Tariq Bin Azad, in
Securing Citrix Presentation Server in the Enterprise, 2008 The GPMC is a downloadable product from the
Microsoft Downloads Web site. It does not come on the Windows Server 2003 CD. To install the GPMC: Double-click the gpmc.msi package, and click Next (Figure 6.12).Policies and Procedures for Securing XenApp
Installing the GPMC
Figure 6.12. GPMC Installation
2Agree to the End User License Agreement (EULA), and click Next (Figure 6.13).
Figure 6.13. Policy Management Console License Agreement
3Click Finish to complete the installation (Figure 6.14).
Figure 6.14. Group Policy Finish
Upon completion of the installation, the Group Policy tab that appeared on the Property pages of sites, domains, and OUs in the Active Directory snap-ins is updated to provide a direct link to GPMC. The functionality that previously existed on the original Group Policy tab is no longer available, since all functionality for managing Group Policy is available through GPMC.
To open the GPMC snap-in directly, use either of the following methods:
▪Click the Group Policy Management shortcut in the Administrative Tools folder on the Start menu or in the Control Panel (Figure 6.15).
Figure 6.15. Accessing the GPMC
▪Create a custom MMC console. Click Start, Run, type MMC, and click OK. Point to File, click Add/Remove Snap-in, click Add, highlight Group Policy Management, click Add, click Close, and then click OK.
To repair or remove GPMC, use Add or Remove Programs in Control Panel. Alternatively, run the gpmc.msi package, select the appropriate option, and click Finish.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597492812000068
An Introduction to the GFI LANguard Network Security Scanner Management Console
Brien Posey, in GFI Network Security and PCI Compliance Power Tools, 2009
The Main Console Screen
You can access the management console by choosing the LANguard Network Security Scanner command from the Start | All Programs | GFI LANguard Network Security Scanner 8.0 menu. When the management console first opens, you will see a screen similar to the one that's shown in Figure 2.1, asking if you want to perform a local computer scan, a complete network scan, or a custom scan. Since we're not quite ready to scan anything yet, click the Cancel button. You might also have noticed in the figure, that this screen contains a check box that you can deselect if you don't want this screen to be displayed every time that you open the management console.
Figure 2.1. Click Cancel to Avoid Scanning Anything at this Time
When you click Cancel, Windows will display the main management console screen. You can see what the console looks like in Figure 2.2.
Figure 2.2. The GFI LANguard Network Security Scanner Management Console is the Product's Primary Administrative Interface
In the screen capture above, you can see that the console is divided into a few different sections, or panes. The pane on the left is a navigation pane. This is the pane that you will use to move around in the console. Functions such as initiating a scan, filtering the scan results, and deploying patches are all invoked from this pane.
The right side of the console is currently split into three separate panes, although in some situations only two of the panes are used. The upper middle pane is the Scanned Computers pane. When you perform a security scan, the computers that have been scanned will be listed in this pane. Typically, this pane will show each machine's Internet Protocol (IP) address, Network Basic Input/Output System (NetBIOS) name, operating system, and service pack level.
Just to the right of the Scanned Computers pane is the Scan Results pane. When you first complete a security scan, this pane will show you a brief summary of the scan's outcome. If you click on an individual computer in the Scanned Computers pane, the information in the Scan Results pane will change to display information related specifically to the currently selected machine.
The pane in the lower right portion of the management console is the Scanner Activity pane. This pane isn't always used, but when it is used, it will show you how the current scan is progressing.
The management console offers a lot of other functions, but it has been my experience that 99 percent of the time when you are working with the management console, you will be using the four panes that I have just described.
