Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.

Published byJared Cole Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing."— Presentation transcript:

1 1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing

2 2 Monitoring Server Performance Periodically check the performance of your server so you can spot problems before they become critical. Microsoft Windows 2000 includes several tools to help you monitor your server’s performance: Event Viewer Task Manager The Performance console

3 3 Using Event Viewer Windows 2000 automatically tracks various system events and stores information about them in logs. Event Viewer is a Microsoft Management Console (MMC) snap-in. You can view three default logs in Event Viewer: System log Security log Application log

4 4 Using Event Viewer (Cont.) When optional services are installed on a computer running Windows 2000, additional logs may be generated. For example, when a Windows 2000 Server is promoted to a domain controller, these additional logs are added: Directory service log File replication service log DNS server log

5 5 Viewing Event Logs To access Event Viewer, click Start, point to Programs, point to Administrative Tools, and then click Event Viewer. You can also access Event Viewer in Computer Management or add it to a customized MMC console.

6 6 The Windows 2000 Event Viewer Console

7 7 Windows 2000 Event Types Event TypeDescription Error A significant problem, such as loss of data or loss of functionality Warning An event that might not be significant, but might indicate a future problem Information An event that describes the successful operation of an application, driver, or service Success audit An audited security access attempt that succeeds Failure audit An audited security access attempt that fails

8 8 Logged Event Information Every logged event is summarized in the details pane with the date and time that the event occurred. To view more information about an event, double-click the event.

9 9 An Event Properties Dialog Box

10 10 Locating Events By default, Event Viewer displays all events that are recorded in the selected log. You can filter the events displayed in an Event Viewer log by using the Filter command to configure a filter. You can also search a log for particular events by using the Find command and configuring search parameters.

11 11 The Event Viewer Filter Tab

12 12 The Event Viewer Find Dialog Box

13 13 Remote Access You can use Event Viewer to view logs on other computers, too. To view a log on another computer: 1. In the scope pane, right-click the Event Viewer (Local) icon, and click Connect To Another Computer. 2. In the Select Computer dialog box, specify the name of the remote computer.

14 14 Using Windows Task Manager Windows Task Manager provides summary information about computer performance, as well as programs and processes. In Task Manager, you can View the status of programs End programs that have stopped responding View a dynamic display of key performance indicators

15 15 Using Windows Task Manager (Cont.) Two common ways to start Windows Task Manager: Right-click an empty space on the Windows 2000 taskbar, and then click Task Manager. Press Ctrl+Alt+Delete, and then click Task Manager.

16 16 The Applications Tab in Task Manager Shows the status of programs running on your computer Tasks you can perform in this tab: Start a new program by clicking New Task. End a program by selecting a task in the list and clicking End Task. Switch to another program by selecting a task in the list and clicking Switch To.

17 17 The Applications Tab in Task Manager (Cont.)

18 18 The Processes Tab in Task Manager Displays information about processes running on the computer, such as current CPU and memory usage Some of the tasks you can perform in this tab: View counters for processes. End a process. Change the priority of a program.

19 19 The Processes Tab in Task Manager (Cont.)

20 20 The Performance Tab in Task Manager Shows a dynamic overview of the computer’s performance, including CPU and memory usage Total for the number of handles, threads, and processes running on the computer Totals, in KB, for physical, kernel, and commit memory

21 21 The Performance Tab in Task Manager (Cont.)

22 22 Using the Performance Console The Windows 2000 Performance console is a preconfigured MMC console that includes two preinstalled snap-ins: System Monitor: collects and displays real-time data about memory, disk, processor, and network activity Performance Logs And Alerts: lets you collect performance data from local or remote computers, configure logs to record data, and set system alerts

23 23 The Windows 2000 Performance Console

24 24 Using the System Monitor Snap-In Use System Monitor to Measure the performance of your own computer or other computers on a network Collect and view data about hardware resource use and the activity of system services on the computers you administer

25 25 Using the System Monitor Snap-In (Cont.) You can define the data you want to collect and graph. Type of data: one or more objects, counters, and instances Source of data: your local computer or other computers on the network Sampling parameters: manual, on-demand sampling or automatic sampling based on the time interval you specify

26 26 The System Monitor Snap-In

27 27 The Add Counters Dialog Box in System Monitor

28 28 Information in the Performance Console Legend Terms used in the legend are Object Counter Instance You can sort the entries in the legend.

