In Windows management, best practices are guidelines that are considered the ideal way, under typical circumstances, to configure a server as defined by experts. For example, it is considered a best practice for most server technologies to keep open only those ports required for the technologies to communicate with other networked computers, and block unused ports. Although best practice violations, even crucial ones, are not necessarily problematic, they indicate server configurations that can result in poor performance, poor reliability, unexpected conflicts, increased security risks, or other potential problems.

Analisador das Práticas Recomendadas (BPA) is a server management tool that is available in Windows Server® 2008 R2. BPA can help administrators reduce best practice violations by scanning one or more roles that are installed on Windows Server 2008 R2, and reporting best practice violations to the administrator. Administrators can filter or exclude results from BPA reports that they do not have to see. Administrators can also perform BPA tasks by using either the Gerenciador do Servidor GUI, or Windows PowerShell cmdlets.

BPA can also be used on remote servers that are running Windows Server 2008 R2, by using Gerenciador do Servidor targeted at a remote server. For more information about how to run Gerenciador do Servidor targeted at a remote server, see Remote Management with Server Manager.

Best Practices Analyzer

BPA is installed by default on all editions of Windows Server 2008 R2 except the Server Core installation option.

Observação

Instructions for installing Windows PowerShell, and modules for Gerenciador do Servidor and Analisador das Práticas Recomendadas on the Server Core installation option of Windows Server 2008 R2 are available in Windows Server Migration Tools Installation, Access, and Removal (https://go.microsoft.com/fwlink/?LinkId=134763).

Because the units analyzed by BPA are server roles, the interface for BPA is located on role home pages in the Gerenciador do Servidor console. For more information about roles, see Funções, serviços de função e recursos. Analisador das Práticas Recomendadas is one of the areas of the Summary section of a role’s home page.

How BPA works

BPA works by measuring a role’s compliance with best practice rules in eight different categories of a role’s effectiveness, trustworthiness, and reliability. Results of measurements can be any of the three severity levels described in the following table.

Severity levelDescription

Noncompliant

Noncompliant results are returned when a role does not satisfy the conditions of a rule.

Compliant

Compliant results are returned when a role satisfies the conditions of a rule.

Warning

Warning results are returned when a role is compliant as operating currently, but may not satisfy the conditions of a rule if changes are not made to its configuration or policy settings. For example, a scan of Remote Desktop Services might show a warning result if a license server is unavailable to the role, because even if no remote connections are active at the time of the scan, not having the license server prevents new remote connections from obtaining valid client access licenses.

BPA rule categories

The following table describes the categories of best practice rules against which roles are measured during a BPA scan.

Category NameDescription

Security

Security rules are applied to measure a role’s relative risk for exposure to threats such as unauthorized or malicious users, or loss or theft of confidential or proprietary data.

Performance

Performance rules are applied to measure a role’s ability to process requests and perform its prescribed duties in the enterprise, within expected periods of time given the role’s workload.

Configuration

Configuration rules are applied to identify role settings that might require modification for the role to perform optimally. Configuration rules can help prevent setting conflicts that can result in error messages or prevent the role from performing its prescribed duties in an enterprise.

Policy

Policy rules are applied to identify Group Policy or Windows Registry settings that might require modification for the role to operate optimally and securely.

Operation

Operation rules are applied to identify possible failures of a role to perform its prescribed tasks in the enterprise.

Predeployment

Predeployment rules are applied before an installed role is deployed in the enterprise, to let administrators to evaluate whether best practices were satisfied before you use the role in production.

Postdeployment

Postdeployment rules are applied after all required services have started for a role, and the role is running in the enterprise.

BPA Prerequisites

BPA Prerequisite rules explain configuration settings, policy settings, and features that are required for the role before BPA can apply specific rules from other categories. A prerequisite in scan results indicates that an incorrect setting, a missing função, serviço de função ou recurso, an incorrectly enabled or disabled policy, a registry key setting, or other configuration has prevented BPA from applying one or more rules during a scan. A prerequisite result does not imply compliance or noncompliance. It means that a rule could not be applied, and therefore is not part of the scan results.

How to open BPA

You can open BPA in the Gerenciador do Servidor console by opening the home page for a server role that supports BPA.

To open BPA in Server Manager
  1. Open Gerenciador do Servidor. Para abrir o Gerenciador do Servidor, clique em Iniciar, aponte para Ferramentas Administrativas e clique em Gerenciador do Servidor.

  2. In the tree pane, open Roles, and then select the role for which you want to open BPA.

  3. In the details pane, open the Summary section, and then open the Best Practices Analyzer area.

Running BPA

For more information about how to run BPA scans, see Running and Filtering Scans in Best Practices Analyzer in this Help.