Servers are the heart of any Microsoft Windows network. One of your primary responsibilities as an administrator is to manage these resources. Your key tool is the Computer Management console, which provides a single integrated interface for handling such core system administration tasks as:
Managing user sessions and connections to servers
Managing file, directory, and share usage
Setting administrative alerts
Managing applications and network services
Configuring hardware devices
Viewing and configuring disk drives and removable storage devices
Although the Computer Management console is great for remote management of network resources, you also need a tool that gives you fine control over system environment settings and properties. This is where the System utility comes into the picture. You’ll use this utility to:
Configure application performance, virtual memory, and registry settings
Manage system and user environment variables
Set system startup and recovery options
Manage hardware and user profiles
The Computer Management console is designed to handle core system administration tasks on local and remote systems. You’ll spend a lot of time working with this tool, and you should get to know every nook and cranny. Access the Computer Management console with either of the following techniques:
Choose Start, then Programs or All Programs as appropriate, then Administrative Tools, and finally Computer Management.
Select Computer Management from the Administrative Tools folder.
As Figure 2-1 shows, the main window has a two-pane view that’s similar to Windows Explorer. You use the console tree in the left pane for navigation and tool selection. The right pane is the details pane. Tools are divided into three broad categories:
System Tools. Provides access to general-purpose tools for managing systems and viewing system information
Storage. Displays information on removable and logical drives and provides access to drive management tools
Services And Applications. Lets you view and manage the properties of services and applications installed on the server
Tip
Management consoles such as Computer Management are created using the Microsoft Management Console (MMC) framework. MMC 3.0 is included with Windows Server 2003 R2 and Windows Server 2003 SP2. MMC 3.0 offers several enhancements: a revised Add/Remove Snap-in dialog box that allows easier management of snap-ins; improved error handling, which improves error reporting in consoles; and an Action pane that lists actions that can be performed based on the currently selected item or results. The Action pane is similar to the shortcut menu that is displayed when you right-click an item. To display or close the Action pane, you need to click the Show/Hide Action Pane button on the console toolbar.
Real World
The Action pane is meant to reduce confusion, because sometimes you might not see a shortcut menu when you right-click. Whether the shortcut menu appears when you right-click a menu item is controlled by the Enable Dragging And Dropping menu option. If you don’t see a shortcut menu when you right-click an item, Enable Dragging And Dropping has been disabled. To enable shortcut menus, right-click Start, choose Properties, and then click Customize. If you are using the Simple Start Menu, click the Advanced tab, and then, in the Start Menu Items box, select Enable Dragging And Dropping. If you are using the Classic Start Menu, click Enable Dragging And Dropping in the Advanced Start Menu Options list.
The tools available through the console tree provide the core functionality for the Computer Management console. When Computer Management is selected in the console tree, you can easily access three important tasks:
Connect to other computers
View and change system properties
Export information lists
In the following sections we’ll examine these tasks, and then we’ll take a detailed look at working with tools in the Computer Management console.
The Computer Management console is designed to be used with local and remote systems. You can select a computer to manage by completing the following steps:
Right-click the Computer Management entry in the console tree and then select Connect To Another Computer on the shortcut menu. This opens the Select Computer dialog box.
Choose Another Computer and then type the fully qualified name of the computer you want to work with, such as engsvr01.technology.microsoft.com, where engsvr01 is the computer name and technology.microsoft.com is the domain name. Or click Browse to search for the computer with which you want to work. Click OK.
You can use the Computer Management console to view the system properties of the local or remote system to which you are currently connected. Essentially, this gives you access to the General, Computer Name, and Advanced tabs of the System utility for that computer. This means you can connect to a computer and access its properties to determine its operating system, service pack, processor type, total system random access memory (RAM), computer name, and more.
You view or change system properties by completing the following steps:
In the Computer Management console, connect to the computer with which you want to work and then right-click the Computer Management entry.
Choose Properties. This opens the dialog box shown in Figure 2-2.
Click the General, Computer Name, or Advanced tab as appropriate. In the Advanced tab you can view and configure settings for processor scheduling, memory usage, virtual memory, environment variables, startup, and recovery.
Note
The Advanced tab doesn’t have options for viewing User Profile or Error Reporting settings. You can change these settings only by using the System utility. You can access the System utility by selecting System from the Control Panel menu. In addition, you must have appropriate permissions on a remote system to manage its settings.
The ability to export information lists is one of my favorite features of the Computer Management console, and if you maintain system information records or regularly work with Windows scripting, it’ll probably be one of yours, too. The Export List feature allows you to save textual information displayed in the right pane to a tab-delimited or comma-delimited text file. You could, for example, use this feature to save detailed information on all the services running on the system by completing the following steps:
In the Computer Management console, click the plus sign (+) next to the Services And Applications node. This expands the node to display its contents.
Select and right-click Services, and then, from the shortcut menu, select Export List. This opens the Export List dialog box.
Use the Save In selection list to choose the save location and then enter a name for the export file in the File Name text box.
Use the Save As Type selection list to set the formatting of the export file. You can separate columns of information with tabs or commas and save as ASCII text or Unicode text. In most cases, you’ll want to use tab-delimited ASCII text.
Click Save to complete the export process.
You can use a similar procedure to export lists of other information displayed in the Computer Management console.
The Computer Management system tools are designed to manage systems and view system information. The available system tools are the following:
Event Viewer. View the event logs on the selected computer. Event logs are covered in "Event Logging and Viewing" in Chapter 3.
Shared Folders. Manage the properties of shared folders, user sessions, and open files. Managing user sessions, open files, and network shares is covered in Chapter 14.
Local Users And Groups. Manage local users and local user groups on the currently selected computer. Working with users and groups is covered in Chapter 6 to Chapter 10, along with other types of accounts that you can manage in Active Directory directory service.
