Project Management Office (PMO)

In recent years, many organizations have introduced Project Management Offices (PMOs) into their business operations. A PMO is used to provide somewhat of a project oversight committee to organizations that frequently operate several projects simultaneously.
Organizations that utilize a proven project methodology can further extend this methodology to include workflow processes that include checkpoints with the PMO staff.

The role of the PMO can be different in almost every organization, but most include a few key functions. The role of the PMO usually involves reviewing proposed projects to determine how or if the project deliverables coincide with the organization’s current or future business plans or strategies. PMO membership can also be very different among organizations. PMO membership can include departmental managers, directors or team leads, executive staff, employee advocates, and, in some cases, board members. Having the PMO staff represent views and insight from the different levels and departments of an organization enables the PMO to add value to any proposed project.

Having diverse staff included in the PMO staff enables the organization to evaluate and understand current and proposed projects and how these projects will positively or negatively affect the organization as a whole. Some of the general functions or roles a PMO can provide include the following:

. High-level project visibility—All proposed projects are presented to the PMO and if approved, the project is tracked by the PMO. This provides a single entity that is knowledgeable and informed about all ongoing and future projects in an organization and how they align to business and technical objectives.

. Project sounding board—When a new project is proposed or presented to the PMO, the project will be scrutinized and many questions will be asked. Some of these questions might not have been considered during the initial project design and planning phases. The PMO improves project quality by constantly reviewing and monitoring projects from when the project is proposed and during regular scheduled project status and PMO meetings.

. Committee-based project approval or denial—The PMO is informed of all the current and future projects, as well as business direction and strategy, and is the best equipped group to decide on whether a project should be approved, denied, or postponed.

. Enterprise project management—The PMO tracks the status of all ongoing projects and upcoming projects, which enables the PMO to provide additional insight and direction with regard to internal resource utilization, vendor management for outsourced projects, and, of course, project budget and scheduling.

Source of Information : Sams - Windows Server 2008 R2 Unleashed

Volume Shadow Copy Service (VSS)

Window Server 2008 R2 Volume Shadow Copy Service (VSS) provides some great features that can be used to enhance backup and recovery for Windows disks. One great feature of VSS, called Shadow Copies for Shared Volumes, captures and stores copies of the files and folders at a specific point in time.

Administrators and end users with the correct permissions can browse the shadow copies based on the time and date of creation and essentially restore a specific folder, file, or entire volume without restoring from tape. The shadow copies are very space efficient, as the first copy is a complete compressed version of the data on the volume, and subsequent copies store only the changes made since the last shadow copy was created.

Another great feature of the VSS is the tight integration it provides for third-party software vendors and to the Windows Server Backup tools. VSS enables manual backups created using Windows Server Backup to store shadow copies on remote server shares. Windows Server Backup also utilizes VSS to manage the storage space of the backup by using the space-efficient and intelligent storage functions of VSS.


Enabling Shadow Copies for Shared Volumes
Enabling shadow copies on a volume can be very simple. Administrators have more options when it comes to recovering lost or deleted data and, in many cases, can entirely avoid restoring data to disk from a backup tape device or tape library. In addition, select users can be given the necessary rights to restore files that they’ve accidentally deleted.

The Volume Shadow Copy Service is already installed and is automatically available using NTFS-formatted volumes.

To enable and configure shadow copies, follow these steps:

1. Log on to the Windows Server 2008 R2 system with an account with administrator privileges.

2. Click Start, click All Programs, click Administrative Tools, and select Server Manager.

3. In the tree pane, double-click the Storage node, and select Disk Management.

4. In the tasks pane, scroll down to locate the desired volume, right-click the volume, and select Properties.

5. Select the Shadow Copies tab; in the Select a Volume section, click on the desired volume, and click the Settings button.

6. The Settings page enables you to choose an alternate volume to store the shadow copies. Select the desired volume to store the shadow copy and set the storage space limit for the volume. The default is usually set to 10% of the volume size.

7. After the location and maximum size are configured, click the Schedule button and define the schedule. The defaults create a shadow copy at 7:00 a.m. and 12:00 p.m.

8. Click OK to close the Schedule window, and click OK again to close the Volume Shadow Copy Settings window. The shadow copy for the originally selected volume is now enabled.