29 29 Monitoring System and Network Performance Network activity can influence the performance not only of individual components, but also of the entire system. In addition to monitoring network activity, you should also monitor other resources, including disk, memory, and processor activity.

30 30 Monitoring System and Network Performance (Cont.) By monitoring performance over time, you can establish a performance baseline for your network. When performance data is incompatible with your baseline values, investigate the cause and take appropriate action.

31 31 Removing Unneeded Services If data indicates that unneeded services are using large amounts of memory or processor time, you can use the Services MMC snap-in to change the Startup Type value of the service to Disabled or Manual. In some cases, you can remove the service completely by using Add/Remove Programs in Control Panel.

32 32 Using the Performance Logs And Alerts Snap-In Use this tool to collect performance data automatically from local or remote computers. You can View the logged data by using System Monitor or import the data to spreadsheet programs or databases for analysis and report generation View counter data during and after collection Configure automatic logging Set an alert on a counter and stipulate the action to be taken when the counter's value exceeds or falls below a defined setting

33 33 Using the Performance Logs And Alerts Snap-In (Cont.) You can configure additional options: Starting and stopping logging Creating trace logs Defining a program that runs when a log is stopped Configuring additional settings for automatic logging You can define settings for counter logs, trace logs, and alerts.

34 34 A Log in the Performance Logs And Alerts Snap-In

35 35 Information in the Details Pane of the Performance Logs And Alerts Snap-In The columns in the details pane provide the following information: Name: the name of the log or alert Comment: descriptive information about the log or alert Log File Type: the log-file format you define Log File Name: the path and base filename you defined

36 36 Configuring More Than One Type of Log You can configure more than one type of log to run at a time. One log can generate many log files if started and stopped multiple times. The individual log files do not appear in the console window. Use Windows Explorer to view a listing of these files.

37 37 Lesson Summary Use Event Viewer to view and search through log files. Use Task Manager to get summary information about computer performance and programs and processes. Use System Monitor to measure the performance of your own computer or other computers on the network. Use Performance Logs And Alerts to collect performance data automatically from local or remote computers.

38 38 Monitoring Shared Resources You can use the Shared Folders snap-in to monitor access to network resources. With the Shared Folders snap-in, you can Monitor shared folders, user sessions, and open files Disconnect users Send administrative messages to users

39 39 Why Monitor Network Resources? Maintenance Sometimes, to perform maintenance tasks, you need to take resources offline. Before you do this, you need to know which users are using resources and notify them. Security You might want to monitor access to sensitive resources to verify that only authorized users are accessing them. Planning You need to determine current resource usage in order to plan for future system growth.

40 40 The Shared Folders Snap-In The Shared Folders snap-in is included in the Computer Management console. To access Shared Folders, click Start, point to Programs, point to Administrative Tools, and then click Computer Management. You can add the Shared Folders snap-in to a custom MMC console.

41 41 The Shared Folders Snap-In (Cont.)

42 42 Monitoring Shared Folders Use the Shares folder in the Shared Folders snap-in to View a list of shared folders on a computer running Windows 2000 Determine how many users are connected to each shared folder Share a folder

43 43 The Shares Folder in the Shared Folders Snap-In

44 44 Information in the Details Pane of the Shared Folders Snap-In The columns in the details pane display the following information about each share on the computer: Shared Folder Shared Path Type # Client Redirections Comment

45 45 Determining How Many Users Can Access a Shared Folder Concurrently You can use the Shared Folders snap-in to view and modify the maximum number of users that can access a folder. In the Shared Folders details pane, right-click the shared folder, and then click Properties. You can modify the user limit in the General tab in the Properties dialog box. You can manage the permissions for the share in the General tab.

