Chapter Overview - PowerPoint PPT Presentation

About This Presentation
Title:

Chapter Overview

Description:

When you need to contact users to notify them that you are shutting down the system ... Shutting down and restarting a computer running Windows 2000 ... – PowerPoint PPT presentation

Number of Views:27
Avg rating:3.0/5.0
Slides: 77
Provided by: higheredM
Category:

less

Transcript and Presenter's Notes

Title: Chapter Overview


1
Chapter Overview
  • Monitoring Server Performance
  • Monitoring Shared Resources
  • Microsoft Windows 2000 Auditing

2
Monitoring Server Performance
  • Periodically check the performance of your server
    so you can spot problems before they become
    critical.
  • Microsoft Windows 2000 includes several tools to
    help you monitor your servers performance
  • Event Viewer
  • Task Manager
  • The Performance console

3
Using Event Viewer
  • Windows 2000 automatically tracks various system
    events and stores information about them in logs.
  • Event Viewer is a Microsoft Management Console
    (MMC) snap-in.
  • You can view three default logs in Event Viewer
  • System log
  • Security log
  • Application log

4
Using Event Viewer (Cont.)
  • When optional services are installed on a
    computer running Windows 2000, additional logs
    may be generated.
  • For example, when a Windows 2000 Server is
    promoted to a domain controller, these additional
    logs are added
  • Directory service log
  • File replication service log
  • DNS server log

5
Viewing Event Logs
  • To access Event Viewer, click Start, point to
    Programs, point to Administrative Tools, and then
    click Event Viewer.
  • You can also access Event Viewer in Computer
    Management or add it to a customized MMC console.

6
The Windows 2000 Event Viewer Console
7
Windows 2000 Event Types
Event Type Description
Error A significant problem, such as loss of data or loss of functionality
Warning An event that might not be significant, but might indicate a future problem
Information An event that describes the successful operation of an application, driver, or service
Success audit An audited security access attempt that succeeds
Failure audit An audited security access attempt that fails
8
Logged Event Information
  • Every logged event is summarized in the details
    pane with the date and time that the event
    occurred.
  • To view more information about an event,
    double-click the event.

9
An Event Properties Dialog Box
10
Locating Events
  • By default, Event Viewer displays all events that
    are recorded in the selected log.
  • You can filter the events displayed in an Event
    Viewer log by using the Filter command to
    configure a filter.
  • You can also search a log for particular events
    by using the Find command and configuring search
    parameters.

11
The Event Viewer Filter Tab
12
The Event Viewer Find Dialog Box
13
Remote Access
  • You can use Event Viewer to view logs on other
    computers, too.
  • To view a log on another computer 1. In the
    scope pane, right-click the Event Viewer
    (Local) icon, and click Connect To Another
    Computer.
  • 2. In the Select Computer dialog box, specify
    the name of the remote computer.

14
Using Windows Task Manager
  • Windows Task Manager provides summary information
    about computer performance, as well as programs
    and processes.
  • In Task Manager, you can
  • View the status of programs
  • End programs that have stopped responding
  • View a dynamic display of key performance
    indicators

15
Using Windows Task Manager (Cont.)
  • Two common ways to start Windows Task Manager
  • Right-click an empty space on the Windows 2000
    taskbar, and then click Task Manager.
  • Press CtrlAltDelete, and then click Task
    Manager.

16
The Applications Tab in Task Manager
  • Shows the status of programs running on your
    computer
  • Tasks you can perform in this tab
  • Start a new program by clicking New Task.
  • End a program by selecting a task in the list and
    clicking End Task.
  • Switch to another program by selecting a task in
    the list and clicking Switch To.

17
The Applications Tab in Task Manager (Cont.)
18
The Processes Tab in Task Manager
  • Displays information about processes running on
    the computer, such as current CPU and memory
    usage
  • Some of the tasks you can perform in this tab
  • View counters for processes.
  • End a process.
  • Change the priority of a program.

