(CHAPTER 12) MCSA Windows 10: 70-698 - Monitor Windows
Task Manager Tabs
1. Processes 2. Performance 3. App History 4. Startup 5. Users 6. Details 7. Services
Built in Collector Sets in Performance Monitor
1. System Diagnostics (collects the status of local hardware resources and configuration data, together with data from the System information tool) 2. System Performance (reports the status of local hardware resources, system response times, and processes)
Reliability Main Features
1. System Stability Chart 2. Records Key Events in a Timeline 3. Installation and Failure Reports If poor performance occurs, investigate and troubleshoot the reason to establish whether there is a bottleneck.
2 Types of Log Files
1. Windows Logs (include application, security, setup, system, and forwarded events) 2. Applications and Services Logs (include other logs from applications and services to record application-specific or service-specific events)
Configure and Analyze Event Viewer Logs
A key built-in security tool in all Windows O/S are event logs, which are accessed in the Windows Event Viewer and provide info regarding system events that occur. Event logs are generated as a background activity by the Event Log service and can include information, warning, and error messages about Windows components and installed applications and actions carried out on the ystem You can start Event Viewer by "eventvwr.msc"
Let Windows Manage My Default Printer
A new feature in Windows 10 version 1511. The default configuration is set to On, and Windows 10 will configure the default printer to be the most recently used one
Security Logs
Contains audit-able events such as logon, logoff, privileged use, and shutdown
System Logs
Contains events logged by Windows 10. This is the main system log
Evaluate System Stability with Reliability Monitor
Enables you to view a computer's reliability and problem history and offers both the help desk and you the ability to explore the detailed reports and recommendations that can help you identify and resolve reliability issues. Changes to the system such as software and driver installations are recorded, and changes in system stability are then links to changes in the system configuration To launch Reliability Monitor, type "reliability" in the Start screen and click View Reliability History in Control Panel, or type "perfmon /rel" at a cmd
Application Logs
Events logged by installed applications
Monitor System Resources
Every computer system has a performance threshold that, if pushed beyond this level, will cause the system to struggle to perform optimally. If you overload the system, it will eventually slow down as it attempts to service each demand with the available resources
Windows Memory Diagnostic Tool
For pinpointing memory failures you can use the WMDT by typing "mdsched.exe" into cmd and following the instructions
Ransonware
Harms the user by encrypting user data. A ransom (fee) needs to be paid to the malware authors to recover the data
Setup Logs
Records events logged by Windows during setup and installation
Computer Worms
Replicate, without direct intervention, across networks
Monitor Performance using Resource Monitor
The Resource monitor displays more information and activity statistics relating to your system resources in real time. It is similar to Task Manager but also enables you to dive deeper into the actual processes and see how they affect the performance of your CPU, disk, network, and memory sub components
Access Task Manager
The Task Manager built into Windows 10 shows you which processes (tasks) are running on your system, and, importantly, shows the system resource usage that directly relates to performance. By default the Task Manager opens to show only the running processes
Performance Monitor
There are 3 components that you can add\ 1. Performance Objects 2. Performance Object Instances 3. Performance Counters The most appropriate tool to record a baseline in Windows 10. It will help you review and report on the following areas: 1. System Workload 2. Monitor System Resources 3. Notice Changes and Trends in Resource Use 4. Diagnose Problems
View Event Subscriptions
To Enable the Collector computer to view subscriptions: 1. Open an elevated cmd 2. Type "wecutil qc" To Enable remote collection of events on the source computer: 1. Open an elevated cmd 2. Type "winrm quickconfig"
Configure Indexing Options
To maintain the performance of Windows 10 search, the system automatically indexes data on your computer in the background. This data includes user-generated files, folders, and documents To view your existing indexing locations, type "index" on the Start screen and click Indexing Options in Control Panel to see the Indexing Options **Be careful not to index everything on your disk. A large index can affect the search performance negatively
Spyware
Tracking software that reports to the third party how a computer is used
Trojan Horses
Tricks the user into providing an attacker with remote access to the infected computer
Forwarded Events
Used when event forwarding is operational. This log records forwarded events from other computers
Default Printer Behavior
Whenever you print to your printer, Windows 10 sets the last used printer as the default printer
Windows Defender
Windows Defender antimalware software that is included with Windwos 10 offers fully featured antimalware protection against viruses, spyware, rootkits, and other types of malware Windows Defender also works with the IE SmartScreen Filter that protects your web browsing activity and prevents downloading or installing malware
Monitor Performance using Performance Monitor and Data Collector Sets
You can use the Performance Monitor Microsoft Management Console snap-in to monitor and track your device for the default set of performance parameters or a custom set you select for display. These performance parameters are referred to as counters. Performance Monitor graphically displays statistics and offers real-time monitoring and recording capabilities. By default, the update interval for the capture is set to one second, but this is configurable
Computer Viruses
replicating malware, normally with email attachments or files