To help make troubleshooting easier, Windows Vista includes Problem Reports and Solutions, and Event Viewer.. Windows Vista divides event logs into Windows logs and Applications and Serv
Trang 1Demonstration 2: Using the Performance Diagnostic Console
In this demonstration, you will see how you can:
• View the Resource Overview
• Use Performance Monitor
• Create a Data Collector Set
• View Reports
Key Points
The key points of this demonstration are:
• The Performance Diagnostic Console allows you to view real-time performance
• Data Collector Sets simplify the configuration of performance data
• The Performance Diagnostic Console allows you to log performance data
• Reports enable you to view and analyze the results of data collection
Trang 2Application Monitoring
Introduction
Troubleshooting application problems is one of the most difficult parts of desktop support
To help make troubleshooting easier, Windows Vista includes Problem Reports and Solutions, and Event Viewer
Objectives
After completing this section, you will be able to:
• Explain Problem Reports and Solutions
• Describe Event Logs
• Describe the new features in Event Viewer
Trang 3What Is Problem Reports and Solutions?
Problem Reports and Solutions is a replacement for Dr Watson found in previous
versions of Windows Problem Reports and Solutions performs crash analysis and helps you find solutions to problems Problems are tracked over time so that you can view the history of problems on a computer
You can configure how Problem Reports and Solutions handles problems When a
problem occurs, you can have it automatically reported to Microsoft to search for a
solution, select whether to report each problem when it occurs, or manually choose to check for solutions at any time The default configuration is to ask the user when a
problem occurs Users can be allowed to change settings for their own account
When a problem is reported to Microsoft, Windows attempts to match the problem report
to a known problem at Microsoft If it is a known problem, with a solution, you are given steps you can take to solve the problem Microsoft tracks problem reports over time to determine when new solutions need to be created
If a solution for a problem is not available at the time the problem occurs, there is no automated mechanism for you to be notified when a new solution is available However, you can manually check for new solutions When you check for new solutions, Windows searches for new solutions to unresolved problems
Trang 4Demonstration 3: Configuring Problem Reports and Solutions
In this demonstration, you will see how you can:
• Configure Problem Reports and Solutions
Key Points
The key points of this demonstration are:
• Problem Reports and Solutions is used to find solutions for software problems
Trang 5What Are Event Logs?
An event log is a location where system and application events are stored Windows Vista divides event logs into Windows logs and Applications and Services logs
Windows logs are similar to the event logs found in previous versions of Windows Applications and Services logs are event logs for individual applications and services Events are now stored as XML in the event logs This makes it easier for you to access event logs with other applications and reuse event data
Windows Logs
Windows logs store the events that apply to the entire system In addition, legacy
applications will still write events to the application log
The Windows logs categories include:
• Application log The application log contains events written by applications The events written to this log are determined by the application developer
• Security log The security log records auditing events such as valid and invalid logon attempts Administrators determine which events are recorded here by configuring an audit policy
• System log The system log contains events logged by Windows system components For example, the failure of a service to start
Trang 6Applications and Services Logs
Applications and Services logs are a new category of event logs in Windows Vista These logs store events from a single application or component rather than events that might have a system-wide impact
There are four types of Applications and Services logs:
• Admin Admin logs have events that indicate a problem and a well-defined solution that an administrator can act on Applications and services with known errors and solutions can include an admin log
• Operational Operational logs are used for troubleshooting and resolving problems and viewing status information Applications and services include an operational log for general information about the service and error messages without specific
solutions
• Analytic Analytic logs have events that describe program operation and indicate problems that cannot be handled by user intervention Analytic logs contain a very high number of events that are used for detailed troubleshooting
• Debug Debug logs are used by developers to troubleshoot their programs
Analytic and Debug logs are hidden in Event Viewer by default
Trang 7What Are the New Features in Event Viewer?
Event Viewer is an MMC snap-in that allows you to browse and manage event logs It has been improved with a number of new features in Windows Vista
The new features in Event Viewer are:
• Cross-log queries Previous versions of Event Viewer allowed you to filter the events
in an event log to limit the information displayed However, if information about a problem was located in multiple event logs, each event log needed to be viewed separately In the Windows Vista version of Event Viewer, you can create queries that display events from multiple event logs This is particularly important now that many applications and services have their own event logs, which spreads information over a wider number of event logs
• Reusable views When you have constructed a query to find specific information, you can save it as a Custom view After a Custom view has been saved, you can export it for use on other computers or by other users
Trang 8• Integration with Task Scheduler Often when you are troubleshooting, you would like
to perform a task when a particular event occurs For example, you may want to run
a batch file that restarts several services when an application error occurs, or send an e-mail message the next time a particular event occurs The Event Viewer in
Windows Vista supports triggering tasks based on a particular event occurring
• Event Subscriptions The Event Viewer in Windows Vista includes the ability to collect copies of events from multiple remote computers and store them locally To specify which events to collect, you create an Event Subscription
Trang 9Demonstration 4: Using Event Viewer
In this demonstration, you will see how you can:
• View events
• Create a custom view
Key Points
The key points of this demonstration are:
• Event Viewer is used to view the contents of event logs
• Event Viewer can create and save custom views for later use
Trang 10Group Policy and Device Management
Introduction
Group Policy allows administrators to centrally control settings for users and computers
in their domain Windows Vista expands the capabilities of Group Policy with over 800 new policy settings One specific area that has been added is the ability to control
hardware device installation
Objectives
After completing this section, you will be able to:
• Describe the Local Security Policy
• Describe Group Policy
• Explain the new features in Group Policy
• Explain the enhancements to Group Policy
• Describe the differences between local and domain-based Group Policy
• Explain how to control device installation by using Group Policy
Trang 11What Is the Local Security Policy?
