MS Operating System Administrative Tools

In this demonstration, we want to take a look at using the Computer Management utility, and a custom MMC to manage your computer. [Video description begins] A search term, computer, has been entered into the search bar in a Microsoft Windows environment. The search results are arranged into three categories: Best match, Apps, and Settings. [Video description ends]

 

So if I type "computer," there's Computer Management; I open up Computer Management. [Video description begins] The presenter selects a search result, Computer Management, from the Apps search results subcategory. The Computer Management console opens. [Video description ends] And what I'm looking at here is a built-in Microsoft Management Console that presents to me in a single place all of the common system utilities that I would need to manage this machine. Utilities for diagnostics, for disk management, for performance data, manage devices, etc. Now, I'm going to do a quick overview of what's in here. But then as part of the A+ Certification course, there will be individual demonstrations of every one of these utilities. So this is the introduction to the Computer Management utility. And in here we see all the other utilities that we'll explore in more detail in separate and unique demonstrations.

 

So the very first thing that you'll note, when I look in the left-hand navigation bar and I see at the top of the tree, Computer Management. [Video description begins] The uppermost node in the navigation pane is: Computer Management (Local). It is currently selected. [Video description ends] If I double-click it, it collapses the tree. And I see the principal areas that are covered by this tool over here in the center pane, [Video description begins] With Computer Management (Local) selected, the Details pane lists three options: System Tools, Storage, and Services and Applications. [Video description ends]in what would often be the preview pane or the working pane in this example. [Video description begins] He selects System Tools in the Details pane. [Video description ends] The System Tools, Storage, Services and Applications. And broadly this tool is defined within this scope.

 

You'll note that in the left navigation pane adjacent to Computer Management it says, Local. Now that should tell you something right there. That tells me that I'm managing the local machine when I launch this utility by default. But it also tells me that I can connect to other computers. [Video description begins] He right-clicks the uppermost node, Computer Management (Local), in the navigation pane. The options in the right-click menu include: Connect to another computer, All Tasks, View, Export List, and Help. He selects Connect to another computer from the right-click menu. A Select Computer dialog box opens. It prompts the user to select the computer this snap-in should manage. [Video description ends]

 

So if I'm an administrator, a network administrator, and I manage all the machines in the domain, I'm a domain admin, right? The domain admin's group is automatically added to the local administrators group on every machine that's joined to that domain. Then I could specify another machine in the Active Directory Domain and I could manage it here. If I didn't have a domain, if I was working in a less than ten-person shop and I just had a little work group there, if I had a local user account that had administrative rights on other machines in the work group I could connect to that, authenticate with a separate set of credentials, and get in there. For our purposes, we're going to look at the local machine here. [Video description begins] He clicks the Cancel button to dismiss the dialog box. [Video description ends]

 

So I can expand Computer Management by double-clicking Computer Management (Local) in the upper left-hand column of the navigation pane. [Video description begins] He double-clicks the Computer Management (Local) uppermost node to expand it in the navigation pane. [Video description ends] And then I see those principal tool sets, or domains, areas of system management that are covered by this tool. [Video description begins] He points to the three nodes listed: System Tools, Storage, and Services and Applications. [Video description ends] There's the System Tools. [Video description begins] He clicks the sidepointing arrow beside System Tools in the navigation pane to expand it. [Video description ends]

 

If I want to schedule a recurring task, I have access to Task Scheduler. [Video description begins] He points to the Task Scheduler subnode. [Video description ends] If something's gone wrong on this machine, and I want to take a look at the events that have happened recently on this machine, there's Event Viewer. [Video description begins] He points to the Event Viewer subnode. [Video description ends] If I need to configure a shared folder, I can create and configure shared folders here. [Video description begins] He points to the Shared Folders subnode. [Video description ends] I want to track the machines performance or see the performance in real time, [Video description begins] He points to the Performance subnode. [Video description ends] I can access the Performance Monitor, right? [Video description begins] He expands the Performance subnode and selects the Performance Monitor nested below it. [Video description ends] And there I'm seeing real time running diagnostics on this machine. [Video description begins] He collapses the Performance subnode. [Video description ends]

 

If I'm concerned about storage or I have a need to manage storage, coming down the navigation bar to the next principal area. [Video description begins] He selects the Storage node in the navigation pane and expands it. Two subnodes are listed: Windows Server Backup and Disk Management. [Video description ends] And what I'll do is I'll collapse System Tools, [Video description begins] Storage is now the only expanded node under Computer Management (Local) in the navigation pane. [Video description ends] just by hitting that little arrow next to System Tools, and expand Storage. And I see that in here I can configure backups for this machine. I can also access the Disk Management console from this machine.

 

And then finally down here, Services and Applications. [Video description begins] He collapses the Storage node and expands the Services and Applications node instead. [Video description ends] I can actually access IPv4 [Video description begins] He selects a subnode called IPv4 that's nested under Services and Applications. [Video description ends] and IPv6. DHCP configurations, because this machine is a DHCP server. [Video description begins] He points to an IPv6 subnode. [Video description ends] IIS services, because this machine is a web server. [Video description begins] He selects another subnode of Services and Applications, Internet Information Services (IIS) Manager. [Video description ends]

 

It's also a routing and remote accesses services server, so I can see that here. [Video description begins] He selects the Routing and Remote Access subnode. [Video description ends] And then the Services console, I can access and see all the running services. Or what's not running, what's disabled, what's set to manual start up, etc. [Video description begins] He selects the Services subnode. [Video description ends] WMI, if you're not familiar with WMI scripting, it's a methodology by which I can call devices on this machine and write scripts to automate processes. [Video description begins] He selects the WMI Control subnode. [Video description ends] But this is being replaced principally, or rolled into PowerShell, these days.

