Working with the Computer Management Console

Of all the predefined MMCs provided by Windows XP Professional, the Computer Management, or compmgmt.msc, shown in Figure 10.9, is the one that administrators use the most. It can be started by any of the following means:

• Double-click on its icon in the Administrative Tools folder

• Double-click on its icon in the %System-Root%\System32 folder

• Type compmgmt.msc at the Windows XP Run dialog

• Type compmgmt.msc /computer=xxxxxx at the Windows XP Run dialog

Figure 10.9: Managing local and network computers using the Computer Management console

The Computer Management console contains only one snap-in, the Computer Management snap-in. This snap-in consists of a collection of extensions.

Note

Many of the extensions found in the Computer Management snap-in also exist separately as independent snap-ins. For example, there is an Event Viewer snap-in that provides the same functionality as the Event Viewer extension.

The Computer Management console is organized into three main nodes, as shown below.

• System Tools. Provides access to a collection of extensions that manage event logs, shared folders, user and group accounts, performance logs and alerts, and hardware devices

• Storage. Provides access to a collection of extensions that provide control over various disk management features

• Services and Applications. Provides access to tools that manage Windows XP services and WMI

By default, the Computer Management console administers the local computer. However, any network computer to which the administrator has administrative privileges can be managed from the Computer Management console using the following procedure.

1. Open the Computer Management Console.

2. Right-click on the Computer Management root node and select the Connect to Another Computer option. The Select Computer dialog appears, as shown in Figure 10.10.

   
   Figure 10.10: Specifying the name of a network computer to manage

3. Type the name of the target computer or its IP address in the Another computer field and click on OK.

Although the Computer Management console, like other MMCs, provides access to extensions or snap-ins that contain system administration tools, it does not provide the access privileges required to use the tools. In other words, administrative privileges are still required to perform administrative tasks. To use the Computer Management console to manage remote computers, the administrator must also have administrative privileges on each remote network computer that is to be managed.

System Tools

The System Tools branch of the Computer Management snap-in contains the following five extensions.

• Event Viewer. Provides access and management over Windows XP Professional Application, System, and Security logs

• Shared Folders. Provides access to the computer's shared folders, active sessions, and open files as well as the ability to create new shares, terminate existing shares, send messages to users, and terminate access to files, sessions, and folders

• Local Users and Groups. Provides access to user and group accounts configured on the computer as well as the ability to manage them

• Performance Logs and Alerts. Provides the ability to collect performance data and create logs and alerts based on predetermined thresholds

• Device Manager. Provides the ability to view computer hardware and to manage the resources assigned to hardware

Managing Windows XP Event Logs

Windows XP Professional stores information about events that occur on the computer in event logs. Administrators can use the information stored in these logs to monitor system performance, look for information when troubleshooting problems and to audit user activity. Windows XP Professional maintains three separate event logs. These logs include:

• The Application Event Log. Stores information regarding events produced by applications

• The Security Event Log. Stores audit events that record information about user activity

• The System Event Log. Stores information regarding operating system, hardware, and software driver activity

To view a particular event log, expand the Event Viewer node on the Computer Management console tree and then select one of the logs. Figure 10.11 shows a listing of alerts in the System event log. System and application events are classified into the following categories:

Figure 10.11: Viewing events stored in the System log

• Error. A serious event that indicates a problem with the operation of the operating system, services, drivers, or applications

• Warning. An event that may indicate a problem or a potential problem but that does not necessary affect performance of the operating system or its services, drivers, and applications

• Information. An informational event that does not indicate a problem

Double-clicking on an event displays the Event Properties dialog, as demonstrated in Figure 10.12. Information found here includes the date and time that the event was logged, and the event type, source, and category. In addition, if the event is associated with a user, a username is displayed. The description section displays the text of the event message and may include advice on how to handle it as well as a link to additional information on the Internet.

