srv427 windows server 2003 resource kit tools: how can they help me? james farhat...
TRANSCRIPT
SRV427SRV427Windows Server Windows Server 2003 Resource Kit 2003 Resource Kit Tools: How Can They Tools: How Can They Help Me?Help Me?
SRV427SRV427Windows Server Windows Server 2003 Resource Kit 2003 Resource Kit Tools: How Can They Tools: How Can They Help Me?Help Me?
James FarhatJames FarhatCEO/CTOCEO/[email protected]@actsolution.net
OverviewOverview
What is the Windows Server 2003 What is the Windows Server 2003 Resource Kit?Resource Kit?
Type of Tool CategoriesType of Tool Categories
AD ToolsAD Tools
Command Shell and Scripting ToolsCommand Shell and Scripting Tools
File and Folder Management ToolsFile and Folder Management Tools
Process and Service Management ToolsProcess and Service Management Tools
Security Management ToolsSecurity Management Tools
System Management ToolsSystem Management Tools
ResourcesResources
SummarySummary
What is the Windows Server What is the Windows Server 2003 Resource Kit? 2003 Resource Kit?
Free download Free download http://www.microsoft.com/downloadshttp://www.microsoft.com/downloads
Companion CD with Windows Server 2003 Deployment Companion CD with Windows Server 2003 Deployment KitKit
Over 100 toolsOver 100 tools
Windows XP; Windows XP SP1; Server 2003 Windows XP; Windows XP SP1; Server 2003 supportedsupported
12mb installation; 30mb required for install12mb installation; 30mb required for install
Windows Server 2003 64-bit not supportedWindows Server 2003 64-bit not supported
Great resource for admins, developers, and Great resource for admins, developers, and power userspower users
Eases Management and TroubleshootingEases Management and Troubleshooting
AD Tools AD Tools
Adlb.exe: Active Directory Load BalancingAdlb.exe: Active Directory Load Balancing
Rcontrolad.exe: Active Directory Remote Rcontrolad.exe: Active Directory Remote Control Add-OnControl Add-On
Active Directory Load BalancingActive Directory Load Balancingadlb.exeadlb.exe
Controls and improves replication efficiencyControls and improves replication efficiencyRebalance replication trafficRebalance replication traffic
Configure staggered scheduling of replication times Configure staggered scheduling of replication times
Useful in deploying large numbers of domain Useful in deploying large numbers of domain controllers in remote locations to ensure a controllers in remote locations to ensure a balanced load among bridgehead serversbalanced load among bridgehead servers
Active Directory Load BalancingActive Directory Load Balancingadlb.exeadlb.exe
System RequirementsSystem RequirementsMicrosoft Windows 2000, Microsoft Windows Server 2003, Microsoft Windows 2000, Microsoft Windows Server 2003, Windows XP Professional Windows XP Professional
Active Directory domain environment Active Directory domain environment
System requirements for ADLB schedule System requirements for ADLB schedule staggeringstaggering
Microsoft Windows 2000 domain controller, Microsoft Microsoft Windows 2000 domain controller, Microsoft Windows Server 2003 domain controller Windows Server 2003 domain controller
Windows Server 2003 domain functional level Windows Server 2003 domain functional level (for schedule staggering only) (for schedule staggering only)
Inter-Site Messaging Service on the domain controller Inter-Site Messaging Service on the domain controller
Installing and configuring ADLB is details in the Installing and configuring ADLB is details in the Windows Server 2003 Active Directory Branch Windows Server 2003 Active Directory Branch Office Guide Office Guide
http://www.microsoft.com/downloads/details.aspx?http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-9FA7-FamilyId=9353A4F6-A8A8-40BB-9FA7-3A95C9540112&displaylang=en3A95C9540112&displaylang=en
Active Directory Remote Control Add-Active Directory Remote Control Add-OnOn rControlAD.exerControlAD.exe
Adds the ability to connect to any Adds the ability to connect to any computer running Remote Desktop or computer running Remote Desktop or Terminal Services directly from the Active Terminal Services directly from the Active Directory MMCDirectory MMC
