Microsoft Virtual Labs

Managing Windows Server

2008 Using New Management
Technologies
Managing Windows Server 2008 Using New Management Technologies

Table of Contents
Managing Windows Server 2008 Using New Management Technologies ............................... 1
Exercise 1 Using Task Scheduler and Event Viewer to Respond to System Events .....................................................2
Exercise 2 Creating Custom Scheduled Tasks...............................................................................................................6
Exercise 3 Managing Computers Using Windows Remote Management (WinRM) ....................................................9
Managing Windows Server 2008 Using New Management Technologies

Managing Windows Server 2008 Using New

Management Technologies
After completing this lab, you will be better able to:
Objectives
Manage event logs, subscriptions, and views

Configure event subscriptions

Analyze system performance and reliability using reliability and
performance reporting
In this lab you will use a Windows 2008 Member Server to manage a Windows
Scenario 2008 Server Domain Controller using new Windows management technologies.
From your Windows 2008 Member Server, you will use event log views and
event log subscriptions to identify problems occurring on your server. You will
then create custom tasks to alert you when specific problems occur on the server.
Finally you will review server performance and reliability data using custom
reports.
Note: During the course of this lab you may encounter one or more User
Account Control prompts. These prompts will ask you to confirm an action you
have just taken. When you encounter a User Account Control prompt, select the
option which confirms the action you have taken and you will be able to proceed
with the next step in the exercise. A shield icon appears after each instruction
which invokes a User Account Control dialog box.
Note: The steps in this lab are intended to provide an overview of the technology
presented. They are not intended to, and may not follow, Microsoft best
practices or guidance on the technology presented.
Note: This lab uses pre-release software. While every effort has been taken to
ensure the functionality of the steps documented, some steps may still not
function as intended at all times.
Before working on this lab, you must have:
Prerequisites • An understanding of performance monitoring
• An understanding of event logs
• An understanding of scheduled tasks
• An understanding of WMI

Estimated Time to 60 Minutes

Complete This Lab
NYC-DC-1
Computer used in this Lab NYC-SRV-1

The password for the Woodgrovebank \Administrator account on this

computer is: pass@word1.

Page 1 of 10
Managing Windows Server 2008 Using New Management Technologies

Exercise 1
Using Task Scheduler and Event Viewer to Respond to
System Events

Scenario
In this exercise you will use the new Event Viewer in Windows 2008 Server to monitor and more effectively
respond to system events. You will first create a custom event view to filter system events to only relevant events.
You will then use a WinRM based event subscription to monitor events on a remote system. WinRM based event
subscriptions forward select events from a remote computer to a destination computer. Once you have created the
event subscription, you will create a custom task to provide an interactive notification to an operator. The WinRM
provider is included with Windows 2008 Server. It is configured to start automatically. You only need to configure
the service.

Tasks Detailed Steps

Complete the following 2 Note: In this task you will create a custom event view which will filter the events to
tasks on: only events that are relevant to you. Event views are a powerful way to parse multiple
types of events in multiple event logs. By focusing the event view on only important or
actionable events, you increase your chance of identifying a performance or reliability
NYC-DC-1 problem before it causes system downtime. Event views are also useful in branch
1. Create a Custom office environments, allowing you to create a view of all critical events that span all
Event View servers.
Note: Perform this procedure on the NYC-DC-1 computer as
Woodgrovebank\Administrator
a. On the Start menu, in Start Search, type compmgmt.msc and then press
ENTER.
b. Under Computer Management (Local), expand Event Viewer and then click on
Custom Views.
c. On the Action menu, click Create Custom View.
d. In the Create Custom View dialog box, create a new view with the following
settings and then click OK.

Setting Value
Logged: Last 24 hours
Event level: Error
Event log: Windows Logs/System
e. In the Save Filter to Custom View dialog box, in Name type Error Events (24
hours) and then click OK
f. Review the contents of the Error Events (24 hours) view.
2. Add a Custom Event Note: In this task you will use the EventQuery command to record a custom event in
to the System Log the Event log. This event will meet the criteria of the event view you created in the
and View it in the previous task. You will use your event view to review the custom event in the event
Event View log. When performing configuration tasks via script, such as those used to configure
Windows 2008 Server Core, you can use this command to record success or failure of
script actions.
Note: Perform this task on the NYC-DC-1 computer as

Page 2 of 10
Managing Windows Server 2008 Using New Management Technologies
Tasks Detailed Steps
Woodgrovebank\Administrator.
a. On the Start menu, right-click Command Prompt and then click Run as
administrator.
b. In the command prompt, type the following command and then press ENTER.