9. If necessary, select the next volume and enable shadow copying; otherwise, select the enabled volume and immediately create a shadow copy by clicking the Create Now button.

10. If necessary, select the next volume and immediately create a shadow copy by clicking the Create Now button.

11. After the shadow copies are created, click OK to close the Shadow Copies page, close the Server Manager, and log off of the server.

Source of Information : Sams - Windows Server 2008 R2 Unleashed

Certificate Services

When the Active Directory Certificate Services role and role servers are installed on a Windows Server 2008 R2 system, a Certification Authority is created. The Certification Authority or CA is used to manage and allocate certificates to users, servers, and workstations when files, folders, email, or network communication needs to be secured or encrypted.

When the CA allocates a certificate to a machine or user, that information is recorded in the certificate database on the local drive of the CA. If this database is corrupted or deleted, all certificates allocated from this server become invalid or unusable. To avoid this problem, the certificates and Certificate Services database should be backed up frequently. Even if certificates are rarely allocated to new users or machines, backups should still be performed regularly. The certificate authority database is backed up with a full system backup but can be backed up using the Certification Authority console. To perform a manual backup of the certificate authority, perform the following steps:

1. Log on to the Windows Server 2008 R2 Certification Authority server system with an account with administrator privileges.

2. Click Start, click All Programs, click Administrative Tools, and select Certification Authority.

3. Double-click on the Certification Authority server to initiate the connection in the console.

4. Right-click on the server, click All Tasks, and select Back Up CA.

5. When the Certification Authority Backup Wizard opens, click Next on the welcome page.

6. On the Items to Back Up page, check both check boxes, and in the Back Up to This Location text box, type c:\Windows\System32\CABackup\ and click Next.

7. A window opens stating that the destination folder does not exist; click OK to create the folder and continue.

8. On the Select a Password page, enter a password, confirm the password, and click Next to continue. This password is very important because it will be required to restore the database should that be necessary—so store this password in a safe place.

9. On the Completing the Certification Authority Backup Wizard page, review the settings, and click Finish to create the backup.

10. After the backup completes, the focus is returned to the Certification Authority console. Close the console.

11. Log off of the server.

Source of Information : Sams - Windows Server 2008 R2 Unleashed

Active Directory Recycle Bin

Windows Server 2008 R2 includes a feature that can be enabled called the Active Directory Recycle Bin. When enabled, this feature can allow for a deleted Active Directory object to be restored without having to restore the System State of a domain controller and boot to Directory Services Restore mode to perform a selective authoritative restore of that object. Enabling the Active Directory Recycle Bin requires that all domain controllers are running Windows Server 2008 R2, the forest functional level must be set to Windows Server 2008 R2, and then functionality can be enabled manually. To enable the Active Directory Recycle Bin, perform the following steps:

1. Log on to a Windows Server 2008 R2 domain controller in the forest root domain with an account with domain administrator privileges.

2. Click Start, click All Programs, click Accessories, click the Windows PowerShell folder, right-click on Windows PowerShell, and select Run As Administrator.

3. Type cd \ and press Enter.

4. Type Import-Module ActiveDirectory and press Enter.

5. Type Get-ADForest and press Enter. Review the ForestMode value, which should be set to Windows2008R2Forest.

6. If the ForestMode is not set to Windows2008R2Forest, for a forest named companyabc.com as an example, type Set-ADForestMode –Identity companyabc.com -ForestMode Windows2008R2Forest and press Enter. Type a Y and press Enter to confirm the change.

7. Once the forest functional level is confirmed to be at the Windows Server 2008 R2 level, type in Get-ADOptionalFeature –Filter * and press Enter. This returns the list of optional features, including the Active Directory Recycle Bin. If this feature is enabled, the EnabledScopes setting will have a value.

8. Assuming that this functionality has not been enabled, as it is not enabled by default, type Enable-ADOptionalFeature ‘Recycle Bin Feature’ –Scope ForestorConfigurationSet –Target companyabc.com and press Enter.

9. When prompted that this is an irreversible action, type Y and press Enter to enable the Active Directory Recycle Bin feature.

10. After the command completes, type Get-ADOptionalFeature –Filter * and press Enter. Note that the EnabledScopes setting is now populated with a value.

