Windows 7 is a great operating system that many people are likely to be familiar with. It has a lot of features and is very user-friendly. If you’re looking for a tutorial on how to use Windows 7, then this one is for you! In this article, we will be taking a look at some of the most important aspects of Windows 7 and how they can help you in your everyday life.
In today’s edition of Geek School, we look at the tools we can use to monitor the performance and reliability of our computers.
Be sure to check out the previous articles in this Geek School series on Windows 7:
Introducing How-To Geek School Upgrades and Migrations Configuring Devices Managing Disks Managing Applications Managing Internet Explorer IP Addressing Fundamentals Networking Wireless Networking Windows Firewall Remote Administration Remote Access
And stay tuned for the rest of the series all this week.
Event Logs
Event logs are special files that record significant events on your computer, such as when a user logs on to your computer or when a program crashes. Event logs are very useful tools when you are troubleshooting an issue with your computer. You can use the Windows Event Viewer to read event logs, however you will need to be administrator on the machine in order to do so.
Opening the Event Viewer
To open the Event viewer, click on Start and launch the Control Panel.
Then head into the System and Security section.
Here you will want to click on Administrative Tools.
You can then open it by clicking on the Event Viewer shortcut.
That’s all there is to it.
The Event Viewer displays events in several different logs. Windows Logs include:
The Application Log – The application log contains events logged by programs, for example it might be able to tell you why a particular program crashed. The Security Log — The security log records events such as valid and invalid logon attempts, as well as events related to resource use, such as the creating, opening, or deleting of files. The Setup Log — The setup log records events that add, remove or update a Windows feature. For example an entry is logged every time you install a Windows Update. The System Log — The system log contains events logged by Windows system components. For example, if a driver fails to load during startup, an event is recorded in the system log.
To view one of the Windows Logs, simply expand the Windows Logs Console Tree item and select the log you want to view.
One the right hand side you can see all the events that the log contains. There are three kinds of events:
Errors — Indicated by the nasty red exclamation mark, errors indicate that there has been a fatal problem, such as a loss of data. Warning — Indicated by the yellow exclamation mark, warnings indicate that there has been a problem but the program can continue to function. They also serve as a notice that futures errors could occur. Information — Indicated by the white exclamation mark, information events describe the successful operation of a program, driver, or service.
Note: The security log doesn’t use the above event levels and rather uses security audits.
Filtering Logs
Event logs contain thousands of events, and finding the information you need can sometimes be tricky. Provided you know what you are looking for, you can always use a log filter to filter out all the irrelevant information. Let’s look at how we can use the Event Viewer to find out how long it takes our computer to start up. The first thing you will need to do is open the Application and Service logs, then drill down into Microsoft and then Windows.
Then find the Diagnostics-Performance folder and filter its Operational log file.
Now create a filter for all Warning level events that have an Event ID of 100.
Note: I only happen to know this information because I have needed to use it before. You should focus on how you would create a filter, not that the boot up event has an Event ID of 100.
Once you click OK, you should only see warning level events.
If you select one of the results and look at its contents you will see your boot time in milliseconds.
Creating a Custom View
If you know that every day you are going to connect to a server and apply a custom filter to view specific events, you might want to consider creating a custom view which allows you to create your own pre-filtered log files. Creating a new custom view is exactly the same as creating a new filter: just right click on the log and select Create Custom View from the context menu.
Then choose a filtering criteria. We will again go for warning level events with an event ID of 100.
Then give your new custom view a name and click OK.
Now you will have a nice, pre-filtered log.
Limiting the Size of Your Log Files
If you need to control the size of the log files you can do so by right-clicking on a log selecting properties.
Here you can change the size of the log file in KB, the default is 20MB.
Note: The default is fine for most purposes.
Resource Monitor
The Windows 7 Resource Monitor provides a quick summary of overall CPU, disk, network and memory utilization in one easy to use interface. You can think of it as a more detailed version of Task Manager.
To open resource monitor, press the Win + R keyboard combination to open a run box, then type resmon and press enter.
The default windows will appear with the Overview tab displayed. In the Overview tab, you can see the four monitored resources – CPU, disk, network and memory.
The resource monitor is very useful for those times when your computer is running slow all of the sudden.
Reliability Monitor
Reliability Monitor is an advanced tool that measures hardware and software problems and other changes to your computer. To open the reliability monitor, press the Win + R keyboard combination to open a run box, then type perfmon /rel and press enter.
You will be greeted with a large graph displaying the overall reliability of your system over the last week or so. You are given a system stability rating on a scale of 1 to 10, with 1 being the worst and 10 the best.
