srv427 windows server 2003 resource kit tools: how can they help me? james farhat...

SRV427SRV427Windows Server Windows Server 2003 Resource Kit 2003 Resource Kit Tools: How Can They Tools: How Can They Help Me?Help Me?

SRV427SRV427Windows Server Windows Server 2003 Resource Kit 2003 Resource Kit Tools: How Can They Tools: How Can They Help Me?Help Me?

James FarhatJames FarhatCEO/CTOCEO/[email protected]@actsolution.net

OverviewOverview

What is the Windows Server 2003 What is the Windows Server 2003 Resource Kit?Resource Kit?

Type of Tool CategoriesType of Tool Categories

AD ToolsAD Tools

Command Shell and Scripting ToolsCommand Shell and Scripting Tools

File and Folder Management ToolsFile and Folder Management Tools

Process and Service Management ToolsProcess and Service Management Tools

Security Management ToolsSecurity Management Tools

System Management ToolsSystem Management Tools

ResourcesResources

SummarySummary

What is the Windows Server What is the Windows Server 2003 Resource Kit? 2003 Resource Kit?

Free download Free download http://www.microsoft.com/downloadshttp://www.microsoft.com/downloads

Companion CD with Windows Server 2003 Deployment Companion CD with Windows Server 2003 Deployment KitKit

Over 100 toolsOver 100 tools

Windows XP; Windows XP SP1; Server 2003 Windows XP; Windows XP SP1; Server 2003 supportedsupported

12mb installation; 30mb required for install12mb installation; 30mb required for install

Windows Server 2003 64-bit not supportedWindows Server 2003 64-bit not supported

Great resource for admins, developers, and Great resource for admins, developers, and power userspower users

Eases Management and TroubleshootingEases Management and Troubleshooting

AD Tools AD Tools

Adlb.exe: Active Directory Load BalancingAdlb.exe: Active Directory Load Balancing

Rcontrolad.exe: Active Directory Remote Rcontrolad.exe: Active Directory Remote Control Add-OnControl Add-On

Active Directory Load BalancingActive Directory Load Balancingadlb.exeadlb.exe

Controls and improves replication efficiencyControls and improves replication efficiencyRebalance replication trafficRebalance replication traffic

Configure staggered scheduling of replication times Configure staggered scheduling of replication times

Useful in deploying large numbers of domain Useful in deploying large numbers of domain controllers in remote locations to ensure a controllers in remote locations to ensure a balanced load among bridgehead serversbalanced load among bridgehead servers

Active Directory Load BalancingActive Directory Load Balancingadlb.exeadlb.exe

System RequirementsSystem RequirementsMicrosoft Windows 2000, Microsoft Windows Server 2003, Microsoft Windows 2000, Microsoft Windows Server 2003, Windows XP Professional Windows XP Professional

Active Directory domain environment Active Directory domain environment

System requirements for ADLB schedule System requirements for ADLB schedule staggeringstaggering

Microsoft Windows 2000 domain controller, Microsoft Microsoft Windows 2000 domain controller, Microsoft Windows Server 2003 domain controller Windows Server 2003 domain controller

Windows Server 2003 domain functional level Windows Server 2003 domain functional level (for schedule staggering only) (for schedule staggering only)

Inter-Site Messaging Service on the domain controller Inter-Site Messaging Service on the domain controller

Installing and configuring ADLB is details in the Installing and configuring ADLB is details in the Windows Server 2003 Active Directory Branch Windows Server 2003 Active Directory Branch Office Guide Office Guide

http://www.microsoft.com/downloads/details.aspx?http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-9FA7-FamilyId=9353A4F6-A8A8-40BB-9FA7-3A95C9540112&displaylang=en3A95C9540112&displaylang=en

Active Directory Remote Control Add-Active Directory Remote Control Add-OnOn rControlAD.exerControlAD.exe

Adds the ability to connect to any Adds the ability to connect to any computer running Remote Desktop or computer running Remote Desktop or Terminal Services directly from the Active Terminal Services directly from the Active Directory MMCDirectory MMC