 

Now, very quickly, I'm going to minimize that console and I'm going to open a Run dialog box. [Video description begins] With the Computer Management console minimized to the desktop, he launches a Run dialog box. It contains one text field, Open. [Video description ends] And in that Run dialog box, I'm going to type "mmc." [Video description begins] With mmc entered into the Run dialog box, he clicks the OK button. A Console1 - [Console Root] user interface opens. [Video description ends] This lets me create a Computer Management console that is customized for my own needs. [Video description begins] He expands the Actions menu from the menu bar. Options include: New Window from Here, New Taskpad View, Rename, Export List, and Help. He expands the File menu from the menu bar. Menu options include: New, Open, Save, Save As, and Add/Remove Snap-in. [Video description ends]

 

So for example, I can go to File, to Add/Remove Snap-in. [Video description begins] He selects Add/Remove Snap-in from the File menu. An Add or Remove Snap-ins dialog box opens. It is divided into two lists, Available snap-ins and Selected snap-ins, with an Add button. [Video description ends] And we mentioned before, this machine is a DCHP server, [Video description begins] He selects DHCP in the Available snap-ins list and clicks the Add button. [Video description ends] so I want the DCHP console in there. [Video description begins] DHCP is added to the Selected snap-ins list. [Video description ends] I want the Disk Management console in there because we do a lot of disk management on this machine. [Video description begins] He selects Disk Management in the Available snap-ins list and clicks Add. In the Disk Management wizard that opens, he clicks Finish. Disk Management is added to the Selected snap-ins list. [Video description ends] This is a DNS server, right, which was not in the Computer Management console, I want to add that in there, DNS. [Video description begins] He selects DNS in the Available snap-ins list, clicks Add, and it's added to the Selected snap-ins list. [Video description ends]

 

Now, I've got a custom MMC. [Video description begins] He clicks the OK button. The Add or Remove Snap-ins dialog box closes and the three snap-ins, DHCP, Disk Management (Local), and DNS, are listed in the navigation pane under the uppermost Console Root node. [Video description ends] Doesn't have all those other tools in it, but it's focused on just my immediate needs. I can save this MMC, launch it anytime I want, and get access to those principal utilities that I need every day. Extremely handy, very valuable for anybody that's in the business of managing Windows machines.

 

In this demonstration, we want to take a look at the Performance Monitor and the Task Scheduler. [Video description begins] A search term, perfmon, has been entered into the search bar in a Microsoft Windows environment. The presenter selects the first Best match, Performance Monitor, from the search results, to launch it. [Video description ends] And the Performance Monitor is a built-in tool for real-time reporting on the performance of the machine. [Video description begins] In the Performance Monitor console that opens, he selects the Performance Monitor node that's nested below Monitoring Tools in the navigation pane. [Video description ends]

 

Now, I can use it for real time reporting. [Video description begins] In the Details pane, a line graph displays. It consists of real-time values. A legend displays, indicating which values are being plotted. [Video description ends] I can also build what we call data collector sets, which track performance over time. So I can use this tool to build baselines. And a baseline for performance is what we expect the performance to be under normal stress, right, under normal production, daily production stress. And then off hours performance, if you have such a thing in your business. Not everybody does anymore.

 

If we take a look in the left-hand navigation pane, I see Data Collector Sets, right? That's where I can build a collection of these what we'll call counters, and objects, and that's what we want to start with. [Video description begins] He points to the Data Collector Sets node in the navigation pane. [Video description ends] And we can see here's the Performance Monitor.

 

Now when I open it by default, it's showing me a single counter. [Video description begins] He points to the fact that a single performance value is being plotted. In the legend, the Counter value is listed as: %ProcessorTime. [Video description ends] And I can see that counter listed at the bottom of the screen here. [Video description begins] He selects the counter within the graph legend. [Video description ends] It's got a color assigned to it, [Video description begins] In this instance the counter has a red color. [Video description ends] it's got a scale, and then the counter name % Processor Time. [Video description begins] The Scale value, according to the legend, is 1.0. [Video description ends] And that % Processor Time tells me what percentage of available processor cycles is currently being consumed on this machine. And over here at the end of this column, they're the last column in the chart, is the computer name. And I see that it's listed there as, in this example, \\TARDIS2. [Video description begins] He points to the Computer value in the chart legend, which is: \\TARDIS2. [Video description ends]

 

Now, this % Processor Time, it's easy to look at this and say, well this machine is clearly underutilized. [Video description begins] He points to the fact that the graph consistently shows a value of close to zero for the counter in this instance. [Video description ends] Processor's hardly getting hit at all, we must be off hours, off peak. And I would tend to agree with you, right? [Video description begins] The values along the horizontal x-axis indicate an off-peak time range, which spans from 8:02:33 PM to 8:02:32 PM in this instance. [Video description ends]

 

Now, we can spike this counter a little bit. Let's switch over to the Task Scheduler for a second and see what impact using the Task Scheduler has on the processor. [Video description begins] He minimizes the Performance Monitor console window. He switches to an existing instance of the Task Scheduler. [Video description ends] And the Task Scheduler is a great little tool that lets me automate tasks. [Video description begins] The Task Scheduler is open with the Task Scheduler (Local) uppermost node selected in the navigation pane. [Video description ends]

 

And I can see that there's a number of tasks listed in here. [Video description begins] He selects the Task Scheduler Library node in the navigation pane. Five items are listed in the Details pane. [Video description ends] For example, I can select the Adobe Acrobat task. [Video description begins] He selects the first item in the Details pane, Adobe Acrobat Update Task. [Video description ends] And then down below here I see the General, Triggers, Actions, Conditions, Settings, and History tabs for that task. [Video description begins] He points to each of the tabs that display when a task is selected in the Details pane. The General tab is currently open. It displays more detail about the selected item, such as its Name, Location, Author, and Description. [Video description ends]

 

The trigger tells me, when does this task run? [Video description begins] He switches from the General to the Triggers tab. [Video description ends] What action does it take? I start a program. [Video description begins] He switches to the Actions tab. [Video description ends] The program is Adobe Acrobat. Under what conditions? [Video description begins] He switches to the Conditions tab. [Video description ends] And we said, start the task if the computer is plugged in, right? [Video description begins] He points to a setting that's enabled on the Conditions tabbed page. In the Power category, a checkbox is selected: Start the task only if the computer is on AC power. [Video description ends] So anytime the computer starts up, anytime anybody logs in, Adobe Acrobat starts. And this is the way that I can configure the application to start automatically.

 

Let's just take a look, I'm just going to minimize this for a second [Video description begins] He minimizes the Task Scheduler window to the desktop. [Video description ends] and jump back over to Performance Monitor [Video description begins] The Performance Monitor reopens. [Video description ends] so that we can see, here's a little spike where we started that other application, right? [Video description begins] He points to a spike in the value of the %ProcessorTime counter, as plotted in the chart. [Video description ends] A few other little bumps there, but for the most part, no real impact, right? Starting the Task Scheduler had no real impact on the machine. [Video description begins] He clicks the Minimize button to minimize the Performance Monitor to the desktop once more. [Video description ends]

 

Well, what if we did some other things? What if I launched this, [Video description begins] He launches the Windows PowerShell console from the taskbar. [Video description ends] and what if I launched this, and what if I launched this, and what if I launched this? [Video description begins] He launches the Hyper-V Manager console from the taskbar as well as a text file that opens in Notepad. [Video description ends] And what if I came over here and did this, right? [Video description begins] He launches a virtual machine connection instance from the taskbar, which opens on the login screen. He also launches the Settings menu, which opens on the Customize your display page. [Video description ends] Now, if we look, there's my spike, right? [Video description begins] He switches back to the Performance Monitor. In the chart, there is now a more discernible spike in the value of the %ProcessorTime counter. [Video description ends] There's my impact on this processor.