Tools & Traps…
Screen Resolution
Most servers aren't exactly known for using high-end video cards, or even offering anything beyond minimal screen resolution. However, in the case of using the management console, screen resolution is relatively important. Once you begin scanning the computers on your network and analyzing the results, you will see that the management console attempts to display a lot of information. At lower resolution levels, a lot of this information will not fit on the screen. Your server console (or remote server session) will need to be running a display resolution of at least 1024 × 768, but higher resolutions work even better.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597492850000029
Cisco Enterprise IDS Management
In Cisco Security Professional's Guide to Secure Intrusion Detection Systems, 2003
IDS MC Installation
The IDS MC software installs its components into the same directory as the CiscoWorks Common Services software components. This is typically in the directory: Program Files\CSCOPx. The directory structure is shown in Figure 10.4.
Figure 10.4. The IDS MC Directory Tree Structure
Cisco chose to use an open source program called Apache for the built-in Web server for CiscoWorks. The subdirectory \Apache is where the Apache Web Server is installed and from where Apache serves the Web pages that are displayed when using the IDS MC. The Sybase subdirectory is where the Sybase SQL Anytime database is installed as well as where all data from the IDS appliances and the IDSM sensors is stored. The Tomcat subdirectory is where the Tomcat application server is installed. This server provides servlets to the IDS MC from the Common Services. The Etc\ids directory is where the IDS MC is actually stored. The updates subdirectory is where the signature update packs are stored for the MC to push out to the sensors or to the MC itself.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781932266696500306
Planning
In Host Integrity Monitoring Using Osiris and Samhain, 2005
User Access
The management console should only be accessible to security administrators who need to read logs or manage monitored hosts. Do not install the management console on your corporate mail server and expect passwords or file permissions to provide adequate security for the system. Guest accounts should be shut off; at the very least remote access should be limited to only those who need it. List all of the personnel who require an account on this system and what their role is. This will facilitate the general security administration for the host (e.g., which accounts will have SUDO access).
Note how you will be auditing the actions of user accounts on the management console host in your planning document. This is important for accountability, change management, and the detection of suspicious behavior.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597490184500113
Host Integrity Monitoring with Open Source Tools
In Host Integrity Monitoring Using Osiris and Samhain, 2005
Logging
The management console is responsible for all data analysis; therefore, all log data resides on the console host. After every scan, the console performs a comparison between all of the data in the newly created scan database and the trusted database for that host. Any differences result in a log message.
Osiris has a few different logging vectors. Scan logs generated by the console can be saved to a file, sent to the system log, or piped to an application. Just as with scan databases, logs associated with a scan can be configured in three different ways ranging from minimal to one for each scan.
Each log message has an ID to facilitate parsing by log analysis tools (see Figure 5.4).
Figure 5.4. Osiris Log Format Structure
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597490184500125
Patch Management
Brien Posey, in GFI Network Security and PCI Compliance Power Tools, 2009
Viewing Missing Patch Information Through the Management Console
The management console has kind of an odd way of displaying patching information. If you look at Figure 7.4, you will notice that there is a System Patching Status container located beneath the listing for each computer in the console's center pane. Notice though, that when you click on this container, the pane on the right will only show you the service packs and patches that are actually installed. Missing patches and service packs are listed beneath the Vulnerabilities container, as shown in Figure 7.5.
Figure 7.4. The System Patching Status Container Only Shows the Patches and Service Packs That Are Actually Installed on Each Computer
Figure 7.5. Missing Patches and Service Packs Are Listed Beneath Each Computer's Vulnerability Container
Notice in the figure above how all of the missing patches and service packs for each computer are grouped by product. This helps you to be able to tell how vulnerable the operating system is, or how vulnerable a particular application is on a given computer.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597492850000078
Browsing the Event Logs
Brien Posey, in GFI Network Security and PCI Compliance Power Tools, 2009
Solutions Fast Track
Browsing the Logs
The management console displays log entries in a single list from all the computers being monitored.
Each of the containers on the left side of the console is linked to a dynamic query.
The All Events container does not actually display all the events collected, but rather only those events concerning the currently selected events browser.
