Update 2 for Windows Server Solutions Best Practices Analyzer 1.0 is available

Update information

How to obtain this update

Prerequisites

• Windows Small Business Server 2011 Standard
• Windows Small Business Server 2011 Essentials
• Windows Storage Server 2008 R2 Essentials
• Windows Multipoint Server 2011 Standard
• Windows Multipoint Server 2011 Premium

Registry information

Restart requirement

Update replacement information

Windows Server Solutions BPA best practices

1. Checks whether the DNS Client service is configured to start automatically
2. Checks whether the DHCP Client service is configured to start automatically
3. Checks whether the IIS Admin service is configured to start automatically
4. Checks whether the World Wide Web Publishing service is configured to start automatically
5. Checks whether the Remote Registry service is configured to start automatically
6. Checks whether the Remote Desktop Gateway service is configured to start automatically
7. Checks whether the Windows Time service is configured to start automatically
8. Checks whether the Windows Update service is configured to start automatically
9. Checks whether the MSDTC service is configured to start automatically
10. Checks whether the Netlogon service is configured to start automatically
11. Checks whether the DNS Server service is configured to start automatically
12. Checks whether the Windows SBS Manager service is configured to start automatically
13. Checks whether the DNS Client service has started
14. Checks whether the Windows Update service has started
15. Checks whether the DHCP Client service has started
16. Checks whether the IIS Admin service has started
17. Checks whether the World Wide Web Publishing service has started
18. Checks whether the Remote Registry service has started
19. Checks whether the Remote Desktop Gateway service has started
20. Checks whether the Windows Time service has started
21. Checks whether the MSDTC service has started
22. Checks whether the Netlogon service has started
23. Checks whether the DNS Server service has started
24. Checks whether the Windows SBS Manager Service has started
25. Checks whether the logon account for the DNS Client service is NT AUTHORITY\\Network Service
26. Checks whether the logon account for the Windows Update service is Local System
27. Checks whether the logon account for the DHCP Client service is NT AUTHORITY\\LocalService
28. Checks whether the logon account for the IIS Admin service is Local System
29. Checks whether the logon account for the World Wide Web Publishing service is Local System
30. Checks whether the logon account for the Remote Desktop Gateway service is NT AUTHORITY\\Network Service
31. Checks whether the logon account for the Windows Time service is NT AUTHORITY\\Network Service
32. Checks whether the logon account for the MSDTC service is NT AUTHORITY\\Network Service
33. Checks whether the logon account for the Netlogon service is Local System
34. Checks whether the logon account for the DNS Server service is Local System
35. Checks whether the logon account for the Windows SBS Manager service is Local System
36. Checks which operating system you are running on the computer
37. Checks whether the server can ping the IP address of the default gateway
38. Checks whether the internal network adapter is assigned only one IP address
39. Checks whether IP filtering is disabled
40. Checks whether the Hyper-V role is not added to the Windows Small Business Server 2011 server
41. Checks whether the IPv6 protocol is enabled
42. Checks whether kernel mode authentication is disabled
43. Checks whether the Windows MultiPoint Server Host Service is configured to start automatically
44. Checks whether the logon account for the Windows MultiPoint Server Host Service is Local System
45. Checks whether the Remote Desktop Services service has started
46. Checks whether the Windows MultiPoint Server Host Service has started
47. Checks whether the SRCShell user account exists
48. Checks whether the application pool for Remote Web Access uses the default account
49. Checks whether the application pool for Remote Web Access uses the default version of the .NET Framework
50. Checks whether the application pool for Remote Web Access uses the default Managed Pipeline Mode
51. Checks whether the application pool for Remote Web Access uses the default Bitness level
52. Checks whether the built-in Administrators group has permission to log on as a batch job
53. Checks whether Windows Firewall is turned on
54. Checks whether the DNS host (A) resource record points to a correct IP address
55. Checks whether the internal network adapter is configured to register its IP address in DNS
56. Checks whether the value of the ForwardingTimeout registry key and the value of the RecursionTimeout registry key are identical
57. Checks whether extension mechanisms for DNS (EDNS) is disabled
58. Checks whether the forward DNS zone for the Active Directory domain allows only secure dynamic updates
59. Checks whether the forward DNS zone for the _msdcs.* zone allows only secure dynamic updates
60. Checks whether Internet Explorer Enhanced Security Configuration is enabled for the Administrators group
61. Checks whether Internet Explorer Enhanced Security Configuration is enabled for the Users group
62. Checks whether Windows SBS is the Domain Naming Master
63. Checks whether Windows SBS is the Infrastructure Master
64. Checks whether Windows SBS is the Primary Domain Controller Master
65. Checks whether Windows SBS is the Relative ID (RID) Master
66. Checks whether Windows SBS is the Schema Master
67. Checks whether the source server exists in the Default-First-Site-Name
68. Checks whether the source server exists in the SBSComputers organizational unit
69. Checks whether the DNS parameter MaxCacheTTL is configured
70. Checks whether the Default Domain Policy Group Policy exists
71. Checks whether there are DNS name server (NS) resource records in the forward lookup zone
72. Checks whether there are DNS name server (NS) resource records in the _msdcs zone
73. Checks whether there are DNS name server (NS) resource records for the delegated _msdcs forward lookup zone
