Client Ch 12

printmanagement.msc

print mgmt Enterprise tool

Worms worse than a virus

virus - malicious sw that needs your help to infect - double click, download attachment and running Worm = turn on computer and infects - no help from you

Monitor and manage printers

A new Print Management desktop app and the new Printers & Scanners options in the Settings app provide basic printer management such as Add, Remove, and Set As Default Printer The Devices And Printers Control Panel item is the same

Easiest way to learn how to use Performance Monitor is to run one of the two built-incollector sets and review the results

System Diagnostics Data Collector Set collects the status of local hardware resources and configuration data, together with data from the System Information tool. System Performance Data Collector Set reports the status of local hardware resources, system response times, and processes

CPU, Memory, Disk, Network

Task mgr

Reliability Monitor shows when problems occurred

*****blue line stability index

Print Management console (cont)

Add and delete print devices View printers and print servers Add and remove print servers Add and manage print drivers Deploy printers using Group Policy Open and manage printer queues View and modify status of printers Use the filter feature to view printers based on filters

Actions pane

Custom Views can be saved and imported Filter is temporary Properties Find... Attach a Task to this Event

3 tools - best Perfmon (performance monitor - record data) better resmon (resource monitor - more detail - real time cannot record) good taskmgr (basic real time)

Data Collector Sets - record data should create log when computer is good - run perfmon to get baseline physicaldisk - never 100% queue - waiting - no longer than 4 or 5 - waiting for other things to happen

Resource Monitor

Displays more information and activity statistics relating to your system resources in real time. Similar to Task Manager but also enables you to dive deeper into the actual processes and see how they affect the performance of your CPU, disk, network, and memory Open Resource Monitor by using the link on the Performance tab of Task Manager or running Resmon.exe

Configure and analyze Event Viewer logs

Event logs are accessed in the Windows Event Viewer and provide information regarding system events that occur. Event logs include information, warning, and error messages about Windows components and installed applications and actions carried out on the system

Event logs automatically record system activity such as logons, application errors, and services stopping and starting. You can pull event logs from remote computers by using event subscriptions if you enable remote management. Windows 10 includes several tools to view system performance, including Task Manager, Performance Monitor, and Resource Monitor.

In Performance Monitor, you can create benchmarking reports by creating your own user-defined collector sets and running them to generate a performance baseline. Windows 10 provides the Print Management console, which provides a consolidated view of print-related activities, including print devices, drivers, and print queues. Windows 10 introduces the option to print to the last printer you used rather than to a fixed default printer.

Recommended counters in performance baseline

Memory > Pages/Sec Network Interface > Packets/Sec PhysicalDisk > % Disk Time PhysicalDisk > Avg. Disk Queue Length Processor > % Processor Time System > Processor Queue Length

To configure the computers to collect and send events

On the collector computer, in an elevated cmd prompt, type wecutil qc On the source computers, in an elevated cmd prompt, type winrm quickconfig

Task Manager

Shows you which processes (tasks) are running on your system and, importantly, shows the system resource usage that directly relates to performance. If a particular task or process is not responding, you can use Task Manager to view this behavior and force the offending process to end Several other ways to open Task Manager, including Ctrl+Shift+Esc or right-clicking the taskbar

Reliability Monitor main features include:

System stability chart including warning messages, and critical errors Records key events in a timeline such as the installation of new apps, operating system patches, and drivers Installation and failure reports including software installs, app failures, driver failures, operating system failures, etc.

Malware

The most common attack vector for malware is still by email Attacks from websites, pirated software, video, and music files are becoming increasingly common

Configure indexing options

To maintain the performance of Windows 10 search, the system automatically indexes data on your computer in the background. This data includes user-generated files, folders, and documents Speeds up future searches for files

Understand baseline performance vs. real-time monitoring

Useful to create a performance baseline for the device so that you can establish how the system performs normally and when under heavy load When an issue or symptom occurs, you can compare your baseline statistics to your real-time statistics and identify differences

Windows Defender

Windows 10 offers fully featured antimalware protection against viruses, spyware, rootkits, and other types of malware. Compared to earlier versions of Windows Defender, the solution is significantly improved in Windows 10 Works with the Internet Explorer SmartScreen Filter that protects your web browsing activity and prevents downloading or installing malware