Active Directory Remote Control Add-Active Directory Remote Control Add-OnOn rControlAD.exerControlAD.exerControlAD opens a Remote Desktop rControlAD opens a Remote Desktop

connection to computers that are running:connection to computers that are running:Windows 2000 Server with Remote Administration Windows 2000 Server with Remote Administration enabledenabled

Windows Server 2003 with Remote Desktop Windows Server 2003 with Remote Desktop enabledenabled

Windows 2000/2003 Terminal ServerWindows 2000/2003 Terminal Server

Windows XP Professional with Remote Desktop Windows XP Professional with Remote Desktop enabledenabled

Install Remote Desktop Connection Install Remote Desktop Connection software for Windows 98, Windows NT, software for Windows 98, Windows NT, Windows 2000Windows 2000

Installing and Running Installing and Running rControlADrControlAD.exe .exe Installing and Running Installing and Running rControlADrControlAD.exe .exe

Command Shell and Scripting Command Shell and Scripting Tools Tools

Cmdhere.inf: Command HereCmdhere.inf: Command Here

Ifmember.exe: User Membership Tool Ifmember.exe: User Membership Tool

Sleep.exe: Batch File WaitSleep.exe: Batch File Wait

Command HereCommand Herecmdhere.infcmdhere.inf

Adds a “Adds a “CMD Prompt HereCMD Prompt Here”” when you right- when you right-click in the Folders on Windows Explorer click in the Folders on Windows Explorer

Opens a command-line session with the same Opens a command-line session with the same path as that of the object that you right-clickpath as that of the object that you right-click

Command HereCommand Herecmdhere.infcmdhere.inf

CmdHere is not installed by the Windows CmdHere is not installed by the Windows Server 2003 Resource Kit SetupServer 2003 Resource Kit Setup

Installing CMDHereInstalling CMDHereNavigate to the directory where the Resource Navigate to the directory where the Resource Kit is installed (C:\program files\Windows Kit is installed (C:\program files\Windows Resource Kits)Resource Kits)

Right-click Cmdhere.infRight-click Cmdhere.inf

Select Install on the shortcut menuSelect Install on the shortcut menu

User Membership ToolUser Membership ToolIfmember.exeIfmember.exe

Checks whether or not the current user is a Checks whether or not the current user is a member member of a specified group of a specified group

ifmember [/v|/verbose [/l|/list]|ifmember [/v|/verbose [/l|/list]|[[GroupName1GroupName1 [ [GroupName2GroupName2] ] ......]]

Arguments:Arguments:/v|/verbose /v|/verbose GroupName1GroupName1 [ [GroupName2GroupName2] ] ......]]

Prints all group matches. Prints all group matches. /l|/list/l|/list

Lists all groups of which the user is a member. Lists all groups of which the user is a member. GroupNameGroupName

Specifies one or more group names Specifies one or more group names (separated by a spaces) (separated by a spaces)

User Membership ToolUser Membership ToolIfmember.exeIfmember.exe

Common uses of IfmemberCommon uses of IfmemberLogon script to map application and drives Logon script to map application and drives based on group membership based on group membership

Matching specific application configurations to Matching specific application configurations to groups groups

List groups membership for auditing List groups membership for auditing

Batch File Wait Batch File Wait Sleep.exeSleep.exe

Adds a fixed delay to a batch Adds a fixed delay to a batch

It allows running program to install fully It allows running program to install fully before the batch file proceedsbefore the batch file proceeds

sleep sleep TimeTime

ParameterParameter

TimeTime Specifies the number of seconds to pause. Specifies the number of seconds to pause.