Active Directory Remote Control Add-Active Directory Remote Control Add-OnOn rControlAD.exerControlAD.exerControlAD opens a Remote Desktop rControlAD opens a Remote Desktop
connection to computers that are running:connection to computers that are running:Windows 2000 Server with Remote Administration Windows 2000 Server with Remote Administration enabledenabled
Windows Server 2003 with Remote Desktop Windows Server 2003 with Remote Desktop enabledenabled
Windows 2000/2003 Terminal ServerWindows 2000/2003 Terminal Server
Windows XP Professional with Remote Desktop Windows XP Professional with Remote Desktop enabledenabled
Install Remote Desktop Connection Install Remote Desktop Connection software for Windows 98, Windows NT, software for Windows 98, Windows NT, Windows 2000Windows 2000
Installing and Running Installing and Running rControlADrControlAD.exe .exe Installing and Running Installing and Running rControlADrControlAD.exe .exe
Command Shell and Scripting Command Shell and Scripting Tools Tools
Cmdhere.inf: Command HereCmdhere.inf: Command Here
Ifmember.exe: User Membership Tool Ifmember.exe: User Membership Tool
Sleep.exe: Batch File WaitSleep.exe: Batch File Wait
Command HereCommand Herecmdhere.infcmdhere.inf
Adds a “Adds a “CMD Prompt HereCMD Prompt Here”” when you right- when you right-click in the Folders on Windows Explorer click in the Folders on Windows Explorer
Opens a command-line session with the same Opens a command-line session with the same path as that of the object that you right-clickpath as that of the object that you right-click
Command HereCommand Herecmdhere.infcmdhere.inf
CmdHere is not installed by the Windows CmdHere is not installed by the Windows Server 2003 Resource Kit SetupServer 2003 Resource Kit Setup
Installing CMDHereInstalling CMDHereNavigate to the directory where the Resource Navigate to the directory where the Resource Kit is installed (C:\program files\Windows Kit is installed (C:\program files\Windows Resource Kits)Resource Kits)
Right-click Cmdhere.infRight-click Cmdhere.inf
Select Install on the shortcut menuSelect Install on the shortcut menu
User Membership ToolUser Membership ToolIfmember.exeIfmember.exe
Checks whether or not the current user is a Checks whether or not the current user is a member member of a specified group of a specified group
ifmember [/v|/verbose [/l|/list]|ifmember [/v|/verbose [/l|/list]|[[GroupName1GroupName1 [ [GroupName2GroupName2] ] ......]]
Arguments:Arguments:/v|/verbose /v|/verbose GroupName1GroupName1 [ [GroupName2GroupName2] ] ......]]
Prints all group matches. Prints all group matches. /l|/list/l|/list
Lists all groups of which the user is a member. Lists all groups of which the user is a member. GroupNameGroupName
Specifies one or more group names Specifies one or more group names (separated by a spaces) (separated by a spaces)
User Membership ToolUser Membership ToolIfmember.exeIfmember.exe
Common uses of IfmemberCommon uses of IfmemberLogon script to map application and drives Logon script to map application and drives based on group membership based on group membership
Matching specific application configurations to Matching specific application configurations to groups groups
List groups membership for auditing List groups membership for auditing
Batch File Wait Batch File Wait Sleep.exeSleep.exe
Adds a fixed delay to a batch Adds a fixed delay to a batch
It allows running program to install fully It allows running program to install fully before the batch file proceedsbefore the batch file proceeds
sleep sleep TimeTime
ParameterParameter
TimeTime Specifies the number of seconds to pause. Specifies the number of seconds to pause.
Batch File Wait Batch File Wait Sleep.exeSleep.exe
Deploying Microsoft Windows Malicious Deploying Microsoft Windows Malicious Software Removal Tool using Sleep.exe Software Removal Tool using Sleep.exe
@echo off @echo off call \\ServerName\ShareName\Sleep.exe 5 call \\ServerName\ShareName\Sleep.exe 5
Start /wait \\ServerName\ShareName\Windows-Start /wait \\ServerName\ShareName\Windows-KB890830-V1.16.exe /q KB890830-V1.16.exe /q
copy %windir%\debug\mrt.log \\ServerName\copy %windir%\debug\mrt.log \\ServerName\ShareName\Logs\%computername%_%usernameShareName\Logs\%computername%_%username%_mrt.log .%_mrt.log .