Index option

ctrl panel - queries will be faster

Print drivers - most difficult

deploy - using GP

trojan horse; ransomware - encrypted spyware

disguised; intercept - keyloggers

smart screen filter

go to a web page - name sent to microsoft to see if on list of urls that people complain about

set affinity

liking something - affinity multiple processors - can dedicate a process to a processor

Windows + X does not work on Windows 7

taskmgr - cmd open task mgr If you start with ctrl+Alt+del - creates a new menu and may add to issues right click on bar - creates another menu Ctr+Shift+Esc

Your company has recently upgraded half of its computers from Windows 7 to Windows 10 Pro. Staff members use Office and a web-based line-ofbusiness application. The help desk manager has received several complaints from users, who state a variety of problems following the upgrade, including that: Their computers are slow. Apps stop responding. Websites are slow to load. The remaining Windows 7-based computers do not exhibit the same issues. You need to offer the help desk some advice on how to diagnose these problems and recommend how to resolve them as soon as possible. Answer the following questions from the help desk. 1. Why might the computers be slow after the upgrade? 2. Which tool could you recommend to help the help desk support members verify which apps are freezing? 3. You suspect that the network card could be a performance bottleneck. How could this suspicion be tested? 4. How would a network card bottleneck present itself?

1. Answers might vary. Several potential areas need to be investigated. The original computers should have met the minimum specification for Windows 10 to upgrade from Windows 7. The computers might be quite old and contain components that are slow in comparison to modern hardware, such as older hard drives without cache, or slow RAM memory. The BIOS or motherboard firmware might be old and need updating. The hardware device drivers might not have been updated to the latest versions for Windows 10. 2. Recommend to the help desk that it suggest using Reliability Monitor to review the stability history of the computers that are reporting app freezing. The Reliability Monitor report should identify the failing app and how often it is failing. You should also be able to see whether other failures are occurring that might relate or contribute to the app failure. 3. Answers might vary. You could review the network card driver version and see whether there are any known issues relating to the network card and Windows 10 on the manufacturer's website. You could use Performance Monitor to review the performance for the Network Interface counter and monitor the Output Queue Length. 4. Network-related activities such as web browsing and opening and saving resources across the network would be slower than normal. If there is network saturation, the report indicates that the queue length is more than 2, meaning that the network card cannot process network packets quickly enough.

Protect against malware infection by following these guidelines

All software should be from a reputable source. All software and operating system updates are applied. Antimalware software is installed and enabled on your devices. Antimalware definitions are up to date. Avoid using or accessing pirated software or media sharing sites. Be suspicious of out-of-the-ordinary email attachments, and don't open links in email

Performance Monitor

Allows you to monitor your device using a set of performance parameters or counters Displays statistics and offers real-time monitoring and recording capabilities Record performance information in a log file Can also create alerts that notify you when a specific performance criterion, such as a threshold or limit, has been met or exceeded

Some types of malware include:

Computer viruses Replicating malware, normally with email attachments or files. Computer worms Replicate, without direct intervention, across networks. Trojan horses Tricks the user into providing an attacker with remote access to the infected computer. Ransomware encrypts user data. A ransom (fee) needs to be paid to the malware authors to recover the data. Spyware Tracking software that reports to the third party how a computer is used

There are several levels of events

Information about changes related to a component or system process Audit Success/Failure if enabled appear in the Security log Error events warn that a problem occurred Warning events are not critical but should be investigated Critical events are the most severe and could lead to failure or loss of function

Event logs

The default Windows 10 event log maximum file size is 20 MB. If your system reaches this maximum size, new events will overwrite old events Recommended to increase the size of the logs, especially security log to 4,194,240 KB https://support.microsoft.com/en-us/help/957662/recommended-settings-for-event-log-sizes-in-windows

There are two types of log files

Windows logs Include Application, Security, Setup, System, and Forwarded Events Applications and services logs Include other logs from applications and services to record application-specific or service-specific events

Forward Events

You can automate the collection of event logs from other computers by creating event subscriptions Computers must be configured to allow remote administration. This is achieved by enabling the Windows Remote Management service on the source computer On the collector computer, start the Windows Event Collector service, which enables the computer to collect events from remote devices

Print Management console

You can use the Print Management console to manage both local and remote printers. Devices And Printers in Control Panel can only manage locally connected printers Print Management MMC is included in the Administrative Tools of Windows 10 Pro and Enterprise editions and lists all printers, drivers, and other print servers that you are connected to