Performance Logs And Alerts. Monitor system performance and create logs based on performance parameters. You can also use this tool to notify or alert users of performance conditions. For more information on monitoring systems, see Chapter 3.
Device Manager. Use as a central location for checking the status of any device installed on a computer and for updating the associated device drivers. You can also use it to troubleshoot device problems. Managing devices is covered in the section entitled "Managing Hardware Devices and Drivers," later in this chapter.
The Computer Management storage tools display drive information and provide access to drive management tools. These are the storage tools available:
Removable Storage. Manages removable media devices and tape libraries. Tracks work queues and operator requests related to removable media devices.
Disk Defragmenter. Corrects drive fragmentation problems by locating and combining fragmented files.
Disk Management. Manages hard disks, disk partitions, volume sets, and redundant array of independent disks (RAID) arrays. Replaces the Disk Administrator utility in Windows NT 4.0.
Working with files, drives, and storage devices is the subject of Chapter 11 to Chapter 15.
You use the Computer Management services and applications tools to manage services and applications installed on the server. Any application or service-related task that can be performed in a separate tool can be performed through the Services And Applications node as well. For example, if the currently selected system has Dynamic Host Configuration Protocol (DHCP) installed, you can manage DHCP through the Server Applications And Services node. You could also use the DHCP tool in the Administrative Tools folder. You can perform the same tasks either way.
This technology is possible because the DHCP tool is an MMC snap-in. When you access the DHCP tool in the Administrative Tools folder, the snap-in is displayed in a separate console. When you access the DHCP tool through the Server Applications And Services node, the snap-in is displayed within the Computer Management console. Working with services and applications is discussed in Chapter 3 and elsewhere in this book.
You use the System utility to manage system environments, profiles, and properties. To access the System utility, select or double-click System in the Control Panel. This displays the System Properties dialog box. Whether you must select or double-click System depends on whether Control Panel is displayed as a menu or in a separate window.
As shown in Figure 2-3, the System Properties dialog box is divided into six tabs. Each of these tabs is discussed in the sections that follow. When working with remote systems, keep in mind that General, Computer Name, and Advanced tab details are accessible in Computer Management, as discussed in the section entitled "Viewing and Changing System Properties," earlier in this chapter.
Figure 2-3. Use the System utility to manage system environment variables, profiles, and properties.
General system information is available for any server running Windows Server 2003 through the System utility’s General tab, which is shown in Figure 2-3. To access the General tab, start the System utility by selecting or double-clicking the System icon in the Control Panel.
The information provided in the General tab includes: operating system version and service pack, registered owner, Windows serial number, computer type, amount of RAM installed on the computer, processor type, and total system RAM.
You can display and modify the computer’s network identification with the System utility’s Computer Name tab, shown in Figure 2-4. As the figure shows, the tab displays the full computer name of the system and its domain membership. The full computer name is essentially the Domain Name System (DNS) name of the computer, which also identifies the computer’s place within the Active Directory hierarchy.
Figure 2-4. Use the Computer Name tab to display and configure system identification. Notice that you can’t change the identification or access information for domain controllers.
To access the Network Identification tab, start the System utility by selecting or double-clicking the System icon in the Control Panel; then click the Computer Name tab. You can now click Change to change the system name and domain associated with the computer.
Servers running Windows Server 2003 can use multiple hardware profiles. Hardware profiles are most useful for mobile servers, such as those configured on laptops. Using hardware profiles, you can configure one profile for when the computer is connected to the network (docked) and one profile for when the computer is mobile (undocked).
To configure hardware profiles, click the System utility’s Hardware tab and then click the Hardware Profiles button. This opens the dialog box shown in Figure 2-5. As with systems with multiple operating systems, Windows Server 2003 allows you to configure the way hardware profiles are used, as follows:
Set a default profile by changing the profile’s position in the Available Hardware Profiles list. The top profile is the default profile.
Determine how long the system displays the startup hardware profile menu by setting a value using the field Select The First Profile Listed If I Don’t Select A Profile In. The default value is 30 seconds.
Have the system wait indefinitely for user input by selecting Wait Until I Select A Hardware Profile.
To configure a computer for docked and undocked profiles, complete the following steps:
In the Available Hardware Profiles list, select the default profile, and then click Copy.
In the Copy Profile dialog box, type a name for the Docked profile in the To text box and then click OK.
Select the new profile, and then click the Properties button.
Select the This Is A Portable Computer check box, and then choose The Computer Is Docked.
Select the Always Include This Profile As An Option When Windows Starts check box, and then click OK.
Select the default profile in the Available Hardware Profiles list, and then click Copy.
In the Copy Profile dialog box, type a name for the Undocked profile in the To text box and then click OK.
Select the new profile, and then click the Properties button.
Select the This Is A Portable Computer check box, and then choose The Computer Is Undocked.
Select the Always Include This Profile As An Option When Windows Starts check box, and then click OK.
Set the default hardware profile as appropriate for the computer’s current state as either docked or undocked. Click OK.
When the system is booted, the hardware profiles are displayed, and you can select the appropriate profile.
The System utility’s Advanced tab, shown in Figure 2-6, controls many of the key features of the Windows operating system, including application performance, virtual memory usage, user profile, environment variables, and startup and recovery. To access the Advanced tab, start the System utility by selecting or double-clicking the System icon in the Control Panel; then click the Advanced tab.
Figure 2-6. The Advanced tab lets you configure advanced options, including performance options, environment variables, and startup and recovery.
