This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 14: Monitoring Windows Server 2003 Performance
To monitor for bottlenecked network resources, you can observe the Network Interface - Bytes Total/sec, Bytes Sent/sec, and Bytes Received/sec counters for each network interface adapter (NIC)
The Bytes Received/sec counter measures the rate at which bytes are received from each NIC over a TCP/IP connection
The Bytes Sent/sec counter measures the rate at which bytes are sent over each NIC
Monitoring Network and Process Performance Objects (5)
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 14: Monitoring Windows Server 2003 Performance
To get a general picture of how busy the server is, use the Server—Bytes Total/sec, Bytes Received/sec, and Bytes Transmitted/sec counters
If the sum of the Server—Bytes Total/sec counter for all network servers is approaching the maximum transfer rates (i.e.,10 MB/sec or 100 MB/sec), you may need to segment the network
Monitoring Network and Process Performance Objects (6)
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 14: Monitoring Windows Server 2003 Performance
Each time a user logs on to a computer or to a network, he or she performs a number of activities called events
Events include accessing files, folders, printers, and the Registry as well as the logon process
As a network administrator, you will want to track and monitor some of these events on a regular basis to ensure the security and seamless functioning of the computers on the network
Tracking Windows Server 2003 Activities with Audit Policy
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 14: Monitoring Windows Server 2003 Performance
Auditing is used to track user activities and object access on the computers on a network
To audit who is accessing objects and the actions they perform, you must first activate the audit object access policyConfigure the audit object access policy in the Properties
dialog box and System ACL (SACL) editor for an objectA SACL is used to allow the system administrator to log
any attempts to gain access to an objectThe list of ACEs (access control entries) in the SACL will
determine the users and groups to be audited
Tracking Windows Server 2003 Activities with Audit Policy (2)
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 14: Monitoring Windows Server 2003 Performance
Auditing increases the overhead on a computer, so you must carefully choose the events you think are important to monitor Identify the events to monitorDetermine for whom you want to monitor them Identify the actions to track
Once you have carefully planned the events to monitor, you must set a schedule to check the Security log regularly
You can also maintain the Security log by specifying a maximum file size
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 14: Monitoring Windows Server 2003 Performance
Options for managing the size of the Security logOverwrite old events as neededSet a specific age for the events you want to be
overwrittenPrevent events from being overwritten
If you choose to overwrite old events, you could lose data if the log becomes full before you archive it
If you choose the second option, you could lose data that is at least as many days old as specified if you do not archive the log soon enough
If you choose the final option, you must monitor the Security log often enough to archive or clear it before it becomes full; when the log is full, the operating system will stop recording events
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 14: Monitoring Windows Server 2003 Performance
In addition to the System Monitor, the other tools you can use to monitor the network include the Network Monitor Driver, Network Monitor, and SNMP service
Network Monitor DriverWorks in conjunction with Network Monitor to make it
possible for you to analyze frames (data packets) sent by and received from a NIC
You can use it to obtain network performance statistics that are used by System Monitor and Network Monitor to troubleshoot networking problems and monitor for specific network events
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 14: Monitoring Windows Server 2003 Performance
SNMP (Simple Network Management Protocol), which is part of the TCP/IP protocol suite, is used to configure network devices and computers to compile network performance data
When you install the SNMP service on a computer, your computer becomes an SNMP agent that can communicate with an SNMP network management station (NMS)