Eventcreate /T ERROR /ID 100 /L SYSTEM /D “Application

Error #1” /SO MyApp
c. In Computer Management, click Error Events (24 Hours) and then in the
Actions pane, click Refresh.
d. Review the new entry on the top of the list of events.
Complete the following Note: In this task you will create an event subscription on a Windows 2008 Member
task on: Server computer which reports events that occur on a Windows 2008 Server Domain
Controller. Event subscriptions are a new way to monitor multiple computer event
logs from a single machine. An event subscription uses Windows Remote
NYC-SRV-1 Management to query the event logs WMI provider on the remote computer using
3. Create an Event HTTP or HTTPS. The use of HTTP and HTTPS allows you to perform management
Subscription on a tasks in environments that do not allow protocols such as RPC. This is useful if you
Windows 2008 want to remotely manage branch office servers without the need for RPC or VPN
Member Server connections. The proven security of SSL and the integrated authentication in WinRM
ensures this is done without introducing additional risk. The event subscription
creates a copy of the remote event and stores it in a log of your choosing. The default
location is a log called Forwarded Events. This log can contain all events from all
remote computers to which you have event subscriptions. Each event subscription can
be configured to use custom credentials, and can be configured to subscribe to only
the events of your choosing.
Note: Perform this task on the NYC-SRV-1 computer as
Woodgrovebank\Administrator.
a. On the Start menu, in Start Search, type compmgmt.msc and then press
ENTER.
b. Under Computer Management (Local), expand Event Viewer and then click on
Subscriptions.
c. In the Event Viewer dialog box, click Yes.
d. On the Action menu, click Create Subscription.
e. In the Subscription Properties dialog box, in Subscription Name type MyApp
Errors on NYC-DC-1
f. In Source Computers, click Add.
g. In the Select Computer dialog box, type NYC-DC-1.woodgrovebank.com and
then click OK.
h. In Subscription Properties, select NYC-DC-1.woodgrovebank.com and then
click Test.
i. In the Event Viewer dialog box, click OK.
Note: The subscription fails because WimRM is not yet configured on NYC-DC-1.
This will be completed in a future task.
j. In the Subscription Properties dialog box, click Select Events.
k. In the Query Filter dialog box, configure the filter with the following settings and
then click OK.

Setting Value

Page 3 of 10
Managing Windows Server 2008 Using New Management Technologies
Tasks Detailed Steps
Logged: Last 24 hours
Event level: Error
Event log: Windows Logs/System
Event ID’s: 100
l. In the Subscription Properties dialog box, click Advanced.
m. In Advanced Subscription Settings, select Specific User and then click User and
Password.
n. In Credentials for Subscription Source, in Username type
WOODGROVEBANK\Administrator, in Password type pass@word1, and
then click OK.
o. In the Advanced Subscription Settings dialog box, in Event Delivery
Optimization, click Minimize Latency and then click OK.
p. Click OK to close the Subscription Properties dialog box.
q. In the Event Viewer dialog box, click Yes. Leave Computer Management open,
you will use it again later in this exercise.
Complete the following Note: In this task you will configure WinRM to listen on the external interface of the
task on: NYC-DC-1 computer. WinRM is enabled by default, but not configured to listen on
any external interface on HTTP or HTTPS in Windows 2008 Server. For maximum
security Windows 2008 server should be configured to use HTTPS at all times.
NYC-DC-1
Note: Perform this task on the NYC-DC-1 computer as
4. Enable WinRM for Woodgrovebank\Administrator.
Event Subscriptions
a. On the Start menu, right click Command Prompt and then click Run as
Administrator.
b. In the command prompt, type the following command and then press ENTER.