11. Type exit and press Enter to close the PowerShell window. After the Active Directory Recycle Bin is enabled, it should be tested with test organizational units, groups, users, or any desired objects. To perform a restore, the Restore-ADObject cmdlets will be used along with a few other cmdlets to get the preliminary information needed to restore.

Source of Information : Sams - Windows Server 2008 R2 Unleashed

Using the Directory Services Restore Mode Password

When a Windows Server 2008 R2 system is promoted to a domain controller, the Directory Services Restore mode (DSRM) password is created. This password is used only when booting into Directory Services Restore mode. Restore mode is used when the Active Directory database is in need of maintenance or needs to be restored from backup. Many administrators have found themselves without the ability to log on to Restore mode when necessary and have been forced to rebuild systems from scratch to restore the System State data. Many hours can be saved if this password is stored in a safe place, where it can be accessed by the correct administrators. Now with Windows Server 2008 R2, if a full authoritative restore of the entire Active Directory database and sysvol folder is required, this can be performed using the Windows Server Backup GUI. To perform the restore, the domain controller will need to be booted into Directory Services Restore mode. If a single object or a container with objects within is accidentally deleted, it can be granularly restored by booting a domain controller in DSRM, restoring the System State, and performing an authoritative restore of the desired object(s). The issue with this is that the domain controller is offline to client requests during the entire time it is running in Directory Services Restore mode. To avoid this, Windows Server 2008 R2 has a new feature called the AD Recycle Bin, which allows for object recovery while the domain controller is online. This is detailed in the next section.

There can still be cases where restores will require booting domain controllers into DSRM and the DSRM password will be required. To make sure this password is known, the password can be updated regularly on all domain controllers. The Restore mode password is server specific and created on each domain controller. If the password is forgotten, and the domain controller is still functional, it can be changed using the command-line tool ntdsutil.exe from the command prompt. To update the DSRM password on a domain controller named dc1.companyabc.com, perform the following steps:

1. Log on to the Windows Server 2008 R2 system with an account with administrator privileges.

2. Click Start, click All Programs, click Accessories, and select Command Prompt.

3. Type cd \ and press Enter.

4. Type NTDSutil.exe and press Enter.

5. Type Set DSRM Password and press Enter.

6. Type Reset Password on Server dc1.companyabc.com and press Enter.

7. Type the new DSRM password, and press Enter.

8. Type the new DSRM password again for confirmation, and press Enter.

9. Repeat the previous three steps for any additional domain controllers that will have the DSRM password updated. To close out from NTDSutil.exe, type quit, press Enter, type quit again, and press Enter.

10. Back at the command prompt, type logoff to log off of the domain controller.

Source of Information : Sams - Windows Server 2008 R2 Unleashed

Accidental Deletion Protection

A feature first released with the Windows Server 2008 Active Directory Users and Computers snap-in and included in the Windows Server 2008 R2 edition is an option to protect an object from accidental deletion. Setting this option defines a Deny permission to object deletion, so the result is not new, just the simplicity in configuring it is new. To protect an object from accidental deletion, perform the following steps of configuring this option on the Administrator user account:

1. Log on to the Windows Server 2008 R2 domain controller system with an account with administrator privileges.

2. Click Start, click All Programs, click Administrative Tools, and select Active Directory Users and Computers.

3. Select the View menu, and select Advanced Features.

4. In the tree pane, select the Users container.

5. In the right pane, locate the Administrator account, and double-click the user account to open the property pages.

6. Select the Object tab, check the Protect Object from Accidental Deletion check box, and click OK to apply the changes.

Source of Information : Sams - Windows Server 2008 R2 Unleashed

LDIFDE and CSVDE Command-Line Tools

Ldifde.exe and csvde.exe are two command-line utilities that can be used to export and import Active Directory object information. For example, these tools can be used to export a list of all user accounts, groups, organizational units (OUs), and computer objects in an Active Directory domain.