Figure 10.12: Examining an error message in the System log

Configuring Event Logs

Windows XP Professional automatically manages the event logs. Each event log is automatically preconfigured to be 512KB in size. When logs become full, the oldest recorded events are automatically overwritten by newer events. Administrators may wish to increase the size of event logs when trying to troubleshoot a problem to ensure that valuable information is not overwritten before it has a chance to be examined. In addition, administrators may wish to specify how event logs are handled when they fill up. Available options include:

• Overwriting them as needed. This is the default setting.

• Overwriting events older than a specified age. This prevents Windows XP from overwriting an event for a certain period of time. However, if a log fills up and there are no events eligible to be overridden, new events will not be recorded to the log.

• Never overwrite events. This prevents any event from being overwritten and places the burden on administrators to manually manage event logs.

Windows XP Professional does not display any type of warning message when an event log fills up, preventing it from recording new events. Therefore, it is critical that administrators who elect to manually manage event logs keep a close eye on the logs. Any log that has not had an event recently posted to it may be full.

Each event log is configured and managed separately.The following procedure outlines the steps involved in configuring the size and logging method for event logs.

1. Open the Computer Management console.

2. Expand the System Tools node.

3. Expand the Event Viewer node to display the three event logs.

4. Right-click on one of the event logs and select Properties. The System Properties dialog for the event log appears, as shown in Figure 10.13.

   
   Figure 10.13: Configuring event log properties

5. To change the size of the log file, type a new value in the Maximum log size field.

6. To change the manner in which events are written to the log when it becomes full, select one of the following options:

   • Overwrite events as needed.

   • Overwrite events older than _ days.

   • Do not overwrite events (clear log manually).

7. Click on OK to close the log's property dialog and return to the Computer Management console.

Manually Administering Event Logs

If administrators choose to manually administer event logs, a number of administrative tasks must be performed. These tasks include:

• Clearing the event logs when they become full

• Saving the contents of an event log for later review

• Retrieving the contents of saved event logs for review and analysis

The following procedure outlines the steps involved in clearing an event log.

1. Open the Computer Management console.

2. Expand the System Tools node.

3. Expand the Event Viewer node to display the three event logs.

4. Select the event log to be cleared and then select the Clear all Events option on the Computer Management console's Action menu.

5. Click on No when prompted to save the log.

Administrators may wish to save event logs when troubleshooting a problem or to maintain a history of event logs. The following procedure outlines the steps involved in saving an event log.

1. Open the Computer Management console.

2. Expand the System Tools node.

3. Expand the Event Viewer node to display the three event logs.

4. Select the event log to be saved and then select the Save Log File As option on the Computer Management console's Action menu.

5. Type a name for the log file and click on Save.

The following procedure outlines the steps involved in retrieving and viewing a saved event log should an administrator later decide to review its contents.

1. Open the Computer Management console.

2. Expand the System Tools node.

3. Expand the Event Viewer node to display the three event logs.

4. Select an event log and then select the Open Log File option on the Computer Management console's Action menu. The Open dialog appears.

5. Specify the name of the archive log file and click on Open.

Administering Shared Folders

The Shared Folders extension on the Computer Management snap-in, shown in Figure 10.14, provides administrative control over the following resources:

• Shares. A folder or drive that has been made available to other computers on a network

• Sessions. A list of network connections established with the computer

• Open Files. A list of local files currently being accessed by network users

Figure 10.14: Viewing shared drives and folders

Using the Shared Folders extension, administrators can perform a number of tasks including:

• View the current list of shares including hidden shares (for example, shares with the symbol $ appended to the end of their name)

• View the number of currently established network connections to shared folders and drives

• View all active network sessions with the computer

• Disconnect network sessions

• View local files currently being accessed over the network and see who is accessing them

• Terminate access to files

• Creating shares on remote computers

• Send messages to users or computers

Note

More detailed information on working with the Computer Management snap-in's Local Users and Groups extension is available in "Working with the Local Users and Groups Snap-In" in Chapter 9, "Security Administration."

User and Group Account Administration

The Local Users and Groups extension on the Computer Management snap-in, shown in Figure 10.15, provides administrative control over the creation and management of both user and group accounts. It is organized into two folders, which are listed below.

