Windows Management Windows Management TechnologiesTechnologies

Vlad JoanovicVlad JoanovicProgram ManagerProgram ManagerWindow Enterprise Management DivisionWindow Enterprise Management Divisionvladj@microsoft.comvladj@microsoft.com

AgendaAgenda

Architecting & Deploying Windows Architecting & Deploying Windows Server Update ServicesServer Update Services

WMI and WS-ManagementWMI and WS-Management

Introducing the Microsoft Management Introducing the Microsoft Management Console (MMC) 3.0Console (MMC) 3.0

Group Policy and the GPMCGroup Policy and the GPMC

MonadMonad

Architecting and Deploying Architecting and Deploying Windows Server Update Windows Server Update

Services (WSUS)Services (WSUS)

What Is Update Services?What Is Update Services?

Corporate update management offeringCorporate update management offeringGets content from Microsoft Update (MU) serviceGets content from Microsoft Update (MU) service

RTW component of Windows ServerRTW component of Windows Server

Free to Windows Server (2000 and above) Free to Windows Server (2000 and above) licenseeslicensees

Requires Windows Server / Core CAL Requires Windows Server / Core CAL for target systemsfor target systems

Does not change currently available offeringsDoes not change currently available offeringsSUS 1.0 continues to get content from WUSUS 1.0 continues to get content from WU

Core component of Microsoft’s Patch and Core component of Microsoft’s Patch and Update Management solutions and roadmapUpdate Management solutions and roadmap

Administrator subscribes to update categoriesAdministrator subscribes to update categories

< Back Finish Cancel

Windows Update ServicesWindows Update Services

Server downloads updates from Microsoft Server downloads updates from Microsoft UpdateUpdateClients register themselves with the serverClients register themselves with the serverAdministrator puts clients in different target Administrator puts clients in different target groupsgroupsAdministrator approves updatesAdministrator approves updatesAgents install administrator approved updatesAgents install administrator approved updates

< Back Finish Cancel

Windows Update ServicesWindows Update Services

Microsoft Microsoft UpdateUpdate

WSUS WSUS ServerServer

Desktop Desktop ClientsClientsTarget Group Target Group 11 Server ClientsServer Clients

Target Group Target Group 22

WSUS WSUS AdministratorAdministrator

Solution OverviewSolution Overview

Supported UpdatesSupported UpdatesContent PartnersContent Partners

Windows, Office, SQL, Exchange at RTMWindows, Office, SQL, Exchange at RTMAdditional products added over time Additional products added over time

OS platformsOS platformsClient/agentClient/agent

Windows 2000 SP3 and later, Windows XP RTM and later Windows 2000 SP3 and later, Windows XP RTM and later (incl. XP embedded and XP x64)(incl. XP embedded and XP x64)Windows 2003 RTM (32-bit only), Windows 2003 SP1 (x64 Windows 2003 RTM (32-bit only), Windows 2003 SP1 (x64 and ia64)and ia64)

ServerServerWindows 2000 SP4 and laterWindows 2000 SP4 and laterWindows 2003 RTM and later (32-bit only)Windows 2003 RTM and later (32-bit only)

International supportInternational supportClient is localized to 25 Windows client localeClient is localized to 25 Windows client localeServer is localized to 17 Windows Server localesServer is localized to 17 Windows Server localesMUI supportMUI support

WSUSWSUS

Server SummaryServer Summary

Simple to use Web UI allows administration Simple to use Web UI allows administration from any computerfrom any computerSynchronization engine to download updates Synchronization engine to download updates from Microsoft Updatefrom Microsoft UpdateSQL-based database holds all data other than SQL-based database holds all data other than content (software files)content (software files)Can be set up in a hierarchy to suit Can be set up in a hierarchy to suit organizational needsorganizational needsCompletely built on managed codeCompletely built on managed codeUses BITS to efficiently utilize the networkUses BITS to efficiently utilize the networkSecureSecureScalableScalable

Server ArchitectureServer Architecture

Server APIServer API

File StoreFile Store(NTFS)(NTFS)

Metadata StoreMetadata StoreMSDE/SQLMSDE/SQL

Client/ServerClient/ServerWeb serviceWeb service

Server/ServerServer/ServerWeb serviceWeb service

ReportingReportingWeb serviceWeb service Admin UIAdmin UI ContentContent

syncsyncCatalogCatalog

syncsync

ClientsClients

WSUS Servers/MUWSUS Servers/MU

Admin Admin workstationworkstation

Client SummaryClient Summary

Win32 Service (Agent) implements Win32 Service (Agent) implements most functionalitymost functionality

Extensible architecture based on Extensible architecture based on Update type HandlersUpdate type Handlers

Handlers for MSI, update.exe, drivers etc. Handlers for MSI, update.exe, drivers etc.

