Monitoring Processes, Services, and Events
from Chapter 3, Microsoft Windows 2000 Administrator's Pocket Consultant by William R. Stanek.
As an administrator, it's your job to keep an eye on the network systems. The status of system resources and usage can change dramatically over time. Services may stop running. File systems may run out of space. Applications may throw exceptions, which in turn can cause system problems. Unauthorized users may try to break into the system. The techniques discussed in this chapter will help you find and resolve these and other system problems.
Anytime you start an application or type a command on the command line, Microsoft Windows 2000 starts one or more processes to handle the related program. Generally, processes that you start in this manner are called interactive processes. That is, the processes are started interactively with the keyboard or mouse. If the application or program is active and selected, the related interactive process has control over the keyboard and mouse until you switch control by terminating the program or selecting a different one. When a process has control, it's said to be running in the foreground.
Processes can also run in the background. With processes started by users, this means that programs that aren't currently active can continue to operate—only they generally aren't given the same priority as the active process. You can also configure background processes to run independently of the user logon session; such processes are usually started by the operating system. An example of this type of background process is a batch file started with an AT command. The AT command tells the system to run the file at a specified time, and (if permissions are configured correctly) the AT command can do so regardless of whether a user is logged on to the system.
The key tool you'll use to manage system processes and applications is Task Manager. You can access Task Manager using any of the following techniques:
Press Ctrl+Shift+Esc.
Press Ctrl+Alt+Del, and then select the Task Manager button.
Type taskmgr into the Run utility or a command prompt.
Right-click the taskbar and select Task Manager from the pop-up menu.
Techniques you'll use to work with Task Manager are covered in the following sections.
Task Manager's Applications tab is shown in Figure 3-1. This tab shows the status of the programs that are currently running on the system. You can use the buttons on the bottom of this tab as follows:
Stop an application by selecting the application and then clicking End Task.
Switch to an application and make it active by selecting the application and then clicking Switch To.
.gif "Figure 3-1: The Applications tab of the Windows Task Manager shows the status of programs currently running on the system.")
Figure 3-1: The Applications tab of the Windows Task Manager shows the status of programs currently running on the system.
Start a new program by selecting New Task and then enter a command to run the application. New Task functions like the Start menu's Run utility.
Tip The Status column tells you if the application is running normally or if the application has gone off into the ozone. A status of Not Responding is an indicator that an application may be frozen, and you may want to end its related task. However, some applications may not respond to the operating system during certain process-intensive tasks. Because of this, you should be certain the application is really frozen before you end its related task.
Right-Clicking a Listing
Right-clicking an application's listing displays a pop-up menu that allows you to
Switch to the application and make it active
Bring the application to the front of the display
Minimize and maximize the application
Tile or end the application
Go to the related process in the Processes tab
Note: The Go To Process is very helpful when you're trying to find the primary process for a particular application. Selecting this option highlights the related process in the Processes tab.
The Task Manager Process tab is shown in Figure 3-2 . This tab provides detailed information on the processes that are running. As you examine processes, note that although applications have a main process, a single application may start multiple processes. Generally, these processes are dependent on the main application process and are stopped when you terminate the main application process or use End Task. Because of this, you'll usually want to terminate the main application process or the application itself rather than dependent processes.
The fields of the Processes tab provide lots of information about running processes. You can use this information to determine which processes are hogging system resources, such as CPU time and memory. Additional uses for the tab include
Stopping a process by selecting it and then choosing End Process
Stopping a process and its subprocesses by right-clicking it and then choosing End Process Tree
Setting a process's priority by right-clicking it and then choosing Set Priority from the pop-up menu
.gif "Figure 3-2: The Processes tab provides detailed information on running processes.")
Figure 3-2: The Processes tab provides detailed information on running processes.
Note: If you examine processes running in Task Manager, you'll note a process called System Idle Process. You can't set the priority of this process. Unlike other processes that track resource usage, System Idle Process tracks the amount of system resources that aren't used. Thus, a 99 in the CPU column for the process means 99 percent of the system resources currently aren't being used.
Priority determines how much of the system resources are allocated to a process. Most processes have a normal priority by default. To increase priority, set the priority to high. To decrease priority, set the priority to low. The highest priority is given to real-time processes.
The Task Manager Performance tab provides an overview of CPU and memory usage. As shown in Figure 3-3, the tab displays graphs as well as statistics. This information gives you a quick check on system resource usage. For more detailed information, use Performance Monitor, as explained later in this chapter.
.gif "Figure 3-3: The Performance tab provides a quick check on system resource usage.")
Figure 3-3: The Performance tab provides a quick check on system resource usage.
Graphs on the Performance Tab
The graphs on the Performance tab provide the following information:
CPU Usage The percentage of processor resources being used
CPU Usage History A history graph of CPU usage plotted over time
MEM Usage The amount of memory currently being used on the system
Memory Usage History A history graph of memory usage plotted over time
Tip To view a close-up of the CPU graphs, double-click within the Performance tab. Double-clicking again returns you to normal viewing mode.
