Microsoft

Talking Shop: Performance and security terms and processes to know for the Win2K Server exam

Performance Console, System State, Security, and Policy Administration on Microsoft Exam 70-215


Passing the Win2K Server exam is no easy task. With proper preparation, though, you can find yourself sailing through an exam that would trip up even the best of IT professionals. In this final installment of my series on the topics you must study to pass Microsoft exam 70-215, you’ll find a list of performance and security terms and processes you will need to memorize.

Did you miss the first installments?
If you didn’t catch the first three lists in this series, you can read them here: "The Win2K Server exam: Your first list to study" "The Win2K Server exam: Your second list to study" "The Win2K Server exam: Your third list to study"

Performance Console
On the Windows NT 4.0 platform, administrators used Performance Monitor to track the use of system resources. In Windows 2000, the Performance Console replaces Performance Monitor.

To access the Performance Console, click Start | Programs | Administrative Tools | Performance. You can also access it by adding the Performance snap-in from the Microsoft Management Console.

Know the difference between objects and counters. Objects are components, such as a NIC, processor, and memory. Counters are instances or occurrences, such as pages/second for memory or disk queue length for disks.

Know how to create logs. Record counter activity by right-clicking on Counter Logs under Performance Logs And Alerts and selecting New Log Settings. For more information on recording counter activity, see "NT's Perfmon and Sysmon are combined and enhanced in Win2K." Understand the differences between types of logs too. Trace logs are created when a specified event occurs. With counter logs, a continuous sampling goes on, whether the event occurs or not.

Create alerts by right-clicking on Alerts under Performance Logs And Alerts and selecting New Alert Settings. Once you've supplied a name for the alert, you'll need to specify the comment you want to receive when specific counter values are exceeded.

Memorize the following counter thresholds and response strategies:
  • If Pages/sec is higher than 20, your system requires additional memory.
  • You need a faster processor when % Processor Time is higher than 80 percent or Processor Queue Length is greater than 2.
  • If Disk Queue Length is consistently more than 2, install a faster disk, upgrade the controller, or introduce a stripe set.
  • If % Disk Time is consistently higher than 90 percent, you need to move your paging file to another disk or use an additional disk controller.

Unlike in Windows NT, physical disk counters are now enabled by default. However, logical disk counters are not. Enable them manually by typing diskperf –yv at a command prompt.

Process management
Application threads are assigned priorities that determine the manner in which they are processed by the CPU. The priorities range from 0 to 31, with 31 being the highest priority.

Use the Task Manager to change an application’s priority. Setting an application to run in Realtime mode gives the application a priority of 24. High mode extends an application a 13 priority, while Normal mode provides an 8 priority and Low mode uses a 4 priority.

System State and data recovery
Microsoft considers protection and recovery of System State data as part of an administrator’s performance monitoring and optimization responsibility. So be sure that you know how to back up and restore a Win2K server’s System State data.

System State data includes the following:
  • Registry information
  • COM+ database files
  • Startup files
  • Resource recovery logs

You can back up System State data using the Ntbackup.exe command. Select the System State box to back up System State data. Force System State data to replicate to other domain controllers by performing an Authoritative Restore.

Remember that you might enhance a server’s performance by moving its System Date data to a volume other than the system volume. You should be aware that the Ntbackup.exe command is also used to make repair disks. The Rdisk.exe command does nothing in Windows 2000.

Backup operations also fall under the topic of performance monitoring and optimization. Remember the difference between a differential backup and an incremental backup. The latter flips the archive bit; differential and copy backups do not flip the archive bit.

It’s critical you understand recovery options too. Know how to boot Windows 2000 using Safe Mode—reached by pressing the [F8] key when the system boots. A minimal set of drivers is loaded when Win2K boots using Safe Mode.

