Archive for March, 2009


Tools for Maintaining & Optimizing Windows

March 31, 2009

For years, techs have accepted as their lot in life the curse of having to use dozens of different command line and GUI tools that simply did not behave in a consistent way. Microsoft addresses this issue in Windows 2000 and XP with the Microsoft Management Console (MMC). The MCC enables Microsoft, and third-party vendors, to create tools that present a consistent face while maintaining a high degree of flexibility.

Another tool that is built into Windows 2000/XP is the Task Manager. The Task Manager enables you to monitor currently running programs and processes, change their priority, and stop them if necessary.

Microsoft Management Console (MMC)
The MMC is simply a shell program that holds individual utilities called snap-ins. You can start the MMC by opening the Run option and typing in MMC to get a blank MMC console. Blank MMC consoles aren’t much to look at. The function of the MMC changes depending on what snap-in is loaded. Many of the tools in the Control Panel’s Administrative Tools folder are simply pre-configured MMC’s. Virtually every traditional windows tool – and a lot of new ones – are now snap-ins. You can easily create custom MMC’s with the snap-ins of your choice loaded. Let’s look at how to do that by manually loading one of your most important tools, the Device Manager.

Device Manager
As you know, the Device Manager is one of the most used tools we have (it’s oddly not included with Windows NT). It’s easy enough to get to it the traditional way – by opening the System Properties applet in the Control Panel, clicking the Hardware tab, and then clicking the Device Manager button – but it makes more sense to “cut to the chase” and configure a custom MMC with the Device Manager. Open up a blank MMC, then in Windows 2000, click Console; in Windows XP, click File. In either O/S, select Add/Remove Snap-in, and then click the Add button to see a list of available snap-ins. After you click Add, choose the computer the snap-in will manage. Select Local Computer to focus on the local system, or browse to always focus the tool on a different computer on your network, and click Finish. After this, close the Add Standalone Snap-in box. The Device Manager will be listed in the Standalone page of the Add/Remove Snap-in box. Click OK to close it, and then click Device Manager under Console Root. Once you’ve added the snap-in you want, just save the console under any name you want (with the extension of .msc). Now, you’re only a double-click away from the Device Manager! Microsoft also knows that some folks like things the old way, so the company has created a bunch of pre-made, locked consoles for you and dropped them in the same places, where you’d expect them to be (if you have previous experience with Windows 9x). You can open the Windows System Utility in Windows 2000/XP, for example, by clicking Start/Programs/Accessories/System Tools/System Information. It’s the good ol’ System Information Utility, but it’s an MMC-style snap-in.

Event Viewer
Another important snap-in is Windows Event Viewer. Work with Event Viewer (available in Windows NT, 2000 and XP). Work with Event Viewer for a while and you’ll see that monitoring various log files reveals things about the health of the operating system through the behavior (logged events) of its services and applications. Event Viewer is usually started from the Administrative Tools. In Windows 2000, open the Control Panel, double-click the Administrative Tools icon, and double-click the Event Viewer icon. In Windows XP, open the Control Panel, double-click the Performance and Maintenance icon, then Administrative Tools, then Event Viewer. The Event Viewer will display events from three log files: Application, Security and System. 

Types of Events
Event Viewer displays five types of events. The System and Applications logs have Error, Warning, and Information events, while the Security log displays Success Audit and Failure Audit events. An Error event is bad news – something’s broken or data has been lost. In the Application log, this can mean an entire application hung up or an operation failed. In the System log, this can mean that a service failed. A service is a special program that provides specific functionality to the O/S. A warning is something that isn’t critical, but may mean there is trouble to come. For instance, if disk space is low, a Warning event is logged. An information event is the only good news, because it means an application, driver, or service successfully completed an operation.

Event Viewer Settings
In Event Viewer, alternate-click System select Properties. In Properties, look at the Log Size box, which defines the maximum size a log file may grow to, and what action should be taken when the log file reaches the maximum. The defaults are 512 KB and Overwrite Events Older Than 7 Days. You can easily reconfigure these settings, but be aware that large log files take up a lot of space on the hard disk drive. If scrolling through large log files makes you dizzy, you can use Filter settings to make the viewer show only specific selections. Change the filter settings so that when you are viewing a large log file, you can filter out events by type, source, category ID, user, computer, and date. Keep in mind that this controls only what Event Viewer displays: all events will still be logged to the file, so you can change your filter settings without worrying about losing logged data.

Clearing, Archiving and Opening a Log File
Clear the System Log by alternate-clicking System Log and selecting Clear All Events. You’ll be prompted to save the System Log. To do so, click the Yes button. You can archive a log file that you want to be able to view later by saving it with a unique filename. To open the file you just saved, click the Action menu, select Open Log File, select the file, then the log type (System, Application, or Security), and then click Open.