Batch File Wait Batch File Wait Sleep.exeSleep.exe

Deploying Microsoft Windows Malicious Deploying Microsoft Windows Malicious Software Removal Tool using Sleep.exe Software Removal Tool using Sleep.exe

@echo off @echo off call \\ServerName\ShareName\Sleep.exe 5 call \\ServerName\ShareName\Sleep.exe 5

Start /wait \\ServerName\ShareName\Windows-Start /wait \\ServerName\ShareName\Windows-KB890830-V1.16.exe /q KB890830-V1.16.exe /q

copy %windir%\debug\mrt.log \\ServerName\copy %windir%\debug\mrt.log \\ServerName\ShareName\Logs\%computername%_%usernameShareName\Logs\%computername%_%username%_mrt.log .%_mrt.log .

File and Folder Management File and Folder Management ToolsTools

Robocopy.exe: Robust File Copy Utility Robocopy.exe: Robust File Copy Utility

Vfi.exe: Visual File InformationVfi.exe: Visual File Information

Robust File Copy Utility Robust File Copy Utility Robocopy.exe:Robocopy.exe:

A very versatile copy utility – comes with A very versatile copy utility – comes with 32 pages of syntax! (Robocopy.doc)32 pages of syntax! (Robocopy.doc)Handles almost all types of copy and move Handles almost all types of copy and move operationsoperationsNetwork ConsiderationsNetwork Considerations

Universal Naming Convention (UNC) Universal Naming Convention (UNC) Retry a copy operation in the event of failure Retry a copy operation in the event of failure Backup permissionBackup permission

And many moreAnd many more

robocopy <source directory> <destination directory> <filenames> <options>

Robust File Copy Utility Robust File Copy Utility Robocopy.exe:Robocopy.exe:

Scenario 1Scenario 1You'd like your network file-copy job to retry as You'd like your network file-copy job to retry as many as 10 times and to wait 60 seconds many as 10 times and to wait 60 seconds between retriesbetween retriesrobocopy \\FServer\files \\BackupServer\Bfiles /w:60 /r10

Scenario 2Scenario 2But if the files size are hugeBut if the files size are huge, , if it got if it got disconnected after 90% transferreddisconnected after 90% transferred and and what what if the networks congested if the networks congested

robocopy \\FServer\files \\BackupServer\Bfiles /w:60 /r:10 /rh:2300-0530 /z/z /ipg:25/ipg:25

Visual File Information Visual File Information Vfi.exe:Vfi.exe:

File Path File Path

File File Name Name

ExtensioExtension n

Size Size

Date Date

TimeTimeAttributes Attributes File Version File Version Product Version Product Version LanguageLanguageCode PageCode Page

Operating Operating SystemSystemType Type File Flags File Flags CRC-32 CRC-32 ISO 9660 Level 1 ISO 9660 Level 1

Retrieves and displays available file Retrieves and displays available file informationinformation

Visual File Information Visual File Information Vfi.exe:Vfi.exe:

Common uses of VFICommon uses of VFI

Displays vital OS and file informationDisplays vital OS and file information

Compare contents of different directoriesCompare contents of different directories Modifying permissionModifying permission

Results can be copied to the clipboard or save it Results can be copied to the clipboard or save it out to a tab-delimited file or Excel fileout to a tab-delimited file or Excel file

Modify the Permissions of Modify the Permissions of an Administratoran AdministratorModify the Permissions of Modify the Permissions of an Administratoran Administrator

Process and Service Process and Service Management ToolsManagement Tools

Memmonitor.exe: Memory Monitor Memmonitor.exe: Memory Monitor

Pmon.exe: Process Resource Monitor Pmon.exe: Process Resource Monitor

Srvany.exe: Applications as Services Utility Srvany.exe: Applications as Services Utility

Memory Monitor Memory Monitor Memmonitor.exe:Memmonitor.exe:

Monitors, Gathers and Debugs Monitors, Gathers and Debugs detailed detailed memory usage for individual processesmemory usage for individual processes

memmonitormemmonitor [-p <pid> | -pn <name> | -ps <svc>] [- [-p <pid> | -pn <name> | -ps <svc>] [-wait] [-nodbg] [-int <secs>][-WS <value>] [-PPool wait] [-nodbg] [-int <secs>][-WS <value>] [-PPool <value>] [-NPPool <value>] [-VM <value>]<value>] [-NPPool <value>] [-VM <value>]

