Session 3: Monitoring and Managing Windows Vista 13

Demonstration 2: Using the Performance Diagnostic Console

In this demonstration, you will see how you can:
• View the Resource Overview.
• Use Performance Monitor.
• Create a Data Collector Set.
• View Reports.

Key Points
The key points of this demonstration are:
• The Performance Diagnostic Console allows you to view real-time performance.
• Data Collector Sets simplify the configuration of performance data.
• The Performance Diagnostic Console allows you to log performance data.
• Reports enable you to view and analyze the results of data collection.

14 Session 3: Monitoring and Managing Windows Vista
Application Monitoring

Introduction
Troubleshooting application problems is one of the most difficult parts of desktop support.
To help make troubleshooting easier, Windows Vista includes Problem Reports and
Solutions, and Event Viewer.
Objectives
After completing this section, you will be able to:
• Explain Problem Reports and Solutions.
• Describe Event Logs.
• Describe the new features in Event Viewer.

Session 3: Monitoring and Managing Windows Vista 15

What Is Problem Reports and Solutions?

Problem Reports and Solutions is a replacement for Dr. Watson found in previous
versions of Windows. Problem Reports and Solutions performs crash analysis and helps
you find solutions to problems. Problems are tracked over time so that you can view the
history of problems on a computer.
You can configure how Problem Reports and Solutions handles problems. When a
problem occurs, you can have it automatically reported to Microsoft to search for a
solution, select whether to report each problem when it occurs, or manually choose to
check for solutions at any time. The default configuration is to ask the user when a
problem occurs. Users can be allowed to change settings for their own account.
When a problem is reported to Microsoft, Windows attempts to match the problem report
to a known problem at Microsoft. If it is a known problem, with a solution, you are given
steps you can take to solve the problem. Microsoft tracks problem reports over time to
determine when new solutions need to be created.
If a solution for a problem is not available at the time the problem occurs, there is no
automated mechanism for you to be notified when a new solution is available. However,
you can manually check for new solutions. When you check for new solutions, Windows
searches for new solutions to unresolved problems.
16 Session 3: Monitoring and Managing Windows Vista
Demonstration 3: Configuring Problem Reports and Solutions


In this demonstration, you will see how you can:
• Configure Problem Reports and Solutions.

Key Points
The key points of this demonstration are:
• Problem Reports and Solutions is used to find solutions for software problems.

Session 3: Monitoring and Managing Windows Vista 17

What Are Event Logs?

An event log is a location where system and application events are stored. Windows
Vista divides event logs into Windows logs and Applications and Services logs.
Windows logs are similar to the event logs found in previous versions of Windows.
Applications and Services logs are event logs for individual applications and services.
Events are now stored as XML in the event logs. This makes it easier for you to access
event logs with other applications and reuse event data.
Windows Logs
Windows logs store the events that apply to the entire system. In addition, legacy
applications will still write events to the application log.
The Windows logs categories include:
• Application log. The application log contains events written by applications. The
events written to this log are determined by the application developer.
• Security log. The security log records auditing events such as valid and invalid logon
attempts. Administrators determine which events are recorded here by configuring an
audit policy.
• System log. The system log contains events logged by Windows system components.
For example, the failure of a service to start.
18 Session 3: Monitoring and Managing Windows Vista
Applications and Services Logs
Applications and Services logs are a new category of event logs in Windows Vista. These
logs store events from a single application or component rather than events that might
have a system-wide impact.
There are four types of Applications and Services logs:
• Admin. Admin logs have events that indicate a problem and a well-defined solution
that an administrator can act on. Applications and services with known errors and
solutions can include an admin log.

• Operational. Operational logs are used for troubleshooting and resolving problems
and viewing status information. Applications and services include an operational log
for general information about the service and error messages without specific
solutions.
• Analytic. Analytic logs have events that describe program operation and indicate
problems that cannot be handled by user intervention. Analytic logs contain a very
high number of events that are used for detailed troubleshooting.
• Debug. Debug logs are used by developers to troubleshoot their programs.

Analytic and Debug logs are hidden in Event Viewer by default.
Session 3: Monitoring and Managing Windows Vista 19

What Are the New Features in Event Viewer?

