Windows Server 2008 R2 General Server Maintenance

Basic Items

1: System Health Check

1.1: Event Log Check (Application/Security/System)

: Daily check

: I found a log with errors and need to check the cause and troubleshoot the error

1.2: Shared folder check

: Daily check

: Found an unauthorised shared folder, delete it now

1.3: Local User and Group Check

: Daily Check

: Found None Allowed users and groups, delete immediately

1.4: Disk size and fragmentation check

: Daily check

: Found disk space below alert value (30% available) Need to clean up useless disk files

: Found disk fragmentation is greater than alert value (70% fragmentation), need to be defragmented during server idle time

1.5: System service and application check

: Daily Check

: Unauthorized installation of system services and applications, immediately remove

1.6: IIS check

: Daily Checkup

: Unauthorized web site is found to be running, delete it now

1.7: Process and application check

:Check multiple times a day
>

: Found suspicious processes and applications, close immediately and find the running file to delete

1.8: Check cpu usage and memory usage

:Check multiple times daily

: Found that the cpu is too high for a long time (90%) check the main reason, see the situation to restart the server

2: Database status check maintenance

2.1: Check the daily life of the database Maintenance results

: Daily check

: Ensure that data and logs are properly backed up as required, fail back manually and eliminate the cause of the error

2:2: Check the database transaction log

: Daily check

: When the transaction log is larger than 300M, the log needs to be shrunk after the full backup log.

2.3: Check the database file Fragments

:Check every half month

: When the fragmentation of the database is greater than the warning value, it needs to be broken. Finishing work

: Method 1

If the mean density and the page scan density of less than 100%, there debris, the two should be kept higher percentage. Logical and sector scan fragments should be as close as possible to zero, and should generally not exceed 10.

3: web system check

3.1: web system login check

: daily check

: ensure that the web system can log in normally

3.2: Response check for web system

: Daily check

: Check the request and response speed of the web system. If the response is too slow or unresponsive, you need to check the cause and exclusion.

3.3: File Checking for Web Systems

: Monthly Checking

: Checking and Backing Up Web Program Files

4: Web Traffic Check < Br>

4.1: web traffic check

: daily check

: Ensure that the traffic is normal and the traffic is abnormal. You need to find out the cause and solve it.

Special Items

1. Computer Configuration"&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& Option, right-click this option and execute the “Create Software Restriction Policy” command in the shortcut menu; double-click the “Force” group policy item with the mouse to open the settings dialog shown in Figure 1. Select the "All users except local administrators" option, the remaining parameters are kept at the default settings, and then click the "OK" button to end the above settings

2. Reject the network virus hidden in Temporary files

Group Policy Editing Commands>gpedit.msc”Select “Computer Configuration”/“Windows Settings”/“Security Settings”/“Software Restriction Policies”/&ldquo ; Other rules & rdquo; option, while right-clicking the option, and executing the "New Path Rule" command in the shortcut menu, open the settings dialog shown in Figure 2; click on the "Browse & rdquo" ; Button, from the pop-up file selection dialog box, select and import the temporary folder of the Windows Server 2008 system, and then set the "Security Level" parameter to "Don't allow", and finally click "Determine" & rdquo;

3. Prevent illegal PING

string command“gpedit.msc”“computer configuration”node option, and select "<;Windows settings>" from the target node “Security Settings",“Advanced Security Windows Firewall",“Advanced Security Windows Firewall——Local Group Policy Objects”option, then use the mouse to select the &#&#&#&#"> Inbound Rules> Then, in the <quo;Actions" list on the right side of the corresponding "Inbound Rules" item, click the "New Rule" option, and the system will automatically pop up the New Inbound Rules Wizard dialog box. On the screen prompt, first select the “Customize” option, then select the “All Programs” item, and then select from the list of protocol types. ;ICMPv4”.

After the wizard screen prompts us to choose what type of connection condition, we can select the "Block connection" option,

4. Disconnect the remote connection to restore the system state [Special case Processing]

Enter the “gpedit.msc” command, second select the “User Configuration” node branch at the left side of the Group Policy Console window, and use the mouse to select the target node branch below one by one. Manage Templates & rdquo; /& ldquo; Network & rdquo; /& ldquo; Network Connections > Group Policy Options, then double-click the "Network Connections" branch below the "Delete all users remote access connection" option, in the pop-up Figure 5 In the option settings dialog box shown, select the “Enabled” option, and then click “OK"Save button

5. Force all connections to be connected

Enter in the Run box The string command “gpedit.msc”, enters the group policy editing interface of the local server system;

Secondly, the mouse is positioned in the "computer configuration" //ldquo; administrative template ”/“network”/“network connection"/“Windows Firewall”/“standard profile” branch option, under the "standard profile" branch option, double click with the mouse“ Windows Firewall: Protect all network connections > Group Policy option, open the target group policy attribute interface as shown in Figure 4; select the “ Enabled & rdquo; project in the interface, and finally click & ldquo; OK & rdquo; button

Part 2

1. Turn off the default share

2. Change the password for a maximum period of 90 days

3. Account lockout threshold 5 times failure 10 Can try again in minutes

4. Audit Policy

Audit Policy Change Successfully Failed

Audit Login Event Successfully Failed

Audit System Event Success Failed
>

Try changing system time