46 46 Sharing a Folder You can use the Shared Folders snap-in to share an existing folder or to create a new folder and share it. You can also use this tool to modify shared folder and NT file system (NTFS) permissions when you share a folder. Using the Shared Folders snap-in is the only way to create a new shared folder on a remote computer running Windows 2000.

47 47 Monitoring User Sessions Use the Sessions folder in the Shared Folders snap-in to Monitor which users are currently accessing shared folders on a server from a remote computer Disconnect users Send administrative messages to computers and users

48 48 The Sessions Folder in the Shared Folders Snap-In

49 49 Information in the Details Pane of the Sessions Folder The columns in the details pane provide the following information about each computer connection: User Computer Type Open Files Connected Time and Idle Time Guest

50 50 Disconnecting Users You can disconnect one or all users with a network connection to the computer. You may need to disconnect users to Have changes to shared folder and NTFS permissions take effect immediately Free idle connections on a busy computer so that other users can connect Shut down a server

51 51 Disconnecting a Specific User To disconnect a specific user, in the Shared Folders snap-in, click the Sessions folder, right-click the user you want to disconnect, and then click Close Session. Use caution when disconnecting a user; it can result in data loss.

52 52 Sending Administrative Messages to Users Use the Shared Folders snap-in to send administrative messages to one or more users on the network. Send an administrative message to notify users when you intend to do anything that could cause data loss, such as Backing up or restoring data Disconnecting users Upgrading software or hardware Shutting down the computer

53 53 Sending Administrative Messages to Users (Cont.) To send an administrative message, right- click the Shared Folders icon in the scope pane, point to All Tasks, and then click Send Console Message. By default, all currently connected computers appear in the list of recipients.

54 54 Monitoring Open Files Use the Open Files folder in the Shared Folders snap-in to View a list of files in the computer’s shared folders that are currently open Determine which users are connected to each open file You can use this information When you need to contact users to notify them that you are shutting down the system To determine which user is using a file that is locked open

55 55 The Open Files Folder in the Shared Folders Snap-In

56 56 Information in the Details Pane of the Open Files Folder The columns in the details pane of the Open Files folder provide the following information about each file currently in use: Open File Accessed By Type # Locks Open Mode

57 57 Using the Open Files Folder to Disconnect Users Use the Open Files folder to disconnect users from open files. To disconnect all users from all open files, right- click the Open Files folder, and then select Disconnect All Open Files. To disconnect all users from one open file, right- click the file, and then click Close Open File. Use caution when disconnecting users; data loss can occur.

58 58 Lesson Summary The Shared Folders snap-in enables you to monitor the shared folders on a computer running Windows 2000. Use the Shares folder to monitor the number of connections to each share and to create new shares on a remote computer. Use the Sessions folder to monitor connections to the computer, disconnect users, and send administrative messages. Use the Open Files folder to view a list of open files and to disconnect users from a specific file or from all shared files.

59 59 Microsoft Windows 2000 Auditing Windows 2000 auditing is a security tool that enables you to track user activities and system-wide events.

60 60 Overview of Windows 2000 Auditing Auditing is the process of tracking user and system events. You can specify that Windows 2000 write a record of an event, called an audit entry, to the security log. An audit entry contains the action performed, the user who performed the action, the success or failure of the event, and when the event occurred.

61 61 Using an Audit Policy An audit policy defines the types of security events that Windows 2000 records in the security log. Windows 2000 writes events to the security log on the computer where the event occurs. You can set up an audit policy to Track the success and failure of events Eliminate or minimize the risk of unauthorized use of resources Use Event Viewer to view events recorded in the security log.

62 62 Planning an Audit Policy Determine the computers to set up auditing on and what to audit on each computer. Auditing is turned off by default. Windows 2000 records audited events on each computer separately.