19
The Processes Tab in Task Manager (Cont.)
20
The Performance Tab in Task Manager
  • Shows a dynamic overview of the computers
    performance, including
  • CPU and memory usage
  • Total for the number of handles, threads, and
    processes running on the computer
  • Totals, in KB, for physical, kernel, and commit
    memory

21
The Performance Tab in Task Manager (Cont.)
22
Using the Performance Console
  • The Windows 2000 Performance console is a
    preconfigured MMC console that includes two
    preinstalled snap-ins
  • System Monitor collects and displays real-time
    data about memory, disk, processor, and network
    activity
  • Performance Logs And Alerts lets you collect
    performance data from local or remote computers,
    configure logs to record data, and set system
    alerts

23
The Windows 2000 Performance Console
24
Using the System Monitor Snap-In
  • Use System Monitor to
  • Measure the performance of your own computer or
    other computers on a network
  • Collect and view data about hardware resource use
    and the activity of system services on the
    computers you administer

25
Using the System Monitor Snap-In (Cont.)
  • You can define the data you want to collect and
    graph.
  • Type of data one or more objects, counters, and
    instances
  • Source of data your local computer or other
    computers on the network
  • Sampling parameters manual, on-demand sampling
    or automatic sampling based on the time interval
    you specify

26
The System Monitor Snap-In
27
The Add Counters Dialog Box in System Monitor
28
Information in the Performance Console Legend
  • Terms used in the legend are
  • Object
  • Counter
  • Instance
  • You can sort the entries in the legend.

29
Monitoring System and Network Performance
  • Network activity can influence the performance
    not only of individual components, but also of
    the entire system.
  • In addition to monitoring network activity, you
    should also monitor other resources, including
    disk, memory, and processor activity.

30
Monitoring System and Network Performance (Cont.)
  • By monitoring performance over time, you can
    establish a performance baseline for your
    network.
  • When performance data is incompatible with your
    baseline values, investigate the cause and take
    appropriate action.

31
Removing Unneeded Services
  • If data indicates that unneeded services are
    using large amounts of memory or processor time,
    you can use the Services MMC snap-in to change
    the Startup Type value of the service to Disabled
    or Manual.
  • In some cases, you can remove the service
    completely by using Add/Remove Programs in
    Control Panel.

32
Using the Performance Logs And Alerts Snap-In
  • Use this tool to collect performance data
    automatically from local or remote computers.
  • You can
  • View the logged data by using System Monitor or
    import the data to spreadsheet programs or
    databases for analysis and report generation
  • View counter data during and after collection
  • Configure automatic logging
  • Set an alert on a counter and stipulate the
    action to be taken when the counter's value
    exceeds or falls below a defined setting

33
Using the Performance Logs And Alerts Snap-In
(Cont.)
  • You can configure additional options
  • Starting and stopping logging
  • Creating trace logs
  • Defining a program that runs when a log is
    stopped
  • Configuring additional settings for automatic
    logging
  • You can define settings for counter logs, trace
    logs, and alerts.

34
A Log in the Performance Logs And Alerts Snap-In
35
Information in the Details Pane of the
Performance Logs And Alerts Snap-In
  • The columns in the details pane provide the
    following information
  • Name the name of the log or alert
  • Comment descriptive information about the log or
    alert
  • Log File Type the log-file format you define
  • Log File Name the path and base filename you
    defined

36
Configuring More Than One Type of Log
  • You can configure more than one type of log to
    run at a time.
  • One log can generate many log files if started
    and stopped multiple times.
  • The individual log files do not appear in the
    console window.
  • Use Windows Explorer to view a listing of these
    files.

37
Lesson Summary
  • Use Event Viewer to view and search through log
    files.
  • Use Task Manager to get summary information about
    computer performance and programs and processes.
  • Use System Monitor to measure the performance of
    your own computer or other computers on the
    network.
  • Use Performance Logs And Alerts to collect
    performance data automatically from local or
    remote computers.

38
Monitoring Shared Resources
  • You can use the Shared Folders snap-in to monitor
    access to network resources.
  • With the Shared Folders snap-in, you can
  • Monitor shared folders, user sessions, and open
    files
  • Disconnect users
  • Send administrative messages to users

39
Why Monitor Network Resources?
  • Maintenance
  • Sometimes, to perform maintenance tasks, you need
    to take resources offline.
  • Before you do this, you need to know which users
    are using resources and notify them.
  • Security
  • You might want to monitor access to sensitive
    resources to verify that only authorized users
    are accessing them.
  • Planning
  • You need to determine current resource usage in
    order to plan for future system growth.

40
The Shared Folders Snap-In
  • The Shared Folders snap-in is included in the
    Computer Management console.
  • To access Shared Folders, click Start, point to
    Programs, point to Administrative Tools, and then
    click Computer Management.
  • You can add the Shared Folders snap-in to a
    custom MMC console.