As time goes by you will notice the rating gets lower and lower on my machine, but you will also notice that there are two errors on the chart. To view the errors that occurred, simply select the day.
In the above screenshot, you will see a critical event, logged due to power outage, significantly reduced the reliability of my system. It looks like there was another error earlier today. Let’s check it out as well.
It looks like another power outage. Looks like I need to invest in a UPS unit. As you can see the reliability monitor can be extremely useful for tracking trends in system behavior.
RELATED: How to Set Up Monitoring to Alert on Windows High System Usage
Performance Monitor
The Windows Performance Monitor allows you to measure the performance of a local or a remote computer on the network, both in real time and by collecting log data for later analysis.
Opening the Performance Monitor
To open the Performance Monitor, press the Win + R keyboard combination to open the run dialog, then type perfmon then hit enter.
Once the MMC console opens, expand the Monitoring Tools item in the Console Tree and select Performance Monitor.
One of the great things about the performance monitor is that it allows you to graphically view real time performance information. It does this by the use of performance counters. Performance counters are measurements of how something is performing at a given time, and performance counters can either be included in the operating system or as part of an application. One example of a what a performance counter could measure is how much time the CPU spends responding to system requests, as seen below.
To add a performance counter, simply click on the green add button.
Then choose the performance counters you want to add by selecting them and clicking the add button.
There are literally thousands of counters, but the ones I added above are the most important to remember for the exam. Here’s a brief explanation of each one:
Processor
The following performance counters are useful for troubleshooting CPU issues and are available under the Processor section:
% Processor Time: This shows you how much time that the CPU spends responding to system requests. Interrupts/sec: This measures the average number of hardware interrupts received by the processor each second.
Memory
The following performance counters are useful for troubleshooting memory issues and are available under the Memory section:
Available MBytes: This measures the amount of memory that is available to run processes on the computer. Pages/sec: This shows you the number of hard faults per second. Hard faults are page faults that require disk access.
Physical Disk
The following performance counters are useful for troubleshooting physical disk constraints and are available under the PhysicalDisk section:
% Disk Time: This measures the amount of time the disk is busy because it is servicing read or write requests. Current Disk Queue Length: This shows you the number of outstanding disk requests that are waiting to be processed.
Logical Disk
The following performance counter is useful for troubleshooting logical disk constraints and is available under the LogicalDisk section:
% Free Space: This shows you how much free disk space is available.
Network Interface
The following performance counter is useful for troubleshooting network issues and is available under the NetworkInterface section:
Bytes Total/sec: This shows you the total number of bytes sent and received from your network interface across all protocols.
Once you have added all your counters you can see all your data in real time.
Keeping Windows Up to Date
The one exception to my “if it’s not broken don’t fix it” rule is installing Windows Updates. There are two ways you can update Windows:
Using the Internet –When you buy a new Windows 7 PC it is configured in such a way that if you choose to enable Windows Updates the updates themselves will be downloaded from the Microsoft servers when its time to install them.
As opposed to what, you might ask? The answer is as opposed to using Windows Server Update Services (WSUS).
WSUS — When you use WSUS, you have a central server that downloads all the updates for your entire company, for all Microsoft products, not just Windows. When it is time for your client computers to install updates, instead of 30,000 computers connecting to the internet to download the same files, they all connect to the WSUS server and install the updates using your network’s local bandwidth. As you can imagine this saves massive amounts of bandwidth as the updates are only downloaded once.
Changing Where You Get Your Updates From
While setting up a WSUS server is out of scope of the exam objectives, you certainly need to know how to set up a Windows 7 client to use a WSUS server. Normally, you will have at least at least ten clients by the time you are using WSUS, so it is best done through a GPO. So go ahead and press the Win + R keyboard combination to bring up a run dialog, then type gpedit.msc and press enter.
Note: Remember that we are setting up a GPO on one Windows 7 client. Usually this is done on a central server and linked to an OU that contains the machines in your organization so that you don’t have to go around to each machine and tell them to use WSUS.
Then drill down to:
Then double click on the “Specify intranet Microsoft update service location” setting on the right hand side.
Then you will need to enable the policy and enter in the URI of the WSUS server.
That’s all there is to it.
Changing Windows Update Settings
Note: If you are using WSUS, you are likely to edit these setting through Group Policy, rather than on each client as shown below.
Open the Start Menu and click on the Windows Update item.
Here you will see a Change settings link on the left hand side.
From this centralized location you can change nearly every aspect of Windows Updates.
One thing to be aware of is that you can change the Windows Update behavior using the drop down list.