Figure 10.15: Managing user and group accounts

• Users. Contains a list of all user accounts stored on the target computer. Each user account in the list can be opened and modified.

• Groups. Contains a list of all group accounts stored on the target computer. Each group account in the list can be opened and its membership modified.

The Local Users and Group extension allows administrators to perform any of the following tasks:

• View existing user and group accounts

• Add, modify, and delete user and group accounts

• Add and remove user accounts to and from group accounts

• Change user account passwords

• Modify user account information

• Configure individual password settings

• Enable and disable user accounts

• Modify user profile and home folder settings

Note

More detailed information on working with the Computer Management snap-in's Shared Folder extension is available in "Monitoring Access to Shared Drives and Folders" in Chapter 19, "Printer and Disk Sharing."

Tracking Performance Data

The Performance Logs and Alerts extension on the Computer Management snap-in, shown in Figure 10.16, is used to create logs and alerts that report on performance data. Data is collected by specifying one or more objects to be monitored.Then counters are selected for each object that measure a particular aspect of the object's performance. In addition, data can be displayed in multiple formats, including:

• Graph

• Histogram

• Report

Figure 10.16: Examining performance logs and alerts

Data collected in logs can be viewed using the Performance snap-in and can also be imported into databases and spreadsheets such as Microsoft Access and Microsoft Excel. Data can also be used to create baseline measurements of computer performance and then later used to compare performance of the computer if performance becomes an issue.

The Performance Logs and Alerts extension is organized into three sections, as shown below.

• Counter Logs. Collects and logs performance data at predefined intervals

• Trace Logs. Collects and logs performance data based on events that exceed a predetermined threshold

• Alerts. Notifies administrators of events that exceed predefined thresholds

Note

More detailed information on working with the Computer Management snap-in's Performance Logs and Alerts extension is available in "Performance Logs and Alerts" in Chapter 13, "Performance Tuning."

Managing Hardware Devices

The Device Manager extension on the Computer Management snap-in, shown in Figure 10.17, is used to view and administer a computer's hardware. The Device Manager extension provides administrators with a graphical tool for reviewing device resource assignment and manually altering the resource assignment of any of the following resources.

Figure 10.17: The Device Manager extension allows administrators to view and configure all the hardware devices installed on a computer

• DMA

• I/O

• IRQs

• Memory

In addition to configuring hardware resources, the Device Manager extension can assist the administrator in performing all of the following hardware-related tasks.

• Enabling or disabling a hardware device

• Updating a device's software driver

• Rolling back a driver to a previous version to recover from a problem with the newer version

• Removing software drivers

Note

More detailed information on working with the Computer Management snap-in's Device Manager extension is available in "Device Manager" in Chapter 2, "Installing and Upgrading to Windows XP Professional."

Storage

The Storage branch of the Computer Management snap-in contains three extensions that are designed to assist the administrator in the management of disk storage. The list of disk management extensions include:

• Removable Storage. Provides the ability to track removable storage media

• Disk Defragmenter. Analyzes and reorganizes the storage of files on the disk drive to provide faster access and more efficient storage

• Disk Management. Provides a graphical interface for viewing and managing disk drives, including the ability to partition, format, and change drive letter assignment

Working with Removable Storage Devices

The Removable Storage extension on the Computer Management snap-in, shown in Figure 10.18, is used to track and administer removable storage media. It can also assist in the management of jukebox libraries and similar storage devices.

Figure 10.18: Managing removable media storage

The Removable Storage extension is organized into two sections, as shown below.

• Media. Assists administrators in the management of removable media. Examples of removable media include tapes, floppy disks, removable hard disks, and compact discs.

• Libraries. Manages jukeboxes and other similar devices.

The Removable Storage extension can assist administrators in performing any of the following tasks:

• Displaying media and library status information

• Cleaning tape drives

• Inventorying jukeboxes and libraries

• Creating media pools

• Inserting and ejecting media in automated devices

• Mounting and dismounting media

Note

More detailed information on working with the Computer Management snap-in's Removable Storage extension is available in Chapter 11, "Disk Management."