 

Now, it's important to note that it's not good enough ever just look at a single instance of a single counter and think you have some idea of what's going on. You might have some idea. Clearly this machine has lots of spare capacity. But suppose that processor were spiked at 100% all the time. What would I make of that? Well, this is where we get into the school of root cause analysis. I know that the operating system functions in two modes and you should too. There's kernel mode where protected privileged operating system functions live and work. And then there's user mode, where user mode applications are run. And by far and away, user mode applications should take up the vast majority of processor cycles. Kernel mode components should never really consume more than 10% of the processor.

 

So if this were a situation where the processor were spiked at 100%, the very first thing I would want to know is, is it a user mode application or a kernel mode process that's consuming those processor cycles? And I can drill down in this by adding counters. [Video description begins] He clicks the Add Counter button on the toolbar. An Add Counters dialog box opens. [Video description ends] And on the menu bar, there's a green plus sign to add counter information.

 

And under the processor [Video description begins] In the Available counters section of the Add Counters dialog box, he selects Processor Information. Some of the other counters include Processor, Processor Performance, and RAS. [Video description ends] there is a counter for % Privilege Time, [Video description begins] He expands the Processor Information counter in the list. He selects %Privileged Time in the expanded list. [Video description ends] which are the kernel mode components. [Video description begins] He clicks the Add button. The %Privileged Time counter is now listed in the Added counters pane of the Add Counters dialog box. [Video description ends] And then % User Time, which are the user mode applications. [Video description begins] He does the same for the %User Time counter. He selects it in the Available counters list, clicks Add to add it to Added counters, and then clicks the OK button to dismiss the Add Counters dialog box. [Video description ends]

 

Now I can get a sense of what's using up all the processor cycles. [Video description begins] In the chart legend, the added counters %Privileged Time and %User Time are now listed in addition to %Processor Time. In the chart, they are each plotted in a different color. For example, %Privileged Time is plotted in a dark red color and %User Time is plotted in a green color. [Video description ends] If I found that 90% of the processor cycles were being utilized by kernel mode components, that % Privilege Time, I would have a strong suspicion that this was a case, this was an instance of a kernel mode rootkit. That's about the only thing, aside from a corrupt kernel mode component. The only thing that's going to spike the processor like that from the kernel is a kernel rootkit. And so that's the way that we can use these counters and instances to do root cause analysis in real time and to build performance baselines over time.

 

In this demonstration we want to take a look at a couple of things that are not the primary job of the network and systems administrator, but rather tools for the developer. So if you're a developer looking for information about the COM+ component database and ODBC connectivity, this is not the video for you. This video puts those tools in perspective for the new network administrator systems administrator. [Video description begins] A Windows environment is open and the Start menu has been launched from the desktop. Several tiles display, including Server Manager, Remote Desktop, and Windows PowerShell ISE. [Video description ends]

 

And so what I'm going to do here is I'm going to access the Administrative Tools menu. [Video description begins] The presenter clicks the Windows Administrative Tools tile. The Control Panel opens to display a list of Administrative Tools. [Video description ends] And that's just from the Start menu in this example to the Admin Tools. And here's the Component Services. [Video description begins] He double-clicks the Component Services tool in the list. A Component Services window opens with the Component Services node selected in the navigation pane. [Video description ends]

 

Now, the first thing for the network or systems admin to be aware of, you've likely heard of a system state backup. And when we run system state backups, what we're doing is we're capturing all the information that makes that machine unique. So the registry, the computer name, if the IP address is statically assigned, the IP configuration. Additionally, one of the things that gets captured in any system state backup is the COM+ component database.

 

And what I see here when I look in the Component Services applet from the Administrative Tools menu is something called Component Services. [Video description begins] He expands the Component Services node in the navigation pane. A subnode, Computers, displays. [Video description ends] And then I see in the navigation pane on the left I can open up this menu, [Video description begins] He expands the Computers subnode by double-clicking it. The next subnode is: My Computer. [Video description ends] and I see My Computer. [Video description begins] He expands the My Computer subnode. It has four subnodes: COM+ Applications, DCOM Config, Running Processes, and Distributed Transaction Coordinator. [Video description ends]

 

And, of course, the reality is that I could connect to other computers from here, [Video description begins] He right-clicks the Computers node and points to the New - Computer menu options in the shortcut menu. [Video description ends] assuming that I have network credentials to do so. [Video description begins] He clicks away to close the shortcut menu. [Video description ends] And I see these four principal choices under My Computer. There's the COM+ Applications, right, or the COM+ database. [Video description begins] He selects the COM+ Applications subnode in the navigation pane. [Video description ends] And COM just stands for component object model.

 

Now, right off the bat, that ought to tell you that what we're looking at here is a developer tool set. If you're an application developer, you want to build your applications to the standards of the component object model. And then you can plug them in, right? That's the idea here.

 

Now, one of those standards is the distributed component object model for network applications. [Video description begins] He selects the DCOM Config subnode. [Video description ends] This is where you have a client front end, then you have the transaction coordinator, and then the back end. And I can see that the fourth folder down here is the Distributed Transaction Coordinator. [Video description begins] He selects the Distributed Transaction Coordinator subnode. [Video description ends]

 

The Microsoft Distributed Transaction Coordinator is a service that does exactly what it sounds like. It coordinates transactions between multiple levels, or layers, of a distributed application. So, for example, you've configured your database to send you an email every time something happens. Well, the database itself is unlikely to have an email component built into it. Rather, as part of your development process, you've called the SMTP object, which is a component object, dig it? And then the coordination between the event happening in the database and the sending of the email with the SMTP object is done by the distributed transaction coordinator. And then the final tab in here is the Running Processes. And I can see the System Application is a running process here. [Video description begins] He selects the Running Processes subnode in the navigation pane. The Details pane lists one item, System Application. [Video description ends]

 

Now, the Component Services, again, for the devs, also gives me access to the Event Viewer and the Services applet. [Video description begins] He selects the Event Viewer (Local) and Services (Local) nodes in the navigation pane, in turn. [Video description ends] Which for the A+ certification series track we have separate demos looking just at those tools.