WINRM QuickConfig
c. In the command prompt, type Y and then press ENTER.
Complete the following 2 Note: In this task you will log a custom event on the NYC-DC-1 computer and review
tasks on: the event using your event subscription on the NYC-SRV-1 computer. The event
subscription may take a few seconds to process the event.
Note: Perform this task on the NYC-SRV-1 computer as
NYC-SRV-1
Woodgrovebank\Administrator.
5. Verify Event
a. In Computer Management, navigate to System Tools/Event Viewer and then
Subscriptions are
select Subscriptions.
Functioning
Correctly b. In the contents pane, click MyApp Errors on NYC-DC-1 and then in the Actions
pane, click Retry.
c. Verify that MyApp Errors on NYC-DC-1 shows a status of Active.
d. On the Start menu, navigate to All Programs/Accessories, right-click Command
Prompt and then click Run as administrator.
e. In the command prompt window, type the following command and then press
ENTER.

EVENTCREATE /S NYC-DC-1.woodgrovebank.com /L System /T

Error /ID 100 /SO MyApp /D “MyApp Encountered an error”
f. In Computer Management, navigate to System Tools/Event Viewer/Windows
Logs and then click Forwarded Events.

Page 4 of 10
Managing Windows Server 2008 Using New Management Technologies
Tasks Detailed Steps
g. In the contents pane, verify that an Error entry exists for MyApp.
6. Create an Alert Task Note: In this task you will create a task based on an event. The new Task Scheduler in
Based On a Windows 2008 Server has been extended to include the ability to launch tasks when
Forwarded Event system events occur. This is a very effective way to automatically respond to system
events. Three types of actions are supported for events which allow you to run an
application or script, display an alert, or sent an email message. This task will create
an alert to notify the currently logged on user that an error has occurred.
Note: Perform this task on the NYC-SRV-1 computer as
Woodgrovebank\Administrator.
a. In Computer Management, navigate to System Tools/Event Viewer/Windows
Logs and then click Forwarded Events.
b. In the Contents pane, click MyApp Error, and then in the Actions pane click
Attach Task To This Event.
c. Complete the Create Basic Task Wizard using the following information.

Setting Value
Name MyApp Error 100 Interactive Notification
Action Display a message
Display a Message: MyApp Error
Title
Display a Message: Error 100 occurred in MyApp on NYC-DC-1
Message
d. In the Event Viewer dialog box, click OK.
e. On the Start menu, navigate to All Programs/Accessories, right-click Command
Prompt and then click Run as administrator.
f. In the command prompt window, type the following command and then press
ENTER.

EVENTCREATE /S NYC-DC-1.woodgrovebank.com /L System /T

Error /ID 100 /SO MyApp /D “MyApp Encountered an error”E
Note: It may take up to 20 seconds for the error message dialog box to be displayed.
g. In the MyApp Error dialog box, click OK.

Page 5 of 10
Managing Windows Server 2008 Using New Management Technologies

Exercise 2
Creating Custom Scheduled Tasks

Scenario
The Task Scheduler in Windows 2008 Server allows you to automate more of the tasks that have previously been
done manually. Windows Task Scheduler uses and event based model which allows you to define a series of
conditions which trigger a scheduled task. The addition of event based triggers provides a powerful way to automate
system management.

Tasks Detailed Steps

Complete the following 3 Note: We will create a defrag.exe task which will defragment our hard disk weekly.
tasks on: The defragmentation will run each Friday night at 11:30 PM.
Note: Complete this task on the NYC-SRV-1 computer as
Woodgrovebank\Administrator.
NYC-SRV-1
1. Create a task to run
a. Click Start, Run and type MMC.
at a fixed time. b. From the MMC click File > Add/Remove Snap-in…
c. Select Computer Management and Click Add.
d. Select Local Computer, Click Finish and then OK.
e. In Computer Management console, navigate to Task Scheduler\Task Scheduler
Library.
f. On the Action menu, click New Folder.
g. Create a new folder named Custom Tasks.
h. Click the Custom Tasks folder.
i. In the Actions pane, click Create Basic Task.
j. Complete the Create Basic Task Wizard wizard using the following information.