Defragmenting Hard Disk Drives

The Disk Defragmenter branch of the Computer Management snap-in, shown in Figure 10.19, displays information about every hard disk drive installed on the computer. This information includes:

• Volume name

• Session status

• File system

• Capacity

• Free space

• % free space

Figure 10.19: Analyzing and defragging disk space

Clicking on Analyze performs an analysis of the selected disk drive. Results are graphically displayed in the Estimated disk usage before defragmentation bar using the following color scheme:

• Red. Represents the amount of disk fragmentation

• Blue. Represents the number of files stored in contiguous disk space

• Green. Represents systems files that cannot be moved

• White. Represents the amount of unused disk space

Click on Defragment to defrag the selected disk drive. The status of the defrag process can be monitored by comparing graphic data displayed in the Estimated disk usage before defragmentation bar and the Estimated disk usage after defragmentation bar.

Note

More detailed information on the use of the Disk Defragmenter extension in the Computer Management snap-in is available in "Disk Defragmenter" in Chapter 11, "Disk Management."

Freeing Up Disk Space

The Disk Management branch of the Computer Management snap-in, shown in Figure 10.20, displays information about every disk on the computer. This information includes:

• Volume name

• Layout

• Type

• File system

• Status

• Capacity

• Free space

• % free

• Fault tolerance

• Overhead

Figure 10.20: Performing disk drive administration

The Disk Management extension assists administrators in performing the following tasks:

• Examining drive status and properties

• Changing drive letter assignments

• Marking a partition as active

• Formatting a partition

• Deleting a partition

• Creating a partition

• Working with basic and dynamic disks

Note

More detailed information on working with the Computer Management snap-in's Disk Management extension is available in Chapter 11, "Disk Management."

Services and Applications

The Services and Applications branch of the Computer Management snap-in contains three extensions that are designed to assist the administrator in managing Windows XP services and applications. The extensions that make up this branch of the Computer Management console include:

• Services. Displays Windows XP services and provides the ability to start, stop, pause, and resume them as well as to configure their automatic startup and other properties

• WMI Control. Provides control of WMI settings, which are used by other Windows utilities to collect and display system information

• Indexing Service. Provides the ability to start, stop, query, and administer the Windows XP Indexing Service, which maintains a searchable index of information stored in documents located on the computer

Services Administration

The Services branch of the Computer Management snap-in, shown in Figure 10.21, displays a list of all Windows XP services installed on the computer as well as their current status, which is either started, stopped, or paused. Using the Services extension, administrators can perform any of the following actions:

• Start a service

• Stop a service

• Pause a service

• Resume a service

• Restart a service

• Edit a service's properties

Figure 10.21: Managing Windows XP services

The following procedure outlines the steps involved in administering a service.

1. Open the Computer Management console.

2. Expand the Services and Applications node.

3. Select Services to view a list of Windows XP services.

4. Right-click on an individual service and select one of the following options:

   • Start

   • Stop

   • Pause

   • Resume

   • Restart

   • Properties

Each service has its own Properties dialog that allows detailed administration over the service. Each service's Properties dialog is organized into four property sheets, as outlined below.

• General. Displays the service's name and description and provides control over its startup type and status.

• Log On. Allows the administrator to associate a specific user account with the service in the event that the service needs to run using specific account permissions.

• Recovery. Defines a series of steps that Windows XP is to follow in the event that a service fails. Possible actions include restarting the service or computer.

• Dependencies. Displays a list of other services upon which the service is dependent as well as a list of services that depend on the service.

Configuring Startup Options

Some Windows XP services, like the Workstation and Plug and Play services, are active all the time. Other services, such as the Fax service, are only started when the administrator configures them, while still other services, depending on how the computer is used, may never be started.

There are three startup types for services. These are:

• Automatic. Starts the service when the computer is started

• Manual. Allows the service to be manually started

• Disabled. Prevents service startup

The following procedure outlines the steps involved in configuring service startup.