Automatically self-updates to newer Automatically self-updates to newer versions offered on the serverversions offered on the server

Automatic Updates feature controllable Automatic Updates feature controllable by policyby policy

SecureSecure

Client ArchitectureClient Architecture

WU ServiceWU Serviceor WSUSor WSUS IE (WU Site)IE (WU Site) CustomCustom

scriptsscripts

WU Client APIWU Client API

AutomaticAutomaticupdatesupdates

UpdateUpdatemanagermanager

UpdateUpdatehandlershandlers

Content Content storestore

Metadata Metadata StoreStore

WU ClientWU Client

BITSBITS

Deployment Options Deployment Options

Server deployment optionsServer deployment optionsSingle serverSingle server

Multiple serversMultiple serversReplicaReplica

AutonomousAutonomous

Disconnected serversDisconnected servers

Single ServerSingle Server

Microsoft Microsoft updateupdate

WSUS WSUS serverserver

Desktop clientsDesktop clients

Single Server Single Server Small organization or simple networkSmall organization or simple network

Configure single server to talk to MUConfigure single server to talk to MU

Synchronize all relevant updates (e.g. Synchronize all relevant updates (e.g. Windows XP critical and security updates)Windows XP critical and security updates)

Configure clients to point to the WSUS serverConfigure clients to point to the WSUS server

Optionally:Optionally:Create target groups for different groups Create target groups for different groups of machinesof machines

Configure clients to be members of a target groupConfigure clients to be members of a target group

Configure auto approval rules to approve updates Configure auto approval rules to approve updates for install automaticallyfor install automatically

Desktop clientsDesktop clients

Multiple ServersMultiple Servers

Microsoft Microsoft UpdateUpdate

WSUS WSUS serverserver

Desktop clientsDesktop clients

WSUS WSUS serverserver

Multiple Server ScenarioMultiple Server Scenario Large organization/complex networkLarge organization/complex network

Configure single/multiple servers to talk to MUConfigure single/multiple servers to talk to MU

Synchronize all relevant updates Synchronize all relevant updates (e.g. All Windows XP, 2000, 2003 critical, (e.g. All Windows XP, 2000, 2003 critical, security updates)security updates)

Create a hierarchy of serversCreate a hierarchy of serversIndependent WSUS servers in the intranetIndependent WSUS servers in the intranet

Replica serversReplica servers

Configure clients to point to respective Configure clients to point to respective WSUS serversWSUS servers

Optionally:Optionally:Create target groups for different groups of machinesCreate target groups for different groups of machines

Configure clients to be members of a target groupConfigure clients to be members of a target group

Desktop Desktop clientsclients

Disconnected ServersDisconnected Servers

Microsoft Microsoft updateupdate

WSUS WSUS serverserver

WSUS WSUS serverserver

Disconnected ServerDisconnected Server Disconnected networksDisconnected networks

Setup an external server to talk to MUSetup an external server to talk to MU

Synchronize all relevant updates (e.g. all Synchronize all relevant updates (e.g. all Windows XP, 2000, 2003 critical, Windows XP, 2000, 2003 critical, security updates)security updates)

Export update data and content to mediaExport update data and content to media

Import update data and content to WSUS Import update data and content to WSUS server on disconnected networkserver on disconnected network

Server will validate Microsoft certificates on Server will validate Microsoft certificates on content and data relationships integritycontent and data relationships integrity

Configure clients to point to respective Configure clients to point to respective WSUS serversWSUS servers

WMI and WS-ManagementWMI and WS-Management

WMI Architecture WMI Architecture

WS-Management OverviewWS-Management Overview

WMI Overview WMI Overview

WMI is the WBEM/CIM Microsoft implementationWMI is the WBEM/CIM Microsoft implementationVarious components of Windows are surfaced Various components of Windows are surfaced by WMIby WMI

+600 WMI classes, + 3000 properties exposed+600 WMI classes, + 3000 properties exposed

In the box since Windows 2000In the box since Windows 2000Windows NT 4.0 = ± 15 providersWindows NT 4.0 = ± 15 providersWindows 2000 = ± 29 providersWindows 2000 = ± 29 providersWindows 2003 = ± 80 providersWindows 2003 = ± 80 providers