Many graphics enhancements have been added to the Windows Server 2003 interface. These enhancements include many visual effects for menus, toolbars, windows, and the taskbar. To ensure that the server performs at its best level, these options are turned off by default in an initial installation. This reduces the amount of work the server must do when administrators log on locally to perform tasks, and you usually shouldn’t change this default setting. However, if you need to modify these options, you can do so by following these steps:
Click the Advanced tab in the System utility, and then click the Settings button in the Performance panel to display the Performance Options dialog box.
The Visual Effects tab should be selected by default. You have the following options for controlling visual effects:
Let Windows Choose What’s Best For My Computer. Allows the operating system to choose the performance options based on the hardware configuration. On a server, this typically means that Windows selects only the Use Visual Styles On Windows And Buttons option and that all other options are cleared.
Adjust For Best Appearance. When you optimize Windows for best appearance, you enable all visual effects for all graphical interfaces. The menus and taskbar use transitions and shadows. Screen fonts have smooth edges. List boxes have smooth scrolling. Folders use Web views and more. On a server, this setting unnecessarily uses a lot of memory and system resources, and you should rarely use it.
Adjust For Best Performance. When you optimize Windows for best performance, you turn off the resource-intensive visual effects, such as slide transitions and smooth edges for fonts, while maintaining a basic set of visual effects. In some cases this completely turns off all visual effects.
Custom. You can customize the visual effects as well. To do this, select or clear the visual effects options in the Performance Options dialog box. If you clear all options, Windows doesn’t use visual effects.
When you’re finished changing visual effects, click OK and then click OK again.
Application performance is related to the Processor Scheduling and Memory Usage options that you set for the Windows Server 2003 system. Processor Scheduling determines the responsiveness of the current active application (as opposed to background applications that might be running on the system). Memory Usage determines whether physical memory is optimized for applications or the system cache.
You control application performance by completing the following steps:
Access the Advanced tab in the System utility, and then display the Performance Options dialog box by clicking the Settings button in the Performance panel. Click the Advanced tab to modify the performance settings.
The Processor Scheduling panel has two options:
Programs. To give the active application the best response time and the greatest share of available resources, select Applications. Generally, you’ll want to use this option for Application, Web, and Streaming Media servers.
Background Services. To give background applications a better response time than the active application, select Background Services. Generally, you’ll want to use this option for Active Directory, File, Print, and Network and Communications servers.
The Memory Usage panel has two options:
Programs. Choose this option to optimize physical memory usage for applications. Generally, you’ll want to use this option for Application, Web, and Streaming Media servers.
System Cache. Choose this option to optimize physical memory usage for the system cache. Generally, you’ll want to use this option for Active Directory, File, Print, and Network and Communications servers.
Click OK.
Virtual memory allows you to use disk space to extend the amount of available RAM on a system. This feature of Intel 386 and later processors writes RAM to disks using a process called paging. With paging, a set amount of RAM, such as 32 megabytes (MB), is written to the disk as a paging file, where it can be accessed when needed.
An initial paging file is created automatically for the drive containing the operating system. By default, other drives don’t have paging files, and you must create these paging files manually if you want them. When you create a paging file, you set an initial size and a maximum size. Paging files are written to the volume as a file called Pagefile.sys.
Best Practices
Microsoft recommends that you create a paging file for each physical disk on the system. On most systems, multiple paging files can improve the performance of virtual memory. Thus, instead of a single large paging file, it’s better to have several small ones. Keep in mind that removable drives don’t need paging files.
You can configure virtual memory by completing the following steps:
Start the System utility, and then click the Advanced tab.
Click Setting in the Performance panel to display the Performance Options dialog box, and then click the Advanced tab. Then click Change to display the Virtual Memory dialog box shown in Figure 2-7.
This dialog box has three key areas:
Drive [Volume Label]. Shows how virtual memory is currently configured on the system. Each volume is listed with its associated paging file (if any). The paging file range shows the initial and maximum size values set for the paging file.
Paging File Size For Selected Drive. Provides information on the currently selected drive and allows you to set its paging file size. Space Available tells you how much space is available on the drive.
Total Paging File Size For All Drives. Provides a recommended size for virtual RAM on the system and tells you the amount currently allocated. If this is the first time you’re configuring virtual RAM, you’ll note that the recommended amount has already been given to the system drive (in most instances).
Best Practices
Although Windows Server 2003 can expand paging files incrementally as needed, this can result in fragmented files, which slows system performance. For optimal system performance, set the initial size and maximum size to the same value. This ensures that the paging file is consistent and can be written to a single contiguous file (if possible, given the amount of space on the volume). In most cases I recommend setting the total paging file size so that it’s twice the physical RAM size on the system. For instance, on a computer with 512 MB of RAM, you would ensure that the Total Paging File Size For All Drives setting is at least 1024 MB. However, on servers with 2 GB or more of RAM, it’s best to follow the hardware manufacturer’s guidelines for paging file sizes.
In the Drive list box, select the volume with which you want to work.
Use the Paging File Size For Selected Drive area to configure the paging file for the drive. Select Custom Size. Then enter an initial size and a maximum size and click Set to save the changes.
Repeat Steps 3 and 4 for each volume you want to configure.
Note
The paging file is also used for debugging purposes when a STOP error occurs on the system. If the paging file on the system drive is smaller than the minimum amount required to write the debugging information to the paging file, this feature will be disabled. If you want to use debugging, you should set the minimum size to the same figure as the amount of RAM on the system. For example, a system with 256 MB of RAM would need a paging file of 256 MB on the system drive.
On the system volume, the initial size must be as large as the current physical RAM. If it isn’t, Windows won’t be able to write STOP information to the system drive when fatal errors occur. Click Set to save the changes.
Repeat Steps 3 and 4 for each volume you want to configure.
Click OK, and, if prompted to overwrite an existing Pagefile.sys file, click Yes.
Close the System utility.
