Windows Server Solutions BPA Checklist

[Today's post comes to us courtesy of David Copeland from Commercial Technical Support]

Earlier this month we published a post introducing the new Windows Server Solutions BPA, which is currently available for download.  Below is a list of the checks, broken down by each product supported, that the Windows Server Solutions Best Practices Analyzer (BPA) performs as of 4/25/2011.  We will publish updates to this list as new checks are added in the future:

Small Business Server 2011 Standard Edition

Checks the following service’s start mode:

  • DNS Client – DNSClientStartModeSection
  • DHCP Client – DHCPClientStartModeSection
  • IIS Admin Service – IISAdminStartModeSection
  • Remote Registry – RemoteRegistryStartModeSection
  • Remote Desktop Gateway – TSGatestartModeSection
  • Windows Update – AutoUpdatestartModeSection
  • Distributed Transaction Coordinator – DTCStartModeSection
  • Netlogon – NetlogonStartModeSection
  • DNS Server – DNSServerStartModeSection
  • Windows SBS Manager - SBSMgrstartModeSection

Checks that the following services are started:

  • DNS Client – DNSClientStartedSection
  • Windows Update – AutoUpdatesStartedSection
  • DHCP Client – DHCPClientStartedSection
  • IIS Admin Service – IISAdminStartedSection
  • World Wide Web Publishing Service – W3SVCStartedSection
  • Remote Registry – RemoteRegStartedSection
  • Remote Desktop Gateway – TSGateStartedSection
  • Windows Time – W32TimeStartedSection
  • Distributed Transaction Coordinator – DTCStartedSection
  • Netlogon – NetlogonStartedSection
  • DNS Server – DNSServerStartedSection
  • Windows SBS Manager - SBSmgrStartedSection

Checks the following service’s logon account:

  • DNS Client – DNSClientStartNameSection
  • Windows Update – AutoUpdatesStartNameSection
  • DHCP Client – DHCPClientStartNameSection
  • World Wide Web Publishing Service – W3SVCStartNameSection
  • Remote Desktop Gateway – TSGatewayStartNameSection
  • Windows Time – W32TimeStartNameSection
  • Distributed Transaction Coordinator – DTCStartNameSection
  • Netlogon – NetlogonStartNameSection
  • DNS Server – DNSServerStartNameSection
  • Windows SBS Manager - SBSMgrStartNameSection

Other Checks:

  • SKUsFoundSection – Returns the Operating System Platform name
  • PingDefGtwySection – Checks to see if the server is not able to ping the default gateway
  • PingDefGtwyOKSection – Checks to see if the server is able to ping the default gateway
  • Check2IPsSection – Checks to see if there are multiple IP addresses on the network card
  • IPFilteringSection – Checks to see if IP Filtering is enabled
  • HyperVSection – Checks to see if the Hyper-V role is installed
  • IPv6Section – Check to see if IPv6 appears to be improperly disabled
  • KernelAuthEnabledSection – Check to see if Kernel Mode Authentication is enabled in the applicationhost.config for IIS
Small Business Server 2011 Essentials

Checks the following service’s start mode:

  • DNS Client – DNSClientStartModeSection
  • DHCP Client – DHCPClientStartModeSection
  • IIS Admin Service – IISAdminStartModeSection
  • World Wide Web Publishing Service – W3SVCStartModeSection
  • Remote Registry – RemoteRegistryStartModeSection
  • Remote Desktop Gateway – TSGatestartModeSection
  • Windows Time – W32TimestartModeSection
  • Windows Update – AutoUpdatestartModeSection
  • Distributed Transaction Coordinator – DTCStartModeSection
  • Netlogon – NetlogonStartModeSection
  • DNS Server - DNSServerStartModeSection

Checks that the following services are started:

  • DNS Client – DNSClientStartedSection
  • Windows Update – AutoUpdatesStartedSectio
  • DHCP Client – DHCPClientStartedSection
  • IIS Admin Service – IISAdminStartedSection
  • World Wide Web Publishing Service – W3SVCStartedSection
  • Remote Registry – RemoteRegStartedSection
  • Remote Desktop Gateway – TSGateStartedSection
  • Windows Time – W32TimeStartedSection
  • Distributed Transaction Coordinator – DTCStartedSection
  • Netlogon – NetlogonStartedSection
  • DNS Server - DNSServerStartedSection

Checks the following service’s logon account:

  • DNS Client – DNSClientStartNameSection
  • Windows Update – AutoUpdatesStartNameSection
  • DHCP Client – DHCPClientStartNameSection
  • IIS Admin Service – IISAdminStartNameSection
  • World Wide Web Publishing Service – W3SVCStartNameSection
  • Remote Desktop Gateway – TSGatewayStartNameSection
  • Windows Time – W32TimeStartNameSection
  • Distributed Transaction Coordinator – DTCStartNameSection
  • Netlogon – NetlogonStartNameSection
  • DNS Server - DNSServerStartNameSection

Other Checks:

  • SKUsFoundSection – Returns the Operating System Platform name
  • PingDefGtwySection – Checks to see if the server is not able to ping the default gateway
  • PingDefGtwyOKSection – Checks to see if the server is able to ping the default gateway
  • Check2IPsSection – Checks to see if there are multiple IP addresses on the network card
  • IPFilteringSection – Checks to see if IP Filtering is enabled
  • HyperVSection – Checks to see if the Hyper-V role is installed
Windows Storage Server 2008 R2 Essentials

Checks the following service’s start mode:

  • DNS Client – DNSClientStartModeSection
  • DHCP Client – DHCPClientStartModeSection
  • IIS Admin Service – IISAdminStartModeSection
  • World Wide Web Publishing Service – W3SVCStartModeSection
  • Remote Registry – RemoteRegistryStartModeSection
  • Remote Desktop Gateway – TSGatestartModeSection
  • Windows Time – W32TimestartModeSection
  • Windows Update – AutoUpdatestartModeSection

Checks that the following services are started:

  • DNS Client – DNSClientStartedSection
  • Windows Update – AutoUpdatesStartedSection
  • DHCP Client – DHCPClientStartedSection
  • IIS Admin Service – IISAdminStartedSection
  • World Wide Web Publishing Service – W3SVCStartedSection
  • Remote Registry – RemoteRegStartedSection
  • Remote Desktop Gateway – TSGateStartedSection
  • Windows Time - W32TimeStartedSection

Checks the following service’s logon account:

  • DNS Client – DNSClientStartNameSection
  • Windows Update – AutoUpdatesStartNameSection
  • DHCP Client – DHCPClientStartNameSection
  • IIS Admin Service – IISAdminStartNameSection
  • World Wide Web Publishing Service – W3SVCStartNameSection
  • Remote Desktop Gateway – TSGatewayStartNameSection
  • Windows Time - W32TimeStartNameSection

Other Checks:

  • PingDefGtwySection – Checks to see if the server is not able to ping the default gateway
  • PingDefGtwyOKSection – Checks to see if the server is able to ping the default gateway
Windows MultiPoint Server 2011

Checks the following service’s start mode:

  • Windows MultiPoint Server Host Service - WMSSvcStartModeSection

Checks that the following services are started:

  • Windows MultiPoint Server Host Service – WMSSvcStartedSection
  • Remote Desktop Services - TermServiceStartedSection

Checks the following service’s logon account:

  • Windows MultiPoint Server Host Service - WMSSvcStartNameSection

Other Checks:

  • SRCShellAccountExistsSection – Verifies the SRCShell local account exist