Customizing the Events Browser View
To customize the Events Browser, click the Customize View link, found in the Common Tasks area.
The customization process lets you control where, or if, event details should be displayed.
You can color-code certain types of events.
Creating Custom Queries
You can create custom queries that appear as containers alongside the default queries.
You can remove a custom query by right-clicking it and choosing the Delete command from the shortcut menu.
Exporting Events
If you need to build a case against someone, it is easier to export the pertinent events to a spreadsheet than to sift through log entries.
Exported events are written to a CSV file, which can be opened in Excel.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597492850000145
Administration and Active Directory Integration
In Designing SQL Server 2000 Databases, 2001
Microsoft Management Console
One of the improvements in Windows 2000 was a common framework for administrative consoles. This framework manifested into the Microsoft Management Console (MMC). MMC is a central application used to manage any and all facets of the Windows 2000 operating system.
One of the more confusing aspects of running legacy Windows NT servers was the inconsistency of the administrative tools. Some tools were “right-clickable”; others didn’t support pop-up menus. Some tools used an organizational tree structure, others used icons, and so on. MMC was created to streamline and simplify daily management of Windows 2000 Server systems.
The MMC itself is a shell. It hosts other applications and utilities. This makes the MMC extensible. Not only will future development of Microsoft BackOffice products use this shell, but administrators can develop their own unique consoles to help organize their everyday tasks. An MMC can be created and saved as a file with an .MSC extension. Once a console has been saved as a file, an administrator can distribute that console to users, groups—even computers.
The MMC is extensible with snap-ins, additional utilities that work within the MMC shell. To customize the MMC:
1.Click Start | Run.
2.Type MMC and press Enter.
3.Click the Console menu.
4.Select Add/Remove Snap-In.
5.Click the Add button.
6.Select the snap-in from the list, and click Add.
7.Select the computer that this snap-in will manage, and click Finish.
8.Continue to add snap-ins until all that are required are added, then click the Close button.
9.Click Close when the process is complete.
Tip
To reduce the time and effort it takes to open and close multiple console applications as you move from task to task, you can create a custom MMC that includes all the consoles that you commonly use. For example, you might want to add the SQL Enterprise Manager snap-in, the Analysis Manager, and Active Directory Users and Computers to a single custom MMC.
SQL Server Enterprise Manager
SQL Server Enterprise Manager is the main administrative tool for managing a SQL Server. Enterprise Manager is a complete SQL Server management tool based on SQL-DMO. With it you can:
■Start and stop SQL Server.
■Assign the system administrator’s password.
■Schedule jobs.
■Manage SQL Server users and security.
■Configure servers.
■Register servers, databases, and publications in Active Directory.
■Monitor the server with alerts and e-mail notification.
■Manage all aspects of a SQL database.
Enterprise Manager organizes servers into server groups for simplification of administration. Using these groups, an administrator can limit access for users to those items within a particular server group. The server groups can be used for applying commands across several servers at once, instead of a single server at a time. SQL Servers are automatically placed within a default server group named SQL SERVER GROUP. To make your own:
The Delegation of Administration Wizard
In smaller organizations, many DBAs are given the task of managing a set of users for all their network needs, in addition to handling database access. These DBAs need to create new users, assign permissions, update the user accounts, and manage their general network use. In the old Windows NT domain world, there was no choice but to make these DBAs part of the Domain Admins group, thus granting the database administrators many more rights than were necessary for performing their jobs.
In Windows 2000, this is no longer an issue. Active Directory enables an administrator to delegate rights to an OU. For DBAs with extended job functions, this means that they can be granted their own OUs with their own user accounts and the right to manage those user accounts. This feature can be executed with the Delegation of Administration Wizard as follows:
1.To start the wizard, navigate to the OU that will be delegated to the DBA, and right-click it.
2.Select Delegate Control from the pop-up menu.
3.Click Next at the Welcome screen for the Delegation of Administration Wizard.