File and Folder Management File and Folder Management ToolsTools
Robocopy.exe: Robust File Copy Utility Robocopy.exe: Robust File Copy Utility
Vfi.exe: Visual File InformationVfi.exe: Visual File Information
Robust File Copy Utility Robust File Copy Utility Robocopy.exe:Robocopy.exe:
A very versatile copy utility – comes with A very versatile copy utility – comes with 32 pages of syntax! (Robocopy.doc)32 pages of syntax! (Robocopy.doc)Handles almost all types of copy and move Handles almost all types of copy and move operationsoperationsNetwork ConsiderationsNetwork Considerations
Universal Naming Convention (UNC) Universal Naming Convention (UNC) Retry a copy operation in the event of failure Retry a copy operation in the event of failure Backup permissionBackup permission
And many moreAnd many more
robocopy <source directory> <destination directory> <filenames> <options>
Robust File Copy Utility Robust File Copy Utility Robocopy.exe:Robocopy.exe:
Scenario 1Scenario 1You'd like your network file-copy job to retry as You'd like your network file-copy job to retry as many as 10 times and to wait 60 seconds many as 10 times and to wait 60 seconds between retriesbetween retriesrobocopy \\FServer\files \\BackupServer\Bfiles /w:60 /r10
Scenario 2Scenario 2But if the files size are hugeBut if the files size are huge, , if it got if it got disconnected after 90% transferreddisconnected after 90% transferred and and what what if the networks congested if the networks congested
robocopy \\FServer\files \\BackupServer\Bfiles /w:60 /r:10 /rh:2300-0530 /z/z /ipg:25/ipg:25
Visual File Information Visual File Information Vfi.exe:Vfi.exe:
File Path File Path
File File Name Name
ExtensioExtension n
Size Size
Date Date
TimeTimeAttributes Attributes File Version File Version Product Version Product Version LanguageLanguageCode PageCode Page
Operating Operating SystemSystemType Type File Flags File Flags CRC-32 CRC-32 ISO 9660 Level 1 ISO 9660 Level 1
Retrieves and displays available file Retrieves and displays available file informationinformation
Visual File Information Visual File Information Vfi.exe:Vfi.exe:
Common uses of VFICommon uses of VFI
Displays vital OS and file informationDisplays vital OS and file information
Compare contents of different directoriesCompare contents of different directories Modifying permissionModifying permission
Results can be copied to the clipboard or save it Results can be copied to the clipboard or save it out to a tab-delimited file or Excel fileout to a tab-delimited file or Excel file
Modify the Permissions of Modify the Permissions of an Administratoran AdministratorModify the Permissions of Modify the Permissions of an Administratoran Administrator
Process and Service Process and Service Management ToolsManagement Tools
Memmonitor.exe: Memory Monitor Memmonitor.exe: Memory Monitor
Pmon.exe: Process Resource Monitor Pmon.exe: Process Resource Monitor
Srvany.exe: Applications as Services Utility Srvany.exe: Applications as Services Utility
Memory Monitor Memory Monitor Memmonitor.exe:Memmonitor.exe:
Monitors, Gathers and Debugs Monitors, Gathers and Debugs detailed detailed memory usage for individual processesmemory usage for individual processes
memmonitormemmonitor [-p <pid> | -pn <name> | -ps <svc>] [- [-p <pid> | -pn <name> | -ps <svc>] [-wait] [-nodbg] [-int <secs>][-WS <value>] [-PPool wait] [-nodbg] [-int <secs>][-WS <value>] [-PPool <value>] [-NPPool <value>] [-VM <value>]<value>] [-NPPool <value>] [-VM <value>]
All arguments are optional except;All arguments are optional except;-p pid-p pid : process ID (0 for current process) : process ID (0 for current process)-pn name-pn name: name of the process (as shown in : name of the process (as shown in
TaskManager or TLISTTaskManager or TLISTOROR-ps svc-ps svc : name of a service (as known by Services : name of a service (as known by Services ManagerManager
Memory Monitor Memory Monitor Memmonitor.exe:Memmonitor.exe:
Memmonitor outputMemmonitor outputShows the elapsed running timeShows the elapsed running time
Current memory usage detailsCurrent memory usage details
Memmonitor runs continuously until you Memmonitor runs continuously until you issue Ctrl+Cissue Ctrl+C
Monitor Process 1284 (Name: SQLAgent.exe)MemMon Monitor Process 1284 (Name: SQLAgent.exe)MemMon - 0:00:00- 0:00:00PageFaults: 13182PageFaults: 13182PeakWSSize: 22704K WorkingSetSize: 22252KPeakWSSize: 22704K WorkingSetSize: 22252KPeakPagedPool : 58K PagedPool : 54KPeakPagedPool : 58K PagedPool : 54KPeakNonPagedPool : 8K NonPagedPool : 7KPeakNonPagedPool : 8K NonPagedPool : 7KPeakPagefile : 13632K Pagefile : 13176KPeakPagefile : 13632K Pagefile : 13176K
MemMon - 0:00:30MemMon - 0:00:30
Memory Monitor Memory Monitor Memmonitor.exe:Memmonitor.exe:
The Memmonitor fields provide the The Memmonitor fields provide the following information:following information:
PageFaultsPageFaults – Displays the number of hard and soft page – Displays the number of hard and soft page faults faults PeakWSSizePeakWSSize – Peak amount of memory used by the – Peak amount of memory used by the processprocessPeakPagedPoolPeakPagedPool – Peak amount of paged memory used by – Peak amount of paged memory used by
the processthe processPeakNonPagedPoolPeakNonPagedPool – Peak amount of non-paged memory – Peak amount of non-paged memory usedusedPeakPagefile PeakPagefile – Peak amount of page file memory used – Peak amount of page file memory used WorkingSetSizeWorkingSetSize – Amount of memory allocated to the – Amount of memory allocated to the process by the operating systemprocess by the operating systemPagedPoolPagedPool – Amount of allocated memory that is allowed – Amount of allocated memory that is allowed to bepaged to the hard diskto bepaged to the hard diskNonPagedPool NonPagedPool – Amount of allocated memory that can’t – Amount of allocated memory that can’t be written to diskbe written to diskPagefile Pagefile – Size of the file on the hard disk to which – Size of the file on the hard disk to which memory may be pagedmemory may be paged
Gather Baseline of Gather Baseline of Memory UsageMemory Usage Gather Baseline of Gather Baseline of Memory UsageMemory Usage
Process Resource Monitor Process Resource Monitor Pmon.exe: Pmon.exe:
Displays performance statisticsDisplays performance statisticsMemory and CPU usageMemory and CPU usagelist of all processes runninglist of all processes running
Run Pmon.exe by typing pmon at the command Run Pmon.exe by typing pmon at the command promptpromptPmon continuous to run until you type QPmon continuous to run until you type Q
Process Resource Monitor Process Resource Monitor
If you use Pmon to examine running processes, you’ll If you use Pmon to examine running processes, you’ll note three unique processes: note three unique processes:
File Cache File Cache Changes in the file cache indicated I/O activity for applicationsChanges in the file cache indicated I/O activity for applications
Memory usage - total physical memory usedMemory usage - total physical memory used
Page faults shows the number soft fault and hard faultPage faults shows the number soft fault and hard fault
Flts Diff - determines the cache fault rateFlts Diff - determines the cache fault rateA consistently high cache fault rate may indicate the need to A consistently high cache fault rate may indicate the need to increase the amount of physical memory on the systemincrease the amount of physical memory on the system
Idle ProcessIdle Process Tracks the amount of free CPU processing time Tracks the amount of free CPU processing time
99 in the CPU column means 99 percent of the system resources 99 in the CPU column means 99 percent of the system resources currently aren’t being usedcurrently aren’t being used
Overloaded? – monitor the idle processOverloaded? – monitor the idle process