74. Checks whether the Authenticated Users group is a member of the Pre-Windows 2000 Compatible Access group
75. Checks whether the DNS client is configured to point only to the internal IP address of the server
76. Checks whether the value of the RootVer registry key for the .NET Framework is correct
77. Checks whether this server can ping one or more domain controllers
78. Checks whether the RDP Port has the default value
79. Checks whether the value of the SysvolReady registry key is correct
80. Checks whether the Sysvol folder is not shared
81. Checks whether one or more volumes has insufficient free space
82. Checks whether the number of Maximum Worker Processes for the DefaultAppPool application pool is configured to the default value
83. Checks whether the name of the certification authority contains invalid strings
84. Checks whether the value of the HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\90\\Machines\\OriginalMachineName registry key is correct
85. Checks whether the value of the HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\100\\Machines\\OriginalMachineName registry key is correct
86. Checks whether Exchange Server 2010 Service Pack 1 (SP1) is installed
87. Checks whether Windows SBS is in a journal wrap condition
88. Checks whether Exchange Server 2010 is configured to use the default method for external authentication
89. Checks whether Exchange Server 2010 is configured to use the default method for internal authentication
90. Checks whether Windows Server 2008 R2 Service Pack 1 (SP1) is installed
91. Checks whether the Simple Mail Transfer Protocol (SMTP) service is installed
92. Checks whether there are empty Servers containers in the Exchange organization
93. Checks whether the name of the default accepted domain is correct
94. Checks whether the application pool for SharePoint uses the default account
95. Checks whether the application pool for SharePoint uses the default version of the .NET Framework
96. Checks whether the application pool for SharePoint uses the default Managed Pipeline Mode
97. Checks whether the application pool for SharePoint uses the default Bitness level
98. Checks whether the application pool for PowerShell uses the default account
99. Checks whether the application pool for PowerShell uses the default version of the .NET Framework
100. Checks whether the application pool for PowerShell uses the default Managed Pipeline Mode
101. Checks whether the application pool for PowerShell uses the default Bitness level
102. Checks whether the Active Directory Web Services is configured to the default start mode
103. Checks whether the Active Directory Web Services has started
104. Checks whether the default logon account for the Active Directory Web Services is Local System
105. Checks whether the Console.Log file is larger than 1 gigabyte (GB)
106. Checks how many checks Windows Server Solutions BPA has completed
107. Checks which version of Windows Server Solutions BPA you are running
108. Checks whether the SPSearch account is the default account for SharePoint crawling
109. Checks whether the SharePoint Central Admin application pool uses the spfarm account
110. Checks whether the username and password for the SharePoint managed accounts is valid
111. Checks whether you should use Psconfig.exe to upgrade the SharePoint databases
112. Checks whether you should use Psconfig.exe to upgrade SharePoint
113. Checks whether the RemoteAccess.log file is larger than 1 GB
114. Checks whether the POP3service.log file is larger than 1 GB
115. Checks whether the SmtpReceive log directory is larger than 1 GB
116. Checks whether the SmtpSend log directory is larger than 1 GB
117. Checks whether the log directory of the "Default Web Site" website is larger than 1 GB 
118. Checks whether the log directory of the Companyweb site is larger than 1 GB
119. Checks whether the log directory of the SBS SharePoint site is larger than 1 GB
120. Checks whether the HomeMDB attribute is configured to the default value
121. Checks whether the most recent update is installed
122. Checks whether the port of the Client Access server is configured to 443
123. Checks whether the scheme of the Client Access server is configured to HTTPS
124. Checks whether the AbsolutePath value of the Client Access server is correct
125. Checks whether the host name of the Client Access server is correct
126. Checks whether the host name of the Offiline Address Book server is correct
127. Checks whether the host name of the Exchange Web Service server is correct
128. Checks whether the host name of the Autodiscover server is correct
129. Checks whether the host name for Outlook Anywhere is correct
130. Checks whether the authentication settings for Outlook Anywhere are the default settings
131. Checks whether there is binding for SSL on all IP addresses
132. Checks whether there is binding for SSL on the "Default Web Site" website
133. Checks whether the server certificate will expire within 30 days
134. Checks whether the certificate subject is correct
135. Checks whether the authentication settings for the /autodiscover virtual directory are the default settings
136. Checks whether the authentication settings for the /ews virtual directory are the default settings
137. Checks whether the authentication settings for the /OAB virtual directory are the default settings
138. Checks whether the authentication settings for the /rpc virtual directory are the default settings
139. Checks whether the SSL settings for the /RPCWithCert virtual directory are the default settings
140. Checks whether the maximum allowed content length for the /Rpc virtual directory is the default value
141. Checks whether the maximum allowed content length for the /RpcWithCert virtual directory is the default value
142. Checks whether the Path environment variable exists in the bin directory on the Exchange server
143. Checks whether the ExchangeInstallPath environment variable exists
144. Checks whether user accounts have duplicate CN names
145. Checks whether a different website conflicts with the "Default Web Site" website
146. Checks whether an MMS Update is installed
147. Checks whether a recommended update that is described in Knowledge Base article 2524478 is installed