Summary
It has been a long one so here’s a short summary:
The Windows Event Viewer allows you to view log files which contain important information about events that have occurred on your PC. Resource Monitor is a more verbose version of Task Manager that allows us to view detailed information about what is currently happening on your machine. The Reliability Monitor allows you to easily identify trends that are reducing the reliability of your PC. The Windows Performance Monitor allows you to view custom performance information in real time as well as view performance data that has been tracked over a period of time. Windows Updates allow your PC to stay up to date with the latest security patches. While you might use the out-the-box Windows Update configuration in very small businesses, WSUS and Group Policy are the way to go.
Homework
Learn about and set up event subscriptions using two Windows 7 virtual machines. Learn how to use Data Collector Sets to track performance information over time using the Performance Monitor.
In addition to today’s homework, you should read the following posts and get familiar with the little tips and tricks you can use to improve your computer’s performance. These are also part of the exam objectives.
Read Chris Hoffman’s awesome post on the Windows Page File. Learn how to improve your computer’s performance using ReadyBoost. Learn how you can disable startup programs using MSConfig. Learn how you can evaluate your computers power efficiency using powercfg Read up on how to switch power plans in Windows 7.
If you have any questions you can tweet me @taybgibb, or just leave a comment.
Related Video
title: “Windows 7: A Geek School Tutorial” ShowToc: true date: “2022-12-01” author: “John Medrano”
Windows 7 is a great operating system that can be used by both the tech-savvy and non-tech-savvy. In this tutorial, we will show you how to use Windows 7 in a geek school setting. ..
In the last part of the series we looked at how you can manage and use your Windows computers from anywhere as long as you are on the same network. But what if you are not?
Be sure to check out the previous articles in this Geek School series on Windows 7:
Introducing How-To Geek School Upgrades and Migrations Configuring Devices Managing Disks Managing Applications Managing Internet Explorer IP Addressing Fundamentals Networking Wireless Networking Windows Firewall Remote Administration
And stay tuned for the rest of the series all this week.
Network Access Protection
Network Access Protection is Microsoft’s attempt to control access to network resources based on the health of the client trying to connect to them. For example, in the situation where you are a laptop user, there may be many months where you are on the road and do not connect your laptop to your corporate network. During this time there is no guarantee that your laptop does not get infected with a virus or malware, or that you even receive anti-virus definition updates.
In this situation, when you get back to the office and connect the machine to the network, NAP will automatically determine the machines health against a policy you have set up on one of your NAP servers. If the device that connected to the network fails the health inspection it automatically gets moved to a super-restricted section of your network called the remediation zone. When in the remediation zone, the remediation servers will automatically try and rectify the problem with your machine. Some examples could be:
If you firewall is disabled and your policy requires it to be enabled, the remediation servers would enable your firewall for you. If your health policy states that you need to have the latest Windows updates and you don’t, you could have a WSUS server in your remediation zone that will install the latest updates on your client.
Your machine will only get moved back to the corporate network if it is deemed healthy by your NAP servers. There are four different ways you can enforce NAP, each having its own advantages:
VPN – Using the VPN enforcement method is useful in a company where you have telecommuters remotely working from home, using their own computers. You can never be sure about what malware someone might install on a PC that you have no control over. When you use this method, a client’s health will be checked every time they initiate a VPN connection. DHCP – When you use the DHCP enforcement method a client will not be given a valid network addresses from your DHCP server until they have been deemed healthy by your NAP infrastructure. IPsec – IPsec is a method of encrypting network traffic using certificates. Although not very common, you can also use IPsec to enforce NAP. 802. 1x – 802. 1x is also sometimes called port based authentication and is a method of authenticating clients at the switch level. Using 802. 1x to enforce a NAP policy is standard practice in today’s world.
Dial-Up Connections
For some reason in this day and age Microsoft still wants you to know about those primitive dial-up connections. Dial-up connections use the analog telephone network, also known as POTS (Plain Old Telephone Service), to deliver information from one computer to another. They do this using a modem, which is a combination of the words modulate and demodulate. The modem gets hooked up to your PC, normally using a RJ11 cable, and modulates the digital information streams from your PC into an an analog signal that can be transferred across the telephone lines. When the signal reaches its destination it is demodulated by another modem and turned back into a digital signal that the computer can understand. In order to create a dial-up connection, right click on the network status icon and open the Network and Sharing Center.
Then click on the Set up a new connection or network hyperlink.
Now choose to Set up a dial-up connection and click next.
From here you can fill in all the information required.
Note: If you get a question that requires you to set up a dial-up connection on the exam, they will provide the relevant details.
Virtual Private Networks
Virtual Private Networks are private tunnels you can establish over a public network, such as the internet, so that you can securely connect to another network.
