Administrative Tools
Microsoft has included a number of tools with each iteration of windows to simplify system administration. While some tools have very specific purposes and won’t be used that often, that are some that will be used on a daily basis.
Microsoft Management Console This is the console root framework used for all administrative tools in windows. created to be a frontend interface framework to control and run administrative tools. All administrative tools follow this layout Mainly used by system administrators, and as a barebones framework MMC is customizable due to the feature of adding/deleting snap-ins of whatever admin tools you want in the interface start by pressing Windows+R to open Run, then type in mmc computer management is a “done-for-you” variation of MMC. Pre-Built Admin Tools MMC variation, a good starting point It comes already pre-equipped with some snap-ins for what Microsoft thinks are good snap-ins for an administrative console It’s under Administrative Tools in Control Panel drivers are extremely hardware specific+ OS specific software that teaches the OS how to properly communicate with whatever device you’re plugging into your computer. Device Manager allows you to view + change hardware devices on the OS Allows administrators to load and update third-party drivers Drivers Can be found on the device manufacturer’s website Usually the first place you check when a piece of hardware device does not function after installation There are different colored icons that all have different meanings: This icon means the device is a problem state and a problem code is displayed, the PC is having trouble communicating with the device. This icon represents a disabled device which is a device that is physically present, consuming resources, but is not enabled. This icon represents a disabled device. variant of MMC that allows for granular control over local user accounts and groups for windows OS allows for the viewing, creation, and modification of individual users. You can also access disabled users allows the viewing, creation, and modification of groups Different from the User Accounts Control Panel applet, in the sense that the control panel applet only allows you to control the admin group. But from the Local users & Groups MMC extension, you can view permissions from all the groups. variant of MMC that allows you set the default security settings for the entire system. Can be used in Active Directory to manage entire company networks by using local security policy along side group policies to distribute the policies company-wide Standalone computers using local security policy aren’t managed through Active Directory. In that case, you just use the regular local security policy MMC by its self. Can control security policies such as: Password Complexity Requirements visual interface that collects counter information and then converts that information to a console or event log. Can be used a general troubleshooting tool or security-troubleshooting tool. For instance, you can see where the resources are being used and where the activity is coming from. Has much more detailed information than the performance tab in task manager A variant of MMC that acts an administrative tool that allows you to interact with the services running on the computer. Services are low-level programs that run in the background The status of the services will typically be started or stopped, but you can also right click and make the service start, pause, resume, or restart. If you right click a service and click properties from the menu, you can choose the startup type. a system utility designed to troubleshoot the windows startup process, msconfig. It can disable/enable software, device drivers, or windows services that run at startup There are 5 tabs in the System Configuration tool used to troubleshoot the startup process: The general tab allows you to choose how you want the computer to startup. This tab is used to choose safe boot (safe mode) and turn on the information so that you can see all drivers as they load — quite useful when you’re trying to figure out why the system keeps getting hanged up at Bootup. At this tab, you can view the services installed on the system and their current status (running or stopped You can also enable or disable services This tab allows you to turn on or off items that runs at startup. This tab will redirect you to the startup section of Task Manager At this tab, you can launch a number of administrative tools to configure various windows features to help make the startup process even more smooth allows you to configure an application to run automatically or at any regular interval. Terms used to describe the options for configuring tasks what the task actually does an optional requirement that must be met before the task runs any property that affects the behavior of the task the required condition for the task to run Ex: You could configure a report to run automatically(action) every Tuesday (trigger) when the system has been idle for 10 minutes (Condition), and only when requested (setting). COM+ (Component Object Model) is the model that allows developers to build applications that work in very large computing environments and across the enterprise. Used when developers are developing object oriented applications that are going to be deployed in the windows OS It’s coupled alongside the Event Viewer & Services tool so that you get a total view of everything happening with the application If a COM+ based application needs any further configuration so it can run on a computer, you’ll make those changes inside of the Component Services Tool. Open Database Connectivity It allows you to view, create, and modify connections to databases Separates the application from the database Supports open data base connectivity and Supports Maximum interoperability allows the application developer to create an application without having to worry about how its going to connect to the database This allows the developer to completely focus on the functionality of the application, instead of worrying about how it’s going to talk to the database If there is a database you need added to your windows configuration so an application can access it, you’ll have to do it in the ODBC Data Source admin tool used to manage multiple printers, print drivers, and print servers from a single interface Windows Memory Diagnostics diagnostic tool used to check the system for memory problems . system must be rebooted for the tool to work and it will take several minutes if errors were found, then upon startup, a error box will appear. Windows Defender Firewall a integrated host-based stateful firewall provided by Windows ( a stateful firewall is a firewall that understands and remembers the state of traffic that flows through it. It remembers which traffic has come in and which has not) It acts on fundamental firewall rules You can control traffic by filtering by applications. But you can either allow all traffic from an app or not allow any traffic from an app. There is no further control than that No Scope (can’t differentiate between incoming & outcoming traffic) You can’t configure advanced connection security rules, which means you can’t “only send this traffic over a IPsec tunnel”, which is a more secure connection. Windows Defender (Advanced Security) Allows Detailed Control over the security features of the firewall rules created to allow or deny network traffic inbound applications entering the OS created to allow and deny network traffic leaving the OS Connection Security Rules rules for authenticating and encrypting traffic. which programs are allowed inbound/outbound traffic Which protocol or port are allowed in/out the network. tool that allows you to view all of the application error logs, security audit records, and system errors. breaks each event into categories: information, warning, error, critical, successful audit, and failure audit used to troubleshoot an application or the OS, you may be able to find the root cause of the issue in the event viewer
A system monitor program used to monitor all the current processes on the computer It has 7 Tabs: Processes, Performance, App History, Startup, Users, Details, & Services. View all running applications and processes on the system so you can see any abnormalities. You can see which tasks are open on the machine and you can also see the status of each task, which can either be running or not responding. If a task has stopped responding (hung-up), you right click the task and click end task You can also change the priority of a process in Task Manager as well Real-Time Priority is for applications that must have the processor’s attention to handle time critical tasks. This can only be done by administrators. shows where resources are being used by each component of the PC by displaying a graphical interface or line graph shows real time CPU utilization including where all the activity is coming from Shows networking data as well Provides real time usage statistics regarding applications being run and the amount of system restores being used. lists the name of the services to be configured at startup as well as the publisher, status, and startup impact. From this tab you can choose any service listed and disable it. provides information about the users logged into the local machine You’ll see username, status, CPU usage, memory usage, disk usage, and network usage. You can do a number of things from here: view the active user’s processes, switch the user’s account and remote-in to the user’s PC Lists the name of each running service as well as the process ID associated with it and it’s description, status, and group. Clicking on it will open up Microsoft Management Console (MMC) snap-in service. By right clicking, you can do a list of things: It also provides information about any current applications that may be currently running as well It can used to end frozen or stubborn programs accessible by right clicking the task bar or ctrl+alt+del and choosing task manager.
