Introduction

This article describes Update 2 for Windows Server Solutions Best Practices Analyzer 1.0. Update 2 adds new best practices to Windows Server Solutions Best Practices Analyzer 1.0.

Windows Server Solutions Best Practices Analyzer 1.0 (Windows Server Solutions BPA) is a diagnostic tool that is built on the Microsoft Baseline Configuration Analyzer (MBCA) technology. Windows Server Solutions BPA scans a computer that is running one of the following operating systems, and compares the existing server settings to a predefined set of recommended best practices:

  • Windows Small Business Server 2011 Standard

  • Windows Small Business Server 2011 Essentials

  • Windows Storage Server 2008 R2 Essentials

  • Windows Multipoint Server 2011

Windows Server Solutions BPA performs the following tasks:

  • Collects information about a server

  • Determines whether the server settings comply with a set of best practices that are recommended by Microsoft

  • Provides a report of the scan results (the report identifies differences between the server settings and the recommended best practices)

  • Identifies conditions that may cause problems with the server

  • Recommends solutions to potential problems

More Information

Update information

How to obtain this update

To obtain this update, run Windows Server Solutions Best Practice Analyzer 1.0.

Prerequisites

To apply this update, you must be running one of the following operating systems:

  • Windows Small Business Server 2011 Standard

  • Windows Small Business Server 2011 Essentials

  • Windows Storage Server 2008 R2 Essentials

  • Windows Multipoint Server 2011 Standard

  • Windows Multipoint Server 2011 Premium

Additionally, you must have Windows Server Solutions Best Practices Analyzer 1.0 installed.

Registry information

To apply the update in this package, you do not have to make any changes to the registry.

Restart requirement

You do not have to restart the computer after you apply this update.

Update replacement information

This update replaces the following update:

2600333 An update for Windows Server Solutions Best Practices Analyzer 1.0 is available

Windows Server Solutions BPA best practices

After you install this update, the Windows Server Solutions BPA performs the following checks:

