Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Update 2 for Windows Server Solutions Best Practices Analyzer 1.0 is available


View products that this article applies to.

Introduction

This article describes Update 2 for Windows Server Solutions Best Practices Analyzer 1.0. Update 2 adds new best practices to Windows Server Solutions Best Practices Analyzer 1.0.

Windows Server Solutions Best Practices Analyzer 1.0 (Windows Server Solutions BPA) is a diagnostic tool that is built on the Microsoft Baseline Configuration Analyzer (MBCA) technology. Windows Server Solutions BPA scans a computer that is running one of the following operating systems, and compares the existing server settings to a predefined set of recommended best practices:
  • Windows Small Business Server 2011 Standard
  • Windows Small Business Server 2011 Essentials
  • Windows Storage Server 2008 R2 Essentials
  • Windows Multipoint Server 2011
Windows Server Solutions BPA performs the following tasks:
  • Collects information about a server
  • Determines whether the server settings comply with a set of best practices that are recommended by Microsoft
  • Provides a report of the scan results (the report identifies differences between the server settings and the recommended best practices)
  • Identifies conditions that may cause problems with the server
  • Recommends solutions to potential problems

↑ Back to the top


More Information

Update information

How to obtain this update

To obtain this update, run Windows Server Solutions Best Practice Analyzer 1.0.

Prerequisites

To apply this update, you must be running one of the following operating systems:
  • Windows Small Business Server 2011 Standard
  • Windows Small Business Server 2011 Essentials
  • Windows Storage Server 2008 R2 Essentials
  • Windows Multipoint Server 2011 Standard
  • Windows Multipoint Server 2011 Premium
Additionally, you must have Windows Server Solutions Best Practices Analyzer 1.0 installed.

Registry information

To apply the update in this package, you do not have to make any changes to the registry.

Restart requirement

You do not have to restart the computer after you apply this update.

Update replacement information

This update replaces the following update:
2600333 An update for Windows Server Solutions Best Practices Analyzer 1.0 is available