4.The next screen will ask you for the user or group account to whom you want to give control. Click the Add button, and add the user(s) and/or group(s) to the list by selecting the accounts and clicking the Add button for each, then clicking OK to close the dialog box.
5.Whenever possible, delegate control to a group and add the users to it, even if there is only a single user. This method makes it easier to adjust your administrative team later. Click Next.
6.The next dialog box allows you to select the administrative functions that will be given to the accounts you selected in the previous dialog box. The most common administrative functions are listed with check boxes at the top, or you can click the radio button to customize the abilities this administrative group will have. When you’re finished with your selections, click Next.
7.Finally, review the information and verify that it is correct, then click the Finish button.
1.
Log on as a user with administrative privileges.
2.Click Start | Programs | Microsoft SQL Server | Enterprise Manager.
3.Right-click the Microsoft SQL Servers container.
4.Select New SQL Server Group from the pop-up menu. The Create New Server Group dialog box shown in Figure 6.19 will appear.
Figure 6.19. Creating a new server group.
5.Type a name for the new server group. You also have the option of placing this new server group into a hierarchy by making it a subgroup of another server group. Otherwise, it should be a top-level group.
6.Click OK.
Once the server group is created, you can populate it with servers. To do so, right-click a server group, and select New SQL Server Registration from the popup menu. Click the Next button at the Welcome screen. Select a SQL Server from the available servers on your network. Click the Add button to move each server into the Added Servers list, then click Next. On the following screen, select the security type, and click Next. Select or create a server group, and click Next. Review the information on the final screen, and click the Finish button to add your server to the selected group. Click Close in the message box stating that your registration is successful.
At this point, you can begin managing user accounts from within Enterprise Manager. To grant a user account access to a SQL server:
1.Log on as a user with administrative privileges.
2.Click Start | Programs | Microsoft SQL Server | Enterprise Manager.
3.Navigate to the SQL Server you are administering, and expand the Security container.
4.Open the Logins container.
5.Right-click the Logins container.
6.Select New Login from the pop-up menu.
7.If the Authentication type is correct (Windows Authentication), click the ellipsis (…) button next to the name box to select a user or group account from Active Directory. Otherwise, you will be limited to accounts within SQL Server only.
8.Select the account, click the Add button, and click OK to finish that dialog box.
9.You will be returned to the SQL Server Login Properties box, which is shown in Figure 6.20.
Figure 6.20. Login properties.
10.Make certain that the database and language are correct in the dialog box, or leave them as the defaults, then click the Server Roles tab.
11.Select the role or roles that this user account will be granted by checking the appropriate boxes.
12.Click the Database Access tab.
13.Select the databases to which you are granting access with the role you selected.
14.In the lower box of the window, select the type of role to grant to that particular database by checking the appropriate boxes. (Public is the default.)
15.Click OK to complete the login creation process.
Logins are one method of granting Active Directory user accounts access to SQL Server databases. Within each database, you can create user access that prompts new logins to be created. All you need to do is:
1.Open Enterprise Manager.
2.Navigate to your selected database.
3.Expand the database.
4.Right-click the Users container.
5.Select New Database User from the pop-up menu.
6.Use the drop-down box to select < new >, which will prompt the Login Properties box to open and create a new login.
7.When you have completed the new login, you will see the login name listed in the drop-down list of the New User properties box, which is shown in Figure 6.21.
Figure 6.21. New user creation.
8.You can change the username if you want, and select the database role permissions.
9.Click OK to complete the new user creation process.
Enterprise Manager is also useful for administering component services of SQL Server. These services are:
■Microsoft Distributed Transaction Coordinator (DTC)
■Microsoft Search
■SQL Server Agent
You are enabled to only start or stop the Microsoft Distributed Transaction Coordinator service within Enterprise Manager. To do so, select the SQL Server and expand its container. Navigate to the Support Services container and expand that. Right-click Distributed Transaction Coordinator, and select Stop (or Start, if the service has already been stopped) from the pop-up menu.