  1. Checks whether the DNS Client service is configured to start automatically

  2. Checks whether the DHCP Client service is configured to start automatically

  3. Checks whether the IIS Admin service is configured to start automatically

  4. Checks whether the World Wide Web Publishing service is configured to start automatically

  5. Checks whether the Remote Registry service is configured to start automatically

  6. Checks whether the Remote Desktop Gateway service is configured to start automatically

  7. Checks whether the Windows Time service is configured to start automatically

  8. Checks whether the Windows Update service is configured to start automatically

  9. Checks whether the MSDTC service is configured to start automatically

  10. Checks whether the Netlogon service is configured to start automatically

  11. Checks whether the DNS Server service is configured to start automatically

  12. Checks whether the Windows SBS Manager service is configured to start automatically

  13. Checks whether the DNS Client service has started

  14. Checks whether the Windows Update service has started

  15. Checks whether the DHCP Client service has started

  16. Checks whether the IIS Admin service has started

  17. Checks whether the World Wide Web Publishing service has started

  18. Checks whether the Remote Registry service has started

  19. Checks whether the Remote Desktop Gateway service has started

  20. Checks whether the Windows Time service has started

  21. Checks whether the MSDTC service has started

  22. Checks whether the Netlogon service has started

  23. Checks whether the DNS Server service has started

  24. Checks whether the Windows SBS Manager Service has started

  25. Checks whether the logon account for the DNS Client service is NT AUTHORITY\\Network Service

  26. Checks whether the logon account for the Windows Update service is Local System

  27. Checks whether the logon account for the DHCP Client service is NT AUTHORITY\\LocalService

  28. Checks whether the logon account for the IIS Admin service is Local System

  29. Checks whether the logon account for the World Wide Web Publishing service is Local System

  30. Checks whether the logon account for the Remote Desktop Gateway service is NT AUTHORITY\\Network Service

  31. Checks whether the logon account for the Windows Time service is NT AUTHORITY\\Network Service

  32. Checks whether the logon account for the MSDTC service is NT AUTHORITY\\Network Service

  33. Checks whether the logon account for the Netlogon service is Local System

  34. Checks whether the logon account for the DNS Server service is Local System

  35. Checks whether the logon account for the Windows SBS Manager service is Local System

  36. Checks which operating system you are running on the computer

  37. Checks whether the server can ping the IP address of the default gateway

  38. Checks whether the internal network adapter is assigned only one IP address

  39. Checks whether IP filtering is disabled

  40. Checks whether the Hyper-V role is not added to the Windows Small Business Server 2011 server

  41. Checks whether the IPv6 protocol is enabled

  42. Checks whether kernel mode authentication is disabled

  43. Checks whether the Windows MultiPoint Server Host Service is configured to start automatically

  44. Checks whether the logon account for the Windows MultiPoint Server Host Service is Local System

  45. Checks whether the Remote Desktop Services service has started

  46. Checks whether the Windows MultiPoint Server Host Service has started

  47. Checks whether the SRCShell user account exists

  48. Checks whether the application pool for Remote Web Access uses the default account

  49. Checks whether the application pool for Remote Web Access uses the default version of the .NET Framework

  50. Checks whether the application pool for Remote Web Access uses the default Managed Pipeline Mode

  51. Checks whether the application pool for Remote Web Access uses the default Bitness level

  52. Checks whether the built-in Administrators group has permission to log on as a batch job

  53. Checks whether Windows Firewall is turned on

  54. Checks whether the DNS host (A) resource record points to a correct IP address

  55. Checks whether the internal network adapter is configured to register its IP address in DNS

  56. Checks whether the value of the ForwardingTimeout registry key and the value of the RecursionTimeout registry key are identical

  57. Checks whether extension mechanisms for DNS (EDNS) is disabled

  58. Checks whether the forward DNS zone for the Active Directory domain allows only secure dynamic updates

  59. Checks whether the forward DNS zone for the _msdcs.* zone allows only secure dynamic updates

  60. Checks whether Internet Explorer Enhanced Security Configuration is enabled for the Administrators group

  61. Checks whether Internet Explorer Enhanced Security Configuration is enabled for the Users group

  62. Checks whether Windows SBS is the Domain Naming Master

  63. Checks whether Windows SBS is the Infrastructure Master

  64. Checks whether Windows SBS is the Primary Domain Controller Master

  65. Checks whether Windows SBS is the Relative ID (RID) Master

  66. Checks whether Windows SBS is the Schema Master

  67. Checks whether the source server exists in the Default-First-Site-Name

  68. Checks whether the source server exists in the SBSComputers organizational unit

  69. Checks whether the DNS parameter MaxCacheTTL is configured

  70. Checks whether the Default Domain Policy Group Policy exists

  71. Checks whether there are DNS name server (NS) resource records in the forward lookup zone

  72. Checks whether there are DNS name server (NS) resource records in the _msdcs zone

  73. Checks whether there are DNS name server (NS) resource records for the delegated _msdcs forward lookup zone

  74. Checks whether the Authenticated Users group is a member of the Pre-Windows 2000 Compatible Access group

  75. Checks whether the DNS client is configured to point only to the internal IP address of the server

  76. Checks whether the value of the RootVer registry key for the .NET Framework is correct

  77. Checks whether this server can ping one or more domain controllers

  78. Checks whether the RDP Port has the default value

  79. Checks whether the value of the SysvolReady registry key is correct

  80. Checks whether the Sysvol folder is not shared

  81. Checks whether one or more volumes has insufficient free space

  82. Checks whether the number of Maximum Worker Processes for the DefaultAppPool application pool is configured to the default value

  83. Checks whether the name of the certification authority contains invalid strings

  84. Checks whether the value of the HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\90\\Machines\\OriginalMachineName registry key is correct

  85. Checks whether the value of the HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\100\\Machines\\OriginalMachineName registry key is correct