All arguments are optional except;All arguments are optional except;-p pid-p pid : process ID (0 for current process) : process ID (0 for current process)-pn name-pn name: name of the process (as shown in : name of the process (as shown in

TaskManager or TLISTTaskManager or TLISTOROR-ps svc-ps svc : name of a service (as known by Services : name of a service (as known by Services ManagerManager


Memmonitor outputMemmonitor outputShows the elapsed running timeShows the elapsed running time

Current memory usage detailsCurrent memory usage details

Memmonitor runs continuously until you Memmonitor runs continuously until you issue Ctrl+Cissue Ctrl+C

Monitor Process 1284 (Name: SQLAgent.exe)MemMon Monitor Process 1284 (Name: SQLAgent.exe)MemMon - 0:00:00- 0:00:00PageFaults: 13182PageFaults: 13182PeakWSSize: 22704K WorkingSetSize: 22252KPeakWSSize: 22704K WorkingSetSize: 22252KPeakPagedPool : 58K PagedPool : 54KPeakPagedPool : 58K PagedPool : 54KPeakNonPagedPool : 8K NonPagedPool : 7KPeakNonPagedPool : 8K NonPagedPool : 7KPeakPagefile : 13632K Pagefile : 13176KPeakPagefile : 13632K Pagefile : 13176K

MemMon - 0:00:30MemMon - 0:00:30


The Memmonitor fields provide the The Memmonitor fields provide the following information:following information:

PageFaultsPageFaults – Displays the number of hard and soft page – Displays the number of hard and soft page faults faults PeakWSSizePeakWSSize – Peak amount of memory used by the – Peak amount of memory used by the processprocessPeakPagedPoolPeakPagedPool – Peak amount of paged memory used by – Peak amount of paged memory used by

the processthe processPeakNonPagedPoolPeakNonPagedPool – Peak amount of non-paged memory – Peak amount of non-paged memory usedusedPeakPagefile PeakPagefile – Peak amount of page file memory used – Peak amount of page file memory used WorkingSetSizeWorkingSetSize – Amount of memory allocated to the – Amount of memory allocated to the process by the operating systemprocess by the operating systemPagedPoolPagedPool – Amount of allocated memory that is allowed – Amount of allocated memory that is allowed to bepaged to the hard diskto bepaged to the hard diskNonPagedPool NonPagedPool – Amount of allocated memory that can’t – Amount of allocated memory that can’t be written to diskbe written to diskPagefile Pagefile – Size of the file on the hard disk to which – Size of the file on the hard disk to which memory may be pagedmemory may be paged

Gather Baseline of Gather Baseline of Memory UsageMemory Usage Gather Baseline of Gather Baseline of Memory UsageMemory Usage

Process Resource Monitor Process Resource Monitor Pmon.exe: Pmon.exe:

Displays performance statisticsDisplays performance statisticsMemory and CPU usageMemory and CPU usagelist of all processes runninglist of all processes running

Run Pmon.exe by typing pmon at the command Run Pmon.exe by typing pmon at the command promptpromptPmon continuous to run until you type QPmon continuous to run until you type Q

Process Resource Monitor Process Resource Monitor

If you use Pmon to examine running processes, you’ll If you use Pmon to examine running processes, you’ll note three unique processes: note three unique processes:

File Cache File Cache Changes in the file cache indicated I/O activity for applicationsChanges in the file cache indicated I/O activity for applications

Memory usage - total physical memory usedMemory usage - total physical memory used

Page faults shows the number soft fault and hard faultPage faults shows the number soft fault and hard fault

Flts Diff - determines the cache fault rateFlts Diff - determines the cache fault rateA consistently high cache fault rate may indicate the need to A consistently high cache fault rate may indicate the need to increase the amount of physical memory on the systemincrease the amount of physical memory on the system