The local security policy is a set of security related settings for Windows Vista that apply only to the local computer To edit the configuration of the local security policy, you can use the Local Security Policy snap-in found in Administrative Tools, or you can use the Security Settings section of the local Group Policy
Some of the security settings in a security policy are:
• Account Policies The Account Policies contain a Password policy and an Account Lockout policy The Password policy enforces password restrictions such as
minimum password length and password complexity The Account Lockout policy protects Windows Vista from brute force password attacks by locking out accounts after a preconfigured number of incorrect logon attempts
• Local Policies The Local Policies contain an Audit policy, User Rights Assignment, and Security Options The Audit policy determines which events are logged in the Security event log User Rights Assignment settings determine which system
privileges are given to which users and groups of users Security Options contains settings to control the security options such as communication encryption and UAC
• Windows Firewall with Advanced Security Controls the configuration of Windows Firewall
• Public Key Policies Configures Encrypting File System (EFS) settings and
certificate auto-enrollment
Trang 12• Software Restriction Policies Controls the installation of software, even for users with Administrative privileges
• IP Security Policies on Local Computer Used for backward compatibility with Internet Protocol security (IPsec) policies in Windows XP Windows Vista can configure IPsec by using Windows Firewall with Advanced Security
You can also configure the local security policy by using security templates in
combination with Secedit or the Security Configuration and Analysis snap-in
Trang 13What Is Group Policy?
Group Policy is an infrastructure for centralized configuration management of user and computer settings It was originally introduced as part of Windows 2000 and has been expanded with each new release of Windows The complete Group Policy system is composed of server-side and client-side components
A group of settings that are applied by using Group Policy are known as a Group Policy object (GPO) A GPO contains computer settings and user settings Computer settings are applied based on the computer object in the Active Directory® directory service User settings are applied based on the user object in Active Directory
Some of the things you can do with Group Policy are:
• Install software
• Run startup or logon scripts
• Deploy printers
• Apply security policy settings
• Configure Windows
• Configure Microsoft Internet Explorer®
Trang 14What Are the New Features in Group Policy?
For Windows Vista and Windows Server® Code Name “Longhorn,” Group Policy has been enhanced to control additional Windows components The additional settings are based on requests from customers and internal development In addition, Group Policy processing has been improved
New Policy Settings
Some of the new categories of Group Policy settings are:
• Power Management The new Power Management features in Windows Vista are configurable by using Group Policy This means that you can easily apply Power Management settings to all Windows Vista computers in an organization for
substantial cost savings on power
• Windows Firewall with Advanced Security The Windows Firewall can now be configured by using Group Policy The Windows Firewall settings also include rules that control IPsec to ensure that you do not create conflicting rules
• Printer assignment based on location You can now assign printers to users based on location As a user with a mobile computer moves to different locations in the
company, new printers are assigned
• Printer driver installation by users A new setting allows users to install printer
drivers In previous versions of Windows, printer driver installation was restricted to administrators
Trang 15New Format for Administrative Template Files
Administrative templates describe the settings and the options for those settings when editing a GPO In previous versions of Windows, the administrative templates were ADM files In Windows Vista, the ADM files have been replaced with an XML-based format known as ADMX files
ADMX files have the following advantages:
• Easier management of multi-language administrative environments
• ADMX files are stored centrally (instead of per GPO) to minimize replication traffic
• New ADMX-enabled Group Policy tools are backward-compatible with ADM files
Network Location Awareness
Network Location Awareness ensures that client computers are aware of changing network conditions and resource availability With Network Location Awareness, Group Policy has access to the resource detection and event notification capabilities of the operating system, such as recovery from sleep, establishment of virtual private network (VPN) sessions, or changing wireless networks
Network Location Awareness has the following benefits:
• Faster startup times Client-side Group Policy components will only attempt to use available network devices, reducing time-outs
• Faster application of Group Policy settings Group Policy can retrieve settings from a domain controller as soon as it is available instead of waiting for the next refresh interval
• Group Policy application through firewalls Many firewalls block the Ping packets required by previous versions of Group Policy for network detection Network Location Awareness removes the reliance on Ping packets
Trang 16What Are the Group Policy Enhancements?
In addition to new features, many Group Policy components and features have been enhanced Some of the enhancements to Group Policy are:
• Group Policy Management Console (GPMC) GPMC was downloadable for
Windows XP and Windows Server 2003 It is now included with Windows Vista and Windows Server “Longhorn.”
• Internet Explorer configuration Most Internet Explorer 7 settings can be managed by using Group Policy In many cases, this eliminates the need to use the Internet
Explorer Administration Kit
• Group Policy service In previous versions of Windows, Group Policy was processed
by Winlogon Windows Vista includes a new Group Policy service that is responsible for processing Group Policy This new service reduces reboot requirements, is more efficient, and reduces memory usage
• Replication traffic reduction GPOs are replicated between Windows Server
“Longhorn” domain controllers by using the Distributed File System instead of the File Replication Service When a GPO is changed, only the changes are replicated rather than the entire GPO
Trang 17• Events and logging Previous versions of Group Policy were difficult to configure for logging Now that Group Policy processing is done by a separate service, the Group Policy service is a distinct event source in the System event log and writes to a separate Group Policy operational log
• Multiple local GPOs Windows Vista allows multiple local GPOs to exist on a single computer Each of these GPOs can be assigned to specific local users or groups of users allowing for additional flexibility in workgroup environments