Note
If you updated the settings for the paging file that’s currently in use, you’ll see a prompt explaining that you need to restart the server for the changes to take effect. Click OK. When you close the System utility, you’ll see a prompt telling you that you need to restart the system for the changes to take effect. On a server, you should schedule this reboot outside normal business hours.
Data Execution Prevention (DEP) is a memory protection technology enabled with Service Pack 1 or later. DEP tells the computer’s processor to mark all memory locations in an application as nonexecutable unless the location explicitly contains executable code. If code is executed from a memory page marked as nonexecutable, the processor can raise an exception and prevent it from executing. This prevents malicious code, such as a virus, from inserting itself into most areas of memory because only specific areas of memory are marked as having executable code.
Note
32-bit versions of Windows support DEP as implemented by those processors that provide the no-execute page-protection (NX) processor feature. Such processors support the related instructions and must be running in Physical Address Extension (PAE) mode. 64-bit versions of Windows also support the NX processor feature.
Tip
As part of system startup, a Noexecute flag is added to the Boot.ini entry. When you change the DEP settings in the System utility, you are manually switching the type of DEP used between noexecute=optin and noexecute=optout. Two additional options are provided through noexecute=alwayson or noexecute=alwaysoff. These settings turn DEP on or off for all processes systemwide respectively, and they’re more typically used with Windows XP SP2 or later than with Windows Server 2003.
You can determine whether a computer supports DEP by using the System utility. If a computer supports DEP, you can also configure it by completing the following steps:
Click the Advanced tab in the System utility, and then on the Performance panel click Settings to display the Performance Options dialog box.
The Performance Options dialog box has several tabs. Click the Data Execution Prevention tab. The text at the bottom of this tab specifies whether the computer supports execution protection.
If a computer supports execution protection and is configured appropriately, you can configure DEP by using the following options:
Turn On DEP For Essential Windows Programs And Services Only. Enables DEP for limited system binaries as well as programs that specifically opt-in. Applications and other programs running on the server are not configured to use DEP. (Same as using /noexecute=optin in Boot.ini.)
Turn On DEP For All Programs And Services Except Those I Select. Enables DEP for all programs and services running on the server. You can configure specific exceptions as necessary using the Add or Remove buttons. Click Add to specify the executable for a program or service that should run without execution protection. Selected an excepted program or service and then click Remove to remove it from the exception list. (Same as using /noexecute=optout in Boot.ini.)
Click OK.
Caution
If you set noexecute=alwaysoff in Boot.ini, DEP options will be dimmed in the Performance Options dialog box. This appearance is the same as on systems that do not support DEP.
Real World
To be compatible with this feature, applications must be able to explicitly mark memory with Execute permission. Applications that can’t do this won’t be compatible with the NX processor feature. If you’re experiencing memory-related problems running applications, you should determine the applications that are having problems and configure them as exceptions rather than completely disabling execution protection. In this way, you still get the benefits of memory protection and can selectively disable memory protection for programs that aren’t running properly with the NX processor feature.
Execution protection is applied to both user-mode and kernel-mode programs. A user-mode execution protection exception results in a STATUS_ACCESS_VIOLATION exception. In most processes, this exception will be an unhandled exception and will result in termination of the process. This is the desired behavior because most programs violating these rules will be malicious in nature, such as a virus or worm.
Unlike applications, execution protection for kernel-mode device drivers can’t be selectively disabled or enabled. Furthermore, on compliant 32-bit systems, execution protection is applied by default to the memory stack. On compliant 64-bit systems, execution protection is applied by default to the memory stack, the paged pool, and the session pool. A kernel-mode execution protection access violation for a device driver results in an ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY exception.)
Windows tracks important strings, such as a path where files are located or the logon domain controller host name, using environment variables. Environment variables defined for use by Windows, called system environment variables, are the same no matter who is logged in to a particular computer. Environment variables defined for use by users or programs, called user environment variables, are different for each user of a particular computer.
You configure system and user environment variables by means of the Environment Variables dialog box, shown in Figure 2-8. To access this dialog box, start the System utility, click the Advanced tab, and then click Environment Variables.
You can create environment variables by completing the following steps:
Click the New button under User Variables or System Variables, whichever is appropriate for the type of environment variable you want to create. This opens the New User Variable dialog box or the New System Variable dialog box, respectively.
In the Variable Name text box, type the variable name. Then, in the Variable Value text box, type the variable value. Click OK.
You can edit an existing environment variable by completing the following steps:
Select the variable in the User Variables or System Variables list box.
Click the Edit button under User Variables or System Variables, whichever is appropriate for the type of environment variable you’re modifying. This opens the Edit User Variable dialog box or the Edit System Variable dialog box, respectively.
Type a new value in the Variable Value text box. Click OK.
You can delete an environment variable by selecting the variable and then clicking the Delete button.
You configure system startup and recovery properties by means of the Startup And Recovery dialog box, shown in Figure 2-9. To access this dialog box, start the System utility, click the Advanced tab, and then click Settings on the Startup And Recovery panel.
Figure 2-9. The Startup And Recovery dialog box lets you configure system startup and recovery procedures.
The System Startup panel of the Startup And Recovery dialog box controls system startup. Some of the parameters and options are used to set related Boot Loader and Operating System entries in Boot.ini. Systems with multiple startup configurations, multiple operating system versions, or both will have multiple operating system entries in Boot.ini. During startup of the operating system, Windows uses Boot.ini to identify the boot device and boot flags. Various system startup flags are set through the operating system entries in Boot.ini, including NOEXECUTE flags for Data Execution Prevention (DEP) and FASTDETECT for faster operating system detection.
On a computer with multiple operating system entries in Boot.ini, to set the default operating system, select one of the operating systems listed in the Default Operating System field. These options are obtained from the operating system section of the system’s Boot.ini file.