Supports various WMI ClientsSupports various WMI ClientsSupports scripting (WSH)Supports scripting (WSH)Native C++Native C++Managed code (.NET)Managed code (.NET)

Supports command line operations (WMIC)Supports command line operations (WMIC)Remoting based on DCOMRemoting based on DCOM

WMI ArchitectureWMI Architecture

SNMP WMI Provider

SNMP WMI ProviderWMI

Providers

ManagedObjects

SNMP Managed entity

SNMP Managed entity

Cimv2 WMI Provider

Cimv2 WMI Provider

Windows (Win32)Managed entity

Windows (Win32)Managed entity

Any WMI Provider

Any WMI Provider

Any Managed entity(Native Code)

Any Managed entity(Native Code)

…

Native C/C++1

System.ManagementSystem.Management

.NET Client Applications.NET Client Applications

Windows Forms Web Forms

COM Inter-OpCOM Inter-Op

C/C++Client

C/C++Client

WMI COM APIWMI COM API

WMI Consumers(ManagementApplications)

ScriptsScripts

3

COM/DCOM

WMI Scripting API

WMI Scripting API

WMIRepository

WMIRepository WMI Core

(CIM Object Manager)

WMI Core(CIM Object Manager)WMI Infrastructure

2COM/DCOM

.NET WMI Provider.NET WMI Provider

.NET Managed App/entity.NET Managed App/entity

System.Management.Instrumentation

System.Management.Instrumentation

COM Inter-OpCOM Inter-Op

.NET C#, VB.NET, etc

WS-ManagementWS-ManagementThe ProtocolThe Protocol

WS-Management is a joint effort with WS-Management is a joint effort with Intel, Intel, Sun, AMD, Dell, BMC Software and WBEM Sun, AMD, Dell, BMC Software and WBEM Solutions Solutions to use web services protocol for to use web services protocol for interoperable managementinteroperable management

A Web-Services based Structured Access A Web-Services based Structured Access ProtocolProtocol

WS-ManagementWS-ManagementImplementationImplementation

So what is WS-Management?So what is WS-Management?A Web ServiceA Web ServiceAn XML/SOAP-based Management ProtocolAn XML/SOAP-based Management ProtocolIs used over HTTPS Is used over HTTPS Can access most existing WMI objectsCan access most existing WMI objectsCan access WS-Management capable SPs OBCan access WS-Management capable SPs OBIn-Band provides a richer set of capabilities In-Band provides a richer set of capabilities than the OOB, specifically software than the OOB, specifically software management management

WS-ManagementWS-ManagementImplementation - ContinuedImplementation - Continued

Microsoft Windows Server R2 Microsoft Windows Server R2 ships with the first version of ships with the first version of WS-ManagementWS-Management

This version supportsThis version supportsAccess to hardware instrumentationAccess to hardware instrumentation

Firewall friendly access to Windows Firewall friendly access to Windows instrumentationinstrumentation

Implemented over HTTPSImplemented over HTTPS

A WSMAN command line toolA WSMAN command line tool

SNMP WMI Provider

SNMP WMI ProviderWMI

Providers

ManagedObjects

SNMP Managed entity

SNMP Managed entity

Cimv2 WMI Provider

Cimv2 WMI Provider

Windows (Win32)Managed entity

Windows (Win32)Managed entity

Any WMI Provider

Any WMI Provider

Any Managed entity(Native Code)

Any Managed entity(Native Code)

…

Native C/C++

System.ManagementSystem.Management

.NET Client Applications.NET Client Applications

Windows Forms Web Forms

COM Inter-OpCOM Inter-Op

C/C++Client

C/C++Client

WMI COM APIWMI COM API

WMI Consumers(ManagementApplications)

ScriptsScripts

COM/DCOM

WMI ScriptingAPI

WMI ScriptingAPI

WMIRepository

WMIRepository WMI Core

(CIM Object Manager)

WMI Core(CIM Object Manager)

WMI InfrastructureCOM/DCOM

.NET WMI Provider.NET WMI Provider

.NET Managed App/entity.NET Managed App/entity

System.Management.Instrumentation

System.Management.Instrumentation

COM Inter-OpCOM Inter-Op

.NET C#, VB.NET, etc

1

2

3

WS-ManagementWS-Management

WMI Plug-inFor WS-Mgmt

WMI Plug-inFor WS-Mgmt

WS-ManagementWS-Management

WS-WS-Management Management

Enumerate Enumerate RequestRequest

WS-WS-Management Management

Enumerate Enumerate ResponseResponse

HTTPS (TCP/443)HTTPS (TCP/443)

