There are a number of system tools included with Windows Vista that you need to know for the exam. These administrative tools, discussed in the order they appear in the objectives, also include Windows Firewall, but it was covered earlier in this chapter.
As an administrator, you can configure the users and groups on a system in the Microsoft Management Console (MMC). Start by clicking Start > and typing MMC in the Search box and pressing Enter. If Local Users And Groups is not visible in the left pane, choose File, then Add/Remove Snap-In, and then select Local Users And Groups from the list of possible snap-ins. You can choose to manage the local computer or another computer (requiring you to provide its address).
Local Users And Groups is not available for Windows Vista in any edition other than Windows Vista Business, Windows Vista Ultimate, and Windows Vista Enterprise. In all other editions, you must manage user accounts using the User Accounts applet in Control Panel and you cannot create or manage groups.
The Local Security Policy (Choose Start > and then enter secpol.msc) (also available as Control Panel > Administrative Tools > Local Security Policy) allows you to set the default security settings for the system. This feature is not available for Windows Vista in any edition other than Windows Vista Business, Windows Vista Ultimate, and Windows Vista Enterprise.
The following sections examine some of the Security Settings choices.
Account Policies further divides into Password Policy and Account Lockout Policy.
The following choices are available under Password Policy:
Because the likelihood of laptops being stolen always exists, it’s strongly encouraged that you implement strong password policies. Here’s an example:
Leave the other two settings disabled.
The Account Lockout Policy setting is divided into the following three values:
When you’re working with a mobile workforce, you must weigh the choice of users calling you in the middle of the night when they’ve forgotten their password against keeping the system from being entered if the wrong user picks up the laptop. A good recommendation is to use a lockout after five attempts for a period of time between 30 and 60 minutes.
The Local Policies section is divided into three subsections: Audit Policy, User Rights Assignment, and Security Options. The Audit Policy section contains nine settings; the default value for each is No Auditing. When auditing is enabled, log entries are created for interactions with the item specified by the setting. Valid options are Success and Failure. The Audit Account Logon Events entry is the one you should consider turning on for mobile users to see how often they log in and out of their machines.
When auditing is turned on for an event, the entries are logged in the Security log file.
The User Rights Assignment subsection of Local Policies is where the meat of what was once called System Policies comes into play. User Rights Assignment has many options, most of which are self-explanatory. Part of what is shown in the list of user rights are the defaults for who can perform each action; a value of Not Defined indicates that no one is specified for the corresponding operation.
The Security Options section includes a great many options, which, for the most part, are representative of various Registry keys. The default for each is Not Defined; the two definitions that can be assigned are Enabled and Disabled, or a physical number can be assigned (as with the number of previous logons to cache).
The System Configuration tool (msconfig.exe) in Windows Vista is used to control the way the system behaves at startup and includes a number of tabs and options, as shown in Figure 15-6.
By clicking the Boot tab, you can see configuration options for the BCD and make some minor changes, as shown in Figure 15-7. The Advanced Options button allows you to configure the number of processors, maximum memory, and global debug settings.
Component Services is an MMC snap-in in Windows Vista that allows you to administer and deploy component services. It can be used to configure various settings, such as security settings. With this tool, it is possible for administrators to manage components while developers configure routine component and application behavior (object pooling, for example). Figure 15-8 shows an example of the interface.
ODBC Data Source Administrator, accessed via Start > Control Panel > Administrative Tools > Data Sources (ODBC), allows you to interact with database management systems. Figure 15-9 shows an example of the screen.
Database drivers that are added to the system will show up here and can be shared between applications.
New to Windows Vista, Print Management (Start > Control Panel > Administrative Tools > Print Management) allows you to manage multiple printers and print servers from a single interface. Print Management is not available for Windows Vista in any edition other than Windows Vista Business, Windows Vista Ultimate, and Windows Vista Enterprise. In all other editions, you must manage individual printers using the Printers applet in Control Panel, and you are very limited in what you can manage.
The Windows Memory Diagnostics tool (Start > Control Panel > Administrative Tools > Memory Diagnostics Tool) can be used to check a system for memory problems. For the tool to work, the system must be restarted. The two options that it offers are to restart the computer now and check for problems or wait and check for problems on the next restart.
Upon reboot, the test will take several minutes and the display screen will show the number of which pass is being run and the overall status of the test (percent complete). When the memory test concludes, the system will restart again and nothing related to it having run is apparent until you log in. If the test is without error, you’ll see a message that no errors were found (see Figure 15-10). If any issues have been detected, the results will be displayed.
3.138.67.27