At startup of a computer with multiple operating system entries in Boot.ini, Windows Server 2003 displays the startup configuration menu for 30 seconds by default. You can modify this by taking either of the following actions:
Boot immediately to the default operating system by clearing the Time To Display List Of Operating Systems check box.
Display the available options for a specific amount of time by selecting the Time To Display List Of Operating Systems check box and then setting a time delay in seconds.
Generally, on most systems you’ll want to use a value of 3–5 seconds. This is long enough to enable you to make a selection, yet short enough to expedite the system startup process.
When the system is in a recovery mode and booting, a list of recovery options might be displayed. As with the standard startup options, you can configure recovery startup options in one of two ways. You can set the computer to boot immediately using the default recovery option by clearing the Time To Display Recovery Options When Needed check box, or you can display the available options for a specific amount of time by selecting Time To Display Recovery Options When Needed and then setting a time delay in seconds.
The System Failure and Write Debugging Information areas of the Startup And Recovery dialog box control system recovery. Recovery options allow administrators to control precisely what happens when the system encounters a fatal system error (also known as a STOP error). The available options for the System Failure area are the following:
Write An Event To The System Log. Logs the error in the system log, which allows administrators to review the error later using the Event Viewer
Send An Administrative Alert. Sends an alert to the recipients specified in the Alert dialog box
Automatically Restart. Check this option to have the system attempt to reboot when a fatal system error occurs
Note
Configuring automatic restarts isn’t always a good thing. Sometimes you might want the system to halt rather than reboot, which should ensure that the system gets proper attention. Otherwise, you can only know that the system rebooted when you view the system logs or if you happen to be in front of the system’s monitor when it reboots.
The Write Debugging Information selection menu allows you to choose the type of debugging information that you want to write to a dump file. You can in turn use the dump file to diagnose system failures. The options are as follows:
None. Use None if you don’t want to write debugging information.
Small Memory Dump. Use this option to dump the physical memory segment in which the error occurred. This dump is 64 KB in size.
Kernel Memory Dump. Use this option to dump the physical memory area being used by the Windows kernel. The dump file size depends on the size of the Windows kernel.
Complete Memory Dump. Use this option to dump all physical memory being used at the time of the failure. The maximum dump file size is the same as the total physical memory size.
If you elect to write a dump file, you must also set a location for the dump file. The default dump locations are %SystemRoot%Minidump for small memory dumps and %SystemRoot%Memory.dmp for all other memory dumps. You’ll usually want to select Overwrite Any Existing File as well. This option ensures that any existing dump files are overwritten if a new STOP error occurs.
Note
You can create the dump file only if the system is properly configured. The system drive must have a sufficiently large memory-paging file (as set for virtual memory with the Advanced tab), and the drive where the dump file is written must have sufficient free space as well. For example, my server has 512 MB of RAM and requires a paging file on the system drive of the same size—512 MB. Since the same drive is used for the dump file, the drive must have at least 1 gigabyte (GB) of free space to create a complete dump of debugging information correctly (that’s 512 MB for the paging file and 512 MB for the dump file).
Windows Server 2003 features built-in system and program error reporting. Error reporting sends information about errors to Microsoft or to a corporate file share that administrators can monitor. Error reporting is enabled by default for all Windows Server 2003 installations, and you can configure it to monitor the following specific areas:
Windows Operating System. Reports critical operating system errors that cause a blue screen crash. The error report contains all the information that’s displayed on the blue screen.
Unplanned Machine Shutdowns. Reports when the server is shut down and the shutdown reason is listed as unplanned. Selecting this option helps you keep track of unplanned reasons for server shutdowns, which is essential to maintaining good uptime and service records.
Programs. Reports illegal program operations and internal program errors that cause a program to stop working. With program errors, you can specify which programs should be monitored for errors and which shouldn’t. If you elect to report program errors, you can enable Force Queue Mode For Program Errors. In Queue mode, the last 10 errors are displayed the next time an administrator logs on and the administrator is able to choose which errors are reported. Without selecting this option, only the last error that occurs is reported, which might be misleading.
How an error is reported depends on where the error originated. When a component or program error occurs, a dialog box appears asking if you want to report the problem. If you choose to report the problem, the error report is sent over the Internet to Microsoft and a Thank You dialog box is displayed with additional information that might be helpful in resolving the problem. When an operating system error occurs, the system doesn’t generate the error report until the next time you successfully boot and log on to the system.
You can enable and configure error reporting by completing the following steps:
Start the System utility. Click the Advanced tab and then click the Error Reporting button.
Select Enable Error Reporting and then select the check boxes for the areas you want to monitor.
Tip
By default, all program errors are reported, regardless of who the manufacturer is. If you chose to report program errors, you can change the default configuration. To do this, select Programs, click Choose Programs in the Error Reporting dialog box, and then select All Programs In This List. You can now select programs to add to the reporting list and you can disable reporting for Programs From Microsoft and Windows Components. You can also add programs to the Do Not Report Errors list.
Click OK.
You can disable error reporting by completing these steps:
Start the System utility. Click the Advanced tab, and then click the Error Reporting button.
Select Disable Error Reporting, and then click OK.
Another way to configure Error Reporting is to do so through Group Policy. Because Group Policy is discussed in detail in Chapter 4, and in other chapters, I won’t go into depth on how Group Policy works. I will tell you, however, which policies you’ll want to look at to help better manage Error Reporting for the enterprise. These policies are located in Computer ConfigurationAdministrative TemplatesSystemError Reporting and in Computer ConfigurationAdministrative TemplatesSystemError ReportingAdvanced Error Reporting Settings.
