Windows monitoring

Unit objectives: Monitor the operating system Monitor system performance Backup and restore operating system

files and data

Topic A

Topic A: System monitoring Topic B: System performance Topic C: Backup and restore

Windows Diagnostics

Start, All Programs (or Programs), Accessories, System Tools menu

msinfo32 Collects and displays information about

configuration of specified computer System Information window

– Hardware Resources– Components– Software Environment– Internet Settings (not in Windows 7 or Vista)

System Information window

Remote computer information

1. Choose View, Remote Computer

2. Enter the name of the computer – Remote computer — WMI installed– Need appropriate privileges on remote

computer

Activity A-1

Running Windows Diagnostics

Command-line system information

path\msinfo32 Full path required for command-line

functionality Windows 7 and Vista parameters and

switches– /nfo Path – /report Path – /computer ComputerName

continued

Command-line information, continued

Windows XP/2000 parameters and switches– /pch – /report:filename.ext – /computer:computername – /category:categoryname – /categories:categorylist – /showcategories– /?

Activity A-2

Running msinfo32 from a command line

DirectX Diagnostic

dxdiag.exe Windows Vista — View status of

DirectX installation Windows XP/2000 — Test and

troubleshoot video- or sound-related hardware problems

Check for drivers’ digital signatures

DirectX Diagnostic Tool

DirectX Diagnostic pages

System DirectX Files — Windows XP/2000 Display Sound Music — Windows XP/2000 Input Network — Windows XP/2000 More Help — Windows XP/2000

Activity A-3

Running the DirectX Diagnostic tool

Task Manager

Provides information on applications, processes, and services running on computer

Tabs– Applications– Processes– Performance– Networking — Windows 7/Vista/XP– Users — Windows 7/Vista/XP– Services — Windows 7/Vista

Windows Task Manager

The Applications tab

End a running application – GPFs have occurred and applications

don’t respond to keyboard or mouse input

Switch to another application– The app is running in the background or

doesn’t have a taskbar button displayed

Start a new instance of an application– Explorer.exe process has stopped and

you have lost your Start menu, taskbar, and desktop items

Activity A-4

Monitoring applications

The Processes tab

Use to determine if a running process is overwhelming the processor and slowing down the system

If a process has a high percentage of CPU usage that doesn’t return to normal, you might have to end the process

Also use to end an application that won’t end when you try to do so on the Applications tab

Activity A-5

Ending a process

The Services tab

Linked to the Processes tab Highlights a service’s associated

process Shows processes from all users Also works in reverse: shows services

associated with a process

Activity A-6

Monitoring services

The Networking tab

Use to view computer’s network bandwidth

Displays a combination of the network traffic for all NICs

Can compare traffic on each NIC

Can customize data columns displayed

Activity A-7

Monitoring network utilization

The Users tab

Use to:– Monitor users logged on to the computer – Disconnect users– Send users messages

Data columns:– User – ID– Status– Client Name– Session

Activity A-8

Monitoring users

Computer Management

Monitor system events Create and manage shared resources Determine which users are connected

to monitored system Start and stop services Set properties for storage devices View device configurations Add or change device drivers Manage applications and services

Event Viewer

Use to monitor events Determine cause of problems with

– Application– Component of operating system– Suspected security breach

Event Viewer

Scope pane Actions pane

Console tree

Event Viewer categories

Application Security System Setup (Windows 7/Vista) Forwarded Events (Windows 7/Vista)

Event information

Level (7/Vista); Type (XP/2000) Date Time Source Task Category (7/Vista); Category

(XP/2000) Event ID (7/Vista); Event (XP/2000) User Computer

Event types

Error Warning Information Success Audit (Security Log only) Failure Audit (Security Log only)

Event Properties

Activity A-9

Viewing the event logs

Sorting events

Default — Events are listed from the newest to the oldest, by date and time

Can change the sort order – Click any column heading – One click = ascending order– Second click = descending order

To return to default view, choose View, Newest First

continued

Sorting events, continued

Grouping events

Group events by column heading Choose View, Group By, and choose

a column heading To return to default view, choose

View, Remove grouping of events

continued

Grouping events, continued

Filtering events

Filtering displays only certain events Filter criteria:

– Logged– Level (in Windows 7/Vista)– Event sources or Source– Event ID– Task category– Keywords– User– Computer

continued

Filtering events, continued

Managing event logs

Default size Events overwritten Clear events Save events

Activity A-10

Controlling the display of an event log

Topic B

Topic A: System monitoring Topic B: System performance Topic C: Backup and restore

Reliability Monitor

Track events that affect stability– Software installs and uninstalls– Application failures– Hardware failures– Windows failures– Miscellaneous failures

Reliability Monitor in Vista

Two features to track system health

System Stability Chart System Stability Report

Activity B-1

Determining a system’s Stability Index

Resource Overview

CPU Hard disk Network Memory (RAM)

Resource Overview

Detailed view of CPU resource

Activity B-2

Viewing real-time performance data in Resource Overview

(optional Instructor demonstration on Windows Vista)

Performance Monitor

Known as System Monitor in XP Monitor computer performance

– Real time– One-second intervals

Save reports of data Hundreds of counters available

– Create a baseline to compare system performance over time

– Monitor system resource use– Locate performance problems– Identify performance bottlenecks

Performance Monitor real-time graph

Performance objects Battery Status Cache Memory Network Interface Objects Paging File PhysicalDisk Process Processor System Thread

Bottlenecks

Processor: % Processor Time – Monitors how hard your processor is

working Process: Thread Count

– Identifies memory leaks in applications Memory: Pages/sec

– Points to page faults that cause system delays

PhysicalDisk: Disk Transfers/sec – Identifies poor disk-response time

Network Interface – Monitors network traffic

Adding counters

Real-time monitoring

1. Select local or remote computer

2. Expand appropriate performance object

3. Select desired counter

4. Select appropriate instance of the counter

5. Click Add

6. When finished adding counters, click OK

Activity B-3

Monitoring performance withPerformance Monitor

Performance Monitor configuration

Button Use to

Open saved log files and display them

Change graph display type

Add and delete counters

Highlight counter on graph

Display Properties

Pause and restart display

Update data

Performance Monitor tabs

General Source Data Graph Appearance

Activity B-4

Customizing Performance Monitor

Performance Logs and Alerts

Collect data View data Configure logs Set up alerts Options

– Counter Logs– Trace Logs– Alerts

Configuring Alerts

Log an entry in the application event log

Send a network message to Start performance data log Run this program Command Line Arguments

Topic C

Topic A: System monitoring Topic B: System performance Topic C: Backup and restore

Backups Create automatic backups of your personal files Restore files that you previously backed up Create a Complete PC Backup Archive selected files and folders Restore the archived files and folders Make a copy of your computer’s system state,

which includes:– Registry– Boot files– COM+ class registration database– IIS metadirectory– Windows File Protection system files

Copy your computer’s system partition, the boot partition, and the files needed to start up the system

Backup modes

Wizard mode — Walks you step-by-step through the process

Advanced mode — Provides complete control over file and folder selection

Scheduling automatic backups

Backup types in Windows XP

Copy Daily Differential Incremental Normal

Backup strategy

Grandfather-Father-Son basic strategy– Back up Son– Back up Father– Back up Grandfather

Activity C-1

Scheduling a backup

Restoring files

Files can be restored to original or alternate locations

Restore all of the files and folders that were backed up or restore selected files from the backup

Activity C-2

Restoring files from backup

System Restore

Available in Windows XP and Windows Vista, and Windows 7

Creates snapshots of the system configuration– System checkpoints– Manual restore points– Installation restore points

Used to restore computer to a previous configuration

Create a restore point before troubleshooting

Does not affect user data files

System Protection tab

Activity C-3

Creating a restore point

Restoring a system

Try Driver Rollback first If that doesn’t work, use System

Restore All Programs, Accessories, System

Tools, System Restore Can choose desired restore point Computer will reboot

Additional restore points

Affected programs and files

Activity C-4

Restoring a computer to a previous state

Unit summary

Monitored the operating system Monitored system performance Backed up and restored operating

system files and data