Event Viewer is an MMC snap-in that allows you to browse and manage event logs. It
has been improved with a number of new features in Windows Vista.
The new features in Event Viewer are:
• Cross-log queries. Previous versions of Event Viewer allowed you to filter the events
in an event log to limit the information displayed. However, if information about a
problem was located in multiple event logs, each event log needed to be viewed
separately. In the Windows Vista version of Event Viewer, you can create queries
that display events from multiple event logs. This is particularly important now that
many applications and services have their own event logs, which spreads information
over a wider number of event logs.
• Reusable views. When you have constructed a query to find specific information, you
can save it as a Custom view. After a Custom view has been saved, you can export it
for use on other computers or by other users.
20 Session 3: Monitoring and Managing Windows Vista
• Integration with Task Scheduler. Often when you are troubleshooting, you would like
to perform a task when a particular event occurs. For example, you may want to run

a batch file that restarts several services when an application error occurs, or send an
e-mail message the next time a particular event occurs. The Event Viewer in
Windows Vista supports triggering tasks based on a particular event occurring.
• Event Subscriptions. The Event Viewer in Windows Vista includes the ability to
collect copies of events from multiple remote computers and store them locally. To
specify which events to collect, you create an Event Subscription.
Session 3: Monitoring and Managing Windows Vista 21

Demonstration 4: Using Event Viewer

In this demonstration, you will see how you can:
• View events.
• Create a custom view.

Key Points
The key points of this demonstration are:
• Event Viewer is used to view the contents of event logs.
• Event Viewer can create and save custom views for later use.
22 Session 3: Monitoring and Managing Windows Vista
Group Policy and Device Management

Introduction
Group Policy allows administrators to centrally control settings for users and computers
in their domain. Windows Vista expands the capabilities of Group Policy with over 800
new policy settings. One specific area that has been added is the ability to control
hardware device installation.
Objectives
After completing this section, you will be able to:
• Describe the Local Security Policy.
• Describe Group Policy.

• Explain the new features in Group Policy.
• Explain the enhancements to Group Policy.
• Describe the differences between local and domain-based Group Policy.
• Explain how to control device installation by using Group Policy.

Session 3: Monitoring and Managing Windows Vista 23

What Is the Local Security Policy?

The local security policy is a set of security related settings for Windows Vista that apply
only to the local computer. To edit the configuration of the local security policy, you can
use the Local Security Policy snap-in found in Administrative Tools, or you can use the
Security Settings section of the local Group Policy.
Some of the security settings in a security policy are:
• Account Policies. The Account Policies contain a Password policy and an Account
Lockout policy. The Password policy enforces password restrictions such as
minimum password length and password complexity. The Account Lockout policy
protects Windows Vista from brute force password attacks by locking out accounts
after a preconfigured number of incorrect logon attempts.
• Local Policies. The Local Policies contain an Audit policy, User Rights Assignment,
and Security Options. The Audit policy determines which events are logged in the
Security event log. User Rights Assignment settings determine which system
privileges are given to which users and groups of users. Security Options contains
settings to control the security options such as communication encryption and UAC.
• Windows Firewall with Advanced Security. Controls the configuration of Windows
Firewall.
• Public Key Policies. Configures Encrypting File System (EFS) settings and
certificate auto-enrollment.
24 Session 3: Monitoring and Managing Windows Vista
• Software Restriction Policies. Controls the installation of software, even for users

with Administrative privileges.
• IP Security Policies on Local Computer. Used for backward compatibility with
Internet Protocol security (IPsec) policies in Windows XP. Windows Vista can
configure IPsec by using Windows Firewall with Advanced Security.

You can also configure the local security policy by using security templates in
combination with Secedit or the Security Configuration and Analysis snap-in.
Session 3: Monitoring and Managing Windows Vista 25

What Is Group Policy?

Group Policy is an infrastructure for centralized configuration management of user and
computer settings. It was originally introduced as part of Windows 2000 and has been
expanded with each new release of Windows. The complete Group Policy system is
composed of server-side and client-side components.
A group of settings that are applied by using Group Policy are known as a Group Policy
object (GPO). A GPO contains computer settings and user settings. Computer settings are
applied based on the computer object in the Active Directory® directory service. User
settings are applied based on the user object in Active Directory.
Some of the things you can do with Group Policy are:
• Install software.
• Run startup or logon scripts.
• Deploy printers.
• Apply security policy settings.
• Configure Windows.
• Configure Microsoft Internet Explorer®.
26 Session 3: Monitoring and Managing Windows Vista
What Are the New Features in Group Policy?

For Windows Vista and Windows Server® Code Name “Longhorn,” Group Policy has

been enhanced to control additional Windows components. The additional settings are
based on requests from customers and internal development. In addition, Group Policy
processing has been improved.
New Policy Settings
Some of the new categories of Group Policy settings are:
• Power Management. The new Power Management features in Windows Vista are
configurable by using Group Policy. This means that you can easily apply Power
Management settings to all Windows Vista computers in an organization for
substantial cost savings on power.
• Windows Firewall with Advanced Security. The Windows Firewall can now be
configured by using Group Policy. The Windows Firewall settings also include rules
that control IPsec to ensure that you do not create conflicting rules.
• Printer assignment based on location. You can now assign printers to users based on
location. As a user with a mobile computer moves to different locations in the
company, new printers are assigned.
• Printer driver installation by users. A new setting allows users to install printer
drivers. In previous versions of Windows, printer driver installation was restricted to
administrators.
Session 3: Monitoring and Managing Windows Vista 27