For example, you might establish a VPN connection from a PC on you home network, to your corporate network. That way it would appear as if the PC on your home network was really part of your corporate network. In fact, you can even connect to network shares and such as if you had taken your PC and physically plugged it into your work network with an Ethernet cable. The only difference is of course speed: instead of getting the Gigabit Ethernet speeds that you would if you were physically in the office, you will be limited by the speed of your broadband connection.
You are probably wondering how safe these “private tunnels” are since they “tunnel” over the internet. Can every one see your data? No, they can’t, and thats because we encrypt the data sent over a VPN connection, hence the name virtual “private” network. The protocol used to encapsulate and encrypt the data sent over the network is left up to you, and Windows 7 supports the following:
Note: Unfortunately these definitions you will need to know by heart for the exam.
Point-to-Point Tunneling Protocol (PPTP) – The Point to Point Tunneling Protocol allows network traffic to be encapsulated into an IP header and sent across an IP network, such as the Internet. Encapsulation: PPP frames are encapsulated in an IP datagram, using a modified version of GRE. Encryption: PPP frames are encrypted using Microsoft Point-to-Point Encryption (MPPE). Encryption keys are generated during authentication where the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) or Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) protocols are used. Layer 2 Tunneling Protocol (L2TP) – L2TP is a secure tunneling protocol used for transporting PPP frames using the Internet Protocol, it is partially based on PPTP. Unlike PPTP, the Microsoft implementation of L2TP does not use MPPE to encrypt PPP frames. Instead L2TP uses IPsec in Transport Mode for encryption services. The combination of L2TP and IPsec is known as L2TP/IPsec. Encapsulation: PPP frames are first wrapped with a L2TP header and then a UDP header. The result is then encapsulated using IPSec. Encryption: L2TP messages are encrypted with either AES or 3DES encryption using keys generated from the IKE negotiation process. Secure Socket Tunneling Protocol (SSTP) – SSTP is a tunneling protocol that uses HTTPS. Since TCP Port 443 is open on most corporate Firewalls, this is a great choice for those countries that don’t allow traditional VPN connections. It is also very secure since it uses SSL certificates for encryption. Encapsulation: PPP frames are encapsulated in IP datagrams. Encryption: SSTP messages are encrypted using SSL. Internet Key Exchange (IKEv2) – IKEv2 is a tunneling protocol that uses the IPsec Tunnel Mode protocol over UDP port 500. Encapsulation: IKEv2 encapsulates datagrams using IPSec ESP or AH headers. Encryption: Messages are encrypted with either AES or 3DES encryption using keys generated from the IKEv2 negotiation process.
Server Requirements
Encapsulation: PPP frames are encapsulated in an IP datagram, using a modified version of GRE. Encryption: PPP frames are encrypted using Microsoft Point-to-Point Encryption (MPPE). Encryption keys are generated during authentication where the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) or Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) protocols are used.
Encapsulation: PPP frames are first wrapped with a L2TP header and then a UDP header. The result is then encapsulated using IPSec. Encryption: L2TP messages are encrypted with either AES or 3DES encryption using keys generated from the IKE negotiation process.
Encapsulation: PPP frames are encapsulated in IP datagrams. Encryption: SSTP messages are encrypted using SSL.
Encapsulation: IKEv2 encapsulates datagrams using IPSec ESP or AH headers. Encryption: Messages are encrypted with either AES or 3DES encryption using keys generated from the IKEv2 negotiation process.
Note: You can obviously have other operating systems set up to be VPN servers. However, these are the requirements to get a Windows VPN server running.
In order to allow people to create a VPN connection to your network, you need to have a server running Windows Server and has the following roles installed:
Routing and Remote Access (RRAS) Network Policy Server (NPS)
You will also need to either set up DHCP or allocate a static IP pool that machines connecting over VPN can use.
Creating a VPN Connection
In order to connect to a VPN server, right click on the network status icon and open the Network and Sharing Center.
Then click on the Set up a new connection or network hyperlink.
Now choose to connect to a workplace and click next.
Then choose to use your existing broadband connection.
P
Now you will need to enter the IP or DNS Name of the VPN server on the network you want to connect to. Then click next.
Then enter your username and password and click connect.
Once you have connected, you will be able to see if you are connected to a VPN by clicking on the network status icon.
Homework
Read the following article on TechNet, which guides you through planning security for a VPN.
Note: Today’s homework is a little bit out of scope for the 70-680 exam but it will give you a solid understanding of what’s going on behind the scene when you connect to a VPN from Windows 7.
If you have any questions, you can tweet me @taybgibb, or just leave a comment.