Task Manager
The Task Manager is another important utility in the tech’s toolbox. Not an MMC snap-in, but a freestanding utility, the Task Manager enables you to monitor, in real time, your PC’s currently running programs and processes and gauge overall system performance. There are several ways to look at the Task Manager. The following work in Windows NT, 2000 and XP:

Press the CTRL-SHIFT-ESC key combination
Press CTRL-ALT-DEL once
Alternate click on a blank area of the task bar and select Task Manager from the pop-up menu
Select Start | Run and type taskmgr

The Task Manager displays three property sheets: Applications, Processes, and Performance. Windows XP also adds tabs for Networking and Users. At the bottom of the utility window is a summary of the total number of processes running, total CPU usage, and total RAM usage (called Commit Charge in Windows XP).

The Applications property sheet shows all applications currently running on your system, along with their active status (Running, Not Responding, or Stopped). Using the Application property sheet,  you can close an application (End Task), make an application active (Switch To), or start an application (New Task).

Every program or service running on your system is actually one or more discrete process. The Processes property sheet lists processes and services currently running on the system. There’s a lot you can do from the Processes tab. Look at the Processes tab on your system and compare it to the Application tab. Notice that there’s a lot of stuff showing in process that doesn’t show applications.That’s because the Applications tab shows only applications started by the user. It does not show any services or any child processes started by applications or by services. You can end a process in the Processes tab by alternate clicking and selecting End Task from the pop-up menu. The End Process Tree will close that process and any other processes started by that process. Notepad is a simple program that does not start any other processes, so just click End Process – Windows gives you a warning screen – then click OK. You can do a lot more than just close processes in the Processes tab. For each process running, you will see a unique Process ID (PID), the amount of CPU time that the process is using, the amount of time the process has been running, and the amount of system memory usage. One of the handiest aspects of the Process tab is the memory usage. Try starting a few bigger programs – Microsoft Word is a good example – and see how much memory they use.  You can also set the priority for processes in the Process tab – a very handy way to give more important programs more of the CPU’s time. the priority determines the order in which the threads of a process are scheduled for the CPU. To set a base priority for a process, alternate click the process and select Set Priority from the pop-up menu, then select a base priority for the process to run at. Choices are Real-Time, High, Above Normal, Normal, Below Normal, and Low. Be aware that increasing the base priority of one process may adversely affect other processes running on the system. This is especially so if you assign a process Realtime base priority, which, depending on the application, can cause the system to stop responding.

The Performance property sheet gives you a graphical overview of the system’s CPU and memory usage. You can see real-time graphs of CPU and memory usage and the total number of handles, threads  and other processes.

Handles are values assigned to open resources such as files or Registry keys. Threads are discrete chunks of processes. Just as a program is made of processes, a process is made of threads.

The Performance tab gives some very nice details on memory usage, particularly the physical, commit charge, and kernel memory statistics.

Physical memory is the actual RAM on your system. The Performance tab shows the total amount of RAM, the amount available, and the amount used for the system cache (the system cache is basically just the disk  cache).

Commit Charge memory is the amount of memory that is actually being used. The Limit is the total amount of both physical and virtual memory, and the Peak is the most you have used recently.

Kernel Memory statistics show the memory used by the core Windows files. This one is probably the least useful.

Available only on Windows XP, the Networking tab shows the State, Link, Speed and Percentage of Network Utilization for NICs installed on the system. Aside from providing a pretty graph, the Networking tab doesn’t enable you to perform any real technical tasks on your NIC or network connection.

The Users tab shows names and session status of users configured to access the PC. You can use this tab to disconnect users currently logged onto the system, or send messages to users on other systems in the same workgroup. The Users tab is available on Windows XP PCs that belong to a workgroup (no domain) and have Fast User Switching enabled.


Troubleshooting a VPN Connection

March 27, 2009

If you are unable to connect to a VPN server, check the following:

Check basic settings such as username, password and host name or IP address. These settings are easy to change, and a single digit or letter error is enough to prevent a successful connection.

Compare the settings used by your VPN client to those expected by the VPN server. Adjust client settings to match those used by the server.

If you use a router to connect your computer to the Internet, make sure the router is configured to provide IPSec and PPTP pass-through. With a Linksys router, check the filters dialog to check these settings. For other routers, check your documentation. If either or both pass-through settings are disabled, you are not able to connect to a VPN server.

If you use a router to connect your computer to the Internet and another user has a VPN connection running, but you can’t connect at the same time, this is normal. Most low-cost routers for home and small office support IPSec and PPTP pass-through for only one user at a time.


The Boot Process

March 1, 2009

When you sit down and power the machine on, the first thing that happens is that the system BIOS loads the underlying programs that fire up the computer. The last thing the BIOS does is to load the Master Boot Record (MBR) data into memory.