1. Open the Computer Management console.

2. Expand the Services and Applications node.

3. Select Services.

4. Right-click on an individual service and select Properties. The Properties dialog for the service appears.

5. Make sure that the General property sheet is selected, as shown in Figure 10.22.

   
   Figure 10.22: Specifying service startup type

6. Select a startup option from the Startup type drop-down list.

7. Click on OK.

Associating a User Account with a Service

Most Windows XP services are executed using the Windows XP LocalService account. This account provides the service with the access permissions that it requires to operate and perform its work. Sometimes applications install their own service or set of services, which may require special security permission in order to perform their function. In this case, the application's documentation will ask the administrator to create a new user account with appropriate permissions to run the service and then ask that the account be associated with the service.

Chapter 9, "Security Administration," explains the steps involved in creating new user accounts. Once a new account has been created, the following procedure can be used to associate the account with its service.

1. Open the Computer Management console.

2. Expand the Services and Applications node.

3. Select Services.

4. Right-click on the service and select Properties. The Properties dialog for the service appears.

5. Select the Log On property sheet, as shown in Figure 10.23.

   
   Figure 10.23: Associating a user account with a service to ensure that it has the security permissions that it requires to execute

6. Select the This account option and type the name of the new account in the field provided.

7. Type the account's password in the Password and Confirm password field.

8. Click on OK.

Setting Service Recovery Options

Sometimes problems occur with services, causing them to fail. Using the Recovery property sheet on the service's Properties dialog, administrators can tell Windows XP Professional how to react by specifying one of four recovery options. These options include:

• Take No Action. Tells Windows XP not to take any action. However, an error will still be logged to the System Event Log. This places the burden on the administrator to discover and deal with the service failure.

• Restart the Service. Tells Windows XP to automatically restart the service. Services can fail for a variety of reasons, not all of which are critical, meaning that a restart will often be successful.

• Run a File. Tells Windows XP to run a program or script if the service fails. A script, for example, might perform a number of corrective actions and then end by attempting to restart the service.

• Reboot the Computer. Tells Windows XP to restart the computer if the service fails. This is a particularly drastic option and should only be used with great care because a restart of the computer will disrupt all activity currently occurring on the computer.

Note

Services can fail for a number of reasons. For example, a prerequisite service may fail or be stopped by an administrator, or a required program or file may be accidentally deleted from the computer.

The following procedure outlines the steps involved in configuring service recovery.

1. Open the Computer Management console.

2. Expand the Services and Applications node.

3. Select Services.

4. Right-click on a service and select Properties. The Properties dialog for the service appears.

5. Select the Recovery property sheet, as shown in Figure 10.24.

   
   Figure 10.24: Telling Windows XP Professional what to do if a service fails

6. Select a recovery option for each of the following:

   • First failure

   • Second failure

   • Subsequent failures

7. Set the Reset fail count after option to indicate the number of days that must pass without any further failures occurring in order for the failure count to be returned to zero. Once returned to zero, any subsequent failure will be treated as the first failure occurrence.

8. If the Restart the service option is selected as one of the recovery options, the Restart service after field will become enabled. Use this field to specify the number of minutes that Windows XP should wait before trying to restart the failed service.

9. If the Run a File option is selected as one of the recovery options, the Run program section will become enabled, allowing the administrator to supply a program or script that should be executed.

10. If the Restart the Computer option is selected as one of the recovery options, the Restart Computer Option button becomes enabled. Click on this button and specify the number of minutes that Windows XP should wait before restarting the computer. In addition, a message can be specified that will be sent to all network computers that currently have a connection to the computer. Click OK to return to the service's Properties dialog.

11. Click on OK.

Examining Service Dependencies

Some services depend on other services in order to execute. Before stopping or pausing a service, it is important to know what other services, if any, will be affected. Checking service dependencies allows administrators to stop services in an orderly fashion and to minimize the possibility of errors.

The following procedure outlines the steps involved in checking service dependencies.

