Windows Vista Administrative Tools

There are a number of system tools included with Windows Vista that you need to know for the exam. These administrative tools, discussed in the order they appear in the objectives, also include Windows Firewall, but it was covered earlier in this chapter.

Users and Groups

As an administrator, you can configure the users and groups on a system in the Microsoft Management Console (MMC). Start by clicking Start > and typing MMC in the Search box and pressing Enter. If Local Users And Groups is not visible in the left pane, choose File, then Add/Remove Snap-In, and then select Local Users And Groups from the list of possible snap-ins. You can choose to manage the local computer or another computer (requiring you to provide its address).

Local Users And Groups is not available for Windows Vista in any edition other than Windows Vista Business, Windows Vista Ultimate, and Windows Vista Enterprise. In all other editions, you must manage user accounts using the User Accounts applet in Control Panel and you cannot create or manage groups.

Local Security Policy

The Local Security Policy (Choose Start > and then enter secpol.msc) (also available as Control Panel > Administrative Tools > Local Security Policy) allows you to set the default security settings for the system. This feature is not available for Windows Vista in any edition other than Windows Vista Business, Windows Vista Ultimate, and Windows Vista Enterprise.

The following sections examine some of the Security Settings choices.

Account Policies

Account Policies further divides into Password Policy and Account Lockout Policy.

Password Policy

The following choices are available under Password Policy:

Enforce Password History This allows you to require unique passwords for a certain number of iterations. The default number is 0, but it can go as high as 24.
Maximum Password Age This variable defines the maximum number of days a password can be used. The default is 42 days, but values range from 0 to 999.
Minimum Password Age This variable defines the minimum number of days that a password must be used between password changes. The default is 0 days, but values range from 0 to 999.
Minimum Password Length This variable defines the least number of characters that must be used in a password. The default is 0 characters (meaning no passwords are required), but you can specify a number up to 14.
Password Must Meet Complexity Requirements This setting is disabled by default. When it is turned on, the password must include at least three of the following criteria: uppercase characters, lowercase characters, numerical characters, nonalphanumeric characters, Unicode characters.
Store Password Using Reversible Encryption For All Users In The Domain This setting is disabled by default. When it’s enabled, it provides support for applications that require knowledge of the password.

Because the likelihood of laptops being stolen always exists, it’s strongly encouraged that you implement strong password policies. Here’s an example:

  • Enforce Password History: 8 passwords remembered
  • Maximum Password Age: 42 days
  • Minimum Password Age: 3 days
  • Minimum Password Length: 6 to 8 characters

Leave the other two settings disabled.

Account Lockout Policy

The Account Lockout Policy setting is divided into the following three values:

Account Lockout Threshold This is the number of invalid attempts before lockout occurs. The default is 0 (meaning the feature is turned off). Invalid attempt settings range from 1 to 999. A number greater than 0 changes the values of the following two options to 30 minutes; otherwise, they are “not defined.”
Account Lockout Duration This is a number of minutes an account lockout lasts, ranging from 1 to 99999. A value of 0 is also allowed here and signifies that the account never unlocks itself—administrator interaction is always required. When the number is greater than 0, the user must wait that many minutes before being allowed to try to log in again.
Reset Account Lockout Counter After This is a number of minutes, ranging from 1 to 99999, that each failed login attempt remains on the counter. For example, if the value is set at 5, then after 5 minutes, one of the failed attempts is removed from the counter.

When you’re working with a mobile workforce, you must weigh the choice of users calling you in the middle of the night when they’ve forgotten their password against keeping the system from being entered if the wrong user picks up the laptop. A good recommendation is to use a lockout after five attempts for a period of time between 30 and 60 minutes.

Local Policy Settings

The Local Policies section is divided into three subsections: Audit Policy, User Rights Assignment, and Security Options. The Audit Policy section contains nine settings; the default value for each is No Auditing. When auditing is enabled, log entries are created for interactions with the item specified by the setting. Valid options are Success and Failure. The Audit Account Logon Events entry is the one you should consider turning on for mobile users to see how often they log in and out of their machines.

When auditing is turned on for an event, the entries are logged in the Security log file.

The User Rights Assignment subsection of Local Policies is where the meat of what was once called System Policies comes into play. User Rights Assignment has many options, most of which are self-explanatory. Part of what is shown in the list of user rights are the defaults for who can perform each action; a value of Not Defined indicates that no one is specified for the corresponding operation.

The Security Options section includes a great many options, which, for the most part, are representative of various Registry keys. The default for each is Not Defined; the two definitions that can be assigned are Enabled and Disabled, or a physical number can be assigned (as with the number of previous logons to cache).

System Configuration

The System Configuration tool (msconfig.exe) in Windows Vista is used to control the way the system behaves at startup and includes a number of tabs and options, as shown in Figure 15-6.

Figure 15-6: The System Configuration tool in Windows Vista

c15f006.tif

By clicking the Boot tab, you can see configuration options for the BCD and make some minor changes, as shown in Figure 15-7. The Advanced Options button allows you to configure the number of processors, maximum memory, and global debug settings.

Component Services

Component Services is an MMC snap-in in Windows Vista that allows you to administer and deploy component services. It can be used to configure various settings, such as security settings. With this tool, it is possible for administrators to manage components while developers configure routine component and application behavior (object pooling, for example). Figure 15-8 shows an example of the interface.

Figure 15-7: Options available on the Boot tab

c15f007.tif

Figure 15-8: Component Services

c15f008.tif

Data Sources

ODBC Data Source Administrator, accessed via Start > Control Panel > Administrative Tools > Data Sources (ODBC), allows you to interact with database management systems. Figure 15-9 shows an example of the screen.

Figure 15-9: Data Sources in Vista

c15f009.tif

Database drivers that are added to the system will show up here and can be shared between applications.

Print Management

New to Windows Vista, Print Management (Start > Control Panel > Administrative Tools > Print Management) allows you to manage multiple printers and print servers from a single interface. Print Management is not available for Windows Vista in any edition other than Windows Vista Business, Windows Vista Ultimate, and Windows Vista Enterprise. In all other editions, you must manage individual printers using the Printers applet in Control Panel, and you are very limited in what you can manage.

Windows Memory Diagnostics

The Windows Memory Diagnostics tool (Start > Control Panel > Administrative Tools > Memory Diagnostics Tool) can be used to check a system for memory problems. For the tool to work, the system must be restarted. The two options that it offers are to restart the computer now and check for problems or wait and check for problems on the next restart.

Upon reboot, the test will take several minutes and the display screen will show the number of which pass is being run and the overall status of the test (percent complete). When the memory test concludes, the system will restart again and nothing related to it having run is apparent until you log in. If the test is without error, you’ll see a message that no errors were found (see Figure 15-10). If any issues have been detected, the results will be displayed.

Figure 15-10: Memory test results

c15f010.tif
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.133.135.88