63 63 Planning an Audit Policy (Cont.) Types of events you can audit include Access to files and folders Users logging on and off Shutting down and restarting a computer running Windows 2000 Changes to user accounts and groups Attempts to make changes to Active Directory objects

64 64 Planning an Audit Policy (Cont.) Determine whether to audit the success and/or failure of events. Success: can tell you how often users gain access to resources, which is helpful for resource planning Failure: can alert you to possible attempted security breaches

65 65 Planning an Audit Policy (Cont.) General guidelines for determining an audit policy Determine if you need to track trends of system usage. Review security logs frequently. Define an audit policy that is useful and manageable. Audit resource access by the Everyone group instead of the Users group.

66 66 Configuring Auditing Type of ComputerHow Audit Policy Is Set Stand-alone servers or stand-alone computers running Microsoft Windows 2000 Professional Set for each individual computer Member servers or computers running Windows 2000 Professional that have joined an Active Directory domain Can be set for each individual computer or for a group of computers, such as an OU Domain controllersSet for all domain controllers in the domain

67 67 Auditing Requirements You must have the Manage Auditing and Security Log user right for the computer where you want to configure audit policy or review the audit log. By default, members of the Administrators group have this right. Only files and folders on NTFS volumes can be audited.

68 68 Setting Up Auditing Configuring auditing is a two-part process: 1. Set the audit policy. This enables auditing of objects but does not activate the auditing of specific objects. 2. Configure auditing of specific resources. You identify the specific events to audit for files, folders, printers, and Active Directory objects. Auditing takes place only after both of these steps have been completed.

69 69 Setting an Audit Policy Select the types of events to be audited. Specify whether to track successful attempts, failed attempts, or both. Use the Group Policy snap-in to set audit policies.

70 70 Setting an Audit Policy (Cont.) Types of events that Windows 2000 can audit Account logon events Account management Directory service access Logon events Object access Policy change Privilege use Process tracking System

71 71 Setting an Audit Policy (Cont.) Changes made to audit policy on a computer take effect when one of the following events occurs: You initiate policy propagation. You restart the computer. Policy propagation occurs.

72 72 Auditing Access to Files and Folders The first step is enabling the Audit Object Access policy. To do this on a computer that is not a domain controller, create a custom MMC console and add the Group Policy snap-in. In the console tree, select Audit Policy from the Computer Configuration node, and then double- click the Audit Object Access policy to configure success and/or failure.

73 73 Auditing Access to Files and Folders (Cont.)

74 74 Auditing Access to Files and Folders (Cont.) The second step in auditing access to files and folders is to access the Properties dialog box for each individual file or folder you want to audit, click the Security tab, and then click Advanced. Then click the Auditing tab and configure auditing for the selected file or folder.

75 75 Auditing Access to Active Directory Objects First, enable the Audit Directory Service Access policy in the Group Policy snap-in. Second, use the Active Directory Users And Computers snap-in to configure auditing in the Properties dialog box for each Active Directory object you want to audit.

76 76 Lesson Summary Auditing is the process of tracking user and system events. An audit policy defines the types of security events that Windows 2000 records in the security log on each computer. Windows 2000 records audited events on each computer separately. To configure auditing of files, folders, or printers, first enable the Audit Object Access policy; then configure auditing of specific files, folders, and printers.

Download ppt "1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing."

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 10 Performance Tuning.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 10 Performance Tuning.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
1 Chapter Overview Understanding Printer Administration Managing Printers Managing Documents Administering Printers Using a Web Browser Troubleshooting.

1 Chapter Overview Understanding Printer Administration Managing Printers Managing Documents Administering Printers Using a Web Browser Troubleshooting.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 10 Monitoring and Troubleshooting Windows Server 2003.

Hands-On Microsoft Windows Server 2003 Administration Chapter 10 Monitoring and Troubleshooting Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Chapter 14 Chapter 14: Server Monitoring and Optimization.

Chapter 14 Chapter 14: Server Monitoring and Optimization.
Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.

Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 10: Collect and Analyze Performance Data.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 10: Collect and Analyze Performance Data.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Thirteen Performing Network.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Thirteen Performing Network.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
11 MONITORING MICROSOFT WINDOWS SERVER 2003 Chapter 3.

11 MONITORING MICROSOFT WINDOWS SERVER 2003 Chapter 3.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.

Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Similar presentations

Ads by Google