Idle ProcessIdle Process Tracks the amount of free CPU processing time Tracks the amount of free CPU processing time

99 in the CPU column means 99 percent of the system resources 99 in the CPU column means 99 percent of the system resources currently aren’t being usedcurrently aren’t being used

Overloaded? – monitor the idle processOverloaded? – monitor the idle process

CPU usage and the total CPU time - consistently low idle time CPU usage and the total CPU time - consistently low idle time (meaning high CPU usage), you may want to consider upgrading the (meaning high CPU usage), you may want to consider upgrading the processor or even adding processorsprocessor or even adding processors

Process Resource Monitor Process Resource Monitor

If you use Pmon to examine running processes, you’ll If you use Pmon to examine running processes, you’ll note three unique processes: (cont’d)note three unique processes: (cont’d)

System System System shows the resource usage for the local system System shows the resource usage for the local system processprocess

Applications as Services UtilityApplications as Services UtilitySrvany.exe:Srvany.exe:

InstSrv install SrvAny on Windows InstSrv install SrvAny on Windows Server 2003 and create a service name: Server 2003 and create a service name:

Lets you run just about any 32-bit or 16-bit Lets you run just about any 32-bit or 16-bit applications to run as servicesapplications to run as servicesInteractive programs like word processor Interactive programs like word processor and browsers may not workand browsers may not work

instsrv instsrv ServiceNameServiceName %windir%%windir%:\:\PathPath\srvany.exe\srvany.exe

Outputs:Outputs:The service was successfully added! Make sure The service was successfully added! Make sure that you go into the Control Panel and use that you go into the Control Panel and use the Services applet to change the Account the Services applet to change the Account Name and Password that this newly installed Name and Password that this newly installed service will use for its Security Context. service will use for its Security Context.


The advantages of running applications as The advantages of running applications as services are listed belowservices are listed below

When a user logs off, 32-bit applications When a user logs off, 32-bit applications running as services do not stoprunning as services do not stop

Applications running as services can handle Applications running as services can handle requests without user intervention. Unless an requests without user intervention. Unless an application is interactive.application is interactive.

Applications running as services can run with Applications running as services can run with their own logon accountstheir own logon accounts


After you install Srvany and create a After you install Srvany and create a service name:service name:

Configure a Service Configure a Service

RegEdit - application running as a service to start RegEdit - application running as a service to start automatically and always use the same start automatically and always use the same start parameters. parameters.

Services MMC Snap-in - start automatically or Services MMC Snap-in - start automatically or manually, or if you want to frequently change the manually, or if you want to frequently change the start parametersstart parameters

Handle Special Requirements Handle Special Requirements

Interactive versus Network AccessInteractive versus Network Access

User Exit Programming ConsiderationsUser Exit Programming Considerations

Presentation Manager ApplicationsPresentation Manager Applications

Manage a ServiceManage a Service

StartStart

StopStop

PausePauseDisableDisable

Security Management ToolsSecurity Management Tools

Inetesc.adm: Internet Explorer Enhanced Inetesc.adm: Internet Explorer Enhanced Security Configuration Security Configuration

Subinacl.exe Subinacl.exe

Winexit.scr: Windows Exit Screen Saver Winexit.scr: Windows Exit Screen Saver

Reduce the likelihood of a user or administrator Reduce the likelihood of a user or administrator downloading and running malicious Web content downloading and running malicious Web content on a server on a server

Enabled by default on computers running Windows Enabled by default on computers running Windows Server 2003 but can be deployed to other Windows OSServer 2003 but can be deployed to other Windows OS

Internet Explorer Enhanced Internet Explorer Enhanced Security Configuration - Security Configuration - Inetesc.adm:Inetesc.adm:


Some of the key modifications include:Some of the key modifications include:Security level for the Internet zone is set to Security level for the Internet zone is set to HighHigh