 

Now, the other developer tool set that's in here that we're going to look at in this video is the open database connectivity data sources. [Video description begins] He closes the Component Services window. In the Windows Administrative Tools list, he double-clicks ODBC Data Sources (64-bit). An ODBC Data Source Administrator (64-bit) dialog box opens. [Video description ends] And you can see here in the Administrative Tools list, I have one for 32-bit applications and one for 64-bit applications. [Video description begins] He points to the ODBC Data Sources (32-bit) instance in the Windows Administrative Tools list. He minimizes the Windows Administrative Tools list. [Video description ends]

 

And when I look at this, I see this DSN. Well, that's a data source name. That's all that is, guys, it's a data source name. [Video description begins] He points to three of the tabs in the ODBC Data Source Administrator (64-bit) dialog box: User DSN, System DSN, and File DSN. The User DSN tab is open by default. Currently no information is listed for it. [Video description ends] And what I can do with this, is I can connect to databases. [Video description begins] He clicks the Add button. A Create New Data Source dialog box opens. It prompts the user to select a driver for which a data source should be set up. [Video description ends] Whether that's an instance of SQL, whether it's the Native SQL client, whether it's a SQL server, whether it's an Oracle database, right? [Video description begins] In this instance four data sources are listed: ODBC Driver 12 for SQL Server, SQL Server, SQL Server Native Client 11.0, and SQL Server Native Client RDA 11.0. [Video description ends] It's the open database connection.

 

And when I look in here, there's a couple different ones, right? I can add ones like we saw right there. [Video description begins] He accepts the default data source selection, ODBC Driver 12 for SQL Server, and clicks the Finish button. [Video description ends] Then there's the System DSN. If I had a connection to one here, I'd see it here. [Video description begins] Back in the ODBC Data Source Administrator (64-bit) dialog box, he points to the System DSN tab and clicks it. [Video description ends] File-based data sources, [Video description begins] He clicks the File DSN tab. [Video description ends] so if I had a flat file database and I wanted to pipe that data into an application, I could add that file in here. The drivers, the ODBC drivers for connectivity to SQL. [Video description begins] He clicks the Drivers tab. [Video description ends] If I wanted to connect to an Oracle database, I'd add the Oracle database drivers in here.

 

As an application developer, you may well want to do tracing. Or if you're supporting app devs [Video description begins] He clicks the Tracing tab. [Video description ends] and they need you to do tracing for them. I can start tracing now in here. I can enable that for a machine-wide tracing for all user identities. [Video description begins] He points to a checkbox, Machine-Wide tracing for all user identities. [Video description ends]

 

Connection Pooling lets me take existing connections. [Video description begins] He clicks the Connection Pooling tab. [Video description ends] And if I need to open another connection to that data source, I do it over the extant connection, rather than creating a new connection. And then finally, one of the things that you will get asked about sometimes when you're in one of those $260 support calls with Microsoft. Is what is the version of the database driver that you're using, or the ODBC core component that you're using, and where is it located? [Video description begins] He clicks the About tab. [Video description ends] And that's where you'd get that information from, in the About tab of the ODBC Data Source Administrator.

 

In this demonstration, we want to take a look at the Services MSC from the Administrative Tools menu. So I've launched the Administrative Tools menu from the Start menu. [Video description begins] On a Windows machine, the Control Panel is open to display the Administrative Tools list. [Video description ends] And listed in alphabetical order, I see Services, I'll go ahead and I'll launch Services. [Video description begins] The presenter double-clicks Services in the list to launch it. The Services window opens. [Video description ends] And when it opens, there's nothing to navigate. Usually there's stuff over here in the left-hand navigation pane. But in the Services console, we just get the services and that's it. [Video description begins] He points to the node in the navigation pane, Services (Local). [Video description ends]

 

And then I see, over in the working pane, all of the running services on this machine. [Video description begins] He points to an extensive list of services, arranged by name in alphabetical order. [Video description ends] And so I see that this machine has a Hyper-V server, right? It's running an instance of Windows Hyper-V. I can see the Microsoft Passport is running, right? So I can get integration with my Hotmail account or my Live address, right? If we take a look, a common service that we think about is the SQL service, which is the database service. And, of course, this is an instance of the Microsoft SQL service running on this machine. [Video description begins] He points to a server instance in the list, SQL Server (SQLEXPRESS), which has a Status value of Running. [Video description ends]

 

Now, what are some of the things that we can do in here? Well, this applet is entirely about the configuration and management of the services running on this box. So what do I mean by that? Well, let's take a look here, there's a bunch of different SQL Server services. And the one that we're interested in is the SQL Server. And so I see that here, and I can launch this. [Video description begins] He double-clicks the SQL Server instance in the list. A SQL Server (SQLEXPRESS) Properties (Local Computer) dialog box opens. [Video description ends]

 

And I see that this is an instance of the MS SQL Server, SQL Express, so this is the free version. [Video description begins] He points to the value in the Service name field, which reads: MSSQL$SQLEXPRESS. [Video description ends] If you're trying to work with SQL or trying to get a handle on the structured query language. You can get the free version of the Microsoft product by downloading SQL Server Express, as I did here.

 

And when I look at this, what I'm looking at here is the service name. If I was writing scripts and I wanted to address this service by its name, that's the name that I would use, right? I wouldn't tend to use the display name, I would tend to use the actual service name. And I can see that here. The executable, I see the path to the executable down here, [Video description begins] He points to the value of the field, Path to executable. [Video description ends] right, about halfway down, Path to executable. And then here's where the configuration piece comes in, or where it starts at any rate. [Video description begins] He points to the Startup type drop-down list, which currently is set to Automatic. [Video description ends] The startup type, and the startup type in this example is set to Automatic.

 

Now if I look, [Video description begins] He expands the Startup type drop-down list. The options are Automatic (Delayed Start), Automatic, Manual, and Disabled. [Video description ends] there's a couple different choices. I can Disable the service if I'm having trouble with the service, it's not starting properly or it starts and then stops and then restarts and stops. And I'm trying to troubleshoot it I might choose to disable it for a while, and I can see that that choice is there. Some services I set to Manual starts, I only want the service to start when I invoke the service. Commonly, for a number of service types, we chose Automatic. And so, for example, if there's some service or some application on this machine that depends on the SQL service running, I set the startup type to Automatic, as I've done in this example. And then when the machine starts up, the SQL service starts up, the application that depends on it starts up. And the application has access to the SQL database, dig it?

 

Now, that's a great example of when I might invoke a delayed start. Maybe I need the application to start up first and compile maybe some new code, we're in the process of an application development cycle. And I need this service to wait until the other service has started. And you see that a lot with dependent services, right? If this service is dependent upon some other service, I want to make sure that the service it's dependent on has started first, and then I'll invoke this service. And I can do that by setting the start type to Automatic (Delayed Start). I could stop the service here, pause the service. If you've paused it, you may resume it. [Video description begins] He points to the Stop, Start, and Pause buttons in the Service status section of the dialog box. [Video description ends] If it has stopped, you can start it again.