Microsoft search is located in the Support Services container as well as the DTC. The feature is called Full-Text Search. You are granted more options with managing search: You can start and stop the service, clean up catalogs, and view the Microsoft search properties, which are shown in Figure 6.22. All these options are available on the pop-up menu when you right-click the Full-Text Search icon.
Figure 6.22. The Microsoft Full-Text Search Service properties dialog box.
The SQL Server Agent service is located within a different container in Enterprise Manager—the Management container located below your selected SQL Server. The SQL Server Agent contains three other objects: Alerts, Operators, and Jobs. To manage the agent itself, right-click it, and select Start or Stop to change the service’s status. You can also select Display Error Log or explore the options below the Multi-Server Administration option, in which you can make the server a master or a target; create a new alert, operator, or job; or open the SQL Server Agent’s Properties dialog box, which is shown in Figure 6.23.
Figure 6.23. SQL Server Agent Properties.
Several tabs are available in the SQL Server Agent Properties dialog box. Table 6.1 details the options within each tab.
Table 6.1. SQL Server Agent Options
| General | Select the SQL Server Agent service startup account, establish the mail profile, and select or view the error log. |
| Advanced | Set the restart options for the service, configure event forwarding, set the CPU Idle settings to optimize performance. |
| Alert System | Format addressing of pager e-mails, establish a fail-safe operator. |
| Job System | Adjust job history log settings, set job execution parameters, select a proxy account. |
| Connection | Select the Authentication type (Windows or SQL Server) and set login timeout, view SQL Server alias. |
One of the other things that Enterprise Manager provides is a method for monitoring your replication between publishers and subscribers. You can also manage the agents that are involved in the various types of replication. To view these options, navigate to the SQL Server you have selected. Open the Replication Monitor folder. You can view publishers and right-click on each to manage them. By right-clicking on an agent listed below a publisher, you can push new subscriptions, reinitialize all of them, view the agent’s properties, and refresh the settings.
SQL Server MMC Snap-Ins
Aside from SQL Server Enterprise Manager, three other MMC snap-ins can help with managing the SQL Server environment:
■Component Services
■Meta Data Services
■SQL Analysis Services
Component Services comprises separate utilities that manage services from the same MMC. Of primary importance to the SQL database administrator, this console provides access to the Microsoft Distributed Transaction Coordinator (DTC). DTC manages distributed transactions. A distributed transaction uses data from multiple databases, whether they are located on the same system or on separate servers. The DTC contains two options: a list of transactions and statistics. The Transaction Statistics option is shown in Figure 6.24. Both of these options can provide valuable information to a DBA. If an application involves a transaction across multiple data sources, coordinating it can ensure that individual transactions that fail will not skew the result. The DTC Service provides coordination against inconsistency problems and data loss. The DTC Transaction List in the Component Services MMC allows you to monitor the transactions as they occur because it shows any distributed transactions that are currently executing. You can even resolve a transaction by right-clicking it and forcing it to commit or abort from the options on the pop-up menu. The DTC Transaction Statistics will let you view the activity statistics running on the system. If your system is having performance issues, this feature can assist you in determining whether distributed transactions need to be given a larger-capacity system.
Figure 6.24. DTC Transaction Statistics in the Component Services MMC.
Metadata is the data that is used to describe another set of data. It is generally considered an indexing method using a summary and details about a database within the SQL Server system. For example, you might have a table that lists all Internet users’ shipping information. The summary information used to describe that data, such as shipping costs by state, is considered metadata. Metadata is used most within the Analysis Services.
The Meta Data Services console is useful in viewing the metadata listed for a database. To use the Meta Data Services MMC, you must first start by registering a database. To do so, right-click the root of the console, and select Register Database. After the registration is complete, you can use the Meta Data Services console to view metadata.
