be the default page like the above picture.

As usual, the second method after GUI, is PowerShell. So,

PowerShell:

  1. Open PowerShell console with an administrative right
  2. Type and execute this command:

Install-WindowsFeature Web-WebServer -IncludeManagementTools

Managing Active Directory accounts using PowerShell

powershellYou leaned how to create Active Directory user accounts in “Adding user accounts in Active Directory of Windows Server 2012”, and now you will learn to mange accounts with PowerShell. I list the below PowerShell commands with descriptions.

These commands applies to Windows Server 2008 R2 and Windows Server 2012.

PowerShell command Command description
New-ADUser Creates a new AD user
Remove-ADUser Removes an AD user
Set-ADAccountPassword Modifies the password of an AD account
Set-ADAccountExpiration Sets the expiration date for an AD account
Clear-ADAccountExpiration Clears the expiration date for an AD account
Enable-ADAccount Enables an AD account
Disable-ADAccount Disables an AD account
Unlock-ADAccount Unlocks an AD account
Set-ADUser Modifies an AD user
Search-ADAccount Gets AD user account
Set-ADAccountControl Modifies user account control (UAC) values for an AD account
Get-ADUser Gets one or more AD users
Get-ADUserResultantPasswordPolicy Gets the resultant password policy for a user
Add-ADGroupMember Adds one or more users to an AD group
Remove-ADGroupMember Removes one or more users from an AD group
Add-ADPrincipalGroupMembership Adds a user to one or more AD groups
Remove-ADPrincipalGroupMembership Removes a user from one or more AD groups
Add-ADDomainControllerPasswordReplicationPolicy

Adds users to the Allowed List or the Denied List of the readonly
domain controller (RODC) Password Replication Policy (PRP)

Remove-
ADDomainControllerPasswordReplicationPolicy

Removes users from the Allowed List or the Denied List of the RODC PRP

Add-ADFineGrainedPasswordPolicySubject Applies a fine-grained password policy to one or more users
Remove-ADFineGrainedPasswordPolicySubject Removes one or more users from a fine-grained password policy

For fetching more information about each command, just put Get-Help before every command to see the full guide for that command.

How to defrag drives with PowerShell in Windows Server 2012?

optimizeBesides repairing disks, defragmenting them is another common server maintenance task. Here is the guide lines for defragmenting drives using PowerShell.

  1. Open PowerShell window
  2. You may want to examine whether disks are fragmented or not, so execute Optimize-Volume D –Analyze –Verbose, where D is your drive letter
  3. You will see the result at the end of report. If necessary to defrag, then run Optimize-Volume D –Verbose 
  4. Wanting to run this command on a remote computer, put –CimSession “Remote Computer Name”, without quotation marks, after the command
  5. At the end, for more information and help, run Get-Help Optimize-Volume, as I did in the above picture

How to repair a disk with PowerShell in Windows Server 2012?

repair-diskSometimes disks got wrong, and you want to repair them. The traditional ways were to use Error Checking or chkdsk command, but a convenient method – that is PowerShell, is also used. 

  1. Open PowerShell console with administrative privileges
  2. Execute Repair-Volume E –Scan (E is your drive letter)
  3. If any errors found, execute Repair-Volume E –Spotfix
  4. Additional parameter is –OfflineScanAndFix, and it is used when you want to do scan and fix the volume simultaneously. Of course it forces Windows to take the volume offline, and then it does the job. If it runs on system drive, it will inevitably scan and fix the volume, the next time you reboot
  5. Wanting to run this command on a remote computer, put –CimSession “Remote Computer Name”, without quotation marks, after the command
  6. At the end, for more information and help, run Get-Help Repair-Volume, as I did in the above picture

Adding user accounts in Active Directory of Windows Server 2012

Active Directory users and computersOne of the first jobs after installing Active Directory, is creating user accounts, in order for the users to be authenticated in Active Directory. The authenticated user; therefore, can access the network resources. In this way an unauthorized user does not have access to the network without administrator’s permission. 

As usual, my well known two ways:

GUI:

  1. Hit Windows Key + R buttons, type dsa.msc, and press OK
  2. Active Directory Users and Computers window opens. Remember you can open it via Server Manager too
  3. The easiest way, is to right click Users object on the left bottom side, click on New, then User
  4. Fill the First and Last names as you desire. Mine will be User1. User logon name is User1 too. Click Next
  5. Choose a strong password, and leave the default settings intact. Then Next and Finish
  6. Now I want to make this account, a member of administrators. So on the working window, click on Users, and right click User1 on the left side. Then click on Add to a group…
  7. On Select Groups window, type Domain Admins; Enterprise Admins. Then click on OK twice

As a result, a user, by the name of User1 is created, who is the administrator of both domain and forest.

 

PowerShell:

  1. Open PowerShell console
  2. Type and hit enter this command:

New-ADUser -SamAccountName User1 -AccountPassword (read-host "Set user password" -assecurestring) -name "User1" -enabled $true -PasswordNeverExpires $false -ChangePasswordAtLogon $true
Add-ADPrincipalGroupMembership -Identity "CN=User1,CN=Users,DC=cyrusbesharat,DC=local" -MemberOf "CN=Enterprise Admins,CN=Users,DC=cyrusbesharat,DC=local","CN=Domain Admins,CN=Users,DC=cyrusbesharat,DC=local"

Managing DNS in Windows Server 2012

DNSIn “How to install DNS on Windows Server 2012 ?” post, I explained DNS installation, and now I talk about managing a DNS server.

If you have installed DNS on a Domain Controller, the administrative job will become so less, because DNS is integrated into Active Directory.

DNS client will update its DNS record automatically if “Register the connection’s addresses in DNS” is selected (by default it is), or your DHCP server can register DNS records on behalf of DNS clients too. So, in most of the time managing DNS is easy. Otherwise, if you want to manually configure it, pay attention to these procedures.

GUI:

  1. Press Windows Key + R, execute dnsmgmt.msc
  2. On DNS Manager window, right-click your server and click New Zone
  3. On wizard, click on Next. On Zone Type window, select Primary zone (because the first zone must be primary), and check Store the zone in Active Directory (it is selected by default). Then click Next
  4. On Active Directory Zone Replication Scope page, select the default option of To all DNS servers running on domain controllers on this domain : CyrusBesharat.local, click Next then
  5. Be sure to select Forward lookup zone as the default option, and click Next
  6. Type CyrusBesharat for zone name, then click on Next
  7. Check the radio button of Allow only secure dynamic updates (recommended for Active Directory), click on Next, then Finish to close the wizard
  8. Now you should add records to DNS server, so on DNS manager, expand SERVER1, Forward Lookup Zones, then right click  CyrusBesharat, and select New Host (A or AAAA)…
  9. On New Host window, type the name of one of your computers, for example Server2, and below IP address type its IP address like 10.10.10.2. And click Add Host, then confirm OK and close the window

PowerShell:

  1. Open PowerShell console
  2. Type and hit enter the below command:

Add-DnsServerPrimaryZone -Name CyrusBesharat -ZoneFile CyrusBesharat.dns
Add-DnsServerResourceRecordA -ZoneName CyrusBesharat –Name Server2 -IPv4Address 10.10.10.2

%d bloggers like this: