10. By default, logging stops only if you set an expiration date as part of the logging schedule. Using the options on the Stop Condition tab, you can confi gure the log fi le to stop manually after a specifi ed period of time, such as seven days, or when the log fi le is full (if you’ve set a maximum size limit). 11. Click OK when you’ve fi nished setting the logging schedule and stop conditions. You can manage the data collector as explained in “Creating and Managing Data Collector Sets” on page 364. If you want Windows to run a scheduled task when data collection stops, confi gure the task on the Task tab in the Properties dialog box. Collecting Performance Trace Data You can use data collectors to record performance trace data whenever events related to their source providers occur. A source provider is an application or operating system service that has traceable events. To collect performance trace data, follow these steps: 1. In Reliability And Performance Monitor, under the Data Collector Sets node, right-click the User Defi ned node in the left pane, point to New, and then choose Data Collector Set. 2. In the Create New Data Collector Set wizard, type a name for the data collector, such as Disk IO Trace or Logon Trace. Afterward, select the Create Manually (Advanced) option and then click Next. 3. On the What Type Of Data Do You Want To Include page, the Create Data Logs option is selected by default. Select the Event Trace Data check box and then click Next. 4. On the Which Event Trace Providers Would You Like To Enable page, click Add. 5. In the Event Trace Providers dialog box, shown in Figure 12-9, select an event trace provider to track, such as Active Directory Domain Services: Core, and then click OK. 6. On the Which Event Trace Providers Would You Like To Enable page, you can confi gure property values to track. By selecting individual properties in the Properties list and clicking Edit, you can track particular property values rather than all values for the provider. Repeat this process to select other event trace providers to track. Click Next when you are ready to continue. 7. Complete steps 6–11 from the previous procedure, “Collecting Performance Counter Data,” on page 365. Performance Logging 367 Chapter 12 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Figure 12-9 Select a provider to trace. Collecting Confi guration Data You can use data collectors to record changes in Registry confi guration. To collect con- fi guration data, follow these steps: 1. In Reliability And Performance Monitor, under the Data Collector Sets node, right-click the User Defi ned node in the left pane, point to New, and then choose Data Collector Set. 2. In the Create New Data Collector Set wizard, type a name for the data collector, such as System Registry Info or Current User Registry Info. Afterward, select the Create Manually (Advanced) option and then click Next. 3. On the What Type Of Data Do You Want To Include page, the Create Data Logs option is selected by default. Select the System Confi guration Information check box and then click Next. 4. On the Which Registry Keys Would You Like To Record page, click Add. Type the Registry path to track. Repeat this process to add other Registry paths to track. Click Next when you are ready to continue. 5. Complete steps 6–11 from the earlier procedure, “Collecting Performance Counter Data,” on page 365. Viewing Data Collector Reports When you’re troubleshooting problems, you’ll often want to log performance data over an extended period of time and then review the data to analyze the results. For each data collector that has been or is currently active, you’ll fi nd related data collector reports. As with data collector sets themselves, data collector reports are usually orga- nized into two general categories: user-defi ned and system. Chapter 12 368 Chapter 12 Comprehensive Performance Analysis and Logging Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. To view data collector reports in Reliability And Performance Monitor, expand the Reports node and then expand the individual report node for the data collector you want to analyze. Under the data collector’s report node, you’ll fi nd individual reports for each logging session. A logging session begins when logging starts and ends when logging is stopped. The most recent log is the one with the highest log number. To view a log and analyze its related data graphically, double-click it. Keep in mind that if a data collector is actively logging, you won’t be able to view the most recent log. You can stop collecting data by right-clicking a data collector set and selecting Stop. Collected data is shown by default in a graph view from the start of data collection to the end of data collection. Only counters that you selected for logging will be available. If a report doesn’t have a counter that you want to work with, you’ll need to modify the data collector properties, restart the logging process, and then check the logs again. You can modify the report details using the following techniques: 1. In Reliability And Performance Monitor, right-click the Performance Monitor node and then select Properties. In the Performance Monitor Properties dialog box, click the Source tab. 2. Specify data sources to analyze. Under Data Source, select Log Files and then click Add to open the Select Log File dialog box. You can now select an additional log fi le to analyze. 3. Specify the time window that you want to analyze. Click Time Range, and then drag the Total Range bar to specify the appropriate starting and ending times. Drag the left edge to the right to move up the start time. Drag the right edge to the left to move down the end time. 4. Click the Data tab. You can now select counters to view. Select a counter and then click Remove to remove it from the graph view. Click Add to display the Add Counters dialog box, which you can use to select the counters that you want to analyze. 5. Click OK. In the monitor pane, click the Change Graph Type button to select the type of graphing. Confi guring Performance Counter Alerts You can confi gure alerts to notify you when certain events occur or when certain per- formance thresholds are reached. You can send these alerts as network messages and as events that are logged in the application event log. You can also confi gure alerts to start applications and performance logs. To confi gure an alert, follow these steps: 1. In Reliability And Performance Monitor, under the Data Collector Sets node, right-click the User Defi ned node in the left pane, point to New, and then choose Data Collector Set. Performance Logging 369 Chapter 12 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 2. In the Create New Data Collector Set wizard, type a name for the data collector, such as Memory Alert or Full Disk Alert. Afterward, select the Create Manually (Advanced) option and then click Next. 3. On the What Type Of Data Do You Want To Include page, select the Performance Counter Alert option and then click Next. 4. On the Which Performance Counters Would You Like To Monitor page, click Add to display the Add Counters dialog box. This dialog box is identical to the Add Counters dialog box discussed previously. Use the Add Counters dialog box to add counters that trigger the alert. Click OK when you’re fi nished. 5. In the Performance Counters panel, select the fi rst counter and then use the Alert When text box to set the occasion when an alert for this counter is triggered. Alerts can be triggered when the counter is above or below a specifi c value. Select Above or Below, and then set the trigger value. The unit of measurement is whatever makes sense for the currently selected counter(s). For example, to alert if processor time is over 95 percent, you would select Over and then type 95. Repeat this process to confi gure other counters you’ve selected. 6. Complete steps 7–11 from the earlier procedure, “Collecting Performance Counter Data,” on page 365. Monitoring Performance from the Command Line Windows Server 2008 includes a command-line utility called Typeperf for writing per- formance data to the command line. You can use it to monitor the performance of both local and remote computers. The available parameters for Typeperf are summarized in Table 12-2. Table 12-2 Parameters for Typeperf Parameter Description -cf <fi lename> Specifi es a fi le containing a list of performance counters to monitor. -confi g <fi lename> Specifi es the settings fi le containing command options. -f <CSV|TSV|BIN|SQL> Sets the output fi le format. The default is .csv for comma- separated values. -o <fi lename> Sets the path of an output fi le or SQL database. -q [object] Lists installed counters for the specifi ed object. -qx [object] Lists installed counters with instances. -s <ComputerName> Sets the server to monitor if no server is specifi ed in the counter path. -sc <samples> Sets the number of samples to collect. -si <[[hh:]mm:]ss> Sets the time between samples. The default is 1 second. -y Answers Yes to all questions without prompting. Chapter 12 370 Chapter 12 Comprehensive Performance Analysis and Logging Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Looks complicated, I know, but Typeperf is fairly easy to use after you get started. In fact, all you really need to provide to get basic monitoring information is the path to the performance counter you want to track. The performance counter path has the follow- ing syntax: \\ComputerName\ObjectName\ObjectCounter Here, the path starts with the UNC computer name or IP address of the local or remote computer you are working with and includes the object name and the object counter to use. If you wanted to track System\Processor Queue Length on CORPSVR02, you’d type: typeperf "\\corpsvr02\System\Processor Queue Length" Note You might have noticed that I enclosed the counter path in double quotation marks. Although this is good form for all counter paths, it is required in this example because the counter path includes spaces. You can also easily track all counters for an object by using an asterisk (*) as the coun- ter name, such as in the following: typeperf "\\corpsvr02\Memory\*" Here, you track all counters for the Memory object. A slight problem is introduced for objects that have multiple instances. For these objects, such as the Processor object, you must specify the object instance you want to work with. The syntax for this is as follows: \\ComputerName\ObjectName(ObjectInstance)\ObjectCounter Here, you follow the object name with the object instance in parentheses. To work with all instances of an object that has multiple instances, you use _Total as the instance name. To work with a specifi c instance of an object, use its instance identifi er. For example, if you want to examine the Processor\% Processor Time counter, you must use either this to work with all processor instances: typeperf "\\corpsvr02\Processor(_Total)\% Processor Time" or this to work with a specifi c processor instance: typeperf "\\corpsvr02\Processor(0)\% Processor Time" In this case, that is the fi rst processor on the system. By default, Typeperf writes its output to the command line in a comma-delimited list. You can redirect the output to a fi le using the -o parameter and set the output format Note You might have noticed that I enclosed the counter path in double quotation marks. Although this is good form for all counter paths, it is required in this example because the counter path includes spaces. Performance Logging 371 Chapter 12 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. using the -f parameter. The output format indicators are CSV for a comma-delimited text fi le, TSV for a tab-delimited text fi le, BIN for a binary fi le, and SQL for a SQL binary fi le. Consider the following example: typeperf "\\corpsvr02\Memory\*" -o perf.bin -f bin Here, you track all counters for the Memory object and write the output to a binary fi le called Perf.bin in the current directory. If you need help determining the available counters, type typeperf -q followed by the object name for which you want to view counters, such as in the following: typeperf -q Memory If an object has multiple instances, you can list the installed counters with instances by using the -qx parameter, such as in the following: typeperf -qx PhysicalDisk You can use this counter information as input to Typeperf as well. Add the -o parameter and write the output to a text fi le, such as in the following: typeperf -qx PhysicalDisk -o perf.txt Then edit the text fi le so that only the counters you want to track are included. You can then use the fi le to determine which performance counters are tracked by specifying the -cf parameter followed by the fi le path to this counter fi le. Consider the following example: typeperf -cf perf.txt -o c:\perfl ogs\perf.bin -f bin Here, Typeperf reads the list of counters to track from Perf.txt and then writes the per- formance data in binary format to a fi le in the C:\PerfLogs directory. The one problem with Typeperf is that it will sample data once every second until you tell it to stop by pressing Ctrl+C. This is fi ne when you are working at the command line and monitoring the output. It doesn’t work so well, however, if you have other things to do—and most administrators do. To control the sampling interval and set how long to sample, you can use the -si and -sc parameters, respectively. For example, if you wanted Typeperf to sample every 60 seconds and stop logging after 120 samples, you could type this: typeperf -cf perf.txt -o C:\perf\logs\perf.bin -f bin -si 60 -sc 120 Analyzing Trace Logs at the Command Line You can examine trace log data by using the Tracerpt command-line utility. Tracerpt processes trace logs and allows you to generate trace analysis reports and dump fi les for the events generated. The parameters for Tracerpt are summarized in Table 12-3. Chapter 12 372 Chapter 12 Comprehensive Performance Analysis and Logging Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Table 12-3 Parameters for Tracerpt Parameter Description -o [fi lename] Sets the text output fi le to which the parsed data should be written. The default is Dumpfi le.xml. -summary [fi lename] Sets the name of the text fi le to which a summary report of the data should be written. The default is Summary.txt. -report [fi lename] Sets the name of the text fi le to which a detailed report of the data should be written. The default is Workload.xml. -rt <session_name [session_name .]> Sets the real-time event trace session data source to use instead of a converted log fi le. -confi g <fi lename> Specifi es a settings fi le containing command options. -y Answers Yes to all questions without prompting. -of <CSV|EVTX|XML> Sets the dump fi le format. -f <XML|HTML> Sets the report fi le format. -export <fi lename> Sets the name of the event schema export fi le. The default is schema.man. The most basic way to use Tracerpt is to specify the name of the trace log to use. By default trace logs are written to C:\PerfLogs, so if a log in this directory was named SysP_000002.etl, you could analyze it by typing the following: tracerpt C:\Perfl ogs\SysP_000002.etl Here, four fi les are created in the current directory: The parsed output is written to Dumpfi le.xml, a summary report is written to Summary.txt, a detailed report is written to Workload.xml, and a event schema report fi le is written to schema.man. You could also specify the exact fi les to use for output as shown in the following example: tracerpt C:\Perfl ogs\ SysP_000002.etl -o c:\sysp.csv -summary c:\sysp-summary.txt -report sysp-report-.txt Performance Logging 373 Chapter 12 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. PART 3 Managing Windows Server 2008 Storage and File Systems CHAPTER 13 Boot Confi guration . . . . . . . . . . . . . . . . . . . . . 