1. The MBR contains code that locates the system bootable partition.
2. From the system partition, NTLDR executes and gets the operating system startup process rolling.
3. This brings us to the BOOT.INI file. NTLDR locates and reads the BOOT.INI file for information such as which operating system to launch, where to find the appropriate files to launch that system, and boot menu items.
4. The boot menu displays.
5. NTDETECT.COM launches.
6. NTOSKRNL.EXE runs and the HAL is loaded.
7. Low-level system device drivers load.
8. Operating system kernel and subsystems load and initialize.
9. Any remaining drivers and services are loaded, and Windows 2000 is up and running.

Boot Files and Locations:

NTLDR: System  partition root (e.g. “C:\”)
BOOT.INI: System partition root (e.g. “C:\”)
BOOTSECT.DOS: System partition root (e.g. “C:\”) Only needed on multi-boot systems with Windows 9x/Me
NTDETECT.COM: System partition root (e.g. “C:\”)
NTBOOTDD.SYS: System partition root (e.g. “C:\”) Only used if system partition is on SCSI disk with BIOS disabled
NTOSKRNI.EXE: %SystemRoot%\System32 (e.g. “C:\WINNT\System32”)
%SystemRoot%\System32 (e.g. “C:\WINNT\System32”)
%SystemRoot%\System32\Config (e.g. “C:\WINNT\System32\Config“)


System Partition Vs. Boot Partition

March 1, 2009

One of the more confusing aspects of the Windows NT/2000/XP family lies in the way Microsoft distinguishes between what they call the system partition and the boot partition. Only a few vital files are required to start the boot process, and these files are stored on the system partition. This is the first, active partition on the system: by default, this is the C:\ drive. The boot partition, interestingly, is not the the partition the O/S boots from, but rather the partition that the O/S boots to. The boot partition is the partition that holds the O/S files themselves (in the \WINNT folder).
The system partition and the boot partition can be the same partition (and, if your hard disk drive has only one partition, then they are the same), but they don’t have to be. During Windows NT/2000/XP setup, you can specify any partition as your boot partition. In fact, on systems with more than one O/S installed – multiboot systems – Microsoft highly recommends that you install each O/S on its own partition.
As an example, let’s say you have a system with a single hard disk drive split into two partitions: C:\ and D:\, with Windows 98SE installed on the C:\ drive (i.e. C:\Windows) and Windows 2000 installed on the D:\ drive (i.e. D:\WINNT). The C:\ drive is called the system partition, and the D:\ drive is called the boot partition.


NTFS Permissions

March 1, 2009

In the NT/2000/XP world, every folder and file on an NTFS partition has a list that contains two sets of data. First, the list details every user and group that has access to that file or folder. Second, the list specifies the level of access that each user or group has to that file and folder. The level of access is defined by a set of restrictions called “Permissions.”

Permissions – These define exactly what a particular account can or cannot do to the file or folder and are thus quite detailed and powerful. You can make it possible, for example, for a person to edit a file but not delete it. You can create a folder and not allow other people to make subfolders.

Ownership – When you create a new file or folder on an NTFS partition, you become the owner of that file or folder. A newly-created file or folder by default gives full permission for everyone to access, delete and otherwise manipulate that file or folder. Owners can do anything they want to the files or folders they own, including changing the permissions to prevent others from accessing them.

Take Ownership – One special permission, however, called Take Ownership, enables anyone with that permission to do just that – seize control of a file or folder. Administrator accounts have Take Ownership permission for everything.

Change Permissions – An account with this permission can take away permissions for other accounts.

Folder Permissions – In Windows NT/2000/XP, every folder in an NTFS partition has a Security tab. Every Security tab contains two main areas. The top area shows the list of accounts that have permissions for that resource: the lower area shows exactly what permissions have been assigned to that account.

Windows permissions are quite powerful and complex. The list of permissions shown in the permission area, for example, is not really permissions, but rather preset combinations of permissions that cover the most common types of access. Click the Advanced button, and then click View/Edit to see the real NTFS permissions; Microsoft calls them special permissions. Even the most advanced NT/2000/XP support people rarely need to access these.

File Permissions – File permissions are quite similar to folder permissions. Permissions are cumulative, and the accumulate according to inheritance. There is an inheritance relationship between a folder and the files or subfolders that it contains. Permissions that are configured on a folder are passed down, or inherited, to the contents of that folder by default. This means that if you have Full Control on a folder, you get Full Control on the files in that folder. If you look at the bottom of the Security tab, you will see a little check box that says, “Allow inheritable permissions from parent to propagate to this object.” In other words, any files or subfolders created in this folder get the same permissions for the same user/groups that the folder has. This enables you to stop a user from getting a specific permission via inheritance. Windows 2000 and XP (unlike Windows NT) provide explicit Deny functions to each option.