Tip
Error reporting can be distracting, but the information helps ensure that Microsoft resolves problems. To remove potential distraction, yet still help improve Windows for the future, you might want to disable Display Error Notification and enable Report Errors. When you do this, errors are automatically reported without notifying users that an error occurred.
The two most useful error reporting policies are:
Display Error Notification. Determines whether users are notified when errors occur. If not configured, users can specify error notification preferences using the System utility. If disabled, users aren’t notified when an error occurs (but this doesn’t prevent error reporting). If enabled, users are notified when an error occurs and given the opportunity to report the error.
Report Errors. Determines whether errors are reported and provides the opportunity to precisely control error reporting. If not configured, users can specify error reporting preferences using the System utility. If disabled, users won’t be able to report errors but might still be notified when errors occur. If enabled, errors might be reported to Microsoft over the Internet or to a corporate file share that administrators can monitor. You can also specify whether More Information links are available, whether associated files and machine data is collected, and whether application errors are queued.
Real World
Storing error reports on a file share can be helpful in resolving problems. Users might not tell you they’re having problems. They might assume that a crashing program or other problems that they see are normal behavior. To be proactive in your support, you might want to store error reports on a corporate file share. If you want to do this, create a network share and then specify the share using the Universal Naming Convention (UNC) notation, such as \GammaErrorReports, where Gamma is the server name and ErrorReports is the network share.
Tip
If you display errors and report them, you might want to customize the error reporting text with your company name. To do this, type your company name in the Replace Instances Of The Word "Microsoft" With field of the Report Errors Properties dialog box. Now your company name appears in text instead of Microsoft.
The Automatic Update tab of the System utility controls the Automatic Updates configuration on the server. This feature is discussed in the section entitled "Understanding and Using Automatic Updates" in Chapter 5.
The Remote tab of the System utility controls Remote Assistance invitations and Remote Desktop connections. These options are discussed in the section entitled "Managing Remote Access to Servers" in Chapter 5.
Windows Server 2003 provides four key tools for managing hardware devices and drivers. These tools are:
Device Manager
Add Hardware Wizard
Hardware Update Wizard
Hardware Troubleshooter
You’ll use these tools whenever you install, uninstall, or troubleshoot hardware devices and drivers. Before you work with device drivers, you should know the basics of signed and unsigned device drivers as well as the system settings that might prevent the use of unsigned drivers.
Microsoft recommends that you use signed device drivers whenever possible. Signed device drivers have a digital signature that authenticates them as having passed rigorous testing by the Windows Hardware Quality Labs. The digital signature also means the device driver hasn’t been tampered with.
Now, there are situations when you might have to use an unsigned device driver. For example, you might find that a device installed on a server doesn’t have a signed device driver. Your first response should be to check the manufacturer’s Web site to see if a signed driver is available. A signed driver might be available but not distributed with the device or on the Windows Server 2003 distribution disks. However, if one isn’t available, you might find that you have to use an unsigned driver. You have several options:
Install an unsigned driver; a driver that worked with Windows 2000 might work in this instance. However, the system might become unstable. The system might crash, lose data, or even fail to restart.
Stop using the device or use a different device with supported drivers. Cost might be a factor in your decision, but it shouldn’t be the only factor you consider. An unstable system costs time and money as well.
By default, Windows Server 2003 warns you if you try to install an unsigned device driver. If you don’t want to see this prompt, you can change the configuration so that this warning isn’t displayed. You can also specify that unsigned drivers should never be installed. One way to configure device driver settings is to use the System utility in the Control Panel:
Start the System utility. Click the Hardware tab and then click Driver Signing.
Choose the action you want Windows to take when someone tries to install an unsigned device driver. The options are:
Ignore. Install the software anyway and don’t ask for my approval.
Warn. Prompt me each time to choose an action.
Block. Never install unsigned driver software.
If the settings are only for the current user, clear the Make This Action The System Default check box. Otherwise, select this check box to make these settings the default for all users.
Click OK twice.
If you want to assign device driver settings for the enterprise, you can do this through Group Policy. In this case, Group Policy specifies the least secure setting that is allowed, and, if Group Policy is set to Block, unsigned device drivers can’t be installed without overriding Group Policy.
The Code Signing For Device Drivers policy controls device driver signing settings. This policy is located in User ConfigurationAdministrative TemplatesSystem. If enabled, you can specify the action to take: Ignore, Warn, or Block.
Note
If you’re trying to install a device and find that you can’t install an unsigned driver, you should first check the System utility settings for driver signing. If you find that the settings are set to block and you can’t change the setting, Code Signing For Device Drivers has been enabled and set to Block in Group Policy. You will need to override Group Policy in order to install the unsigned device driver.
You can view a detailed list of all the hardware devices installed on a system by completing the following steps:
Choose Start, Programs or All Programs as appropriate, Administrative Tools, and then Computer Management.
In the console tree, select Device Manager under System Tools. You should now see a complete list of devices installed on the system. By default, this list is organized by device type.
Click the plus sign (+) next to a device type to see a list of the specific instances of that device type.
If you right-click the device entry, you can manage the device using the shortcut menu. The options available depend on the type of device, but they include:
Disable. Disables the device but doesn’t uninstall it
Enable. Enables a device if it’s disabled
Properties. Displays the Properties dialog box for the device
Uninstall. Uninstalls the device and its drivers
Update Driver. Updates the driver file
Tip
The device list shows warning symbols if there are problems with a device. A yellow warning symbol with an exclamation point indicates a problem with a device. A red X indicates a device that’s improperly installed or that has been disabled by the user or administrator for some reason.
You can use the options on the View menu in the Computer Management console to change the defaults for what types of devices are displayed and how the devices are listed. The options are as follows:
Devices By Type. Displays devices by the type of device installed, such as Disk Drive or Printer. The connection name is listed below the type. This is the default view.