 

Over here on the Log On page, I can specify user account. [Video description begins] He switches from the General to the Log On tabbed page. [Video description ends] If this service requires particular credentials to run, well I can go ahead and specify the credentials in here. Now, commonly today, we would want that to be a service account. And service accounts are special kinds of accounts where I don't know the password for them. And the password changes quite automatically, right? It's a function of the operating system. Which is far more secure than this kind of situation [Video description begins] He points to the Password field within the dialog box. [Video description ends] where I'm using the service account and a known password. [Video description begins] He switches to the Recovery tabbed page. [Video description ends]

 

On the Recovery page, if it fails, what do I do? [Video description begins] He expands a First failure drop-down list. Menu options are Take No Action, Restart the Service, Run a Program, and Restart the Computer. [Video description ends] Well, I want it to restart is what I want it to do. [Video description begins] He selects Restart the Service from the First failure drop-down list. [Video description ends] If it were to fail a second time, again, I'd want it to restart. [Video description begins] He expands the Second failure drop-down list and selects Restart the Service. [Video description ends] If there were a third failure, maybe then I'd want to run a program, right? [Video description begins] He selects Run a Program from the Subsequent failures drop-down menu. [Video description ends] Maybe I want to specify down here that I run some debugger application. [Video description begins] He clicks the Browse button in the Run program section. An Open dialog box opens, prompting for an application to be chosen. [Video description ends] Now, in our example here, I'm not going to do that, but that's the kind of thing that I could do. [Video description begins] He expands the Subsequent failures drop-down menu and selects Take No Action. He clicks the Dependencies tab. [Video description ends]

 

And then finally over here, there's the Dependencies. And so I can see what services have to be started in order for this application, or this service, to start up properly. [Video description begins] In the This service depends on the following system components section, he starts to expand the hierarchy tree. The nodes include CNG Key Isolation, Remote Procedure Call (RPC), DCOM Server Process Launcher, and RPC Endpoint Mapper. [Video description ends]

 

In this demonstration, we want to use the Print Management administrative tool. And so on the Administrative Tool's menu, I can open Print Management. [Video description begins] On a Windows machine, the Control Panel is open on the list of Administrative Tools. The presenter double-clicks Print Management in the list. [Video description ends] And the Print Management console is really exactly what you would think it is. [Video description begins] The Print Management console opens. The Printers node is selected in the navigation pane. [Video description ends] It's a one-stop shop for managing all of your print drivers, printers, and print devices, and even in the case of the server operating system, print servers. And so right off the bat, there's quite a bit of specificity in the language that's worth pointing out.

 

So when Microsoft talks about a printer, they're really talking about the driver, they're talking about the software piece of it, right? Microsoft is the first software company in history. And when they talk about printers, they're talking about the printer driver, the software interface that lets me talk to the print device. A print server can be a client machine, can be a Windows Vista, not machine, and historically XP and earlier. So it could be a client or server operating system, accepts print jobs from users, queues them using the printer installed on it, and directs them to the print device. That's a print server.

 

And I can see those print servers in the Print Management console. [Video description begins] He points to the Print Servers node in the navigation pane. [Video description ends] And in this example, this machine is called TARDIS2. [Video description begins] He selects the subnode of Print Servers, which is labeled TARDIS2 (local). [Video description ends] And then I see here the drivers. [Video description begins] He selects the first subnode of TARDIS2 (local), which is Drivers. [Video description ends]

 

And one of the things that I want to do is make available on the print server all the drivers specific to the clients that will utilize this print server. So if I've got Windows 7 Professional clients out there, I've got Windows 8 Enterprise clients out there. I've got Windows 10 Enterprise clients out there, and they're all going to use this print server. I want to make sure that the driver is here for every one of those clients. That way, when the client connects to the print server, they will download the driver automatically.

 

Now, there's other ways that you can make those drivers available to the clients, of course, right? If I take a look in the navigation pane on the left, under Print Management, there's something called Custom Filters. [Video description begins] This is the first subnode of Print Management. He expands it in the navigation pane. [Video description ends] And I can see here a view of all my printers, [Video description begins] He selects the first subnode of Custom Filters, which is All Printers. In this instance five are listed in the details pane. [Video description ends] all the drivers that are available on this machine, [Video description begins] He points to the next subnode, which is All Drivers. [Video description ends] any printers that are not ready for use, and any printers that currently have jobs queued and are waiting. [Video description begins] He points to the next two subnodes: Printers Not Ready and Printers With Jobs. He selects the latter in the navigation pane. [Video description ends] And so I get a view of my print devices and my software interfaces to those devices. [Video description begins] He collapses the Custom Filters node in the navigation pane. [Video description ends]

 

Then down here under Print Servers, I can see the local machine, which acts as a print server to the network. [Video description begins] In this instance, it's TARDIS2. [Video description ends] The drivers that are available on it [Video description begins] He points to the Drivers subnode. [Video description ends] and any forms that are preloaded. So for example, an envelope [Video description begins] He selects the Forms subnode. In the details pane, a list of forms displays. He selects an item in the list, PRC Envelope #7. [Video description ends] that's got a very specific dimension to it, right? Is it a letter or is it a business envelope? That's going to change where I want to print the address and the return address or where I want to affix a label. If it's been rotated, [Video description begins] He selects another list item, PRC Envelope #6 Rotated. [Video description ends] right, and so these are all of the orientations and here are the ports that are available to me. The printer ports, the LPT, the local printer ports. [Video description begins] He selects the next subnode, Ports, in the navigation tree. [Video description ends] And then software-based ports for things like XPS document writer, print to PDF, for a fax. [Video description begins] He points to several items listed in the details pane, including a port labeled TS002. [Video description ends]

 

And then down below here we see Deployed Printers. [Video description begins] He selects the last node in the navigation pane, Deployed Printers. There are currently no items to show for it. [Video description ends] Now in this case, there are no printers. I want to add new printer. [Video description begins] He right-clicks the Printers subnode. A right-click menu opens, which includes the options Add Printer, Show Extended View, Refresh, and Help. [Video description ends] And so I'll right-click on Printers and say, add new. [Video description begins] He selects Add Printer in the right-click menu. A New Printer Installation Wizard opens on the Printer Installation page. [Video description ends]

 

Now the most common thing that we do today. Of course, you might have a print device that's actually physically connected to the machine through an LPT port, but that's unlikely. [Video description begins] He points to one of the radio buttons on the Printer Installation page of the Wizard, Add a new printer using an existing port. The current selection is Add a TCP/IP or Web Services Printer by IP address or hostname. [Video description ends] More commonly today, we're going to specify IP address or a web service for the printing. [Video description begins] He points to the selected radio button and clicks the Next button. The Printer Address page of the Wizard opens. [Video description ends]