  86. Checks whether Exchange Server 2010 Service Pack 1 (SP1) is installed

  87. Checks whether Windows SBS is in a journal wrap condition

  88. Checks whether Exchange Server 2010 is configured to use the default method for external authentication

  89. Checks whether Exchange Server 2010 is configured to use the default method for internal authentication

  90. Checks whether Windows Server 2008 R2 Service Pack 1 (SP1) is installed

  91. Checks whether the Simple Mail Transfer Protocol (SMTP) service is installed

  92. Checks whether there are empty Servers containers in the Exchange organization

  93. Checks whether the name of the default accepted domain is correct

  94. Checks whether the application pool for SharePoint uses the default account

  95. Checks whether the application pool for SharePoint uses the default version of the .NET Framework

  96. Checks whether the application pool for SharePoint uses the default Managed Pipeline Mode

  97. Checks whether the application pool for SharePoint uses the default Bitness level

  98. Checks whether the application pool for PowerShell uses the default account

  99. Checks whether the application pool for PowerShell uses the default version of the .NET Framework

  100. Checks whether the application pool for PowerShell uses the default Managed Pipeline Mode

  101. Checks whether the application pool for PowerShell uses the default Bitness level

  102. Checks whether the Active Directory Web Services is configured to the default start mode

  103. Checks whether the Active Directory Web Services has started

  104. Checks whether the default logon account for the Active Directory Web Services is Local System

  105. Checks whether the Console.Log file is larger than 1 gigabyte (GB)

  106. Checks how many checks Windows Server Solutions BPA has completed

  107. Checks which version of Windows Server Solutions BPA you are running

  108. Checks whether the SPSearch account is the default account for SharePoint crawling

  109. Checks whether the SharePoint Central Admin application pool uses the spfarm account

  110. Checks whether the username and password for the SharePoint managed accounts is valid

  111. Checks whether you should use Psconfig.exe to upgrade the SharePoint databases

  112. Checks whether you should use Psconfig.exe to upgrade SharePoint

  113. Checks whether the RemoteAccess.log file is larger than 1 GB

  114. Checks whether the POP3service.log file is larger than 1 GB

  115. Checks whether the SmtpReceive log directory is larger than 1 GB

  116. Checks whether the SmtpSend log directory is larger than 1 GB

  117. Checks whether the log directory of the "Default Web Site" website is larger than 1 GB

  118. Checks whether the log directory of the Companyweb site is larger than 1 GB

  119. Checks whether the log directory of the SBS SharePoint site is larger than 1 GB

  120. Checks whether the HomeMDB attribute is configured to the default value

  121. Checks whether the most recent update is installed

  122. Checks whether the port of the Client Access server is configured to 443

  123. Checks whether the scheme of the Client Access server is configured to HTTPS

  124. Checks whether the AbsolutePath value of the Client Access server is correct

  125. Checks whether the host name of the Client Access server is correct

  126. Checks whether the host name of the Offiline Address Book server is correct

  127. Checks whether the host name of the Exchange Web Service server is correct

  128. Checks whether the host name of the Autodiscover server is correct

  129. Checks whether the host name for Outlook Anywhere is correct

  130. Checks whether the authentication settings for Outlook Anywhere are the default settings

  131. Checks whether there is binding for SSL on all IP addresses

  132. Checks whether there is binding for SSL on the "Default Web Site" website

  133. Checks whether the server certificate will expire within 30 days

  134. Checks whether the certificate subject is correct

  135. Checks whether the authentication settings for the /autodiscover virtual directory are the default settings

  136. Checks whether the authentication settings for the /ews virtual directory are the default settings

  137. Checks whether the authentication settings for the /OAB virtual directory are the default settings

  138. Checks whether the authentication settings for the /rpc virtual directory are the default settings

  139. Checks whether the SSL settings for the /RPCWithCert virtual directory are the default settings

  140. Checks whether the maximum allowed content length for the /Rpc virtual directory is the default value

  141. Checks whether the maximum allowed content length for the /RpcWithCert virtual directory is the default value

  142. Checks whether the Path environment variable exists in the bin directory on the Exchange server

  143. Checks whether the ExchangeInstallPath environment variable exists

  144. Checks whether user accounts have duplicate CN names

  145. Checks whether a different website conflicts with the "Default Web Site" website

  146. Checks whether an MMS Update is installed

  147. Checks whether a recommended update that is described in Knowledge Base article 2524478 is installed

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×