WS-Management Access-PathWS-Management Access-Path

Group PolicyGroup Policyand the GPMCand the GPMC

Group Policy OverviewGroup Policy OverviewDo More with Less EffortDo More with Less Effort

Active Active DirectoryDirectory

One AdministratorOne Administrator

ActionAction

““New Policy”New Policy”

Group Policy enables Group Policy enables administrators to set and administrators to set and maintain a desired computing maintain a desired computing statestate

Allows for mass-Allows for mass-customization – scalability customization – scalability without sacrificing without sacrificing flexibility to customizeflexibility to customize

Group Policy Management Group Policy Management Console (GPMC) for Console (GPMC) for administrationadministration

Many End UserMany End User

ResultsResults Many ComputerMany Computer

ResultsResults

Policy-Based ManagementPolicy-Based ManagementWhat can you do with Group Policy?What can you do with Group Policy?

Centralized storage and mgmt of user dataCentralized storage and mgmt of user dataUsers have access to data and settings from any computer Users have access to data and settings from any computer Consistency of user experience across computersConsistency of user experience across computersData safety and availabilityData safety and availabilityRapid PC replacementRapid PC replacement

Configuration of the Operating System:Configuration of the Operating System:Networking settings, control panel access, remote assistance, Networking settings, control panel access, remote assistance, disk quotas, IEdisk quotas, IE

Securing the Operating SystemSecuring the Operating SystemOngoing and dynamic configuration managementOngoing and dynamic configuration management

GPMC OverviewGPMC OverviewAdmin tool for managing Group PolicyAdmin tool for managing Group Policy

Set of scriptable interfaces for managing Set of scriptable interfaces for managing GPGPMMC Snap-in, built on these interfacesMMC Snap-in, built on these interfaces

Feature SummaryFeature SummaryReportingReportingSearchSearchResultant Set of Policy (RSoP) integrationResultant Set of Policy (RSoP) integrationBackup/restoreBackup/restoreImport/export, copy/pasteImport/export, copy/pasteScripting of GPO operations Scripting of GPO operations (not settings)(not settings)

GPMC User InterfaceGPMC User Interface

IntroducingIntroducingMicrosoft Management Microsoft Management

Console (MMC) 3.0Console (MMC) 3.0

Key MMC 3.0 User BenefitsKey MMC 3.0 User Benefits

More reliableMore reliableImproved detection and reporting of snap-in problemsImproved detection and reporting of snap-in problems

Ability to isolate hung snap-ins from console Ability to isolate hung snap-ins from console (new snap-ins only)(new snap-ins only)

Improved usabilityImproved usabilityAsynchronous UI modelAsynchronous UI model

Simpler customization of consolesSimpler customization of consoles

Discoverability of actions Discoverability of actions

Richer snap-insRicher snap-insSimplified customization for increased functionalitySimplified customization for increased functionality

Templatized snap-in designTemplatized snap-in design

Functionally rich views through WinformsFunctionally rich views through Winforms

Console AuthoringConsole Authoring

Users asked us to make customizing consoles simpler

Actions PaneActions Pane

Sub-panes:Sub-panes: 1.1. Provide actions Provide actions

for the selected for the selected tree nodetree node

2.2. Provide actions Provide actions for the selected for the selected itemitem

3.3. Provide a Provide a helpful helpful description for description for the selected the selected itemitem

Users asked us to make functionality more discoverable

Snap-in CustomizationSnap-in Customization

Simple model for Simple model for developing snap-insdeveloping snap-insFunctionally rich snap-Functionally rich snap-ins with minimal ins with minimal development effortdevelopment effortVB snap-in development VB snap-in development supported supported

““400 lines of code instead 400 lines of code instead of 6,000 for MMC 1.0”of 6,000 for MMC 1.0”

““Hands down it makes the job Hands down it makes the job of creating a snap-in of creating a snap-in

almost trivial”almost trivial”

Easy development of custom MMC snap-Easy development of custom MMC snap-ins with minimal codingins with minimal coding

Platform SupportPlatform Support

Snap-in W2K XP WS03 WS03 R2 Vista

V1.0V1.2

MMC V1.2 MMC V2.0 orMMC V3.0* (with XP SP2)

MMC V2.0 or MMC V3.0* (with WS03 SP1)