377 CHAPTER 14 Storage Management . . . . . . . . . . . . . . . . . . . 405 CHAPTER 15 TPM and BitLocker Drive Encryption . . . . . . 467 CHAPTER 16 Managing Windows Server 2008 File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 497 CHAPTER 17 File Sharing and Security . . . . . . . . . . . . . . . . 547 CHAPTER 18 Using Volume Shadow Copy . . . . . . . . . . . . . 587 CHAPTER 19 Using Remote Desktop for Administration . . . . . . . . . . . . . . . . . . . . . . 607 375 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [...]... shutdown are compounded in Windows Vista and Windows Server 2008 because of their extended frameworks for advanced configuration and power management in firmware and hardware Note Many administrators install Windows Server 2008 on desktop class systems without giving careful consideration to how this could affect the operation of the computer When you install Windows Server 2008 on a desktop class system,... {bootmgr} partition=C: Windows Boot Manager en-US {globalsettings} {current} {current} {memdiag} 30 Windows Boot Loader identifier device path description locale inherit resumeobject nx {current} partition=C: \Windows\ system32\winload.exe Microsoft Windows Server 2008 en-US {bootloadersettings} {6edc4bc2-e6d3-22bc-3234-3e33222d6dcf} OptOut BCD entries for Windows Boot Manager and Windows Boot Loader... entries On a BIOS-based computer, you’ll see the following entries: One Windows Boot Manager entry There is only one boot manager, so there is only one boot manager entry One or more Windows Boot Loader application entries, with one for each Windows Server 2008 operating system, Windows Vista operating system, or later versions of Windows installed on the computer One legacy operating system entry The... this computer has two entries: one for the Windows Boot Manager and one for the Windows Boot Loader Here, the Windows Boot Manager calls the boot loader and the boot loader uses Winload.exe to boot Windows Server 2008 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Managing the Boot Configuration Data Store and Its Entries 391 Windows Boot Manager -identifier device... class system, it is critically important for you to understand how computers designed for Windows Vista handle advanced configuration and power management in hardware and firmware This will enable you to modify the hardware and firmware settings so that they work with Windows Server 2008 Never install Windows Server 2008 on a desktop class system without first checking its hardware and firmware configuration... specific boot applications available The default boot manager is the Windows Boot Manager Windows Boot Manager controls the boot experience and enables you to choose which boot application is run Boot applications load a specific operating system or operating system version For example, a Windows Boot Loader application loads Windows Server 2008 This allows you to boot BIOS-based and EFI-based computers... 382 Managing the Boot Configuration Data Store and Its Entries 390 U nlike earlier releases of server operating systems for Windows, Windows Server 2008 doesn’t boot from an initialization file Instead, the operating system uses the Windows Boot Manager to initialize and start the operating system The boot environment dramatically changes the way the operating system... boot environment is loaded, computers start up from hardware and firmware Windows Vista does things a bit differently from Windows Server 2008 when it comes to power state management features In Windows Vista, turning off a computer and shutting down a computer are separate tasks By default, when you turn off a computer running Windows Vista, the computer enters standby mode When entering standby mode,... on the system, such as the processor, fans, and so on As this technology was originally designed for Windows XP Media Center Edition, in many cases it does not work with Windows Vista and generally should not be used with Windows Server 2008 You might need to disable this feature in firmware to allow Windows Vista to properly sleep and resume After you look at the computer’s power settings in fi rmware,... inherited by all Windows resume from hibernation application entries Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark 393 When a computer has additional Windows Vista, Windows Server 2008, or later operating systems installed, the BCD store for has additional entries for each additional operating system For example, the BCD store might have one entry for the Windows Boot Manager . releases of server operating systems for Windows, Windows Server 2008 doesn’t boot from an initialization fi le. Instead, the operating system uses the Windows. hardware and fi rmware settings so that they work with Windows Server 2008. Never install Windows Server 2008 on a desktop class system without fi rst checking