Windows Server Solutions BPA best practices

After you install this update, the Windows Server Solutions BPA performs the following checks:
  1. Checks whether the DNS Client service is configured to start automatically
  2. Checks whether the DHCP Client service is configured to start automatically
  3. Checks whether the IIS Admin service is configured to start automatically
  4. Checks whether the World Wide Web Publishing service is configured to start automatically
  5. Checks whether the Remote Registry service is configured to start automatically
  6. Checks whether the Remote Desktop Gateway service is configured to start automatically
  7. Checks whether the Windows Time service is configured to start automatically
  8. Checks whether the Windows Update service is configured to start automatically
  9. Checks whether the MSDTC service is configured to start automatically
  10. Checks whether the Netlogon service is configured to start automatically
  11. Checks whether the DNS Server service is configured to start automatically
  12. Checks whether the Windows SBS Manager service is configured to start automatically
  13. Checks whether the DNS Client service has started
  14. Checks whether the Windows Update service has started
  15. Checks whether the DHCP Client service has started
  16. Checks whether the IIS Admin service has started
  17. Checks whether the World Wide Web Publishing service has started
  18. Checks whether the Remote Registry service has started
  19. Checks whether the Remote Desktop Gateway service has started
  20. Checks whether the Windows Time service has started
  21. Checks whether the MSDTC service has started
  22. Checks whether the Netlogon service has started
  23. Checks whether the DNS Server service has started
  24. Checks whether the Windows SBS Manager Service has started
  25. Checks whether the logon account for the DNS Client service is NT AUTHORITY\\Network Service
  26. Checks whether the logon account for the Windows Update service is Local System
  27. Checks whether the logon account for the DHCP Client service is NT AUTHORITY\\LocalService
  28. Checks whether the logon account for the IIS Admin service is Local System
  29. Checks whether the logon account for the World Wide Web Publishing service is Local System
  30. Checks whether the logon account for the Remote Desktop Gateway service is NT AUTHORITY\\Network Service
  31. Checks whether the logon account for the Windows Time service is NT AUTHORITY\\Network Service
  32. Checks whether the logon account for the MSDTC service is NT AUTHORITY\\Network Service
  33. Checks whether the logon account for the Netlogon service is Local System
  34. Checks whether the logon account for the DNS Server service is Local System
  35. Checks whether the logon account for the Windows SBS Manager service is Local System
  36. Checks which operating system you are running on the computer
  37. Checks whether the server can ping the IP address of the default gateway
  38. Checks whether the internal network adapter is assigned only one IP address
  39. Checks whether IP filtering is disabled
  40. Checks whether the Hyper-V role is not added to the Windows Small Business Server 2011 server
  41. Checks whether the IPv6 protocol is enabled
  42. Checks whether kernel mode authentication is disabled
  43. Checks whether the Windows MultiPoint Server Host Service is configured to start automatically
  44. Checks whether the logon account for the Windows MultiPoint Server Host Service is Local System
  45. Checks whether the Remote Desktop Services service has started
  46. Checks whether the Windows MultiPoint Server Host Service has started
  47. Checks whether the SRCShell user account exists
  48. Checks whether the application pool for Remote Web Access uses the default account
  49. Checks whether the application pool for Remote Web Access uses the default version of the .NET Framework
  50. Checks whether the application pool for Remote Web Access uses the default Managed Pipeline Mode
  51. Checks whether the application pool for Remote Web Access uses the default Bitness level
  52. Checks whether the built-in Administrators group has permission to log on as a batch job
  53. Checks whether Windows Firewall is turned on
  54. Checks whether the DNS host (A) resource record points to a correct IP address
  55. Checks whether the internal network adapter is configured to register its IP address in DNS
  56. Checks whether the value of the ForwardingTimeout registry key and the value of the RecursionTimeout registry key are identical
  57. Checks whether extension mechanisms for DNS (EDNS) is disabled
  58. Checks whether the forward DNS zone for the Active Directory domain allows only secure dynamic updates
  59. Checks whether the forward DNS zone for the _msdcs.* zone allows only secure dynamic updates
  60. Checks whether Internet Explorer Enhanced Security Configuration is enabled for the Administrators group
  61. Checks whether Internet Explorer Enhanced Security Configuration is enabled for the Users group
  62. Checks whether Windows SBS is the Domain Naming Master
  63. Checks whether Windows SBS is the Infrastructure Master
  64. Checks whether Windows SBS is the Primary Domain Controller Master
  65. Checks whether Windows SBS is the Relative ID (RID) Master
  66. Checks whether Windows SBS is the Schema Master
  67. Checks whether the source server exists in the Default-First-Site-Name
  68. Checks whether the source server exists in the SBSComputers organizational unit
  69. Checks whether the DNS parameter MaxCacheTTL is configured
  70. Checks whether the Default Domain Policy Group Policy exists
  71. Checks whether there are DNS name server (NS) resource records in the forward lookup zone
  72. Checks whether there are DNS name server (NS) resource records in the _msdcs zone
  73. Checks whether there are DNS name server (NS) resource records for the delegated _msdcs forward lookup zone
  74. Checks whether the Authenticated Users group is a member of the Pre-Windows 2000 Compatible Access group
  75. Checks whether the DNS client is configured to point only to the internal IP address of the server
  76. Checks whether the value of the RootVer registry key for the .NET Framework is correct
  77. Checks whether this server can ping one or more domain controllers