CPU usage and the total CPU time - consistently low idle time CPU usage and the total CPU time - consistently low idle time (meaning high CPU usage), you may want to consider upgrading the (meaning high CPU usage), you may want to consider upgrading the processor or even adding processorsprocessor or even adding processors
Process Resource Monitor Process Resource Monitor
If you use Pmon to examine running processes, you’ll If you use Pmon to examine running processes, you’ll note three unique processes: (cont’d)note three unique processes: (cont’d)
System System System shows the resource usage for the local system System shows the resource usage for the local system processprocess
Applications as Services UtilityApplications as Services UtilitySrvany.exe:Srvany.exe:
InstSrv install SrvAny on Windows InstSrv install SrvAny on Windows Server 2003 and create a service name: Server 2003 and create a service name:
Lets you run just about any 32-bit or 16-bit Lets you run just about any 32-bit or 16-bit applications to run as servicesapplications to run as servicesInteractive programs like word processor Interactive programs like word processor and browsers may not workand browsers may not work
instsrv instsrv ServiceNameServiceName %windir%%windir%:\:\PathPath\srvany.exe\srvany.exe
Outputs:Outputs:The service was successfully added! Make sure The service was successfully added! Make sure that you go into the Control Panel and use that you go into the Control Panel and use the Services applet to change the Account the Services applet to change the Account Name and Password that this newly installed Name and Password that this newly installed service will use for its Security Context. service will use for its Security Context.
Applications as Services UtilityApplications as Services UtilitySrvany.exe:Srvany.exe:
The advantages of running applications as The advantages of running applications as services are listed belowservices are listed below
When a user logs off, 32-bit applications When a user logs off, 32-bit applications running as services do not stoprunning as services do not stop
Applications running as services can handle Applications running as services can handle requests without user intervention. Unless an requests without user intervention. Unless an application is interactive.application is interactive.
Applications running as services can run with Applications running as services can run with their own logon accountstheir own logon accounts
Applications as Services UtilityApplications as Services UtilitySrvany.exe:Srvany.exe:
After you install Srvany and create a After you install Srvany and create a service name:service name:
Configure a Service Configure a Service
RegEdit - application running as a service to start RegEdit - application running as a service to start automatically and always use the same start automatically and always use the same start parameters. parameters.
Services MMC Snap-in - start automatically or Services MMC Snap-in - start automatically or manually, or if you want to frequently change the manually, or if you want to frequently change the start parametersstart parameters
Handle Special Requirements Handle Special Requirements
Interactive versus Network AccessInteractive versus Network Access
User Exit Programming ConsiderationsUser Exit Programming Considerations
Presentation Manager ApplicationsPresentation Manager Applications
Manage a ServiceManage a Service
StartStart
StopStop
PausePauseDisableDisable
Security Management ToolsSecurity Management Tools
Inetesc.adm: Internet Explorer Enhanced Inetesc.adm: Internet Explorer Enhanced Security Configuration Security Configuration
Subinacl.exe Subinacl.exe
Winexit.scr: Windows Exit Screen Saver Winexit.scr: Windows Exit Screen Saver
Reduce the likelihood of a user or administrator Reduce the likelihood of a user or administrator downloading and running malicious Web content downloading and running malicious Web content on a server on a server
Enabled by default on computers running Windows Enabled by default on computers running Windows Server 2003 but can be deployed to other Windows OSServer 2003 but can be deployed to other Windows OS