MMC V3.0 MMC V3.0

V2.0 Not supported MMC V2.0 or MMC V3.0* (with XP SP2)

MMC V2.0 or MMC V3.0*(with WS03 SP1)

MMC V3.0 MMC V3.0

V3.0(managedsnap-in)

Not supported MMC V3.0* (with XP SP2)

MMC V3.0*(with WS03 SP1)

MMC V3.0 MMC V3.0

*Available via Windows Update or Web Download*Available via Windows Update or Web Download

MMC 3.0 - VistaMMC 3.0 - Vista

Monad IntroductionMonad Introduction

Weak Cmd shellWeak Cmd shellWeak languageWeak language

Spotty coverageSpotty coverage

Little guidanceLittle guidanceInconsistentInconsistent

GUI focusGUI focusHard to automateHard to automate

SDK focusSDK focusProgrammer Programmer abstractionsabstractions

Monad and MSHMonad and MSHCommand-oriented Command-oriented scriptingscriptingUsersUsers

AdminsAdminsScriptersScriptersSystems integratorsSystems integrators

ProvidesProvidesInteractive shellInteractive shellCmdletsCmdletsUtilitiesUtilitiesScripting languageScripting language

ProblemProblem SolutionSolution

MSI Version 3.0MSI Version 3.0

Ships With XP SP2Ships With XP SP2

Does not Support Windows 9x, ME or NT.Does not Support Windows 9x, ME or NT.

Improved Logging Improved Logging

Scripting ObjectsScripting Objects

SourceList API EnhancementsSourceList API Enhancements

Enhanced inventory APIEnhanced inventory API

Command line switchesCommand line switches

Extensive enhancements in patchingExtensive enhancements in patching

SDK Tools and Documentation UpdatesSDK Tools and Documentation Updates

MSI 3.1 is now availableMSI 3.1 is now available

●●

On-line ResourcesOn-line ResourcesWindows Server Update Services Home PageWindows Server Update Services Home Page

http://www.microsoft.com/windowsserversystem/updateservices/defhttp://www.microsoft.com/windowsserversystem/updateservices/default.mspxault.mspx

Introduction to WMIIntroduction to WMIhttp://msdn.microsoft.com/library/en-us/dnanchor/html/anch_wmi.ashttp://msdn.microsoft.com/library/en-us/dnanchor/html/anch_wmi.aspp

Introduction to WS-MANIntroduction to WS-MANhttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/wsmhttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/wsman/wsman/about_ws-management.aspan/wsman/about_ws-management.asp

What’s New in MMCWhat’s New in MMChttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/manhttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/managedMMC/html/7d607c5f-94e9-4d4f-9e4a-cd35cdbee7eb.aspagedMMC/html/7d607c5f-94e9-4d4f-9e4a-cd35cdbee7eb.asp

Introduction to Group PolicyIntroduction to Group Policyhttp://www.microsoft.com/windowsserver2003/techinfo/overview/gpihttp://www.microsoft.com/windowsserver2003/techinfo/overview/gpintro.mspxntro.mspx

Group Policy Management ConsoleGroup Policy Management Consolehttp://www.microsoft.com/windowsserver2003/gpmc/gpmcwp.mspxhttp://www.microsoft.com/windowsserver2003/gpmc/gpmcwp.mspx

MMS 2005 DVD ResourcesMMS 2005 DVD Resources

SW02:SW02: Practical Group Policy - Application and Usage (Part 1)Practical Group Policy - Application and Usage (Part 1)

SW03:SW03: Practical Group Policy - Application and Usage (Part 2)Practical Group Policy - Application and Usage (Part 2)

SW04:SW04: Microsoft Baseline Security Analyzer (MBSA) 2.0Microsoft Baseline Security Analyzer (MBSA) 2.0

SW05:SW05: Admin scripting: Managing Windows Security with Admin scripting: Managing Windows Security with scriptsscripts

SW06:SW06: Using web services for platform hardware managementUsing web services for platform hardware management

SW10:SW10: Extending Software Update Services with theExtending Software Update Services with theApplication Programming InterfaceApplication Programming Interface

SW11:SW11: Architecting and Deploying Software Update ServicesArchitecting and Deploying Software Update Services

SW15:SW15: Developing custom management tools in MMC V2.1Developing custom management tools in MMC V2.1using VB.Netusing VB.Net

SW12:SW12: Introduction to Monad Command Line ScriptingIntroduction to Monad Command Line Scripting

© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.