Know how to install the new Recovery Console:
  1. Boot the Windows 2000 system and insert the Windows 2000 CD-ROM.
  2. Close the Microsoft Windows 2000 CD screen (which will appear if autorun is enabled on the system).
  3. Open a command prompt by clicking Start | Run, typing cmd, and clicking OK.
  4. Type d:\i386\winnt32 /cmdcons. (Replace d with the drive letter for the CD-ROM drive holding the Windows 2000 CD.)
  5. When the Windows 2000 Setup dialog box asks whether you want to install the Recovery Console (which requires 7 MB of disk space), click Yes.
  6. When you see a dialog box confirming that the Recovery Console was successfully installed, click OK.

Recovery Console permits administrators to perform the following actions:
  • Disable and enable services
  • Add and delete partitions
  • Replace boot sectors
  • Fix the master boot record
  • Confirm which services are automatically started
  • Specify boot drives
  • Copy and delete files
  • Format disks
  • Rename files and folders
  • Create directories
  • Perform network administration

You can change Startup settings from the Control Panel’s System applet. Memory dump locations are also set using the same applet.

Security
Some of the biggest Windows improvements and new features in Win2K are security enhancements. Thus, it’s safe to say you will probably see a fair number of exam questions testing your knowledge of security settings.

Encryption
Familiarize yourself with the new Encrypting File System (EFS), which requires the NTFS file system. Understand how EFS uses public key encryption and how administrators can use Recovery Agent to access documents when keys are lost. You can use the Cipher.exe command to administer encryption.

For more on EFS configuration, read my column "Protecting sensitive data is easy with EFS."

Policy administration
In Windows NT, system policies were used to configure registry settings that control a user’s desktop appearance, system restrictions, Control Panel attributes, and profile. In Windows 2000, the Group Policy console (also known as the Group Policy Editor) provides similar functionality that can be administered within Active Directory.

You can store the Group Policy MMC snap-in locally on a system or in Active Directory. Unlike system policies in NT, which users can change, only those with administrative rights can make changes to group policies. You configure user and computer restrictions using the Group Policy Editor. You can also use it to configure Local Policy.

Local group policies are applied in a specific order. You should memorize it, as you’ll likely see a question asking what results when conflicting policies apply. Policies are applied in this order:
  • Local policies first.
  • Site policies overrule local policies.
  • Domain policies overrule local and site policies.
  • Organizational unit policies overrule local, site, and domain policies.

Work with both local group policies and group policies, even if only on test machines. It’s imperative that you’re comfortable configuring Windows component, Start menu, desktop, Control Panel, network, and system settings using policies.

Know the permissions different Local Groups receive. Understand the differences between Server Operators and Backup Operators, Power Users and Administrators, and other Local Group attributes.

Account Policyis another area in which your expertise might be tested. Study up on the differences between account lockout threshold, account lockout duration, and reset account lockout after. Account lockout threshold specifies how many incorrect logon attempts can occur before an account is locked out. Account lockout duration specifies how long an account stays locked once a lockout is experienced. The reset account lockout after value specifies when to reset the counter that tracks the number of incorrect logons.

Auditing
Know how to configure auditing and track specific events. Auditing is enabled using the Local Security Policy utility, which you can access from the Administrative Tools menu.

To select specific events you want to audit, select them by clicking Local Policies | Audit Policy. Right-click on the specific events and view the Properties to enable Success/Failure auditing. For the policy to take effect, you must restart the system or run the following command: SECEDIT /REFRESHPOLICY machine_policy_name.

Security Configuration And Analysis Tool
Ensure that you’re familiar with the Security Configuration And Analysis Tool. The tool is an MMC snap-in used to administer security templates that analyze and configure a system’s security.

Familiarize yourself with the 13 security templates the Security Configuration And Analysis Tool administers. Know that the Secedit.exe command permits command-line administration of the same features.

Eckel’s take
The Windows 2000 Server exam isn’t an easy one, but it’s passable if you prepare properly. Review the topics presented in these four study lists. Once you’re familiar with all the objectives, spend time working with these features on the Win2K operating system and try a few simulation exams. Then you’ll be ready to try your hand at the Win2K Server exam itself.

Do you study tips for the Win2K Server exam?
We look forward to getting your input and hearing about your experiences regarding this topic. Join the discussion below or send the editor an e-mail.

 

Editor's Picks