 

And I can autodetect these, [Video description begins] He expands the Type of Device drop-down list. The menu options include Autodetect, TCP/IP Device, Web Services Printer, and Web Services Secure Printer. Autodetect is the default. [Video description ends] I can specify a web services printer or a web services secure printer, and so that's going to change the protocol, right? Is the data encrypted or not, is really the only difference between these. [Video description begins] He points to two of the menu options, Web Services Printer and Web Services Secure Printer. [Video description ends] And that changes the port that's associated. [Video description begins] He selects TCP/IP Device in the Type of Device drop-down menu. [Video description ends]

 

Down here I can specify the IP address. [Video description begins] He points to the Host name or IP address text field. [Video description ends] And this would be a physical device out on the network somewhere that's got its own IP address, [Video description begins] He specifies the IP address: 10.0.0.1. The same value is automatically entered into the Port name text field as well. [Video description ends] it's plugged into the network. And I can connect to it by its IP address, and really that's about it. I mean I'd also be prompted for a name, give this thing a name, friendly name, something that's easy to use. Laser printer floor three back office, whatever it happens to be. Something that makes it easy for the user to identify where they're supposed to go to get their documents, right?

 

If I go back here, [Video description begins] He clicks the Back button. The Printer Installation page of the Wizard displays. [Video description ends] there's a great option, Search the network for printers. So if you've got printers published into Active Directory or that advertise their presence through another service. You can search the network for printers, discover those and pick from the list, which is a nice feature. [Video description begins] He points to a radio button, Search the network for printers. It's currently selected. [Video description ends]

 

In this demonstration, we want to take a look at the local security policy, which can be accessed if you search for sec. Secpol is commonly how this is referenced, as the secpol.msc. [Video description begins] On a Windows machine, the search term "secp" has been entered. There is only one search result listed in the Best match category: Local Security Policy, which is a desktop app. [Video description ends] And if I launch from the Windows Start menu that Local Security Policy applet, [Video description begins] The presenter selects Local Security Policy in the search results. The Local Security Policy console window opens. [Video description ends] what I'm really looking at here is a subset of group policy options. [Video description begins] The uppermost node, Security Settings, is selected in the navigation pane. Several subnodes are listed. [Video description ends]

 

Now, what do I mean by that? Well, in group policy administered at the domain level, I have a collection of about 3600 different settings that can be configured either for the user or the computer. And these settings get applied automatically to the machine when it starts up and processes its group policy objects. The local security policy is a subset, that is to say that it contains only computer settings and not all of those. It's a number of specific account policies, local policies, firewall policies, etc. And I can see these here in the left-hand navigation pane under Security Settings. [Video description begins] The subnodes for Security Settings include: Account Policies, Local Policies, Windows Firewall with Advanced Security, Network List Manager Policies, Public Key Policies, Software Restriction Policies, Application Control Policies, IP Security Policies on Local Computer, and Advanced Audit Policy Configuration. [Video description ends] So we're looking at the Security Settings module from the much larger computer policy and configuration node of domain policy, dig it? And these settings are available locally here on the machine and can be applied locally.

 

Now, that brings up the question, if I set these policies locally and there is a different policy set for the domain, which one takes precedence? Well, the domain policy does by definition, right? Local policies are processed first, then domain level policies are processed. So the configuration of these policies using the Local Security Policy applet, we don't commonly do this. If you're working in a work group environment, you might set these policies here, right? If you're in a small business, less than ten users in your place, sure, right, I can see coming in here and tweaking these policies out for each individual machine. I can also see setting these policies on a test computer. I'm getting ready to do a deployment. I'm building the Window's image. And there are particular policies I want to test. I would configure them here separately from any domain level policies, or even maybe the machine is not joined to the domain during the testing phase.

 

What do some of these policies look like? Well, there's the Account Policies. [Video description begins] He expands the Account Policies subnode, which has a Password Policy subnode in turn, which he selects. [Video description ends] Now these policies, the Password Policy, Account Lockout Policy, and Kerberos Policy, apply only to the local user and groups database. [Video description begins] He points to the other two subnodes: Account Lockout Policy and Kerberos Policy. [Video description ends] And that's an important distinction to make, everybody. There's local accounts that live only on the machine, and then there's domain accounts that live up on the domain controllers and provide network-wide authentication. But a local account is good only on the local machine that it's created on. And these policies apply only to the local SAM file database. So if I was living in a world where I have local users in groups, rather than domain user in groups, I would configure local password policies specific to each machine here in the Local Security Policy console.

 

Now, the password policies set things like minimum password age, maximum, right, how long can you keep a password? [Video description begins] He points to some of the password policies listed in the details pane. [Video description ends] How long must you keep a password for minimum password age? How many passwords does the machine remember so you can't reuse your dog's name over and over and over again, etc. [Video description begins] He points to a policy, Enforce password history. [Video description ends] The Account Lockout Policy defines how many times you can try to log in with the wrong password before the account gets locked. And even if you get the password right, you don't get in.

 

Kerberos Policy settings, though configurable here, should never be configured. This is really, you don't want to do this. First of all, they have no bearing if you're working in a work group. Kerberos authentication is domain authentication, not local authentication. And so these Kerberos settings only apply to domain accounts. And I would never set them here anyway. I would set them at the domain level if I were living in that world. And beyond that, the Microsoft Corporation itself says that none of these settings should ever be edited unless you're on the phone with Microsoft support and you're paying $260 for one of those phone calls, right? And then only at their guidance. And so we don't muck around with these. [Video description begins] He expands the Local Policies subnode in the navigation pane. [Video description ends]

 

Then you have audit policies, right, [Video description begins] He selects Audit Policy in the navigation pane, which is one of the subnodes for Local Policies. [Video description ends] maybe I want to audit who logs in to this machine. [Video description begins] He points to the Audit logon events policy in the details pane. [Video description ends] So I can audit logon events.

 

Now you'll note there's a distinction here, there's also Audit account logon events. [Video description begins] He selects the policy, Audit account logon events, in the details pane. [Video description ends] Account logons are domain logins. Logons are local logins. So if I'm in the local security policy, [Video description begins] He double-clicks a policy, Audit logon events. An Audit logon events Properties dialog box opens. [Video description ends] well, what I probably want to audit is the local login, and so I audit logon events. [Video description begins] He selects two checkboxes, Success and Failure, in the Audit these attempts section. [Video description ends] And maybe I want to audit both successes and failures, so I know every time somebody fails to log in, fails to authenticate, and every time they're successful. And then I get a history of that that gets reported into the event viewer.