Devices By Connection. Displays devices by connection type, such as System Board or Logical Disk Manager.
Resources By Type. Displays the status of allocated resources by type of device using the resource. Resource types are direct memory access (DMA) channels, input/output (I/O) ports, interrupt request (IRQ), and memory addresses.
Resources By Connection. Displays the status of all allocated resources by connection type rather than device type.
Show Hidden Devices. Displays non-Plug and Play devices as well as devices that have been physically removed from the computer but haven’t had their drivers uninstalled.
Device drivers are required for devices such as sound cards and display adapters to work properly. Windows Server 2003 provides comprehensive management tools for maintaining and updating device drivers. These tools allow you to track driver information, install and update driver versions, roll back to a previously installed driver, and uninstall device drivers.
Each driver being used on a system has a driver file associated with it. You can view the location of the driver file and related details by completing the following steps:
In Computer Management, select Device Manager under System Tools. You should now see a complete list of devices installed on the system identified either by type or by connection. By default, this list is organized by device type, but you can also list devices by connection using View menu options.
Right-click the device you want to manage and then choose Properties from the shortcut menu. This opens the Properties dialog box for the device. Click the Driver tab.
Display the Driver File Details dialog box by clicking Driver Details. The information displayed includes:
Driver Files. Displays a list of file locations where the driver exists within %SystemRoot%
Provider. The creator of the driver
File Version. The version of the file
Digital Signer. Indicates whether the driver is signed and by whom
To keep devices operating smoothly, it’s essential that you keep their device drivers current. You can install and update drivers using the Hardware Update Wizard. By default, this wizard can search for updated device drivers in the following locations:
On the local computer
On a hardware installation CD
On the Windows Update site or your organization’s Windows Update server
In Group Policy, several policies control the search possibilities:
Turn Off Access To All Windows Update Features under Computer ConfigurationAdministrative TemplatesSystemInternet Communication ManagementInternet Communication Settings. If this policy setting is enabled, all Windows Update features are blocked and not available to users. Users will also be unable to access the Windows Update Web site.
Turn Off Windows Update Device Driver Searching under Computer ConfigurationAdministrative TemplatesSystemInternet Communication ManagementInternet Communication Settings. By default, Windows Update searching is optional when installing a device. If you enable this setting, Windows Update will not be searched when a new device is installed. If you disable this setting, Windows Update will always be searched when a new device is installed, if no local drivers are present.
Turn Off Windows Update Device Driver Search Prompt under Computer ConfigurationAdministrative TemplatesSystem. If you disable or do not configure Turn Off Windows Update Device Driver Searching, this policy setting affects whether a search prompt is displayed for Windows Update of device drivers. If this policy setting is enabled, administrators aren’t prompted to search Windows Update and the search will or will not take place automatically based on the Turn Off Windows Update Device Driver Searching setting. Otherwise, administrators will be prompted before Windows Update is searched.
You can install and update device drivers by completing the following steps:
In the Computer Management console, select Device Manager. You should now see a complete list of devices installed on the system. By default, this list is organized by device type.
Right-click the device you want to manage, and then select Update Driver from the shortcut menu. This starts the Hardware Update Wizard.
If the Group Policy configuration allows administrators to be prompted to determine whether Windows Update should be searched for the new driver, the first wizard page has the options shown in Figure 2-10.
Figure 2-10. If allowed by Group Policy, administrators are prompted to determine whether Windows Update should be searched.
These options are used as follows:
Yes, This Time Only. Windows Update will be searched for this driver install only.
Yes, Now And Every Time I Connect A Device. Windows Update will be searched automatically for driver updates. This setting applies to the installation of this driver and every time Driver Update is run.
No, Not This Time. Windows Update will not be searched for this install only.
Click Next after you make a selection. On the next page, you can specify whether you want to install the drivers automatically or manually by selecting the driver from a list or specific location.
If you choose to install the driver automatically, Windows Server 2003 looks for a more recent version of the device driver and, if found, installs the driver. If a more recent version of the driver is not found, Windows XP keeps the current driver. In either case, click Finish to complete the process and then skip the remaining steps.
If you choose to install the driver manually, you’ll have the opportunity to select one of the following options:
Search For The Best Driver In These Locations. If you search for drivers, the wizard checks for drivers on the driver database on the system and any of the optional locations you specify, such as a floppy disk or a CD-ROM. Any matching drivers found are displayed, and you can select a driver.
Don’t Search. I Will Choose The Driver To Install. If you decide to install drivers yourself, the next wizard page shows a list of compatible hardware and a recommended list of drivers for this hardware, as shown in Figure 2-11. If a correct driver is listed, all you need to do is to select it. If a correct driver isn’t listed, clear the Show Compatible Hardware check box. You can now view a list of manufacturers to find the manufacturer of the device. Once you find the manufacturer, select the appropriate device driver in the right pane.
After selecting a device driver through a search or a manual selection, continue through the installation process by clicking Next. Click Finish when the driver installation is completed. Keep in mind that in some cases you’ll need to reboot the system to activate the newly installed or updated device driver.
Sometimes you’ll find that a device driver that you’ve installed causes device failure or other critical problems on a system. Don’t worry; you can recover the system to the previously installed device driver. To do this, follow these steps:
In Computer Management, select Device Manager. You should now see a complete list of devices installed on the system. By default, this list is organized by device type.
Right-click the device you want to manage and then choose Properties from the shortcut menu. This opens the Properties dialog box for the device.
Click the Driver tab and then click Roll Back Driver. When prompted to confirm the action, click Yes. Click OK.
Note
If the driver file hasn’t been updated, a backup driver file won’t be available. Instead of being able to roll back the driver, you’ll see a prompt telling you that no driver files have been backed up for this device. If you’re having problems with the device, click Yes to start the Troubleshooter. Otherwise, click No to quit.