When a restore of a deleted object is required, or when an object’s attribute or property values are changed, having a text file export to reference the original location and distinguished name of the object, or the values of the object’s attributes, is very valuable. To restore a single object, or an OU with all the objects contained within the OU, the distinguished name (DN) of the object is required. Using LDIFDE or CSVDE to export objects to a text file will contain the DN for all objects in the query. Either tool can be run from the command line. To export a list of all objects in Active Directory to a file called AllObjects.ldf, perform the following steps:

1. Log on to the Windows Server 2008 R2 system with an account with administrator privileges.

2. Click Start, click All Programs, click Accessories, and select Command Prompt.

3. Type cd \ and press Enter. The command prompt should reflect the local boot drive. For this example, we assume that this drive is the C: drive.

4. Type ldifde.exe –f AllObjects.ldf and press Enter.

5. The root of the C: drive now contains a file named AllObjects.ldf. Open this file using Notepad and review the export.

6. Back in the Command Prompt window, type ldifde.exe –f AllUsers.ldf –r “(objectclass=user)” and press Enter.

7. The root of the C: drive now contains a file named AllUsers.ldf. Open this file using Notepad and review the export to see that only the user objects have been exported to this file.

8. Type logoff and press Enter to log off of the server.

Ldifde.exe and csvde.exe have similar switches, but the export file format will be different. Also, each of these tools has a number of options that can be used to perform advanced queries and only export a select list of objects. For more information on these utilities, please reference the Help feature by typing ldifde /? or csvde /? and pressing Enter in a Command Prompt window.

Source of Information : Sams - Windows Server 2008 R2 Unleashed

Backing Up the System State

The System State of a Windows Server 2008 R2 system contains, at a minimum, the system Registry, boot configuration files, system files that are protected by Windows File Protection (WFP), and the COM+ class registration database. Backing up the System State creates a point-in-time backup that can be used to restore a server to a previous working state. Having a copy of the System State is essential if a server restore is necessary. A System State backup is included in a full server backup and is also included in the Bare Metal Recovery selection, but it can also be backed up separately. To create a separate System State backup using the GUI, perform the following steps:

1. Log on to the Windows Server 2008 R2 system with an account with administrator privileges.

2. Click Start, click All Programs, click Administrative Tools, and select Windows Server Backup.

3. Click on Backup Once in the Actions pane.

4. On the Backup Options page, select the Different Options option button and click Next to continue.

5. On the Select Backup Configuration page, select the Custom option button and click Next to continue.

6. On the Select Items for Backup page, click the Add Items button. In the Select Items window, check the box next to System State.

7. On the Select Items for Backup page, click Next to continue.

8. Complete the backup by selecting the desired destination for the backup and complete the required steps.

Source of Information : Sams - Windows Server 2008 R2 Unleashed

Running a Manual Backup to Remote Storage Using wbadmin.exe

Using wbadmin.exe to run backups can be tedious. To understand each of the options available for a manual backup in a Command Prompt window, type wbadmin.exe Start Backup /? and press Enter. To run a manual backup and store it on a remote server share,
a few options are required. The data will be stored on the remote server share \\Server30\NetworkBackup, the Bare Metal Recovery item, referred to as the AllCritical option used in our example, will be selected for backup. This item includes all volumes in use by the system, including volumes that contain applications and shared data folders, as well as the System State. For this example, the companyabc\administrator account will be used to connect to the remote share. To run the manual backup using the preceding criteria, perform the following steps:

1. Log on to the Windows Server 2008 R2 system with an account with administrator privileges.

2. Open a command prompt.

3. Type wbadmin.exe Start Backup –backuptarget:\\Server2\NetworkBackup –AllCritical -user:companyabc\administrator –password:My$3cretPW! and press Enter to start the backup.

4. The backup window will state that the network share cannot be securely protected, press Y, and then press Enter to allow the backup to run to this network share.

5. The backup progress will be detailed in the Command Prompt window. After the backup completes, type exit to close the Command Prompt window.

To perform the previous backup task using Windows PowerShell is a much more detailed task and requires several steps to make this work. To perform a manual backup to a network share capable of Bare Metal Recovery, perform the following steps:

1. Log on to the Windows Server 2008 R2 system with an account with administrator privileges.

2. Click Start, click All Programs, click Accessories, click the Windows PowerShell folder, right-click on Windows PowerShell, and select Run As Administrator.

