Win2008 R2 BPA Updates Released for April 2010 wave

Win2008 R2 BPA Updates Released for April 2010 wave

  • Comments 11
  • Likes

Ahoy hoy. The BPA release release cycle has just ticked over once for Windows Server 2008 R2. This means that you can now install – through Windows Update or the Download Center – add-ons that snap into Server Manager and will tell you if you are following MS best practices for your installed roles. Simply install the update, look at the role, and click “scan this role”. After some noodling, BPA will kick out info.

For example, it appears I stink at running DFSN…

image

But I rule at running DFSR!

image

Here’s what just shipped:

  • Update for Best Practices Analyzer for HYPER-V for Windows Server 2008 R2
  • Update for Best Practices Analyzer for Network Policy and Access Services for Windows Server 2008 R2
  • Update for Best Practices Analyzer for Active Directory Rights Management Services for Windows Server 2008 R2
  • Update for Best Practices Analyzer for Application Server for Windows Server 2008 R2
  • Update for Best Practices Analyzer for File Services for Windows Server 2008 R2
  • Update for Best Practices Analyzer for DHCP Server for Windows Server 2008 R2
  • Update for Best Practices Analyzer for Windows Server Update Services for Windows Server 2008 R2

Download them all from here.

Read more about them all here.

You need Windows Server 2008 R2 to use any of this stuff, so add it to your list of reasons to upgrade if you haven’t already. More BPA’s coming out when they… come out. Including updates to these existing ones, in theory.

Hey Mahesh, where’s your post?

 

Ned “beat filecab to the punch for once”  Pyle

  • Hi Ned

    Nice to see you aren't too competitive!! :)

    Any idea's when the Windows 2008 versions will be out? While I know Windows 2008 R2 is nicer/better, some of us cant upgrade just yet.

    Cheers

    David

  • A bit. :-)

    The whole built-in Windows BPA framework only exists in Win2008 R2. It's a new feature. I doubt we'd ever make a version for 2008, it would canibalize business.

  • Very cool. No love for AD itself? A built-in ADST like the one that came with ADRAPs would be sah-weeeet.

  • There is an AD one in there already - it has 38 checks. Just open servermanager on any R2 DC and click "active directory domain services" - it's down a ways.

    It's nowhere as good as an ADRAP though! :-D

    Ned

  • I am getting errors when trying to run BPA with an execution policy defined via GPO.  Our policy is defined as RemoteSigned and all my searching comes up that this is the correct setting for BPA, but I can't find anyone who says anything about it being set with a GPO.  I've tested with the IIS and File Services BPAs and get the same error with both.  Is this a bug or am I doing something wrong?

  • Please provide detail around your repro steps and settings - step by step.

    Also provide what you are referencing that states this is correct. We've not been asked about this before, so I don't know yet what expected behavior will be or what would need to be set.

  • Here are some links that reference setting the execution policy to remotesigned:

    http://social.technet.microsoft.com/Forums/en/SCMDM/thread/540172c2-0f43-48c5-9e38-31002778c886

    http://mobilitydojo.net/2008/09/22/system-center-mobile-device-manager-2008-install-guide-no-gateway-part-1/

    Steps to reproduce (R2 with IIS or File Services role):

    > set-executionpolicy remotesigned

    > get-executionpolicy -list

    MachinePolicy = Undefined

    UserPolicy = Undefined

    Process = Undefined

    CurrentUser = Undefined

    LocalMachine = RemoteSigned

    Run IIS or File Services BPA, this works.

    Open Local Policy Editor, browse to Local Computer Policy> Computer Configuration> Administrative Templates> Windows Components> Windows Powershell.  Enable "Turn on Script Execution" and set the policy to "Allow local scripts and remote signed scripts".

    > get-executionpolicy -list

    MachinePolicy = RemoteSigned

    UserPolicy = Undefined

    Process = Undefined

    CurrentUser = Undefined

    LocalMachine = RemoteSigned

    Run IIS or File Services BPA, this fails with:

    There has been a Best Practice Analyzer engine error for Model ID:'Microsoft/Windows/FileServices' during execution of the Model. (Inner Exception: One or more model documents are invalid: {0} Discovery exception occurred proccessing file '{0}'.

    Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope.  Due ot the override, your shell will retain its current effective execution policy of "RemoteSigned".

  • Now that's something I can work with. :) I'll get a local repro here when I have a chance and see what's what.

  • Yeah, I have a local repro. I'll see what I can do about this from our end. If you have a Premier contract please email your TAM to contact me about this.

  • Anything new on the problem with BPA and remotesigned execution policy via GPO?

  • FYI setting your ExecutionPolicy via GPO also causes issues with Exchange 2010, some of the installers break (support.microsoft.com/.../981474).  I just gave up and switched to a Group Policy Preference that sets the LocalMachine ExecutionPolicy (as opposed to the MachinePolicy).  I have a blog post detailing the steps I used: blog.whatsupduck.net/.../issues-with-configuring-powershell.html