This setting disables scripts, ActiveX components, This setting disables scripts, ActiveX components, Microsoft virtual machine (Microsoft VM) HTML Microsoft virtual machine (Microsoft VM) HTML content, and file downloadscontent, and file downloads

Automatic detection of intranet sites is disabledAutomatic detection of intranet sites is disabledThis setting assigns all intranet Web sites and all This setting assigns all intranet Web sites and all Universal Naming Convention (UNC) paths that are not Universal Naming Convention (UNC) paths that are not explicitly listed explicitly listed in the Local intranet zone to the Internet zonein the Local intranet zone to the Internet zone


Some of the key modifications include: Some of the key modifications include: (Cont’d)(Cont’d)

Install on Demand and non-Microsoft browser Install on Demand and non-Microsoft browser extensions are disabledextensions are disabled

This setting prevents Web pages from automatically This setting prevents Web pages from automatically installing components and prevents non-Microsoft installing components and prevents non-Microsoft extensions from runningextensions from running

Multimedia content is disabledMultimedia content is disabledThis setting prevents music, animations, and video This setting prevents music, animations, and video clips from runningclips from running

Internet Explorer Enhanced Internet Explorer Enhanced Security Configuration - Security Configuration - Inetesc.adm :Inetesc.adm :

Managing Internet Explorer Enhanced Managing Internet Explorer Enhanced Security ConfigurationSecurity Configuration

Management TasksManagement TasksEnabling or disabling INETESC Enabling or disabling INETESC

Restricting who can manage trusted sites and other Restricting who can manage trusted sites and other Internet Explorer security settings on a serverInternet Explorer security settings on a server

Adding trusted Web sites and UNC paths to one of the Adding trusted Web sites and UNC paths to one of the trusted security zones (the Local intranet or Trusted trusted security zones (the Local intranet or Trusted sites zone)sites zone)

Management ToolManagement ToolGroup PolicyGroup Policy

ScriptsScripts

Answer FilesAnswer Files

Internet Options in Control PanelInternet Options in Control PanelAdd or Remove Programs in Control PanelAdd or Remove Programs in Control Panel

Managing INETESC ConfigurationManaging INETESC Configurationusing Group Policyusing Group PolicyManaging INETESC ConfigurationManaging INETESC Configurationusing Group Policyusing Group Policy

Subinacl.exeSubinacl.exe

Subinacl is probably the most versatile, Subinacl is probably the most versatile, powerful, and dangerous, ACL powerful, and dangerous, ACL management tool availablemanagement tool available

Lets you directly edit almost any security information Lets you directly edit almost any security information about files, registry keys, and servicesabout files, registry keys, and services

Can transfer this information from user to user, from Can transfer this information from user to user, from local or global group to group, and from domain to local or global group to group, and from domain to domaindomain

subinacl [/subinacl [/OptionOption] /] /object_typeobject_type object_nameobject_name [[/[[/ActionAction[=[=ParameterParameter]..] ]..]

Subinacl.exeSubinacl.exe

Some common examples on what admins Some common examples on what admins are using Subinacl forare using Subinacl for

Changing Owners Changing Owners subinacl /file c:\file.txt /setowner=act\jamessubinacl /file c:\file.txt /setowner=act\james

Changing ACEsChanging ACEssubinacl [object] /changedomain= subinacl [object] /changedomain= olddomainname=newdomainnameolddomainname=newdomainname

Replacing SIDs Replacing SIDs subinacl [/file|subdirectory] * /replace=domainuser\subinacl [/file|subdirectory] * /replace=domainuser\olduser=domainname\newuserolduser=domainname\newuser

Backing Up and Restoring ACLsBacking Up and Restoring ACLssubinacl /noverbose /output=filename subinacl commandsubinacl /noverbose /output=filename subinacl command

subinacl /playfile [file location]subinacl /playfile [file location]

Windows Exit Screen SaverWindows Exit Screen SaverWinexit.scr:Winexit.scr:

Force Users to Quit Programs and Log Off Force Users to Quit Programs and Log Off After a Period of Inactivity After a Period of Inactivity

