Introduction
This article describes an update that adds new best practices to Windows Server Solutions Best Practices Analyzer 1.0.
Windows Server Solutions Best Practices Analyzer 1.0 (Windows Server Solutions BPA) is a diagnostic tool that is built on the Microsoft Baseline Configuration Analyzer (MBCA) technology. Windows Server Solutions BPA scans a computer that is running one of the following operating systems, and compares the existing server settings to a predefined set of recommended best practices:
-
Windows Small Business Server 2011 Standard
-
Windows Small Business Server 2011 Essentials
-
Windows Storage Server 2008 R2 Essentials
-
Windows Multipoint Server 2011
Windows Server Solutions BPA performs the following tasks:
-
Collects information about a server
-
Determines whether the server settings comply with a set of best practices that are recommended by Microsoft
-
Provides a report of the scan results (the report identifies differences between the server settings and the recommended best practices)
-
Identifies conditions that may cause problems with the server
-
Recommends solutions to potential problems
Update information
How to obtain this update
To obtain this update, run Windows Server Solutions Best Practice Analyzer 1.0.
Prerequisites
To apply this update, you must be running one of the following operating systems:
-
Windows Small Business Server 2011 Standard
-
Windows Small Business Server 2011 Essentials
-
Windows Storage Server 2008 R2 Essentials
-
Windows Multipoint Server 2011 Standard
-
Windows Multipoint Server 2011 Premium
Additionally, you must have Windows Server Solutions Best Practices Analyzer 1.0 installed.
Registry information
To use the update in this package, you do not have to make any changes to the registry.
Restart requirement
You do not have to restart the computer after you apply this update.
Update replacement information
This update does not replace a previously released update.
New best practices
After you install this update, the Windows Server Solutions BPA performs the following checks:
click here to expand the list
-
Checks whether the application pool for Remote Web Access uses the default account
-
Checks whether the application pool for Remote Web Access uses the default version of the .NET Framework
-
Checks whether the application pool for Remote Web Access uses the default Managed Pipeline Mode
-
Checks whether the application pool for Remote Web Access uses the default bit version
-
Checks whether the built-in Administrators group has the "Log on as a batch job" user right
-
Checks whether the Windows Firewall is enabled
-
Checks whether the DNS host (A) resource record points to the correct IP address
-
Checks whether the internal network adapter is configured to register the IP address of the network adapter in DNS
-
Checks whether the values of the DNS ForwardingTimeout registry key and the RecursionTimeout registry key are identical
-
Checks whether the extension mechanisms for DNS (EDNS) is enabled
-
Checks whether the forward DNS zone of your Active Directory domain allows for secure updates
-
Checks whether the forward DNS zone allows for secure updates
-
Checks whether Internet Explorer Enhanced Security Configuration is enabled for the Administrators group
-
Checks whether Internet Explorer Enhanced Security Configuration is enabled for the Users group
-
Checks whether the source server is in the Active Directory Sites and Services snap-in
-
Checks whether the source server is in the SBSComputer organizational unit (OU)
-
Checks whether the MaxCacheTTL DNS parameter is not set
-
Checks whether a Windows Small Business Server (Windows SBS) Group Policy is missing
-
Checks whether there are DNS name server resource records in the forward lookup zone
-
Checks whether there are DNS name server records in the _msdcs zone
-
Checks whether there are DNS name server records for the delegated _msdcs forward lookup zone.
-
Checks whether Windows SBS is the Domain Naming Master (if Windows SBS is the Domain Naming Master, you will receive a confirmation message)
-
Checks whether Windows SBS is the Infrastructure Master (if Windows SBS is the Infrastructure Master, you will receive a confirmation message)
-
Checks whether Windows SBS is the Primary Domain Controller Master (if Windows SBS is the Primary Domain Controller Master, you will receive a confirmation message)
-
Checks whether the Authenticated Users group is a member of the Pre-Windows 2000 Compatible Access group
-
Checks whether Windows SBS is the Relative ID (RID) Master (if Windows SBS is the RID Master, you will receive a confirmation message)
-
Checks whether the DNS client is configured correctly
-
Checks whether Windows SBS is the Schema Master (if Windows SBS is the Schema Master, you will receive a confirmation message)
-
Checks whether the value of the RootVeer registry entry for the .NET Framework is correct
-
Checks whether the server cannot ping
-
Checks whether the value of the Remote Desktop Protocol (RDP) port is the default value
-
Checks whether the value of the SysvolReady registry key is correct
-
Checks whether the Sysvol folder is shared
-
Checks whether the free disk space is very low
-
Checks whether the value of the default Application Pool is changed
-
Checks whether the Certification Authority name may cause errors
-
Checks whether the value of the OriginalMachineName(90) registry key is correct
-
Checks whether the value of the OriginalMachineName(100) registry key is correct
-
Checks whether the version of Exchange Server 2010 is the release version
-
Checks whether Windows SBS is in a journal wrap condition
-
Checks whether the external remote procedure call (RPC) authentication is not set to the default method
-
Checks whether the internal RPC authentication is not set to the default method
-
Checks whether the version of Windows Server 2008 R2 is the release version
-
Checks whether Simple Mail Transfer Protocol (SMTP) is installed
-
Checks whether there are empty Servers containers
-
Checks whether the accepted domain for Exchange is not the default domain
-
Checks whether the application pool for SharePoint uses the default account
-
Checks whether the application pool for SharePoint uses the default version of the .NET Framework
-
Checks whether the application pool for SharePoint uses the default Managed Pipeline Mode
-
Checks whether the application pool for SharePoint uses the default bit version
-
Checks whether the application pool for PowerShell uses the default account
-
Checks whether the application pool for PowerShell uses the default version of the .NET Framework
-
Checks whether the application pool for PowerShell uses the default Managed Pipeline Mode
-
Checks whether the application pool for PowerShell uses the default bit version
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates