Book Read Free

Microsoft Press Windows Vista Administrator's Pocket Consultant ebook

Page 8

by MS


  Click the Services tab. As shown in Figure 2-15, this tab displays a list of all services installed on the computer and includes flags that identify the state of the service, such as running or stopped, and whether the service is essential to the proper operation of the system.

  Figure 2-15: To troubleshoot problems with Windows services, use the options on the Services tab.

  Clear the check box next to any service that you do not want to run at startup.

  Caution

  Disable only those services that you've identified as potential problems and only if you know how they are used by the operating system. If you don't know what a service does, don't disable it. You can learn the specific purpose of a service by using the Services utility in the Administrative Tools menu. Select the service to view its description on the Extended tab or double-click the service to read its description on the General tab of the related properties dialog box.

  Click OK. You need to reboot the system to check the changes, so if you are prompted to restart the system, click Yes. Otherwise, reboot the system manually.

  Repeat this procedure as necessary to pinpoint the service causing the system problems. If you can't identify a service as the cause of the problem, the trouble might be caused by a Windows component, a startup application, or a device driver.

  Managing System Properties

  You use the System Properties dialog box to manage system properties. The following sections examine key areas of the operating system that can be configured using the System Properties dialog box.

  The Computer Name Tab

  The computer's network identification can be displayed and modified with the Computer Name tab of the System Properties dialog box, shown in Figure 2-16. As the figure shows, the Computer Name tab displays the full computer name of the system and the domain membership. The full computer name is essentially the Domain Name System (DNS) name of the computer, which also identifies the computer's place within the Active Directory hierarchy.

  Figure 2-16: Use the Computer Name tab to display and configure system identification.

  To access the Computer Name tab of the System Properties dialog box, follow these steps:

  Click Start and then click Control Panel.

  In Control Panel, click the System And Maintenance category heading link.

  Click System.

  In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.

  Click the Computer Name tab.

  The options on the Computer Name tab enable you to:

  Join a computer to a domain Click Network ID to start the Connect To A Domain Or Workgroup wizard, which guides you through modifying network access information for the computer. To join a computer to a domain, click Network ID and then click Next twice to accept the default options. Enter the name of your domain user account, the password for this account, and the name of the domain. Click Next and then follow the remaining prompts.

  Change a computer's name Click Change to change the computer name and the domain or workgroup associated with the computer.

  Real World

  For client computers to use the Domain Name System (DNS), the computer must have an appropriate computer name and a properly configured primary DNS suffix. Rather than using names that are cute or arbitrary, you should decide on a naming scheme that is meaningful to both users and administrators. In DNS, the computer's name serves as its host name, and the primary DNS suffix determines the domain to which it is assigned for name resolution purposes. Any unqualified host names that are used on a computer are resolved using the primary DNS suffix. For example, you are logged on to a computer with a primary DNS suffix of http://www.tech.cpandl.com and you ping CorpSvr28 at a command prompt. The computer directs the query to http://www.corpsvr28.tech.cpandl.com.

  By default, the primary DNS suffix is the domain in which the computer is a member. You can change a computer's primary DNS suffix if necessary. For example, if a computer's primary DNS suffix is http://www.seattle.tech.cpandl.com, you might want it to use the primary DNS suffix of http://www.cpandl.com to simplify name resolution in this large DNS hierarchy. To change a computer's primary DNS suffix, click Change on the Computer Name tab and then click More. Enter the desired primary DNS suffix in the text box provided and then close all open dialog boxes by clicking OK three times.

  The Hardware Tab

  The System Properties dialog box's Hardware tab provides access to Device Manager and Windows Update Driver settings. To access the Hardware tab of the System Properties dialog box, follow these steps:

  Click Start and then click Control Panel.

  In Control Panel, click the System And Maintenance category heading link.

  Click System.

  In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.

  Click the Hardware tab.

  The Device Manager, also included in the Computer Management console as an MMC snap-in, is discussed in Chapter 3. When you connect a new device, Windows Vista checks for drivers automatically using Windows Update. If you don't want a computer to check for drivers automatically, click the Windows Update Driver Settings button, and then, as appropriate, select either Ask Me Each Time I Connect A New Device Before Checking For Drivers or Never Check For Drivers When I Connect A Device, and then click OK.

  Note

  The Hardware tab no longer provides access to driver signing settings or hardware profiles. With Windows Vista, you configure driver signing settings through Active Directory–based Group Policy or Local Group Policy. Additionally, because Windows Vista uses a hardware-independent architecture, you can no longer configure hardware profiles on the Hardware tab.

  The Advanced Tab

  The System Properties dialog box's Advanced tab, shown in Figure 2-17, controls many of the key features of the Windows operating system, including application performance, virtual memory usage, user profile, environment variables, and startup and recovery.

  Figure 2-17: The Advanced tab lets you configure advanced features, including performance options, environment variables, and startup and recovery.

  Note

  User profiles contain global user settings and configuration information. They are created the first time a user logs on to a local computer or domain and are different for local and domain accounts. A user's profile maintains the desktop environment so that it is the same each time the user logs on. You'll find an extensive discussion on user profiles in the chapter "Managing Existing User and Group Accounts" in Microsoft Windows Server 2003 Administrator's Pocket Consultant (Microsoft Press, 2003).

  Setting Windows Performance

  Many graphics enhancements have been added to the Windows Vista interface. These enhancements include many visual effects for menus, toolbars, windows, and the taskbar. You can configure Windows performance by completing the following steps:

  Click Start and then click Control Panel.

  In Control Panel, click the System And Maintenance category heading link.

  Click System.

  In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.

  To display the Performance Options dialog box, click the Advanced tab in the System Properties dialog box and then click Settings on the Performance panel.

  The Visual Effects tab is selected by default. You have the following options for controlling visual effects:

  q Let Windows Choose What's Best For My Computer Enables the operating system to choose the performance options based on the hardware configuration. For a newer computer, this option will probably be identical to the Adjust For Best Appearance option. The key distinction, however, is that this option is chosen by Windows based on the available hardware and its performance capabilities.

  q Adjust For Best Appearan
ce When you optimize Windows for best appearance, you enable all visual effects for all graphical interfaces. Menus and the taskbar use transitions and shadows. Screen fonts have smooth edges. List boxes have smooth scrolling. Folders use Web views and more.

  q Adjust For Best Performance When you optimize Windows for best performance, you turn off the resource-intensive visual effects, such as slide transitions and smooth edges for fonts, while maintaining a basic set of visual effects.

  q Custom You can customize the visual effects by selecting or clearing the visual effects options in the Performance Options dialog box. If you clear all options, Windows does not use visual effects.

  When you are finished changing visual effects, click Apply. Click OK twice to close the open dialog boxes.

  Setting Application Performance

  Application performance is related to processor scheduling caching options that you set for the Windows Vista system. Processor scheduling determines the responsiveness of applications that are running interactively (as opposed to background applications that might be running on the system as services). You control application performance by completing the following steps:

  Click Start and then click Control Panel.

  In Control Panel, click the System And Maintenance category heading link.

  Click System.

  In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.

  To display the Performance Options dialog box, click the Advanced tab in the System Properties dialog box and then click Settings on the Performance panel.

  The Performance Options dialog box has several tabs. Click the Advanced tab.

  In the Processor Scheduling panel, you have the following options:

  q Programs To give the active application the best response time and the greatest share of available resources, select Programs. Generally, you'll want to use this option for all Windows Vista workstations.

  q Background Services To give background applications a better response time than the active application, select Background Services. Generally, you'll want to use this option for Windows Vista computers running as servers (meaning they have server-like roles and are not being used as Windows Vista workstations). For example, a Windows Vista computer may be the print server for the department.

  Click OK.

  Configuring Virtual Memory

  Virtual memory enables you to use disk space to extend the amount of available RAM on a system. This feature of processors using Intel 386 and later writes RAM to disks using a process called paging. With paging, a set amount of RAM, such as 1024 MB, is written to the disk as a paging file, where it can be accessed from the disk when needed in place of physical RAM.

  An initial paging file is created automatically for the drive containing the operating system. By default, other drives don't have paging files, so you must create these paging files manually if you want them. When you create a paging file, you set an initial size and a maximum size. Paging files are written to the volume as a file named PAGEFILE.SYS.

  Real World

  Windows Vista does a much better job than its predecessors do of automatically managing virtual memory. Typically, Windows Vista will allocate virtual memory at least as large as the total physical memory installed on the computer. This helps to ensure paging files don't become fragmented, which can result in poor system performance. If you want to manually manage virtual memory, you use a fixed virtual memory size in most cases. To do this, set the initial size and the maximum size to the same value. This ensures that the paging file is consistent and can be written to a single contiguous file (if possible, given the amount of space on the volume). In most cases, I recommend setting the total paging file size so that it's twice the physical RAM size on the system. For instance, on a computer with 1024 MB of RAM, you would ensure that the Total Paging File Size For Each Drive setting is at least 2048 MB.

  You can manually configure virtual memory by completing the following steps:

  Click Start and then click Control Panel.

  In Control Panel, click the System And Maintenance category heading link.

  Click System.

  In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.

  Click the Advanced tab in the System Properties dialog box.

  Click Settings in the Performance section to display the Performance Options dialog box.

  Click the Advanced tab and then click Change to display the Virtual Memory dialog box, shown in Figure 2-18. The following information is provided:

  q Drive [Volume Label] and Paging File Size (MB) Shows how virtual memory is currently configured on the system. Each volume is listed with its associated paging file (if any). The paging file range shows the initial and maximum size values set for the paging file.

  q Paging File Size For Each Drive Provides information on the currently selected drive and enables you to set its paging file size. Space Available indicates how much space is available on the drive.

  q Total Paging File Size For All Drives Provides a recommended size for virtual RAM on the system and tells you the amount currently allocated. If this is the first time you're configuring virtual RAM, notice that the recommended amount has already been given to the system drive (in most instances).

  Figure 2-18: Virtual memory extends the amount of physical memory (RAM) on a system.

  By default, Windows Vista manages the paging file size for all drives. If you want to manually configure virtual memory, clear the Automatically Manage Paging File Size For All Drives check box.

  In the Drive list box, select the volume you want to work with.

  Select Custom Size and then enter an initial size and a maximum size.

  Click Set to save the changes.

  Repeat steps 9–11 for each volume you want to configure.

  Click OK and if prompted to overwrite an existing PAGEFILE.SYS file, click Yes.

  If you updated the settings for a paging file that is currently in use, you'll see a prompt explaining that you need to restart the system for the changes to take effect. Click OK.

  Click OK twice to close the open dialog boxes. When you close the System utility, you'll see a prompt asking if you want to restart the system. Click Restart.

  You can have Windows Vista automatically manage virtual memory by following these steps:

  Click the Advanced tab in the System Properties dialog box.

  Click Settings in the Performance section to display the Performance Options dialog box.

  Click the Advanced tab and then click Change to display the Virtual Memory dialog box.

  Select the Automatically Manage Paging File Size For All Drives check box.

  Click OK three times to close the open dialog boxes.

  Tip

  Clearing the pagefile on shutdown is a recommended security best practice. You can clear the pagefile on shutdown by enabling the Shutdown: Clear Virtual Memory Pagefile option. In Group Policy, this option is located under Local PoliciesSecurity Options.

  Configuring Data Execution Prevention

  Data Execution Prevention (DEP) is a memory protection technology. DEP tells the computer's processor to mark all memory locations in an application as non-executable unless the location explicitly contains executable code. If code is executed from a memory page marked as non-executable, the processor can raise an exception and prevent it from executing. This prevents malicious code, such as a virus, from inserting itself into most areas of memory, because only specific areas of memory are marked as having executable code.

  Note

  32-bit versions of Windows support DEP as implemented by Advanced Micro Devices, Inc. (AMD) processors that provide the no-execute page-protection (NX) processor feature. Such processors support the related instructions and must be running in Physical Address Extension (PAE) mode. 64-bit versions of
Windows also support the NX processor feature.

  Using and configuring DEP You can determine whether a computer supports DEP by using the System utility. If a computer supports DEP, you can also configure it by completing the following steps:

  Click Start and then click Control Panel.

  In Control Panel, click the System And Maintenance category heading link.

  Click System.

  In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.

  Click the Advanced tab in the System utility and then on the Performance panel, click Settings to display the Performance Options dialog box.

  The Performance Options dialog box has several tabs. Click the Data Execution Prevention tab. The text at the bottom of this tab specifies whether the computer supports execution protection.

  If a computer supports execution protection and is configured appropriately, you can configure DEP by using the following options:

  q Turn On DEP For Essential Windows Programs And Services Only Enables DEP only for the operating system services, programs, and components. This is the default and recommended option for computers that support execution protection and are configured appropriately.

  q Turn On DEP For All Programs Except Those I Select Configures DEP and allows for exceptions. Select this option and then click Add to specify programs that should run without execution protection. In this way, execution protection will work for all programs except those you have listed.

  Click OK.

  Understanding DEP compatibility To be compatible with DEP, applications must be able to explicitly mark memory with Execute permission. Applications that cannot do this will not be compatible with the NX processor feature. If you are experiencing memory-related problems running applications, you should determine the applications that are having problems and configure them as exceptions rather than completely disabling execution protection. In this way, you still get the benefits of memory protection and can selectively disable memory protection for programs that aren't running properly with the NX processor feature.

 

‹ Prev