Lets you view a host of information regarding all of the drives installed in your system, including CD/DVD-ROM drives. Allows you to review all the logical partitions configured and physical drives that are connected to the computer. means the volume is working perfectly and there are no problems means the volume has experienced some errors, but they’re not fatal. Yet! You see this when you are formatting a disk; only temporary status means either the disk is damaged or there is an issue with the disk. normal when your setting up a new volume means a volume has failed in your RAID 1 or RAID 5 array means that you have a RAID 1 Array setup (Mirrored) volume and it’s copying from one drive to the other drive Happens after a drive is replaced in RAID 1 (Mirroring) means that you are running a RAID 5 setup on this drive, and one of your drives have failed so it had to be replaced with a new one. The new drive is being uploaded with the data it needs When the OS makes files and directories on a storage device available for use via the computer’s file system. Mounting can also be used to extend available storage space You can create a folder inside the drive that is running out of space, mount it, and have it pull the additional space from an extra storage space you have (usb, ssd, another hard drive). You do this so you don’t have to go through the trouble of making a new volume. This process is seamless and instantaneous. performed whenever you realize that you’ve allocated too much space to a certain volume, and you want to split it down the middle so you can have another free volume to work with Ex: Volume C (100GB) → splits → Volume C (50GB) and Volume D (50GB) Shrinking Volumes (Partitions) is the same, just not right down the middle as an even split or half. Ex: Volume F (100GB) → shrinks (20GB) → Volume F (80GB) and Volume G (20GB) You can also increase the size of particular volume by extending it. By extending, It means you have two volumes each measuring 10GB and you want to make one bigger, or extend it. So you have volume A (10GB) & volume B (10GB). When you extend A over B, you’re reallocating space between the two volumes since they’re two halves of the same disk. Ex: Volume A (10GB) → extends (5GB) → over Volume B (10GB), making Volume A (15GB) and Volume B (5GB) now. All new drives must be initialized before first use, then the drive needs to be mounted to the system. Initializing the drive allows the system to recognize it. The New Simple Volume Wizard can be used for designating the format type and for assigning/changing drive letters. Arrays of disks are multiple disks working together for a specific purpose. Also known as RAID (Redundant Array of Independent Disks). They’re used for fault tolerance so in the event of a disk failure, the system will continue to function. uses striping and does not add any fault tolerance, only adds to overall performance uses mirroring to add fault tolerance, creates complete duplicate of the volume. Adds increased performance and fault tolerance requires 3+ disks to work with used to saves files to two or more drives to help protect you from a drive failure. Also allows you to add more drives if you need more storage for the files you want to protect from drive failure Can use external hard drives to create the storage pool as well
Allows you to start the application as a command instead of the GUI Windows registry is the big huge master database of the entire system It is a hierarchal database and is built each time Windows boots, is updated as the system runs, and is saved on shutdowns. Its used by almost everything: Kernel, Device drivers, services, security account manager, user interface and applications You may have to make changes to this registry and when you do, make sure you create a hive (backup) incase you need to rollback the changes HKEY - Handle for Registry Key cmd , windows command line prompt used to control the OS tool that allows you to interact with the services running on the computer. Control background applications services.msc is the run command Build your own management framework using this skeleton The base for mostly all admin tools MMC is the run line command Remote desktop protocol is used primarily by techs to remote-in to a person’s computer to see exactly what’s going on MSTC is the run line command notepad is the run line command explorer is the run line command msinfo32 is the run line command Windows System Information • A wealth of knowledge • Hardware Resources - Memory, DMA, IRQs, conflicts • Components - Multimedia, display, input, network • Software Environment - Drivers, print jobs, running tasks Displays reports of DirectX components that are disabled defrag is the run line command Tool used to improve read and write time for disk moves files back together so they are contiguous (side-by-side or sequential) Used only in PCs with HDDs
REVIEW QUESTIONS
