File Server Migration to Server 2012 Part 6: Can Helpdesk use it?
Part of my file server project is to also train our NOC staff on the new ways to use the file server. The NOC or Network Operations Center is responsible for network monitoring and being the first round of support for our nearly 1600 users. They answer the phones, put in tickets for other parts of the IT department (Network Admin (my dept), our desktop team, our development team, our security team, etc.). They also manage accounts in AD and part of the new account creation process is making network shares and making sure new employees have access to the correct folders (which are specified by their respective managers in the new user requests). They also review permissions when necessary, restore files via Shadow Copy.... relatively basic stuff with a Windows GUI.
However, since we're moving to Server Core, when they remote in to do whatever it is they need to do on the file server, it's going to leave them at a command prompt with no taskbar. Initially, my plan was just to teach them the Powershell commands to handle those basic tasks but I figured out pretty quickly that it wasn't as easy as it seemed.
Making a folder? That's easy.
or
Make it a share? Umm, well....
Setting permissions? I think it's....
Alright, while this could be done, it's not going to be easy. If they take it into their own hands and use the wrong command, wrong variables, wrong WMI class, they'll break stuff. I want to make the transition as smooth as possible for all involved parties (Yes, I could write them some scripts to do it but that I still think giving them a GUI to do it all from would be the best and easiest solution). So I started looking. There's not really a cut & dry way to do it. The best way I've found was to use RDS (Remote Desktop Services) Application Publishing.
Instead of giving you twenty-something screenshots, the video where I learned how to do this explains it better than I could in writing so I've included the video. Setting it up wasn't very difficult thanks to the video but there's a bit more to the story that should be explained.
If you prefer managing some things with the GUI, then you want Server 2012's new Server Manager program available. However, if you're running Server 2012, you're probably also wanting to run it in Core, which will strip away all of the unnecessary applications that are built into Windows. I mean, c'mon; Who needs Paint on a server? You can run Server Manager on your workstation without having to RDP into the server itself.... that is as long as you're running Windows 8. Much like previous versions of Windows and their Windows Server releases, you needed XP to run the RSAT tools for Server 2003, Vista to run the RSAT tools for Server 2008, Windows 7 to trun the RSAT tools for Server 2008 r2 and, of course, you need Windows 8 to run the RSAT tools for Server 2012.
What the RDS Application Publishing will allow you to do is publish almost any application installed on the server and run it through Remote Desktop on your computer. This means you could be managing your Server 2012 boxes from an XP workstation if you wanted to (though if you're still rocking XP on your workstation, my condolences).
It's also worth noting the different levels of GUI available in Server 2012. At it's base, full-Core mode if you will, doesn't have a lot of programs available. If you're quite fluent in Powershell then this shouldn't be a problem. From what I can tell, you get your normal Windows CMD prompt, Powershell, and Task Manager. If you run
This will get you some GUI programs like Server Manager, PerfMon, etc. If you run
then you'll get most of the standard programs without getting things like Windows Media Player, Solitaire, Paint, etc. It's nice because you get a GUI but it's all business (no pun intended). If you do want Server 2012 with all the Desktop trimmings then you can install the Desktop Experience feature.
In order to run Server Manager, you'll need to have at least the
(You might be asking yourself why go through all the trouble to setup RDS applicaton publishing when NOC staff can simply remote in and access Server Manager or do whatever else? I thought of that too. Basically, the answer is we could still let people do that but we're looking to get away from remoting into a machine whenever we need to do anything. Instead, we want to get familiar with the RSAT tools and doing as much as we can through Server Manager (now that Server Manager is actually worth a damn).)
So now that we know how our NOC will access Server Manager, what exactly are they going to do? Mostly make shares. Let's check that out by making a quick share.
Above, we get some options for making our share. For most cases, using the SMB Share - Quick template is sufficient. You can make permissions changes later in the wizard if necessary.
Choose the file server and volume where you want the share.
Give the share a name. As you can see above, I've already exceeded the bounds of my creativity for a share name.
The Caching feature is already enabled by default and that's fine. I'm also opting to enable Access-Based Enumeration (which I talk about in the next post). Basically, if you don't have at least read-access to something, you don't even see it. We don't need to enable encryption per share so we're leaving that off.
For permissions, obviously here is where you'll edit the permissions based on who needs access to what. For testing, I'm simply leaving it as is and moving on. After the Confirmation, click Create and voilĂ !; You have a new share!
For restoring files and folders via shadow copy, they can simply access the the server via Explorer from their computer by going to \\fileserver\share$ ("share" being whatever share they're wanting to get to). From there, they can drill down to the specific file/folder, right-click and open the Previous Versions tab.