3. Type cd \ and press Enter.

4. Type Add-PsSnapin Windows.ServerBackup and press Enter.

5. Type $BMRPolicy=New-WbPolicy and press Enter.

6. Type $BMRCred=Get-Credential and press Enter.

7. A Windows dialog box opens; enter the username and password combination that will be used to connect to the network share, and click OK to save the credentials and return to the PowerShell window.

8. Back in the PowerShell window, type $NetShareBackup=New-WbBackupTarget –NetworkPath \\Server30\NetworkBackup -Credential $BMRCred and press Enter.

9. Type Add-WbBackupTarget –policy $BMRPolicy –Target $NetShareBackup and press Enter.

10. Type Add-WbBareMetalRecovery –policy $BMRPolicy and press Enter.

11. Type Start-WbBackup –policy $BMRPolicy and press Enter. The backup should start.

Source of Information : Sams - Windows Server 2008 R2 Unleashed

Windows Server 2008 R2 Backup Storage Support and Media Management

Windows Server Backup allows administrators to back up to locally attached disks, network shares, and DVD writable media. Tape devices are not supported by Windows Server Backup, and to back up to DVD media, the system requires a local writable DVD drive. Using Ntbackup.exe in previous versions of Windows Server editions, media management was one of the biggest challenges administrators faced. Tape media needed to be prelabeled if any logical media management was required for backups. Also, if disk-based file backups were used, the file could end up filling up the server disk if the media was configured to append instead of overwrite when new backups were performed. The other option for backup media was to overwrite the media when a backup was run, but that also relabeled the media and any stickers on the tape would no longer match. Media management was possible, but just very tedious.

Windows Server Backup greatly improves media management by taking full control of the media, including labeling, efficiently storing data, cataloging the backup media, and managing the free disk space. Performing backups using remote server shares or local volumes as backup destinations has the risk of filling up the destination volume. When local disks are dedicated for Windows Server Backup and the utilized disk space is nearing capacity, the backup system will overwrite the oldest backup data on the disk to keep the disk from filling and to keep the backup job from failing.


External Disks
Windows Server Backup supports backup data to be stored on locally attached disks and writable DVD media located in local writable DVD drives. Locally attached disks include internal disk drives, hot-swappable disk drives, and drives externally connected via USB 2.0 or IEEE 1394 interfaces. Also, SAN-attached disks can be used as backup destinations. Storing backups on SAN storage enables faster rotation or replication of backup disks volumes to other SAN storage without impacting Windows system performance.


CD/DVD Writer Drives
Windows Server 2008 R2 contains many features that can take advantage of DVD writer drives. These include the Windows Server Backup feature to capture backups to DVD and Windows Deployment Services, which can be used to create boot, capture, and discover images on DVD media. With regard to Windows Server Backup, a manual backup can be created to contain a volume or entire system backup, and might span multiple DVDs. This can be a valuable option as data from remote servers can be synchronized across the network using Distributed File System Replication, but creating a full system backup across a WAN link usually is not an option. Branch office administrators can be tasked with creating full system DVD backups monthly, quarterly, or more frequently to provide full system recovery options, and the media can easily be copied, archived, and shipped to offsite storage locations or to a central office.


Remote Shared Folder and Folder on Local Volume
Shares on remote servers or folders on local volumes can be designated as backup targets for manual and scheduled backup jobs. Designating a remote shared folder allows an administrator to create a backup not stored on media physically mounted in the system, and also allows for the backup of multiple servers to be stored on a central server. Choosing to back up using a folder on a local volume removes the restriction of having to dedicate an entire volume for backup usage. There are two very important catches to be aware of when using remote shared folders and folders on local volumes:

. When using a remote shared folder, only one copy of the backup can be stored within the folder, and each backup will perform a full overwrite backup.

. When a folder on a local volume is selected as a backup destination, the performance of that volume will be severely impacted during backup, which could cause poor system performance if any user data is stored and accessed on the same volume.


Tape Devices
Tape devices are not supported in Windows Server Backup. Administrators who want to back up data to tape will require Microsoft System Center Data Protection Manager or third-party backup applications, or they will be forced to create manual backups to disk and then copy the data to tape drives.

Source of Information : Sams - Windows Server 2008 R2 Unleashed

Incremental-only backup

The incremental-only approach to backup makes a single full backup copy and thereafter makes incremental backup copies to capture newly writ...