  78. Checks whether the RDP Port has the default value
  79. Checks whether the value of the SysvolReady registry key is correct
  80. Checks whether the Sysvol folder is not shared
  81. Checks whether one or more volumes has insufficient free space
  82. Checks whether the number of Maximum Worker Processes for the DefaultAppPool application pool is configured to the default value
  83. Checks whether the name of the certification authority contains invalid strings
  84. Checks whether the value of the HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\90\\Machines\\OriginalMachineName registry key is correct
  85. Checks whether the value of the HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\100\\Machines\\OriginalMachineName registry key is correct
  86. Checks whether Exchange Server 2010 Service Pack 1 (SP1) is installed
  87. Checks whether Windows SBS is in a journal wrap condition
  88. Checks whether Exchange Server 2010 is configured to use the default method for external authentication
  89. Checks whether Exchange Server 2010 is configured to use the default method for internal authentication
  90. Checks whether Windows Server 2008 R2 Service Pack 1 (SP1) is installed
  91. Checks whether the Simple Mail Transfer Protocol (SMTP) service is installed
  92. Checks whether there are empty Servers containers in the Exchange organization
  93. Checks whether the name of the default accepted domain is correct
  94. Checks whether the application pool for SharePoint uses the default account
  95. Checks whether the application pool for SharePoint uses the default version of the .NET Framework
  96. Checks whether the application pool for SharePoint uses the default Managed Pipeline Mode
  97. Checks whether the application pool for SharePoint uses the default Bitness level
  98. Checks whether the application pool for PowerShell uses the default account
  99. Checks whether the application pool for PowerShell uses the default version of the .NET Framework
  100. Checks whether the application pool for PowerShell uses the default Managed Pipeline Mode
  101. Checks whether the application pool for PowerShell uses the default Bitness level
  102. Checks whether the Active Directory Web Services is configured to the default start mode
  103. Checks whether the Active Directory Web Services has started
  104. Checks whether the default logon account for the Active Directory Web Services is Local System
  105. Checks whether the Console.Log file is larger than 1 gigabyte (GB)
  106. Checks how many checks Windows Server Solutions BPA has completed
  107. Checks which version of Windows Server Solutions BPA you are running
  108. Checks whether the SPSearch account is the default account for SharePoint crawling
  109. Checks whether the SharePoint Central Admin application pool uses the spfarm account
  110. Checks whether the username and password for the SharePoint managed accounts is valid
  111. Checks whether you should use Psconfig.exe to upgrade the SharePoint databases
  112. Checks whether you should use Psconfig.exe to upgrade SharePoint
  113. Checks whether the RemoteAccess.log file is larger than 1 GB
  114. Checks whether the POP3service.log file is larger than 1 GB
  115. Checks whether the SmtpReceive log directory is larger than 1 GB
  116. Checks whether the SmtpSend log directory is larger than 1 GB
  117. Checks whether the log directory of the "Default Web Site" website is larger than 1 GB 
  118. Checks whether the log directory of the Companyweb site is larger than 1 GB
  119. Checks whether the log directory of the SBS SharePoint site is larger than 1 GB
  120. Checks whether the HomeMDB attribute is configured to the default value
  121. Checks whether the most recent update is installed
  122. Checks whether the port of the Client Access server is configured to 443
  123. Checks whether the scheme of the Client Access server is configured to HTTPS
  124. Checks whether the AbsolutePath value of the Client Access server is correct
  125. Checks whether the host name of the Client Access server is correct
  126. Checks whether the host name of the Offiline Address Book server is correct
  127. Checks whether the host name of the Exchange Web Service server is correct
  128. Checks whether the host name of the Autodiscover server is correct
  129. Checks whether the host name for Outlook Anywhere is correct
  130. Checks whether the authentication settings for Outlook Anywhere are the default settings
  131. Checks whether there is binding for SSL on all IP addresses
  132. Checks whether there is binding for SSL on the "Default Web Site" website
  133. Checks whether the server certificate will expire within 30 days
  134. Checks whether the certificate subject is correct
  135. Checks whether the authentication settings for the /autodiscover virtual directory are the default settings
  136. Checks whether the authentication settings for the /ews virtual directory are the default settings
  137. Checks whether the authentication settings for the /OAB virtual directory are the default settings
  138. Checks whether the authentication settings for the /rpc virtual directory are the default settings
  139. Checks whether the SSL settings for the /RPCWithCert virtual directory are the default settings
  140. Checks whether the maximum allowed content length for the /Rpc virtual directory is the default value
  141. Checks whether the maximum allowed content length for the /RpcWithCert virtual directory is the default value
  142. Checks whether the Path environment variable exists in the bin directory on the Exchange server
  143. Checks whether the ExchangeInstallPath environment variable exists
  144. Checks whether user accounts have duplicate CN names
  145. Checks whether a different website conflicts with the "Default Web Site" website
  146. Checks whether an MMS Update is installed
  147. Checks whether a recommended update that is described in Knowledge Base article 2524478 is installed
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base: 
824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top


Keywords: kbfix, atdownload, kbsurveynew, kbinfo, kbexpertiseadvanced, kb

↑ Back to the top

Article Info
Article ID : 2652984
Revision : 1
Created on : 1/7/2017
Published on : 2/21/2012
Exists online : False
Views : 463