 

And then there's a variety of additional settings. But these settings, again, are configurable domain wide. [Video description begins] He clicks the OK button to apply the changes. The dialog box is dismissed. [Video description ends] Here it would be just for the single machine. And so we tend to focus on these first two nodes, account policies and local policies, in work group environments.

 

In this demonstration, we want to introduce the Windows Memory Diagnostic tool. And this is of course one of the administrative tools. And I can find it on the Administrative Tools menu [Video description begins] On a Windows machine, the Control Panel is open to display a list of the Administrative Tools. [Video description ends] or from the Administrative Tools applet here. [Video description begins] The presenter double-clicks one of the tools in the list, Windows Memory Diagnostic. A Windows Memory Diagnostic prompt opens, asking for confirmation whether to Restart now and check for problems (recommended), or check for problems the next time the computer starts. [Video description ends]

 

Now when we launch this, you'll notice that it can't run when the operating system is in use. And that's because of course as soon as the operating system is on, it acquires all of that memory and it starts writing pages into active memory. And we need those pages to be empty, so that the diagnostic utility can write to those pages and then validate that the data in memory is uncorrupted, right? That the memory is functioning as we expect it to. And so I can tell the machine to go ahead and restart now, or I can tell it to go ahead and run the check the next time that I restart the machine.

 

For our purposes, I'm going to go ahead and tell it to restart now. [Video description begins] He clicks Restart now and check for problems (Recommended). [Video description ends] And if you notice, at the top of the screen here, [Video description begins] The shutdown sequence for the computer displays. [Video description ends] there's an RDP connection bar [Video description begins] He points to a title bar pinned to the top of the screen, indicating the current remote desktop connection. [Video description ends] that tells me that I am remoted into the KDC. And of course, if you're going to shut a machine down and watch it restart, and video tape that, you can't do it on the machine that you're doing that to, clearly. [Video description begins] The computer is currently Restarting. [Video description ends] And so that's what I've done here.

 

Now there's another advantage to launching this tool from another machine, and that is that it takes a little while to run. Especially on a machine that's got, say, 16 gigs of RAM installed or more these days, right? And so it'll take a little while for this thing to run, even just the process of restarting the machine will take a little time. And so what I've done is I've taken the opportunity to go ahead and run it on the host machine, and we can view the results. I just want to take us to the launch of the Memory Diagnostic Utility so that you can see that happen, and then we'll switch over and we'll take a look at the results. [Video description begins] The Windows Memory Diagnostics Tool startup screen displays. It says, Windows is checking for memory problems... This might take several minutes. [Video description ends]

 

Now, as you can see, we've come out of the Windows screen. And now, we're actually watching the test run. [Video description begins] A progress bar indicates that the test is currently 11% complete overall. No problems have been detected yet. [Video description ends] And we can see it's running test pass 1 of 2. By default, the memory diagnostics run two passes. So they scan all the installed RAM write data to all the pages available in that RAM, and then they do it again. And then any problems are reported into the Event Viewer.

 

Now, there's no need for us to sit here and watch this progress bar run, because I've taken it upon myself to run it previously on this machine over here. And so I've just minimized out of that RDP window, [Video description begins] He minimizes the remote desktop connection. On the host machine, the Event Viewer displays. In the navigation pane, the System node is selected. [Video description ends] and here I have the Event Viewer and what I'll need to do is I'll need to run a find. [Video description begins] He points to Find in the Actions pane. [Video description ends] You'll notice if I scroll over here in the left-hand navigation pane, we're in the Windows log System log. [Video description begins] The System node is a subnode of Windows Logs. [Video description ends] And the results of the Memory Diagnostic Utility are reported here to the System log.

 

I go ahead and I hit Find and then I do a search for MemoryDiagnostics-Results. [Video description begins] He clicks Find in the Actions pane. In the Find dialog box that opens, he types "MemoryDiagnostics-Results" in the Find what text box. [Video description ends] Find Next, [Video description begins] He clicks the Find Next button. In the details pane, an event matching that description is selected. [Video description ends] and here's the Event Viewer results for the one that we just ran this evening. [Video description begins] He points to the selected result in the details pane. [Video description ends] Windows Memory Diagnostic tested the computer's memory and detected no errors. [Video description begins] He points to and reads out the description of the event on the General tab. [Video description ends] That's what I want to see. If I see anything else, I'm going to think about swapping out the RAM that is in that machine.

 

In this demonstration, we want to introduce the Windows Firewall with Advanced Security or, depending on the operating system, if you're running Windows 10, today it will read Windows Defender Firewall with Advanced Security. [Video description begins] On a Windows machine, the search term "fire" has been entered. The Best match is indicated in the search results pane as: Windows Firewall with Advanced Security. [Video description ends] And we can expect that change to be persistent through all Microsoft products moving forward.

 

What I've done here, of course, is just opened the Windows menu from the Windows key on my keyboard. And then I typed "fire" and I see the Windows Firewall with Advanced Security choice. And I'll go ahead and I'll hit that. [Video description begins] The presenter selects Windows Firewall with Advanced Security in the search results. [Video description ends] And that will launch the Windows Firewall with Advanced Security. [Video description begins] The app opens on the Overview page. There is also a Getting Started section. [Video description ends] And the first and critical thing to get clear on, I think, are these profiles, and what the profiles are. [Video description begins] He points to a status message that reads: Domain Profile is Active. There are two other profiles listed: Private Profile and Public Profile. [Video description ends]

 

Now, the Windows Firewall is a software-implemented firewall. That's a piece of software running on my Windows machine that I can create rules about what applications can make inbound requests, [Video description begins] He selects a node, Inbound Rules, in the navigation pane. [Video description ends] and what applications can make outbound requests. [Video description begins] He selects a node, Outbound Rules, in the navigation pane. [Video description ends]

 

Now commonly on the machine, we want to be able to leave the machine, go off the machine, and access anything we want out there on the public Internet or on our networks. However, what we commonly do not want is for outside agencies making incoming connections to us. [Video description begins] He selects the Inbound Rules node in the navigation pane. [Video description ends] And so there are some default rules in here that will block inbound connections while permitting outbound connections. Does that make sense to everybody?

 

Now what's important I think to know, to make sense of this thing, what's a socket? Now and I'm not talking about that thing that you lick if you're looking for a little excitement in your afternoon. I'm talking about a unique path to a unique network, a unique computer on that unique network, and a unique service running on that computer. That's a socket.

 

Now how do we determine a unique network and unique device on that network? The IP address, right? That's what an IP address is. It's the network that I'm on and the machine that I'm on that network. IP address.

