Windows Server Solutions BPA Checklist
[Today's post comes to us courtesy of David Copeland from Commercial Technical Support]
Earlier this month we published a post introducing the new Windows Server Solutions BPA, which is currently available for download. Below is a list of the checks, broken down by each product supported, that the Windows Server Solutions Best Practices Analyzer (BPA) performs as of 4/25/2011. We will publish updates to this list as new checks are added in the future:
Small Business Server 2011 Standard Edition
Checks the following service’s start mode:
- DNS Client – DNSClientStartModeSection
- DHCP Client – DHCPClientStartModeSection
- IIS Admin Service – IISAdminStartModeSection
- Remote Registry – RemoteRegistryStartModeSection
- Remote Desktop Gateway – TSGatestartModeSection
- Windows Update – AutoUpdatestartModeSection
- Distributed Transaction Coordinator – DTCStartModeSection
- Netlogon – NetlogonStartModeSection
- DNS Server – DNSServerStartModeSection
- Windows SBS Manager - SBSMgrstartModeSection
Checks that the following services are started:
- DNS Client – DNSClientStartedSection
- Windows Update – AutoUpdatesStartedSection
- DHCP Client – DHCPClientStartedSection
- IIS Admin Service – IISAdminStartedSection
- World Wide Web Publishing Service – W3SVCStartedSection
- Remote Registry – RemoteRegStartedSection
- Remote Desktop Gateway – TSGateStartedSection
- Windows Time – W32TimeStartedSection
- Distributed Transaction Coordinator – DTCStartedSection
- Netlogon – NetlogonStartedSection
- DNS Server – DNSServerStartedSection
- Windows SBS Manager - SBSmgrStartedSection
Checks the following service’s logon account:
- DNS Client – DNSClientStartNameSection
- Windows Update – AutoUpdatesStartNameSection
- DHCP Client – DHCPClientStartNameSection
- World Wide Web Publishing Service – W3SVCStartNameSection
- Remote Desktop Gateway – TSGatewayStartNameSection
- Windows Time – W32TimeStartNameSection
- Distributed Transaction Coordinator – DTCStartNameSection
- Netlogon – NetlogonStartNameSection
- DNS Server – DNSServerStartNameSection
- Windows SBS Manager - SBSMgrStartNameSection
Other Checks:
- SKUsFoundSection – Returns the Operating System Platform name
- PingDefGtwySection – Checks to see if the server is not able to ping the default gateway
- PingDefGtwyOKSection – Checks to see if the server is able to ping the default gateway
- Check2IPsSection – Checks to see if there are multiple IP addresses on the network card
- IPFilteringSection – Checks to see if IP Filtering is enabled
- HyperVSection – Checks to see if the Hyper-V role is installed
- IPv6Section – Check to see if IPv6 appears to be improperly disabled
- KernelAuthEnabledSection – Check to see if Kernel Mode Authentication is enabled in the applicationhost.config for IIS
Small Business Server 2011 Essentials
Checks the following service’s start mode:
- DNS Client – DNSClientStartModeSection
- DHCP Client – DHCPClientStartModeSection
- IIS Admin Service – IISAdminStartModeSection
- World Wide Web Publishing Service – W3SVCStartModeSection
- Remote Registry – RemoteRegistryStartModeSection
- Remote Desktop Gateway – TSGatestartModeSection
- Windows Time – W32TimestartModeSection
- Windows Update – AutoUpdatestartModeSection
- Distributed Transaction Coordinator – DTCStartModeSection
- Netlogon – NetlogonStartModeSection
- DNS Server - DNSServerStartModeSection
Checks that the following services are started:
- DNS Client – DNSClientStartedSection
- Windows Update – AutoUpdatesStartedSectio
- DHCP Client – DHCPClientStartedSection
- IIS Admin Service – IISAdminStartedSection
- World Wide Web Publishing Service – W3SVCStartedSection
- Remote Registry – RemoteRegStartedSection
- Remote Desktop Gateway – TSGateStartedSection
- Windows Time – W32TimeStartedSection
- Distributed Transaction Coordinator – DTCStartedSection
- Netlogon – NetlogonStartedSection
- DNS Server - DNSServerStartedSection
Checks the following service’s logon account:
- DNS Client – DNSClientStartNameSection
- Windows Update – AutoUpdatesStartNameSection
- DHCP Client – DHCPClientStartNameSection
- IIS Admin Service – IISAdminStartNameSection
- World Wide Web Publishing Service – W3SVCStartNameSection
- Remote Desktop Gateway – TSGatewayStartNameSection
- Windows Time – W32TimeStartNameSection
- Distributed Transaction Coordinator – DTCStartNameSection
- Netlogon – NetlogonStartNameSection
- DNS Server - DNSServerStartNameSection
Other Checks:
- SKUsFoundSection – Returns the Operating System Platform name
- PingDefGtwySection – Checks to see if the server is not able to ping the default gateway
- PingDefGtwyOKSection – Checks to see if the server is able to ping the default gateway
- Check2IPsSection – Checks to see if there are multiple IP addresses on the network card
- IPFilteringSection – Checks to see if IP Filtering is enabled
- HyperVSection – Checks to see if the Hyper-V role is installed
Windows Storage Server 2008 R2 Essentials
Checks the following service’s start mode:
- DNS Client – DNSClientStartModeSection
- DHCP Client – DHCPClientStartModeSection
- IIS Admin Service – IISAdminStartModeSection
- World Wide Web Publishing Service – W3SVCStartModeSection
- Remote Registry – RemoteRegistryStartModeSection
- Remote Desktop Gateway – TSGatestartModeSection
- Windows Time – W32TimestartModeSection
- Windows Update – AutoUpdatestartModeSection
Checks that the following services are started:
- DNS Client – DNSClientStartedSection
- Windows Update – AutoUpdatesStartedSection
- DHCP Client – DHCPClientStartedSection
- IIS Admin Service – IISAdminStartedSection
- World Wide Web Publishing Service – W3SVCStartedSection
- Remote Registry – RemoteRegStartedSection
- Remote Desktop Gateway – TSGateStartedSection
- Windows Time - W32TimeStartedSection
Checks the following service’s logon account:
- DNS Client – DNSClientStartNameSection
- Windows Update – AutoUpdatesStartNameSection
- DHCP Client – DHCPClientStartNameSection
- IIS Admin Service – IISAdminStartNameSection
- World Wide Web Publishing Service – W3SVCStartNameSection
- Remote Desktop Gateway – TSGatewayStartNameSection
- Windows Time - W32TimeStartNameSection
Other Checks:
- PingDefGtwySection – Checks to see if the server is not able to ping the default gateway
- PingDefGtwyOKSection – Checks to see if the server is able to ping the default gateway
Windows MultiPoint Server 2011
Checks the following service’s start mode:
- Windows MultiPoint Server Host Service - WMSSvcStartModeSection
Checks that the following services are started:
- Windows MultiPoint Server Host Service – WMSSvcStartedSection
- Remote Desktop Services - TermServiceStartedSection
Checks the following service’s logon account:
- Windows MultiPoint Server Host Service - WMSSvcStartNameSection
Other Checks:
- SRCShellAccountExistsSection – Verifies the SRCShell local account exist