Usually, when you remove a device from a system, Windows Server 2003 detects the change and removes the drivers for that device automatically. Sometimes, however, when you remove a device, Windows Server 2003 doesn’t detect the change and you must remove the drivers manually. You can remove device drivers manually by completing the following steps:
Uninstalling a device driver uninstalls the related device. Sometimes when a device isn’t working properly you can completely uninstall the device, restart the system, and then reinstall the device driver to restore normal operations. You can uninstall and then reinstall a device by completing the following steps:
In Computer Management, select Device Manager. You should now see a complete list of devices installed on the system. By default, this list is organized by device type.
Right-click the device you want to manage and then choose Uninstall from the shortcut menu.
When prompted to confirm the action, click OK.
Reboot the system. Windows should detect the presence of the device and then automatically reinstall the necessary device driver. If the device isn’t automatically reinstalled, reinstall it manually as discussed in the section entitled "Adding New Hardware," later in this chapter.
Windows Plug and Play technology does a good job of detecting and automatically configuring new hardware. However, if the hardware doesn’t support Plug and Play or isn’t automatically detected, you’ll need to enter information about the new hardware into the Windows Server 2003 system. You do this by installing the hardware device and its related drivers on the system using the Add New Hardware Wizard. You can also use this wizard to troubleshoot problems with existing hardware.
You can install new hardware using the Add Hardware Wizard by completing the following steps:
From Control Panel, select or double-click Add Hardware as appropriate. This starts the Add Hardware Wizard. Click Next.
At this point you have two options:
If you’ve already connected the new hardware, select Yes, I Have Already Connected The Hardware and click Next to continue. The Add Hardware Wizard screen shown in Figure 2-12 should be displayed. Go on to Step 3.
If you haven’t connected the hardware, click No, I Have Not Added The Hardware Yet and then click Next. The only option you have now is to click Finish. You’ll need to connect the hardware (which might require shutting down the computer) and then restart the Add Hardware Wizard. Skip the remaining steps.
To add new hardware, select Add A New Hardware Device from the Installed Hardware list box and then click Next. This option is located at the very bottom of the Installed Hardware list. On the What Do You Want The Wizard To Do? page, determine whether the wizard should search for new hardware or whether you want to select the hardware from a list.
If you choose the search option, the wizard searches for and automatically detects new hardware. The process takes a few minutes to go through all the device types and options. When the search is completed, any new devices found are displayed, and you can select a device.
If you choose the manual option or if no new devices are found in the automatic search, you’ll have to select the hardware type yourself. Select the type of hardware, such as Modem or Network Adapter, and then click Next. Scroll through the list of manufacturers to find the device’s manufacturer, and then choose the appropriate device in the Models pane.
After you complete the selection and installation process, click Next and then click Finish. The new hardware should now be available.
When a device isn’t working properly, sometimes you’ll want to uninstall or disable it. Uninstalling a device removes the driver association for the device so that it temporarily appears that the device has been removed from the system. The next time you restart the system, Windows Server 2003 might try to reinstall the device. Typically, Windows Server 2003 reinstalls Plug and Play devices automatically, but not non-Plug and Play devices.
Disabling a device turns it off and prevents Windows Server 2003 from using it. Because a disabled device doesn’t use system resources, you can be sure that it isn’t causing a conflict on the system. You can uninstall or disable a device by completing the following steps:
In Computer Management, select Device Manager. You should now see a complete list of devices installed on the system. By default, this list is organized by device type.
Right-click the connection for the device you want to manage and then select one of the following options:
Enable. To enable the device
Uninstall. To uninstall the device
Disable. To disable the device
If prompted to confirm the action, click Yes or OK as appropriate.
You can use the Add Hardware Wizard to troubleshoot hardware problems as well. The basic steps are as follows:
From Control Panel, select or double-click Add Hardware as appropriate. This starts the Add Hardware Wizard. Click Next.
At this point, you have two options:
If you’ve already connected the hardware that you want to examine, select Yes, I Have Already Connected the Hardware and click Next to display the Installed Hardware list box. Go on to Step 3.
If you haven’t connected the hardware, click No, I Have Not Added the Hardware Yet and then click Next. The only option you have now is to click Finish. You’ll need to connect the hardware (which might require shutting down the computer) and then restart the Add Hardware Wizard. Skip the remaining steps.
From the Devices list, select the hardware device that you want to troubleshoot, and then click Next. The final wizard page provides a device status. When you click Finish, the wizard does one of two things:
If an error code is shown with the device status, the wizard accesses the error code in the online help documentation—if it’s available and installed. The help documentation should include a proposed technique to resolve the issue.
The wizard starts the Hardware Troubleshooter, which attempts to solve the hardware problem using your responses to the questions it asks. Follow the advice of the Hardware Troubleshooter to resolve the hardware problem.
You can also access the Hardware Troubleshooter directly. To do that, complete the following steps:
As an administrator, you might be asked to install or uninstall dynamic-link libraries (DLLs), particularly if you work with IT (information technology) development teams. The utility you use to work with DLLs is Regsvr32. This utility is run at the command line.
After you start a command window, you install or register a DLL by typing regsvr32 name.dll, for example:
regsvr32 mylibs.dll
If necessary, you can uninstall or unregister a DLL by typing regsvr32 /u name.dll, for example:
regsvr32 / u mylibs.dll
Note
Windows File Protection prevents replacement of protected system files. You’ll be able to replace only DLLs installed by the Windows Server 2003 operating system as part of a hot fix, service pack update, Windows update, or Windows upgrade. Windows File Protection is an important part of the Windows Server 2003 security architecture.