 

Every service, every application running on that machine has assigned to it, a port number, or can have assigned to it a port number if it doesn't have one natively. Many of you are probably aware that if you make an outbound DNS query to a DNS server, that goes out over port 53, right? And so the first 1024 ports are what we call the well-known ports. And then any ports above 49,531 are what we call the ephemeral ports. All those ports in the upper port range can be dynamically assigned any time the machine just needs a port. It'll just grab one of those numbers and use it to address a specific ephemeral connection. A connection that's temporary.

 

Now when we think about creating firewall rules, we almost always think about blocking applications, allowing applications, and/or blocking ports, or allowing ports. And remember, the port in combination with the IP address gives me a unique network with a unique computer and a unique service running on that computer that we call a socket.

 

Now when we think about the Windows Firewall with Advanced Security, where you want to start in your understanding is with the profiles. [Video description begins] He selects the uppermost node in the navigation pane. [Video description ends] The domain profile, the private profile, and the public profile. The public and private profiles, your users get to choose when they first make a network connection.

 

So I'm in Starbucks or McDonalds, at a hotel or airport, and I connect to the WiFi, what does it ask me? Is this a public or private network? And in those scenarios, I'm always going to choose public. And the public profile in Windows Firewall will be the most locked down one. Because you're out there in Starbucks, you don't know who's seating across the aisle from you. Or how they might be trying to actively gain access to your machine, right? When it looks like they're just browsing the New York Times, but they've got a piece of software in there that's looking, looking for connections, looking for a way to get in. When I'm at home and I bring home my work computer for the first time and I connect to my home WiFi or my home wired network, I'm prompted is this a public or private network? And in my home I would choose a private network choice.

 

Now those two choices and how they get assigned, it's entirely up to the user. The domain profile cannot be chosen, cannot be assigned. When the machine starts up and it's connected to a network, if it finds a domain controller, it invokes the domain profile. And that's commonly going to be the least restrictive of them because you're going to have updating software, right? Your intelligent case software maybe, wants to connect to the machine to do updates, or to validate that the machine has its current updates. And so the domain profile will have least restrictive rules, while public profiles will tend to have the most restrictive rules. And what should be clear to everybody is that each of those profiles has different sets of standards that you can define in a series of policies composed of inbound and outbound rules.

 

In this demonstration, we want to take a look at the Event Viewer. [Video description begins] On a Windows machine, the Run dialog box has been launched from the Start menu. The text "eventvwr.msc" has been entered into the Open text box. [Video description ends] And there's a number of ways you can launch that. In this series of exercises, I'm using the Run dialog box. And I'm choosing the Event Viewer, and that's a vwr.msc and I hit OK and this launches. [Video description begins] The Event Viewer opens on the Overview and Summary page. In the navigation pane, the uppermost node is: Event Viewer (Local). It has several subnodes: Custom Views, Windows Logs, Applications and Services, and Subscriptions. [Video description ends] And now if you're like me, the first place you go whenever anything goes wrong on that machine is into the Event Viewer.

 

In here is a running list of what happened on this machine. And if we take a look over in the left-hand navigation pane, [Video description begins] The presenter expands the Windows Logs subnode. [Video description ends] these are the principal logs that I see. [Video description begins] He points to the subnodes of Windows Logs. They are: Applications, Security, Setup, System, and Forwarded Events. [Video description ends] Now, it's not that long ago that there were only three logs in here. The Application, the Security and the System. And that's where we want to spend our focus here. [Video description begins] He selects the System subnode in the navigation pane. [Video description ends]

 

We'll start with the Security log because that's a different log from the others. [Video description begins] He selects the Security subnode in the navigation pane. [Video description ends] By default, it doesn't report anything. It only reports audited events that you have configured for auditing. And that's a separate subject entirely, right? This is just where the reporting gets done, is in here. But configuring auditing is a function of the group policy configuration. And when I think about auditing, what I'm looking for are security related events.

 

Maybe, for example, you have a very sensitive file server that only certain people should be able to access, right? Not everybody should know what everybody's salary is. Not everybody should know how much vacation everybody gets, right? Those kinds of things, those kinds of sensitive files. Or files that contain customer data, personally identifying information. Maybe those files are only accessible to the HR department, and nobody else should be in there. Well, I can audit for object access, that is who's accessing these files on that file server. And then every time an authorized user opens a file, maybe I record that as an audit success. Every time unauthorized user attempts to open a file and fails, I record that as a failure. Maybe I want to see, is somebody trying to get in there? And so that's the kind of thing that I see reported in the security log. The results of configured auditing, success or failure, based on what you've chosen to audit.

 

Now much more accessible, I think, and common are application events. [Video description begins] He selects the Application subnode in the navigation pane. [Video description ends] Now, these application events fall into a couple of types. And we can see that actually much more clearly, I think. If I come up here to Custom Views, [Video description begins] He expands the Custom Views node in the navigation pane. Its subnodes include Server Roles, Administrative Events, and warning. [Video description ends] that's at the very top of the tree in the left-hand navigation bar, and if I right-click Custom View [Video description begins] He selects Create Custom View. The Create Custom View dialog box opens on the Filter tabbed page. [Video description ends] and say Create a Custom View. [Video description begins] He selects Create Custom View. The Create Custom View dialog box opens on the Filter tabbed page. [Video description ends]

 

Now, what is the event level that I want to see? [Video description begins] The dialog box contains an Event level section with five checkboxes: Critical, Warning, Verbose, Error, and Information. Currently, none are selected. [Video description ends] And I see the couple here, Information, Warning, Error, Critical, and Verbose.

 

Now let's say I'm looking for application events [Video description begins] He expands the Event logs drop-down menu in the By log subsection. It includes a hierarchical tree structure with two parent nodes: Windows Logs and Applications and Services Logs. [Video description ends] and so I can specify in the By log, Event logs choice, I can choose Application. [Video description begins] He expands the Windows logs parent node and selects the checkbox associated with one of its child nodes, Application. [Video description ends]

 

Now, what would be an information event? [Video description begins] He selects the Information checkbox in the Event level section of the dialog box. The By log Event logs drop-down menu closes. [Video description ends] Well, the application started, right? Nothing went wrong, the application started up, everything's good, that's an information event.

 

Suppose the application hung up, but was able to restart normally? [Video description begins] He clears the Information checkbox and selects Warning instead. [Video description ends] I might get a warning that the application failed to start, but then on the restart, started. I get a warning. The application failed to start, [Video description begins] He clears the Warning checkbox and selects Error instead. [Video description ends] that's an Error message, right? It didn't start, don't know why but it didn't start.