However, since we're moving to Server Core, when they remote in to do whatever it is they need to do on the file server, it's going to leave them at a command prompt with no taskbar. Initially, my plan was just to teach them the Powershell commands to handle those basic tasks but I figured out pretty quickly that it wasn't as easy as it seemed.
Making a folder? That's easy.
New-Item -name JohnS -itemtype Directoryor
mkdir JohnSMake it a share? Umm, well....
Invoke-WmiMethod -ComputerName (FileServer) -Class win32_share -name JohnSSetting permissions? I think it's....
Set-Acl -......................................Alright, while this could be done, it's not going to be easy. If they take it into their own hands and use the wrong command, wrong variables, wrong WMI class, they'll break stuff. I want to make the transition as smooth as possible for all involved parties (Yes, I could write them some scripts to do it but that I still think giving them a GUI to do it all from would be the best and easiest solution). So I started looking. There's not really a cut & dry way to do it. The best way I've found was to use RDS (Remote Desktop Services) Application Publishing.
Instead of giving you twenty-something screenshots, the video where I learned how to do this explains it better than I could in writing so I've included the video. Setting it up wasn't very difficult thanks to the video but there's a bit more to the story that should be explained.
If you prefer managing some things with the GUI, then you want Server 2012's new Server Manager program available. However, if you're running Server 2012, you're probably also wanting to run it in Core, which will strip away all of the unnecessary applications that are built into Windows. I mean, c'mon; Who needs Paint on a server? You can run Server Manager on your workstation without having to RDP into the server itself.... that is as long as you're running Windows 8. Much like previous versions of Windows and their Windows Server releases, you needed XP to run the RSAT tools for Server 2003, Vista to run the RSAT tools for Server 2008, Windows 7 to trun the RSAT tools for Server 2008 r2 and, of course, you need Windows 8 to run the RSAT tools for Server 2012.
What the RDS Application Publishing will allow you to do is publish almost any application installed on the server and run it through Remote Desktop on your computer. This means you could be managing your Server 2012 boxes from an XP workstation if you wanted to (though if you're still rocking XP on your workstation, my condolences).
It's also worth noting the different levels of GUI available in Server 2012. At it's base, full-Core mode if you will, doesn't have a lot of programs available. If you're quite fluent in Powershell then this shouldn't be a problem. From what I can tell, you get your normal Windows CMD prompt, Powershell, and Task Manager. If you run
Install-WindowsFeature Server-Gui-Mgmt-Infra -RestartThis will get you some GUI programs like Server Manager, PerfMon, etc. If you run
Install-WindowsFeature Server-Gui-Shell -Restartthen you'll get most of the standard programs without getting things like Windows Media Player, Solitaire, Paint, etc. It's nice because you get a GUI but it's all business (no pun intended). If you do want Server 2012 with all the Desktop trimmings then you can install the Desktop Experience feature.
Install-WindowsFeature Desktop-Experience -RestartIn order to run Server Manager, you'll need to have at least the
Server-Gui-Mgmt-Infra feature installed.(You might be asking yourself why go through all the trouble to setup RDS applicaton publishing when NOC staff can simply remote in and access Server Manager or do whatever else? I thought of that too. Basically, the answer is we could still let people do that but we're looking to get away from remoting into a machine whenever we need to do anything. Instead, we want to get familiar with the RSAT tools and doing as much as we can through Server Manager (now that Server Manager is actually worth a damn).)
So now that we know how our NOC will access Server Manager, what exactly are they going to do? Mostly make shares. Let's check that out by making a quick share.
Above, we get some options for making our share. For most cases, using the SMB Share - Quick template is sufficient. You can make permissions changes later in the wizard if necessary.
Choose the file server and volume where you want the share.
Give the share a name. As you can see above, I've already exceeded the bounds of my creativity for a share name.
The Caching feature is already enabled by default and that's fine. I'm also opting to enable Access-Based Enumeration (which I talk about in the next post). Basically, if you don't have at least read-access to something, you don't even see it. We don't need to enable encryption per share so we're leaving that off.
For permissions, obviously here is where you'll edit the permissions based on who needs access to what. For testing, I'm simply leaving it as is and moving on. After the Confirmation, click Create and voilĂ !; You have a new share!
For restoring files and folders via shadow copy, they can simply access the the server via Explorer from their computer by going to \\fileserver\share$ ("share" being whatever share they're wanting to get to). From there, they can drill down to the specific file/folder, right-click and open the Previous Versions tab.
Comments
Post a Comment