Internet Explorer Enhanced Internet Explorer Enhanced Security Configuration - Security Configuration - Inetesc.adm:Inetesc.adm:
Internet Explorer Enhanced Internet Explorer Enhanced Security Configuration - Security Configuration - Inetesc.adm:Inetesc.adm:
Some of the key modifications include:Some of the key modifications include:Security level for the Internet zone is set to Security level for the Internet zone is set to HighHigh
This setting disables scripts, ActiveX components, This setting disables scripts, ActiveX components, Microsoft virtual machine (Microsoft VM) HTML Microsoft virtual machine (Microsoft VM) HTML content, and file downloadscontent, and file downloads
Automatic detection of intranet sites is disabledAutomatic detection of intranet sites is disabledThis setting assigns all intranet Web sites and all This setting assigns all intranet Web sites and all Universal Naming Convention (UNC) paths that are not Universal Naming Convention (UNC) paths that are not explicitly listed explicitly listed in the Local intranet zone to the Internet zonein the Local intranet zone to the Internet zone
Internet Explorer Enhanced Internet Explorer Enhanced Security Configuration - Security Configuration - Inetesc.adm:Inetesc.adm:
Some of the key modifications include: Some of the key modifications include: (Cont’d)(Cont’d)
Install on Demand and non-Microsoft browser Install on Demand and non-Microsoft browser extensions are disabledextensions are disabled
This setting prevents Web pages from automatically This setting prevents Web pages from automatically installing components and prevents non-Microsoft installing components and prevents non-Microsoft extensions from runningextensions from running
Multimedia content is disabledMultimedia content is disabledThis setting prevents music, animations, and video This setting prevents music, animations, and video clips from runningclips from running
Internet Explorer Enhanced Internet Explorer Enhanced Security Configuration - Security Configuration - Inetesc.adm :Inetesc.adm :
Managing Internet Explorer Enhanced Managing Internet Explorer Enhanced Security ConfigurationSecurity Configuration
Management TasksManagement TasksEnabling or disabling INETESC Enabling or disabling INETESC
Restricting who can manage trusted sites and other Restricting who can manage trusted sites and other Internet Explorer security settings on a serverInternet Explorer security settings on a server
Adding trusted Web sites and UNC paths to one of the Adding trusted Web sites and UNC paths to one of the trusted security zones (the Local intranet or Trusted trusted security zones (the Local intranet or Trusted sites zone)sites zone)
Management ToolManagement ToolGroup PolicyGroup Policy
ScriptsScripts
Answer FilesAnswer Files
Internet Options in Control PanelInternet Options in Control PanelAdd or Remove Programs in Control PanelAdd or Remove Programs in Control Panel
Managing INETESC ConfigurationManaging INETESC Configurationusing Group Policyusing Group PolicyManaging INETESC ConfigurationManaging INETESC Configurationusing Group Policyusing Group Policy
Subinacl.exeSubinacl.exe
Subinacl is probably the most versatile, Subinacl is probably the most versatile, powerful, and dangerous, ACL powerful, and dangerous, ACL management tool availablemanagement tool available
Lets you directly edit almost any security information Lets you directly edit almost any security information about files, registry keys, and servicesabout files, registry keys, and services
Can transfer this information from user to user, from Can transfer this information from user to user, from local or global group to group, and from domain to local or global group to group, and from domain to domaindomain
subinacl [/subinacl [/OptionOption] /] /object_typeobject_type object_nameobject_name [[/[[/ActionAction[=[=ParameterParameter]..] ]..]