Setting Value
Name Weekly Defrag
Trigger Weekly
Recurrence 11:30PM on Friday
Action Start a program
Program/Script C:\windows\system32\defrag.exe
Note: Notice the new task listed in the Upper-Middle pane. In the Lower-Middle pane
you can see the details of the task.
k. Click the Triggers and Actions tabs to see the details.
l. In the Actions pane, click Properties.
m. Under Security Options select Run whether user is logged on or not.
n. Check Do not store password.
o. Check Run with highest privileges and then click OK.
p. In the Actions pane click Run. This will immediately run the task without waiting
for the scheduled time.
Note: You will not see the defrag application running.
q. In the Lower-Middle pane, click History. This will show you the events related to

Page 6 of 10
Managing Windows Server 2008 Using New Management Technologies
Tasks Detailed Steps
this task, and let you know whether or not it ran, or if there were any errors with
running the task.
Note: You may have to refresh Task Scheduler Library to notice that the task has run.
2. Create a Task to Note: The Woodgrovebank administrator monitors several secure servers which get
Respond to a System powered on, but not logged on. The administrator wants to be alerted if anyone does
Event successfully log onto these Servers. In this exercise you will create a task to display a
message whenever the secure workstation gets logged on to.
Note: Complete this task from the NYC-SRV-1 computer as
Woodgrovebank\Administrator.
a. Click the Custom Tasks folder.
b. In the Actions pane, click Create Task.
c. In the Create Task dialog box, in Name type Log on to Secure Workstation.
d. On the Triggers tab, click New.
e. In the Begin the Task list, select At log on and then click OK.
f. On the Actions tab, click New.
g. In the New Action dialog box, in Action, select Display message, in Title, type
Log on Warning, and then in Message, type You have just logged on to a secure
workstation, ensure you log off when you are finished.
h. Click OK to close the New Action dialog box.
i. Click OK to close the Create Task dialog box.
j. Close all programs and log off
k. Log on to NYC-SRV-1 as WOODGROVEBANK\Administrator
l. Once your desktop appears, in the Log on Warning dialog box click OK.
3. Configure the AT Note: The AT Service account is used by Windows 2008 Server when you schedule a
Service Account task by using the command line, instead of the Task Scheduler user interface. In this
task we will create an account to be used, instead of the default localsystem account.
Note: Complete this task from the NYC-SRV-1 computer as
Woodgrovebank\Administrator.
a. On the Start menu, in Start Search, type compmgmt.msc and then press
ENTER.
b. In Computer Management, click Task Scheduler.
c. In the Actions pane, click AT Service Account Configuration.
d. In the AT Service Account Configuration dialog box, click Another User
account, then click “Change user”. At the sign in box type
WOODGROVEBANK\Administrator. Enter pass@word1 as the password and
click OK. Then click OK again.
e. On the Start menu, navigate to All Programs/Accessories, right-click Command
Prompt and then click Run as administrator.
f. In the command prompt, type the following command where hh:mm is three
minutes after your current 2008 time using the 24 hr clock and then press
ENTER.

AT \\Localhost hh:mm /every:m,t,w,th,f calc.exe

g. Read the message, and then minimize the command prompt.
h. In the Computer Management console, expand Task Scheduler, click Task
Scheduler Library and then in the Actions pane, click Refresh.
i. The task AT1 will be listed as Ready. Wait for it to show as Running and then

Page 7 of 10
Managing Windows Server 2008 Using New Management Technologies
Tasks Detailed Steps
open your Task Manager by right-clicking the task bar and clicking Task
Manager
Note: You may have to refresh this screen again at the appropriate time.
j. Click the Processes tab and ensure Show Processes from all users is selected.
Notice calc.exe is running in the background. It is running as the Administrator
account, which is what you previously configured as the AT Service Account.
k. Close the Task Manager and click the At1 scheduled task. In the Lower-Middle
pane, select the History tab. Double click the top event listed and notice which
user account is being used to run the task. Close the dialog box.
l. Click and then right-click Task Scheduler in the Explorer pane, and then click AT
Service Account Configuration. Change this back to System Account and click
OK.
m. In Computer Management, in the contents page, click AT1 and then on the
Actions menu, click End.
n. In the Task Scheduler dialog box, click Yes.
o. Close Computer Management. Close the Command Prompt window.

Page 8 of 10
Managing Windows Server 2008 Using New Management Technologies

Exercise 3
Managing Computers Using Windows Remote Management
(WinRM)

Scenario
Windows Remote Managed (WinRM) allows a Windows 2008 Server computer to be managed using WMI over
HTTP or HTTPS. A WinRM listener is created on the computer to be managed. The WinRM listener accepts WMI
based commands from a computer and returns the results of the commands. Commands can include querys or
actions. WinRM is secured using a combination of WMI ACLs, HTTPS, and Kerberos, Windows Integrated, or
Basic authentication. All communication is done using the SOAP protocol.