41
The Shared Folders Snap-In (Cont.)
42
Monitoring Shared Folders
  • Use the Shares folder in the Shared Folders
    snap-in to
  • View a list of shared folders on a computer
    running Windows 2000
  • Determine how many users are connected to each
    shared folder
  • Share a folder

43
The Shares Folder in the Shared Folders Snap-In
44
Information in the Details Pane of the Shared
Folders Snap-In
  • The columns in the details pane display the
    following information about each share on the
    computer
  • Shared Folder
  • Shared Path
  • Type
  • Client Redirections
  • Comment

45
Determining How Many Users Can Access a Shared
Folder Concurrently
  • You can use the Shared Folders snap-in to view
    and modify the maximum number of users that can
    access a folder.
  • In the Shared Folders details pane, right-click
    the shared folder, and then click Properties.
  • You can modify the user limit in the General tab
    in the Properties dialog box.
  • You can manage the permissions for the share in
    the General tab.

46
Sharing a Folder
  • You can use the Shared Folders snap-in to share
    an existing folder or to create a new folder and
    share it.
  • You can also use this tool to modify shared
    folder and NT file system (NTFS) permissions when
    you share a folder.
  • Using the Shared Folders snap-in is the only way
    to create a new shared folder on a remote
    computer running Windows 2000.

47
Monitoring User Sessions
  • Use the Sessions folder in the Shared Folders
    snap-in to
  • Monitor which users are currently accessing
    shared folders on a server from a remote computer
  • Disconnect users
  • Send administrative messages to computers and
    users

48
The Sessions Folder in the Shared Folders Snap-In
49
Information in the Details Pane of the Sessions
Folder
  • The columns in the details pane provide the
    following information about each computer
    connection
  • User
  • Computer
  • Type
  • Open Files
  • Connected Time and Idle Time
  • Guest

50
Disconnecting Users
  • You can disconnect one or all users with a
    network connection to the computer.
  • You may need to disconnect users to
  • Have changes to shared folder and NTFS
    permissions take effect immediately
  • Free idle connections on a busy computer so that
    other users can connect
  • Shut down a server

51
Disconnecting a Specific User
  • To disconnect a specific user, in the Shared
    Folders snap-in, click the Sessions folder,
    right-click the user you want to disconnect, and
    then click Close Session.
  • Use caution when disconnecting a user it can
    result in data loss.

52
Sending Administrative Messages to Users
  • Use the Shared Folders snap-in to send
    administrative messages to one or more users on
    the network.
  • Send an administrative message to notify users
    when you intend to do anything that could cause
    data loss, such as
  • Backing up or restoring data
  • Disconnecting users
  • Upgrading software or hardware
  • Shutting down the computer

53
Sending Administrative Messages to Users (Cont.)
  • To send an administrative message, right-click
    the Shared Folders icon in the scope pane, point
    to All Tasks, and then click Send Console
    Message.
  • By default, all currently connected computers
    appear in the list of recipients.

54
Monitoring Open Files
  • Use the Open Files folder in the Shared Folders
    snap-in to
  • View a list of files in the computers shared
    folders that are currently open
  • Determine which users are connected to each open
    file
  • You can use this information
  • When you need to contact users to notify them
    that you are shutting down the system
  • To determine which user is using a file that is
    locked open

55
The Open Files Folder in the Shared Folders
Snap-In
56
Information in the Details Pane of the Open Files
Folder
  • The columns in the details pane of the Open Files
    folder provide the following information about
    each file currently in use
  • Open File
  • Accessed By
  • Type
  • Locks
  • Open Mode

57
Using the Open Files Folder to Disconnect Users
  • Use the Open Files folder to disconnect users
    from open files.
  • To disconnect all users from all open files,
    right-click the Open Files folder, and then
    select Disconnect All Open Files.
  • To disconnect all users from one open file,
    right-click the file, and then click Close Open
    File.
  • Use caution when disconnecting users data loss
    can occur.

58
Lesson Summary
  • The Shared Folders snap-in enables you to monitor
    the shared folders on a computer running Windows
    2000.
  • Use the Shares folder to monitor the number of
    connections to each share and to create new
    shares on a remote computer.
  • Use the Sessions folder to monitor connections to
    the computer, disconnect users, and send
    administrative messages.
  • Use the Open Files folder to view a list of open
    files and to disconnect users from a specific
    file or from all shared files.

59
Microsoft Windows 2000 Auditing
  • Windows 2000 auditing is a security tool that
    enables you to track user activities and
    system-wide events.

60
Overview of Windows 2000 Auditing
  • Auditing is the process of tracking user and
    system events.
  • You can specify that Windows 2000 write a record
    of an event, called an audit entry, to the
    security log.
  • An audit entry contains the action performed, the
    user who performed the action, the success or
    failure of the event, and when the event
    occurred.