Windows Exit Screen SaverWindows Exit Screen SaverWinexit.scr:Winexit.scr:

To install WinExit:To install WinExit:Right-click Winexit.scr. Right-click Winexit.scr. Select Install from the shortcut menuSelect Install from the shortcut menu

WinExit optionsWinExit optionsForce Logoff box Force Logoff box

Forces the system to close all running applications regardless of Forces the system to close all running applications regardless of their current statetheir current stateBy default, this check box is not selectedBy default, this check box is not selectedUse this setting cautiously, because unsaved data cannot be Use this setting cautiously, because unsaved data cannot be retrieved after a shutdownretrieved after a shutdown

Time To Log Off boxTime To Log Off boxTime display in its logoff dialog box before proceeding with the Time display in its logoff dialog box before proceeding with the logoff process. Enter a value between 0 and 999 secondslogoff process. Enter a value between 0 and 999 seconds

Logoff Message boxLogoff Message boxEnter a message to display in the logoff dialog box. Enter a message to display in the logoff dialog box. Up to 255 charactersUp to 255 characters

System Management ToolsSystem Management Tools

Regini.exe: Registry Change by ScriptRegini.exe: Registry Change by Script

Eventcombmt.exe: Event CombEventcombmt.exe: Event Comb

Kernrate.exe: Kernel Profiling ToolKernrate.exe: Kernel Profiling Tool

Registry Change by ScriptRegistry Change by ScriptRegini.exe:Regini.exe:

Automates registry modification with Automates registry modification with scripts that you can writescripts that you can write

Caution: Wherever possible, you should use Caution: Wherever possible, you should use Control Panel and applications in the Control Panel and applications in the Administrative Tools program group to make Administrative Tools program group to make changes to the system configuration and thus changes to the system configuration and thus to the Registryto the Registry

regini regini ScriptFileScriptFile [ [ScriptFileScriptFile..] ..]

ScriptFileScriptFile Specifies the file name (and, optionally, Specifies the file name (and, optionally, the full path) of the script file you want the full path) of the script file you want to use to modify the registry. to use to modify the registry.

Registry Change by ScriptRegistry Change by ScriptRegini.exe:Regini.exe:

For full documentation on the Regini.exe For full documentation on the Regini.exe gotogoto

http://www.microsoft.com/technet/http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/prodtechnol/windows2000serv/maintain/operate/distreg.mspxoperate/distreg.mspx

Event CombEvent CombEventcombmt.exe:Eventcombmt.exe:

Gather specific events from event logs from Gather specific events from event logs from several different computers into one central several different computers into one central location location


Event Comb allows you to:Event Comb allows you to:Define either a single Event ID, or multiple Define either a single Event ID, or multiple Event IDs to search forEvent IDs to search for

Define a range of Event IDs to search forDefine a range of Event IDs to search for

Limit the search to specific event logsLimit the search to specific event logs

Limit the search to specific event message Limit the search to specific event message typestypes

Limit the search to specific event sourcesLimit the search to specific event sources

Search for specific text within an event Search for specific text within an event descriptiondescription

Define specific time intervals to scan back from Define specific time intervals to scan back from the current date and timethe current date and time

For a complete set of featuresFor a complete set of featureshttp://support.microsoft.com/kb/308471/en-ushttp://support.microsoft.com/kb/308471/en-us


Specifying the Event Logs and Event Types to Specifying the Event Logs and Event Types to SearchSearch

Event LogsEvent LogsSystemSystem

ApplicationApplication

SecuritySecurity

Event typesEvent typesError Error

Informational Informational

WarmingWarming

For more details on Auditing and monitoringFor more details on Auditing and monitoringhttp://www.microsoft.com/technet/security/topics/http://www.microsoft.com/technet/security/topics/auditingandmonitoring.mspx auditingandmonitoring.mspx

FRS (File Replication Service Log)FRS (File Replication Service Log)

DNS (DNS Server log)DNS (DNS Server log)