1. Open the Computer Management console.

2. Expand the Services and Applications Node.

3. Select Services.

4. Right-click on the service and select Properties. The Properties dialog for the service appears.

5. Select the Dependencies property sheet, as shown in Figure 10.25.

   
   Figure 10.25: Examining services dependent upon the service

6. The top half of the property sheet displays a list of services that the selected service depends on in order to operate properly. Make sure that any required services are running before attempting to start the selected service. The lower half of the property sheet lists services that depend on the selected service. Stopping the selected service without first stopping services that depend on it may cause problems for dependent services.

7. Click on OK.

WMI

The WMI Control branch of the Computer Management snap-in provides administrators with the ability to control WMI settings. WMI is Microsoft's implementation of the Web-Based Enterprise Management or WBEM initiative, which defines rules and standards for accessing system information over a network. It is used by a number of Windows XP components, including:

• System Properties

• System Information

• Services

To administer WMI, right-click on the WMI Control node in the Services and Applications section and select Properties. This opens the WMI Control Properties dialog, as shown in Figure 10.26

Figure 10.26: Administering WMI Control properties

WMI Control settings are organized into five property sheets, as outlined below.

• General. Displays information about the computer, including the WMI version. Clicking on the Change button allows the administrator to change the username used to log in to a remote network computer. This allows administrators to log on using a user account that has different levels of access permissions than the one normally used to log in to their local computer.

• Logging. Allows administrators to set the logging WMI level to disabled, errors only, or verbose, as well as log size and location. The error log is used to troubleshoot WMI problems.

• Backup\Restore. Allows administrators to back up the WMI repository, a database of objects accessed via WMI, and to later restore it in the event of a problem. By default, the backup copy of the repository is stored in %System-Root%\System32\wbem\Repository with a filename specified by the administrator that has a .rec file extension.

• Security. Allows administrators to configure user and group access to WMI services and tasks, including the ability to set permissions for specific namespaces.

• Advanced. Allows the administrator to change the WMI default namespace.

Note

Additional information on how to work with the WMI Control is available by right-clicking on the WMI Control node in the Computer Management console and selecting Help.

Configuring the Indexing Service

The Indexing Service branch of the Computer Management snap-in, shown in Figure 10.27, creates a systemwide index of documents stored on the computer in order to provide faster searches. The Indexing Service scans documents, performs keyword searches, and passes all matches to the indexer. The Indexing Service scans many types of documents. The default set of documents includes:

• Microsoft Office documents

• Text documents

• HTML pages

• Internet mail and news

Figure 10.27: Performing an index text query

The Indexing Service can be started, stopped, or paused by right-clicking on the Indexing Service node in the Computer Management console tree. This service can also be configured using the Services extension on the Computer Management console. Once started, it runs automatically and requires no administration unless administrators decide to add custom filters, which will allow the Indexing Service to scan other types of documents.

Administrators can customize the performance of the Indexing Service to balance the level of service required by users against the system resources consumed by the service using the following procedure.

1. Open the Computer Management console.

2. Expand the Services and Applications node.

3. Right-click on the Indexing Service, select All Tasks, and then click on Tune Performance. The Indexing Service Usage dialog appears, as shown in Figure 10.28.

   
   Figure 10.28: Configuring Indexing Service performance

4. The following performance settings are available:

   • Used often

   • Used occasionally

   • Never used

   • Customize

   Select the option that best describes the manner in which the Indexing Service is used on the computer.

5. If the Customize option was selected, click on the Customize button to display the Desired Performance dialog, as shown in Figure 10.29.

   
   Figure 10.29: Setting performance levels for the Indexing Service

6. Move the Indexing slider to the left to lower the priority placed on performing indexing operations. Move the slider to the right to produce the opposite effect. Move the Querying slider to the left or right to tell the Indexing Service what volume of queries to expect. Click on OK to close the Desired Performance dialog.

7. Click on OK to close the Indexing Service Usage dialog.

Note

Additional information on how to work with the Indexing Service is available by right-clicking on the Indexing Service node in the Computer Management console and selecting Help.