Tasks Detailed Steps

Complete the following Note: WinRM is initially not configured to listen for remote management commands
task on: on any network interface. To configure WinRM to listen to remote management
commands, you must configure a listener on at least one interface. In this task you
will use the WinRM command line tool to create a default HTTP listener, which listens
NYC-SRV-1 on all interfaces. This listener can be further secured by enabling HTTPS and limiting
1. Configure the authentication methods to only the most secure methods. HTTPS is configured using
WinRM service the WinRM command, assuming a suitable computer authentication certificate is
present on the server computer. Limiting authentication methods is done using Group
Policy or the WinRM command.
Note: Perform this task on the NYC-SRV-1 computer as
Woodgrovebank\Administrator.
a. On the Start menu, navigate to All Programs/Accessories, right-click Command
Prompt and then click Run as administrator.
b. In the command prompt, type the following command and then press ENTER.

WINRM QuickConfig
c. WinRM could already be configured on this server if so just go on to next step
otherwise: In the command prompt, type Y and then press ENTER.
Complete the following 5 Note: The WS-Management GET operation returns the value of a specific WMI object.
tasks on: In the following example, WS-Management retrieves the properties of the WinRM
service running on NYC-SRV-1.
Note: Perform this task on NYC-DC-1 as Woodgrovebank\Administrator.
NYC-DC-1
2. Perform a GET
a. In the command prompt, type the following command and then press ENTER.
Operation
winrm get wmicimv2/win32_service?name=WinRM –remote:NYC-
SRV-1
b. In the command prompt, type the following command and then press ENTER.

winrm get wmicimv2/win32_service?name=WinRM –remote:NYC-

SRV-1 –format:pretty
3. To Perform an Note: The WS-Management Enumerate operation returns a collection of objects. The
Enumerate Operation resulting output will be similar to that of a GET operation, but instead of listing the
information of a single object, it will list all of the objects.
Note: Perform this task on NYC-DC-1 as Woodgrovebank\Administrator.

Page 9 of 10
Managing Windows Server 2008 Using New Management Technologies
Tasks Detailed Steps
a. In the command prompt, type the following command and then press ENTER.

winrm enumerate wmicimv2/win32_logicaldisk –remote:NYC-

SRV-1
4. To Perform an Note: The WS-Management Invoke operation executes methods on the target object.
Invoke Operation In the following example, we will stop and start the Windows Time service on NYC-
SRV-1.
Note: Perform this task on NYC-DC-1 as Woodgrovebank\Administrator.
a. In the command prompt, type the following command and then press ENTER.

winrm invoke StopService

wmicimv2/win32_service?name=W32Time –remote:NYC-SRV-1
b. The output should show StopService_OUTPUT ReturnValue=0
c. In the command prompt, type the following command and then press ENTER.

winrm invoke StartService

wmicimv2/win32_service?name=W32Time –remote:NYC-SRV-1
d. The Output should now show StartService_OUTPUT ReturnValue=0.
e. Again to verify this service has started, redo the GET operation above.
5. To Perform a PUT Note: The WS-Management PUT operation allows a value of keys to be set. In the
operation following example the value of the MaxEnvelopeSizekb key will be re-configured.
Note: Perform this task on NYC-DC-1 as Woodgrovebank\Administrator.
a. In the command prompt, type the following command and then press ENTER.

winrm get winrm/config –remote:NYC-SRV-1

b. Notice in the resulting XML data, the MaxEnvelopeSizekb value of 150. We will
now change this to be 100.
c. In the command prompt, type the following command and then press ENTER.

winrm put winrm/config @{MaxEnvelopeSizekb=”100”} –

remote:NYC-SRV-1
d. Notice the resulting XML, and the new MaxEnvelopeSizekb value.
6. To Perform a Note: The WS-Management Remote Shell operation allows certain non-interactive
Remote Shell commands to be executed in the CMD shell on the remote machine. This is a very
operation useful for performing remote operations.
Note: Perform this task on NYC-DC-1 as Woodgrovebank\Administrator.
a. In the command prompt, type the following command and then press ENTER.

winrs –remote:NYC-SRV-1 ipconfig /all

Note: Notice in the resulting data looks the same as if this command was executed on
the local machine. The Hostname result shows the name of the remote machine.

Page 10 of 10