Customizing and Updating the Graph Display
To customize or update the graph display, use the following options on the View menu:
Update Speed Allows you to change the speed of graph updating as well as to pause the graph.
CPU History On multiprocessor systems, allows you to specify how CPU graphs are displayed.
Show Kernel Times Allows you to display the amount of CPU time used by the operating system kernel.
Beneath the graphs you'll find several lists of statistics. These statistics provide the following information:
Commit Charge Provides information on the total memory used by the operating system. Total lists all physical and virtual memory currently in use. Limit lists the total physical and virtual memory available. Peak lists the maximum memory used by the system since bootup.
Kernel Memory Provides information on the memory used by the operating system kernel. Critical portions of kernel memory must operate in RAM and can't be paged to virtual memory. This type of kernel memory is listed as Nonpaged. The rest of kernel memory can be paged to virtual memory and is listed as Paged. The total amount of memory used by the kernel is listed under Total.
Physical Memory Provides information on the total RAM on the system. Total shows the amount of physical RAM. Available shows the RAM not currently being used and available for use. System Cache shows the amount of memory used for system caching.
Totals Provides information on CPU usage. Handles shows the number of I/O handles in use. Threads shows the number of threads in use. Processes shows the number of processes in use.
Services provide key functions to Windows 2000 workstations and servers. To manage system services, you'll use the Services entry in the Computer Management console, which you start by completing the following steps:
Choose Start, Programs, then Administrative Tools, and finally Computer Management. Or select Computer Management in the Administrative Tools folder.
Right-click the Computer Management entry in the console tree and select Connect To Another Computer on the shortcut menu. You can now choose the system whose services you want to manage.
Expand the Services And Applications node by clicking the plus sign (+) next to it, and then choose Services.
Note: Windows 2000 provides several other ways to access services. For example, you can also use the Services entry in the Component Services utility.
Figure 3-4 shows the Services view in the Computer Management console. The key fields of this dialog box are used as follows:
Name The name of the service. Only services installed on the system are listed here. Double-click an entry to configure its startup options. If a service you need isn't listed, you can install it by using the Network Connection Properties dialog box or the Windows Optional Networking Components Wizard. See Chapter 15 for details.
Description A short description of the service and its purpose.
Status Whether the status of the service is started, paused, or stopped. (Stopped is indicated by a blank entry.)
Startup Type The startup setting for the service. Automatic services are started at bootup. Manual services are started by users or other services. Disabled services are turned off and can't be started while they remain disabled.
Log On As The account the service logs on as. The default in most cases is the local system account.
Note: Both the operating system and users can disable Services. Generally, Windows 2000 disables services if there is a possible conflict with another service.
.gif "Figure 3-4: Use the Services view to manage services on Windows 2000 workstations and servers.")
Figure 3-4: Use the Services view to manage services on Windows 2000 workstations and servers.
Table 3-1 provides a summary of common services that you'll see on Windows 2000 systems. Keep in mind that the type and number of services running on a Windows 2000 system depend on its configuration. To install or remove services, you use the Configure Your Server administration tool.
Table 3-1 Common Services That May Be Installed on Windows 2000 Systems
Service Name |
Description |
|---|---|
Alerter |
Sends administrative alert messages |
Application Management |
Provides software installation services |
ClipBook |
Enables remote viewers to see local pages with ClipBook Viewer |
COM+ Event System |
Provides automatic distribution of events to subscribing COM components |
Computer Browser |
Enables computer browsing; maintains a list of resources used for network browsing |
Dynamic Host Configuration Protocol (DHCP) Client |
Manages network configuration by registering and updating Internet Protocol (IP) addresses and Domain Name System (DNS) names |
DHCP Server |
Provides dynamic IP address assignment and network configuration for DHCP clients |
Distributed Transaction Coordinator |
Coordinates distributed transactions for resource managers |
DNS Client |
Resolves and caches DNS names |
DNS Server |
Manages DNS names and queries |
Event Log |
Logs event messages issued by applications and the operating system |
File Server for Macintosh |
Enables Macintosh users to store and access files on the server system |
Gateway Service for NetWare |
Provides access to file and print resources on NetWare networks |
Intersite Messaging |
Allows sending and receiving of messages between Active Directory sites |
License Logging Service |
Tracks license usage and compliance |
Messenger |
Sends and receives messages transmitted by administrators or by the Alerter service |
Net Logon |
Authenticates user logons |
Network dynamic data exchange (DDE) |
Supports DDE between applications |
Network DDE DSDM |
Manages shared dynamic data exchange and is used by Network DDE |
NT LM Security Support Provider |
Provides security to Remote Procedure Call (RPC) programs that don't use named pipes |
Performance Logs and Alerts |
Configures performance logs and alerts |
Plug and Play |
Manages device installation and configuration and notifies programs of device changes |
Print Server for Macintosh |
Enables Macintosh users to send print jobs to Windows |
Print Spooler |
Spools printer files |
Protected Storage |
Provides protected storage for sensitive data, such as private keys |
RPC |
Provides RPC services for distributed applications |
RPC Locator |
Manages the RPC name service database |
Routing and Remote Access |
Provides routing and remote access services |
Secondary Logon Service |
Enables Run As, where you can run processes as another user |
Security Accounts Manager |
Stores security information for local user accounts |
Server |
Provides RPC server services, including file sharing, printer spooling, and named pipes |
Simple Transmission Control Protocol/Internet Protocol (TCP/IP) Services |
Supports the TCP/IP services Character Generator, Daytime, Discard, Echo, and Quote of the Day |
System Event Notification |
Tracks system events and notifies COM+ Event System subscribers of these events |
Task Scheduler |
Enables job scheduling |
TCP/IP NetBIOS Helper Service |
Enables support for NetBIOS over TCP/IP and NetBIOS name resolution |
Telnet |
Allows a remote user to log on to the system and run console programs using the command line |
Windows Internet Name |
Provides a NetBIOS name service for |
Service (WINS) |
TCP/IP clients |
Workstation |
Provides services for network connections and communications |
As an administrator, you'll often have to start, stop, or pause Windows 2000 services. To start, stop, or pause, complete the following steps:
Start the Computer Management console.
Right-click the Computer Management entry in the console tree and select Connect To Another Computer on the shortcut menu. You can now choose the system whose services you want to manage.
Expand the Services And Applications node by clicking the plus sign (+) next to it, and then choose Services.
Right-click the service you want to manipulate, and then select Start, Stop, or Pause, as appropriate. You can also choose Restart to have Windows stop and then start the service after a brief pause. Additionally, if you pause a service, you can use the Resume option to resume normal operation.
Note: When services that are set to start automatically fail, the status is listed as blank and you'll usually receive notification in a pop-up dialog box. Service failures can also be logged to the system's event logs. In Windows 2000, you can configure actions to handle service failure automatically. For example, you could have Windows 2000 attempt to restart the service for you. See the section of this chapter entitled "Configuring Service Recovery" for details.
You can set Windows 2000 services to start manually or automatically. You can also turn them off permanently by disabling them. You configure service startup by completing the following steps:
In the Computer Management console, connect to the computer whose services you want to manage.
Expand the Services And Applications node by clicking the plus sign (+) next to it, and then choose Services.
Right-click the service you want to configure and then choose Properties.
In the General tab, use the Startup Type drop-down list box to choose a startup option, as shown in Figure 3-5. Select Automatic to start services at bootup. Select Manual to allow the services to be started manually. Select Disabled to turn off the service.
Click OK.
.gif "Figure 3-5: Use the General tab's Startup drop-down list box to configure service startup options.")
Figure 3-5: Use the General tab's Startup drop-down list box to configure service startup options.
You can configure Windows 2000 services to log on as a system account or as a specific user. To do either of these, complete the following steps:
In the Computer Management console, connect to the computer whose services you want to manage.
Expand the Services And Applications node by clicking the plus sign (+) next to it, and then choose Services.
Right-click the service you want to configure and then choose Properties.
Select the Log On tab, shown in Figure 3-6.
Select Local System Account if the service should log on using the system account (which is the default for most services).
Select This Account if the service should log on using a specific user account. Be sure to type an account name and password in the fields provided. Use the Browse button to search for a user account, if necessary.
Click OK.
.gif "Figure 3-6: Use the Log On tab to configure the service logon account.")
Figure 3-6: Use the Log On tab to configure the service logon account.
You can configure Windows 2000 services to take specific actions when a service fails. For example, you could attempt to restart the service or run an application. To configure recovery options for a service, complete the following steps:
In the Computer Management console, connect to the computer whose services you want to manage.
Expand the Services And Applications node by clicking the plus sign (+) next to it, and then choose Services.
Right-click the service you want to configure and then choose Properties.
Select the Recovery tab, shown in Figure 3-7.
Note: Windows 2000 automatically configures recovery for some critical system services during installation. In Figure 3-7, you see that the IIS (Internet Information Server) Admin Service is set to run a file if the service fails. This file is an application that corrects service problems and safely manages dependent IIS services while working to restart the service.
.gif "Figure 3-7: Use the Recovery tab to specify actions that should be taken in case of service failure.")
Figure 3-7: Use the Recovery tab to specify actions that should be taken in case of service failure.
You can now configure recovery options for the first, second, and subsequent recovery failures. The available options are
Take No Action
Restart the Service
Run a File
Reboot the Computer
Best Practice When you configure recovery options for critical services, you may want to try to restart the service on the first and second attempts and then reboot the server on the third attempt.
Configure other options based on your previously selected recovery options. If you elected to run a file as a recovery option, you'll need to set options in the Run File panel. If you elected to restart the service, you'll need to specify the restart delay. After stopping the service, Windows 2000 waits for the specified delay before trying to start the service. In most cases a delay of 1–2 minutes should be sufficient.
Click OK.
from Microsoft Windows 2000 Administrator's Pocket Consultant by William R. Stanek. Copyright © 1999 Microsoft Corporation.
.gif "Link")