Subinacl.exeSubinacl.exe
Some common examples on what admins Some common examples on what admins are using Subinacl forare using Subinacl for
Changing Owners Changing Owners subinacl /file c:\file.txt /setowner=act\jamessubinacl /file c:\file.txt /setowner=act\james
Changing ACEsChanging ACEssubinacl [object] /changedomain= subinacl [object] /changedomain= olddomainname=newdomainnameolddomainname=newdomainname
Replacing SIDs Replacing SIDs subinacl [/file|subdirectory] * /replace=domainuser\subinacl [/file|subdirectory] * /replace=domainuser\olduser=domainname\newuserolduser=domainname\newuser
Backing Up and Restoring ACLsBacking Up and Restoring ACLssubinacl /noverbose /output=filename subinacl commandsubinacl /noverbose /output=filename subinacl command
subinacl /playfile [file location]subinacl /playfile [file location]
Windows Exit Screen SaverWindows Exit Screen SaverWinexit.scr:Winexit.scr:
Force Users to Quit Programs and Log Off Force Users to Quit Programs and Log Off After a Period of Inactivity After a Period of Inactivity
Windows Exit Screen SaverWindows Exit Screen SaverWinexit.scr:Winexit.scr:
To install WinExit:To install WinExit:Right-click Winexit.scr. Right-click Winexit.scr. Select Install from the shortcut menuSelect Install from the shortcut menu
WinExit optionsWinExit optionsForce Logoff box Force Logoff box
Forces the system to close all running applications regardless of Forces the system to close all running applications regardless of their current statetheir current stateBy default, this check box is not selectedBy default, this check box is not selectedUse this setting cautiously, because unsaved data cannot be Use this setting cautiously, because unsaved data cannot be retrieved after a shutdownretrieved after a shutdown
Time To Log Off boxTime To Log Off boxTime display in its logoff dialog box before proceeding with the Time display in its logoff dialog box before proceeding with the logoff process. Enter a value between 0 and 999 secondslogoff process. Enter a value between 0 and 999 seconds
Logoff Message boxLogoff Message boxEnter a message to display in the logoff dialog box. Enter a message to display in the logoff dialog box. Up to 255 charactersUp to 255 characters
System Management ToolsSystem Management Tools
Regini.exe: Registry Change by ScriptRegini.exe: Registry Change by Script
Eventcombmt.exe: Event CombEventcombmt.exe: Event Comb
Kernrate.exe: Kernel Profiling ToolKernrate.exe: Kernel Profiling Tool
Registry Change by ScriptRegistry Change by ScriptRegini.exe:Regini.exe:
Automates registry modification with Automates registry modification with scripts that you can writescripts that you can write
Caution: Wherever possible, you should use Caution: Wherever possible, you should use Control Panel and applications in the Control Panel and applications in the Administrative Tools program group to make Administrative Tools program group to make changes to the system configuration and thus changes to the system configuration and thus to the Registryto the Registry
regini regini ScriptFileScriptFile [ [ScriptFileScriptFile..] ..]
ScriptFileScriptFile Specifies the file name (and, optionally, Specifies the file name (and, optionally, the full path) of the script file you want the full path) of the script file you want to use to modify the registry. to use to modify the registry.
Registry Change by ScriptRegistry Change by ScriptRegini.exe:Regini.exe:
For full documentation on the Regini.exe For full documentation on the Regini.exe gotogoto
http://www.microsoft.com/technet/http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/prodtechnol/windows2000serv/maintain/operate/distreg.mspxoperate/distreg.mspx
Event CombEvent CombEventcombmt.exe:Eventcombmt.exe:
Gather specific events from event logs from Gather specific events from event logs from several different computers into one central several different computers into one central location location
Event CombEvent CombEventcombmt.exe:Eventcombmt.exe:
Event Comb allows you to:Event Comb allows you to:Define either a single Event ID, or multiple Define either a single Event ID, or multiple Event IDs to search forEvent IDs to search for
Define a range of Event IDs to search forDefine a range of Event IDs to search for
Limit the search to specific event logsLimit the search to specific event logs
Limit the search to specific event message Limit the search to specific event message typestypes
Limit the search to specific event sourcesLimit the search to specific event sources
Search for specific text within an event Search for specific text within an event descriptiondescription
Define specific time intervals to scan back from Define specific time intervals to scan back from the current date and timethe current date and time
