Windows 2008 R2 Server Maintenance

Basics

1: System Health Check

1.1: Event Log Check (Application/Security/System)

: Daily Check

: Found a log with errors needs to check the cause and troubleshoot

1.2: Shared folder check

: Daily check

: Found no Allowed shared folders, delete now

1.3: Local user and group check

: Daily check

: Unauthorized users and groups are found, delete immediately

1.4: Disk Size and Fragmentation Check

: Daily Check

: Found disk space below alert (30% available), need to clean up useless disk files < Br>

: Found disk fragmentation greater than alert value (70% fragmentation), need to defragment during server idle time

1.5: System service and application check

: Daily check

: Unauthorized installation of system services and applications, immediately removed

1.6: IIS check

: Daily check

: Found unauthorised web site to run, delete immediately

1.7: Process and application check

: Daily check multiple times

: Found suspicious process And the application, close immediately and find the run file to delete

1.8: Check cpu usage and memory usage

: Daily check multiple times

:Found cpu long Time is too high (90%) check the main reason, see the situation restart the server

2: Database status check maintenance

2.1: Check the results of the daily maintenance of the database

: Daily check

: Ensure that data and logs are properly backed up as required, re-manual backups that fail to run and eliminate the cause of the error

2:2: Check the transaction log of the database

: Daily check

: When the transaction log is greater than 300M, the log needs to be shrunk after the full backup log.

2.3: Check the fragmentation of the database file

:Each Half-month check

: When the fragmentation of the database is greater than the warning value, it needs to be defragmented

: Method 1

The following is a code snippet: use database_name declare @table_id int set @table_id=object_id('Employee') dbcc showcontig(@ Table_id)

If the scan density and average page density are less than 100% indicating fragmentation, the two should be kept at a high percentage. Logical and sector scan fragments should be as close as possible to zero, and should generally not exceed 10.

Here is the code snippet: dbcc dbreindex('database_name.dbo.Employee','',90)

3: web system check

3.1: Web system login check

: Daily check

: Make sure the web system can log in normally

3.2: Web system response check < Br>

: Daily check

: Check the request and response speed of the web system. If the response is too slow or unresponsive, you need to check the cause and exclusion.

3.3: web system File Checking

: Monthly Checking

: Checking and Backing Up Web System Program Files

4: Web Traffic Checking

4.1: Web Traffic Checking < Br>

: Daily check

: Make sure the traffic is normal and find the traffic is abnormal. You need to find out the cause and solve it.

Special Items

1.“Computer Configuration”/“Windows Settings”/“Security Settings”/“Software Restriction Policies”Options, with the right mouse button Click this option and execute the "Create Software Restriction Policy" command in the shortcut menu; double-click the "Force" group policy item with the mouse to open the settings dialog shown in Figure 1, and select "Except" All users except the local administrator ” option, the rest of the parameters remain the default settings, and then click the "OK" button to end the above settings

2. Deny network viruses hidden in temporary files

Group Policy Editing Commands>gpedit.msc”Select “Computer Configuration”/“Windows Settings”/“Security Settings”/“Software Restriction Policies”/“Other Rules” At the same time, right-click the option and execute the “New Path Rule” command in the shortcut menu to open the settings dialog shown in Figure 2; click on “Browse” and press Button, from the pop-up file selection dialog box, select and import the temporary folder of the Windows Server 2008 system, and then set the "Security Level" parameter to "Don't allow", and finally click "Determine" & rdquo;

3. Prevent illegal PING

string command“gpedit.msc”“computer configuration”node option, and select "<;Windows settings>" from the target node “Security Settings",“Advanced Security Windows Firewall",“Advanced Security Windows Firewall——Local Group Policy Objects”option, then use the mouse to select the &#&#&#&#"> Inbound Rules> Then, in the <quo;Actions" list on the right side of the corresponding "Inbound Rules" item, click the "New Rule" option, and the system will automatically pop up the New Inbound Rules Wizard dialog box. Screen prompts, first select the "Custom" option, then select the "All Programs" item, and then select from the list of protocol types “ ICMPv4”.

After the wizard screen prompts us to choose what type of connection condition, we can select the "Block connection" option,

4. Disconnect the remote connection to restore the system state [Special case Processing]

Enter the “gpedit.msc” command, second select the “User Configuration” node branch at the left side of the Group Policy Console window, and use the mouse to select the target node branch below one by one. Manage Templates & rdquo; /& ldquo; Network & rdquo; /& ldquo; Network Connections > Group Policy Options, then double-click the "Network Connections" branch below the "Delete all users remote access connection" option, in the pop-up Figure 5 In the option settings dialog box shown, select the “Enabled” option, and then click “OK"Save button

5. Force all connections to be connected

Enter in the Run box String command “gpedit.msc”, enter the group policy editing interface of the local server system;

Secondly, locate the mouse in "Computer Configuration" Template "/“network”/“network connection"/“Windows Firewall”/“standard profile” branch option, under the "Standard Profile" branch option, double-click with the mouse ; Windows Firewall: Protect All Network Connections > Group Policy option, open the target group policy attribute interface as shown in Figure 4; select the “ Enabled & rdquo; project in the interface, and finally click the "OK" button < Br>

Part II

1. Turn off the default share

2. Change the maximum password usage period of 90 days

3. Account lockout threshold 5 times failed Can try again after 10 minutes

4. Audit Policy

Audit Policy Change Successfully Failed

Audit Login Event Failed Successfully

Audit System Event Success Failed < Br>

? Try changing system time

? Trying to safely start or shut down the system

? Trying to load the Extensible Authentication component

? Audited events are lost

? Warning threshold value level security log size exceeds configurable.

Audit Account Management Success Failure

This security setting determines whether each account management event on the computer is audited. Examples of account management events include:

Creating, changing, or deleting user accounts or groups.

Rename, disable, or enable user accounts.

5. Interactive login: Do not display the last username enabled

6. Network access: Remotely accessible registry path disabled

Network access: Remote access Registry path and subpath

7. Account: Rename administrator account

8 Printer

Web-based printing disabled

Automatic in Active Directory Publishing computer disabled