New Format for Administrative Template Files
Administrative templates describe the settings and the options for those settings when
editing a GPO. In previous versions of Windows, the administrative templates were
ADM files. In Windows Vista, the ADM files have been replaced with an XML-based
format known as ADMX files.
ADMX files have the following advantages:
• Easier management of multi-language administrative environments.
• ADMX files are stored centrally (instead of per GPO) to minimize replication traffic.
• New ADMX-enabled Group Policy tools are backward-compatible with ADM files.
Network Location Awareness

Network Location Awareness ensures that client computers are aware of changing
network conditions and resource availability. With Network Location Awareness, Group
Policy has access to the resource detection and event notification capabilities of the
operating system, such as recovery from sleep, establishment of virtual private network
(VPN) sessions, or changing wireless networks.
Network Location Awareness has the following benefits:
• Faster startup times. Client-side Group Policy components will only attempt to use
available network devices, reducing time-outs.
• Faster application of Group Policy settings. Group Policy can retrieve settings from a
domain controller as soon as it is available instead of waiting for the next refresh
interval.
• Group Policy application through firewalls. Many firewalls block the Ping packets
required by previous versions of Group Policy for network detection. Network
Location Awareness removes the reliance on Ping packets.
28 Session 3: Monitoring and Managing Windows Vista
What Are the Group Policy Enhancements?

In addition to new features, many Group Policy components and features have been
enhanced. Some of the enhancements to Group Policy are:
• Group Policy Management Console (GPMC). GPMC was downloadable for
Windows XP and Windows Server 2003. It is now included with Windows Vista and
Windows Server “Longhorn.”
• Internet Explorer configuration. Most Internet Explorer 7 settings can be managed by
using Group Policy. In many cases, this eliminates the need to use the Internet
Explorer Administration Kit.
• Group Policy service. In previous versions of Windows, Group Policy was processed
by Winlogon. Windows Vista includes a new Group Policy service that is responsible
for processing Group Policy. This new service reduces reboot requirements, is more
efficient, and reduces memory usage.
• Replication traffic reduction. GPOs are replicated between Windows Server

“Longhorn” domain controllers by using the Distributed File System instead of the
File Replication Service. When a GPO is changed, only the changes are replicated
rather than the entire GPO.
Session 3: Monitoring and Managing Windows Vista 29

• Events and logging. Previous versions of Group Policy were difficult to configure for
logging. Now that Group Policy processing is done by a separate service, the Group
Policy service is a distinct event source in the System event log and writes to a
separate Group Policy operational log.
• Multiple local GPOs. Windows Vista allows multiple local GPOs to exist on a single
computer. Each of these GPOs can be assigned to specific local users or groups of
users allowing for additional flexibility in workgroup environments.
30 Session 3: Monitoring and Managing Windows Vista
Comparing Domain Policies to Local Policies

Local GPOs are an effective way to manage settings on a single computer or small
workgroup. However, in larger environments when you want to centrally management
hundreds or thousands of computers, you need to implement domain-based GPOs.
Characteristics of local GPOs:
• Are stored on the local computer.
• Must be edited on each computer.
• Can be applied to local users and groups only.

Characteristics of domain GPOs:
• Are stored in Active Directory and Sysvol.
• Are edited centrally and automatically replicated to all domain controllers.
• Can be applied to users and computers in domains, organizational units (OUs), or
sites.
• Override local GPOs where settings conflict.
Session 3: Monitoring and Managing Windows Vista 31


Demonstration 5: Implementing Group Policy

In this demonstration, you will see how you can:
• View new Group Policy settings.
• Create multiple local GPOs.

Key Points
The key points of this demonstration are:
• Group Policy is used to manage users and computers.
• There are new Group Policy settings.
• You can create multiple local GPOs.
32 Session 3: Monitoring and Managing Windows Vista
How to Control Device Installation

Windows Vista includes new Group Policy settings that allow you to control device
installation. One of the primary reasons to control device installation is to prevent data
theft by using portable mass storage devices such as a USB drive. Preventing device
installation by users can also lower support costs by preventing help desk calls.
Devices can be blocked or allowed based on device identification strings or device setup
classes. Device identification strings are used by Windows to identify the correct driver
for a device by finding the exact make and model of a device or a compatible device.
Because device identification strings tend to be very specific, they are typically not used
to prevent device installation.
Device setup classes describe the broad category of device that is being installed. For
example, CD-ROM is a device setup class. Each device setup class is identified by a
globally unique identifier that must be specified in the Group Policy setting.