For a complete set of featuresFor a complete set of featureshttp://support.microsoft.com/kb/308471/en-ushttp://support.microsoft.com/kb/308471/en-us
Event CombEvent CombEventcombmt.exe:Eventcombmt.exe:
Specifying the Event Logs and Event Types to Specifying the Event Logs and Event Types to SearchSearch
Event LogsEvent LogsSystemSystem
ApplicationApplication
SecuritySecurity
Event typesEvent typesError Error
Informational Informational
WarmingWarming
For more details on Auditing and monitoringFor more details on Auditing and monitoringhttp://www.microsoft.com/technet/security/topics/http://www.microsoft.com/technet/security/topics/auditingandmonitoring.mspx auditingandmonitoring.mspx
FRS (File Replication Service Log)FRS (File Replication Service Log)
DNS (DNS Server log)DNS (DNS Server log)
AD (Directory Service log)AD (Directory Service log)
Success AuditSuccess Audit
Failure AuditFailure Audit
SuccessSuccess
Examples of Using Examples of Using EventCombMTEventCombMTDC restarts and Account DC restarts and Account lockoutslockouts
Examples of Using Examples of Using EventCombMTEventCombMTDC restarts and Account DC restarts and Account lockoutslockouts
Kernel Profiling Tool Kernel Profiling Tool Kernrate.exe:Kernrate.exe:
Meant to help identify primarily where CPU Meant to help identify primarily where CPU time is being spenttime is being spent
Profiles kernel and user mode processesProfiles kernel and user mode processes
Supports Intel x86 processors (Pentium Supports Intel x86 processors (Pentium and above), AMD equivalent processors as and above), AMD equivalent processors as well as Intel 64-bit and AMD 64-bit well as Intel 64-bit and AMD 64-bit platformsplatforms
KERNRATE [-l] [-lx] [-r] [-m] [-p ProcessId] [-KERNRATE [-l] [-lx] [-r] [-m] [-p ProcessId] [-z ModuleName] [-j SymbolPath] [-cz ModuleName] [-j SymbolPath] [-c RateInMsec] [-s Seconds] [-i [SrcShortName] RateInMsec] [-s Seconds] [-i [SrcShortName] Rate][-n ProcessName] [-w]Rate][-n ProcessName] [-w]
Kernel Profiling Tool Kernel Profiling Tool Kernrate.exe:Kernrate.exe:
When To Use KernrateWhen To Use KernratePreliminary identification of CPU usage patterns and CPU Preliminary identification of CPU usage patterns and CPU hogs down to API level (and even down to code sections hogs down to API level (and even down to code sections within API’s to a limited extent)within API’s to a limited extent)
Identifying specific CPU issues with profile sources other Identifying specific CPU issues with profile sources other than the default (Time)than the default (Time)
Measure the effect of code changes and performance Measure the effect of code changes and performance improvements on CPU usageimprovements on CPU usage
There is little point in using Kernrate in cases where the There is little point in using Kernrate in cases where the bottleneck is not CPU related (low CPU usage), although bottleneck is not CPU related (low CPU usage), although the system-wide and process-specific summaries as well the system-wide and process-specific summaries as well as lock information provided by Kernrate could help in as lock information provided by Kernrate could help in initial identification of the culpritsinitial identification of the culprits
KernRate Usage Guide (Kernrate.doc) for KernRate Usage Guide (Kernrate.doc) for more informationmore information
ResourcesResourcesTechnical Chats and Webcastshttp://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asp
Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx
MSDN & TechNet http://microsoft.com/msdnhttp://microsoft.com/technet
Virtual Labshttp://www.microsoft.com/technet/traincert/virtuallab/rms.mspx
Newsgroupshttp://communities2.microsoft.com/communities/newsgroups/en-us/default.aspx
Technical Community Siteshttp://www.microsoft.com/communities/default.mspx
User Groupshttp://www.microsoft.com/communities/usergroups/default.mspx
SummarySummary
Windows Server 2003 Resource Kit tools Windows Server 2003 Resource Kit tools are tried and trueare tried and true
Many categories that covers many areasMany categories that covers many areas
Practical real world examples that you can Practical real world examples that you can use right awayuse right away
Many resources out there to help you find Many resources out there to help you find the answer on the toolsthe answer on the tools
Helps ease of administration and Helps ease of administration and automation for your environmentautomation for your environment
Fill out a session Fill out a session evaluation on evaluation on CommNet for CommNet for
a chance toa chance toWin an XBOX Win an XBOX
360!360!
Live from Tech·Ed Webcast Live from Tech·Ed Webcast Series has Been Series has Been
Brought to You by:Brought to You by:
www.microsoft.com/hpc www.microsoft.com/hpc
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.