AD (Directory Service log)AD (Directory Service log)

Success AuditSuccess Audit

Failure AuditFailure Audit

SuccessSuccess

Examples of Using Examples of Using EventCombMTEventCombMTDC restarts and Account DC restarts and Account lockoutslockouts

Examples of Using Examples of Using EventCombMTEventCombMTDC restarts and Account DC restarts and Account lockoutslockouts

Kernel Profiling Tool Kernel Profiling Tool Kernrate.exe:Kernrate.exe:

Meant to help identify primarily where CPU Meant to help identify primarily where CPU time is being spenttime is being spent

Profiles kernel and user mode processesProfiles kernel and user mode processes

Supports Intel x86 processors (Pentium Supports Intel x86 processors (Pentium and above), AMD equivalent processors as and above), AMD equivalent processors as well as Intel 64-bit and AMD 64-bit well as Intel 64-bit and AMD 64-bit platformsplatforms

KERNRATE [-l] [-lx] [-r] [-m] [-p ProcessId] [-KERNRATE [-l] [-lx] [-r] [-m] [-p ProcessId] [-z ModuleName] [-j SymbolPath] [-cz ModuleName] [-j SymbolPath] [-c RateInMsec] [-s Seconds] [-i [SrcShortName] RateInMsec] [-s Seconds] [-i [SrcShortName] Rate][-n ProcessName] [-w]Rate][-n ProcessName] [-w]

Kernel Profiling Tool Kernel Profiling Tool Kernrate.exe:Kernrate.exe:

When To Use KernrateWhen To Use KernratePreliminary identification of CPU usage patterns and CPU Preliminary identification of CPU usage patterns and CPU hogs down to API level (and even down to code sections hogs down to API level (and even down to code sections within API’s to a limited extent)within API’s to a limited extent)

Identifying specific CPU issues with profile sources other Identifying specific CPU issues with profile sources other than the default (Time)than the default (Time)

Measure the effect of code changes and performance Measure the effect of code changes and performance improvements on CPU usageimprovements on CPU usage

There is little point in using Kernrate in cases where the There is little point in using Kernrate in cases where the bottleneck is not CPU related (low CPU usage), although bottleneck is not CPU related (low CPU usage), although the system-wide and process-specific summaries as well the system-wide and process-specific summaries as well as lock information provided by Kernrate could help in as lock information provided by Kernrate could help in initial identification of the culpritsinitial identification of the culprits

KernRate Usage Guide (Kernrate.doc) for KernRate Usage Guide (Kernrate.doc) for more informationmore information

ResourcesResourcesTechnical Chats and Webcastshttp://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asp

Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx

MSDN & TechNet http://microsoft.com/msdnhttp://microsoft.com/technet

Virtual Labshttp://www.microsoft.com/technet/traincert/virtuallab/rms.mspx

Newsgroupshttp://communities2.microsoft.com/communities/newsgroups/en-us/default.aspx

Technical Community Siteshttp://www.microsoft.com/communities/default.mspx

User Groupshttp://www.microsoft.com/communities/usergroups/default.mspx

SummarySummary

Windows Server 2003 Resource Kit tools Windows Server 2003 Resource Kit tools are tried and trueare tried and true

Many categories that covers many areasMany categories that covers many areas

Practical real world examples that you can Practical real world examples that you can use right awayuse right away

Many resources out there to help you find Many resources out there to help you find the answer on the toolsthe answer on the tools

Helps ease of administration and Helps ease of administration and automation for your environmentautomation for your environment

Fill out a session Fill out a session evaluation on evaluation on CommNet for CommNet for

a chance toa chance toWin an XBOX Win an XBOX

360!360!

Live from Tech·Ed Webcast Live from Tech·Ed Webcast Series has Been Series has Been

Brought to You by:Brought to You by:

www.microsoft.com/hpc www.microsoft.com/hpc

© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

srv427 windows server 2003 resource kit tools: how can they help me? james farhat...

Documents