The Analysis Services MMC, shown in Figure 6.25, is used for discovering the statistics about analysis of the database. When you install an analysis server, this console is a standard option. You can access it by clicking Start | Programs | Microsoft SQL Server | Analysis Services | Analysis Manager.
Figure 6.25. The Analysis Services MMC.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781928994190500099
Osiris
In Host Integrity Monitoring Using Osiris and Samhain, 2005
Multiple Management Consoles
The Osiris management console was not designed to work in conjunction with other console deployments. You can deploy multiple management consoles, which can be configured to not step on each other's toes, but there is little advantage.
One reason why you may want to deploy a second or third management console is because of the load on your console host. If you are managing thousands of hosts, it may be more practical to set up two or three consoles to distribute the overhead. Another reason has to do with your network topology. It may be that your network design restricts you from placing a console on the network where it can connect to all of the hosts you wish to monitor. Or, you may have hosts on completely separate networks. In any case, the problem with deploying more than one console is that you then have to manage more than one console. This includes the data associated with a console, as well as maintaining it (e.g., backups). Scan configurations, scan data, and logs are spread across multiple hosts and become more of a management burden.
I have also seen deployments with multiple consoles where the administrator was monitoring the same agent from different consoles. This has little value and is not recommended. Not only do you have the burden of managing more than one console, you now have to make sure that the consoles do not fight over the agents as far as scheduling is concerned. Never run multiple instances of a management console on the same host.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597490184500137
Installing and configuring Windows Server 2008 R2
Dustin Hannifin, ... Joey Alpern, in Microsoft Windows Server 2008 R2, 2010
Microsoft Management Console 101
The Microsoft Management Console (MMC) was introduced with the release of Windows 2000 as the premier tool for managing Windows Servers. The MMC was not only powerful but also very customizable. The concept was simple – A single console that would allow multiple tools known as snap-ins to be added. Administrators could use the out-of-box consoles, or create their own customized consoles. These consoles could be used on the server itself, or remotely from an administrator's workstation. MMC was well received by Windows administrators and continues to be used with the release of Windows Server 2008 R2. In fact, Server Manager, which will be discussed in the next section, is more or less a Microsoft developed, feature-rich MMC. Let us explore some basic MMC concepts. We will first start by creating a new console with a few snap-ins. To create a new console, perform the following:
1.Create a new console by going to Start | Run, and type MMC in the run box. Then click on OK. This will open a new console with no snap-ins (see Figure 2.32).
Figure 2.32. Empty MMC.
2.Now let us add a couple of snap-ins. Go to the File menu and choose Add/Remove Snap-in. This will open the Add/Remove Snap-in selection window.
3.Add Event View and Services as seen in Figure 2.33. If asked for the computer to connect to choose Local Computer, then click on the OK button.
Figure 2.33. Select MMC Snap-Ins.
4.You will now see the left pane of the console, under the Console Root, populated with the snap-ins you selected. You can now manage the selected options by clicking on one of the snap-ins. Click to highlight the Services snap-in.
5.The middle-pane will populate with a list of Windows services. The middle pane is used to display the administrative options based on the snap-in that was selected in the left pane (see Figure 2.34).
Figure 2.34. Windows Services Snap-In.
6.If you click on any service, you will see new options appear in the far right hand pane. This pane is known as the Actions Pane. The Actions Pane will usually include common actions that can be performed on the item selected in the middle pane. In our example, you can click on a service such as the DNS Client service. Then click on the More Actions option in the Actions Pane. Choose the option Restart Service. This will restart the DNS Service.
7.Now that you have created a custom MMC, you may want to save it for future use. To save the console, simply go to the File menu and choose the Save As… option. Choose a file name and location and click on the Save button. In future, you can open this console simply by double-clicking it.
You should now have a basic understanding of what the MMC is and how you can use it to administer Windows Servers. We will now take a look at Server Manager.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597495783000025