Rules To Better Windows Servers

Microsoft Gold Partner Logo
Search Go Search
SSW Rules/Infrastructure and Networking/Rules To Better Windows Servers

 Rules To Better Windows Servers

Hold on a second! How would you like to view this content?
Just the title! | A brief blurb! | Gimme everything!

  1. Do you use Group Policy to manage your Windows Update Policy?

    We all know it’s important to keep our servers updated. Unfortunately though, by default, Windows will automatically download and install all new Windows Updates on your servers. This will mean the servers will occasionally restart to install updates when you don’t want them too. You will also get annoying popups trying to get you to restart the computer.
    Accidently press Restart Now on a Production server and your users won't be happy!
    Accidently press Restart Now on a Production server and your users won't be happy!
    The best ensure you are still downloading updates but not installing them automatically is to use Group Policy. 

    1. Create an Organization Unit (OU) in Active Directory, and put all your Production Servers in the OU
      Add all your Production Servers to the Production Server OU
      Add all your Production Servers to the Production Server OU
    2. Create a new Group Policy object and link it to the Production Server OU
      Create a new Group Policy for your Production Servers
      Create a new Group Policy for your Production Servers
    3. Edit the new Group Policy object and drill down to Computer Configuration | Policies | Windows Components | Windows Update
    4. Edit the Configure Automatic Update Properties item and enable it
    5. Set the Configure Automatic Updating option to 3 – Auto download and notify for install
      Edit Configure Automatic Updates Properties and enable 'Auto download and notify for install'
      Edit Configure Automatic Updates Properties and enable 'Auto download and notify for install
    After the new Group Policy propagates, you will notice the update setting is now locked on the servers in the Production Server OU. 

    The Group Policy locks the Windows Update setting
    The Group Policy locks the Windows Update setting


    Now the next time you plan to reboot your server you can install updates quickly and reboot – keeping your servers updated without unplanned reboots.

    The following screenshot is the settings applied to the default domain policy for the same group policy settings but this will apply to all machines joined to the SSW domain. Default domain policy1.png

     


    Read more about Do you use Group Policy to manage your Windows Update Policy?

  2. Do you wait before applying Service Packs or upgrades?

    After a new Service Pack is released for a product (for example, Exchange 2010 Service Pack 1), users and management can get very excited about new features that the Service Pack will bring that will help them out, or fix problems that they had been having with the product.

    Microsoft generally test their Service Packs very well, but things can go wrong.

    As a general rule, we wait 4 weeks before installing a new Service Pack, and tell everyone to hold their horses.


    Figure 1 - Even though managers and users might be pressing you to install a Service Pack - tell them to hold their horses!

    After the 4 week period has expired perform the following tasks before installing the Service Pack:
    • Do an search for any trending problem when updating to the new Service Pack 
    • Check for any known issues in the Microsoft KB with the Service Pack
    • Read installation documentation
    • Backup your system, or if you are using Hyper-V, take a snapshot
    • Reboot before you are about to install a Service Pack
    Following this rule should prevent disaster in the event that a Service Pack is troublesome.
    Read more about Do you wait before applying Service Packs or upgrades?

  3. Do you know what to request if someone wants a more RAM and processors on a VM or a PC?

    A “Too slow” is not enough info.​​​

    Request an image of the “Resource Monitor”

    Then after you decide there is justification:

    •           Do a typical action – take a new image or baseline.

    •           give the ​​additional resources e.g. Ram and processors….

    •           Do the typical action again – take another image of the “Resource Monitor”

    •           If there is some improvement, reply “done” (otherwise reply “not done”)

     

    Note: An ideal email subject prefix for more resources would be e.g. “Performance issue – “Machine name”


     

    Figure: Use “Resource Monitor” prior to allocating more RAM on a VM

              highUtilisation.png
                Figure: If you see something like this, pass their request :-)

    Read more about Do you know what to request if someone wants a more RAM and processors on a VM or a PC?
......