61
Using an Audit Policy
  • An audit policy defines the types of security
    events that Windows 2000 records in the security
    log.
  • Windows 2000 writes events to the security log on
    the computer where the event occurs.
  • You can set up an audit policy to
  • Track the success and failure of events
  • Eliminate or minimize the risk of unauthorized
    use of resources
  • Use Event Viewer to view events recorded in the
    security log.

62
Planning an Audit Policy
  • Determine the computers to set up auditing on and
    what to audit on each computer.
  • Auditing is turned off by default.
  • Windows 2000 records audited events on each
    computer separately.

63
Planning an Audit Policy (Cont.)
  • Types of events you can audit include
  • Access to files and folders
  • Users logging on and off
  • Shutting down and restarting a computer running
    Windows 2000
  • Changes to user accounts and groups
  • Attempts to make changes to Active Directory
    objects

64
Planning an Audit Policy (Cont.)
  • Determine whether to audit the success and/or
    failure of events.
  • Success can tell you how often users gain access
    to resources, which is helpful for resource
    planning
  • Failure can alert you to possible attempted
    security breaches

65
Planning an Audit Policy (Cont.)
  • General guidelines for determining an audit
    policy
  • Determine if you need to track trends of system
    usage.
  • Review security logs frequently.
  • Define an audit policy that is useful and
    manageable.
  • Audit resource access by the Everyone group
    instead of the Users group.

66
Configuring Auditing
Type of Computer How Audit Policy Is Set
Stand-alone servers or stand-alone computers running Microsoft Windows 2000 Professional Set for each individual computer
Member servers or computers running Windows 2000 Professional that have joined an Active Directory domain Can be set for each individual computer or for a group of computers, such as an OU
Domain controllers Set for all domain controllers in the domain
67
Auditing Requirements
  • You must have the Manage Auditing and Security
    Log user right for the computer where you want to
    configure audit policy or review the audit log.
  • By default, members of the Administrators group
    have this right.
  • Only files and folders on NTFS volumes can be
    audited.

68
Setting Up Auditing
  • Configuring auditing is a two-part process
  • 1. Set the audit policy. This enables auditing
    of objects but does not activate the auditing
    of specific objects.
  • 2. Configure auditing of specific resources.
    You identify the specific events to audit for
    files, folders, printers, and Active Directory
    objects.
  • Auditing takes place only after both of these
    steps have been completed.

69
Setting an Audit Policy
  • Select the types of events to be audited.
  • Specify whether to track successful attempts,
    failed attempts, or both.
  • Use the Group Policy snap-in to set audit
    policies.

70
Setting an Audit Policy (Cont.)
  • Types of events that Windows 2000 can audit
  • Account logon events
  • Account management
  • Directory service access
  • Logon events
  • Object access 
  • Policy change
  • Privilege use
  • Process tracking
  • System

71
Setting an Audit Policy (Cont.)
  • Changes made to audit policy on a computer take
    effect when one of the following events occurs
  • You initiate policy propagation.
  • You restart the computer.
  • Policy propagation occurs.

72
Auditing Access to Files and Folders
  • The first step is enabling the Audit Object
    Access policy.
  • To do this on a computer that is not a domain
    controller, create a custom MMC console and add
    the Group Policy snap-in.
  • In the console tree, select Audit Policy from the
    Computer Configuration node, and then
    double-click the Audit Object Access policy to
    configure success and/or failure.

73
Auditing Access to Files and Folders (Cont.)
74
Auditing Access to Files and Folders (Cont.)
  • The second step in auditing access to files and
    folders is to access the Properties dialog box
    for each individual file or folder you want to
    audit, click the Security tab, and then click
    Advanced.
  • Then click the Auditing tab and configure
    auditing for the selected file or folder.

75
Auditing Access to Active Directory Objects
  • First, enable the Audit Directory Service Access
    policy in the Group Policy snap-in.
  • Second, use the Active Directory Users And
    Computers snap-in to configure auditing in the
    Properties dialog box for each Active Directory
    object you want to audit.

76
Lesson Summary
  • Auditing is the process of tracking user and
    system events.
  • An audit policy defines the types of security
    events that Windows 2000 records in the security
    log on each computer.
  • Windows 2000 records audited events on each
    computer separately.
  • To configure auditing of files, folders, or
    printers, first enable the Audit Object Access
    policy then configure auditing of specific
    files, folders, and printers.
Write a Comment
User Comments (0)
About PowerShow.com