Geek School: Windows 7 Monitoring, Performance & Updates
Monitoring Computer Performance and Reliability
This installment of Geek School focuses on the essential tools available for tracking the performance and ensuring the dependability of your computer systems.
Previous Articles in the Geek School Series
For those new to the series, or seeking a refresher, the preceding articles covering Windows 7 are readily available for review.
- Introducing How-To Geek School: An overview of the series' objectives and scope.
- Upgrades and Migrations: Guidance on hardware and software upgrades, as well as system migrations.
- Configuring Devices: Instructions for setting up and customizing various computer peripherals.
- Managing Disks: Techniques for organizing and maintaining storage drives.
- Managing Applications: Best practices for installing, updating, and removing software.
- Managing Internet Explorer: Optimizing the Internet Explorer web browser for performance and security.
- IP Addressing Fundamentals: A foundational understanding of IP addresses and their role in networking.
- Networking: Exploring the principles of computer networking and connectivity.
- Wireless Networking: Setting up and troubleshooting wireless network connections.
- Windows Firewall: Configuring and utilizing the Windows Firewall for enhanced security.
- Remote Administration: Managing computers remotely for efficient support and maintenance.
- Remote Access: Establishing secure remote access to your computer systems.
Further articles in this series will be published throughout the week, providing continued insights into Windows 7 administration.
Event Logs
Event logs are specialized files that document significant occurrences on a computer system, such as user login attempts or program terminations. These logs serve as valuable resources when diagnosing system problems. While the Windows Event Viewer facilitates access to event logs, administrative privileges on the machine are required for its operation.
Accessing the Event Viewer
To initiate the Event Viewer, select 'Start' from the menu and then launch the Control Panel.
Subsequently, navigate to the 'System and Security' category.
Within this section, select 'Administrative Tools'.
The Event Viewer can then be opened by clicking on its corresponding shortcut.
This completes the process of opening the Event Viewer.
The Event Viewer organizes events into various logs. Key Windows Logs include:
- The Application Log - This log records events generated by applications, potentially indicating the cause of program crashes.
- The Security Log -- This log documents security-related events, such as successful and unsuccessful login attempts, and file access activities.
- The Setup Log -- The setup log details events related to the installation, removal, or updating of Windows features, including Windows Updates.
- The System Log -- This log contains events logged by core Windows system components; for instance, driver loading failures during startup are recorded here.
To examine a specific Windows Log, expand the 'Windows Logs' item in the console tree and select the desired log.
The right-hand pane displays all events contained within the selected log. Events are categorized by severity:
- Errors -- Represented by a red exclamation mark, errors signify critical problems, potentially resulting in data loss.
- Warning -- Indicated by a yellow exclamation mark, warnings suggest potential issues, but the program can continue functioning; they also foreshadow possible future errors.
- Information -- Marked with a white exclamation mark, information events describe successful operations of programs, drivers, or services.
It's important to note that the security log utilizes security audits rather than the standard event levels.
Filtering Event Logs
Event logs can accumulate a substantial number of entries, making it challenging to locate specific information. Utilizing a log filter allows you to isolate relevant data when you know what you are searching for. Let's demonstrate how to determine the computer startup duration.
Begin by opening the 'Application and Service Logs', then navigate through 'Microsoft' and finally 'Windows'.
Locate the 'Diagnostics-Performance' folder and filter the 'Operational' log file within it.
Create a filter to display only 'Warning' level events with an 'Event ID' of 100.
It is important to understand how to create a filter, rather than simply memorizing that the boot event has an Event ID of 100.
Click 'OK' to apply the filter, displaying only warning-level events.
Selecting a result and examining its details will reveal the boot time in milliseconds.
Establishing a Custom View
If you routinely apply a specific filter to a server, consider creating a custom view. This allows you to pre-configure a log file with your desired filter settings. Creating a custom view mirrors the filter creation process: right-click on the log and select 'Create Custom View' from the context menu.
Define the filtering criteria. Again, we will use warning-level events with an event ID of 100.
Assign a name to your new custom view and click 'OK'.
You will now have a pre-filtered log readily available.
Managing Log File Size
To control the size of event logs, right-click on a log and select 'Properties'.
Here, you can adjust the maximum log file size in kilobytes; the default is 20MB.
The default size is generally sufficient for most scenarios.
Resource Monitor
The Windows 7 Resource Monitor offers a concise overview of system performance, displaying CPU, disk, network, and memory usage within a single, user-friendly interface.
Consider it an enhanced iteration of the Task Manager, providing more granular detail.
To launch the Resource Monitor, simultaneously press the Windows key and the 'R' key to invoke the Run dialog box.
Subsequently, type "resmon" and press Enter to initiate the application.
Upon opening, the Resource Monitor defaults to the Overview tab.
This tab presents a consolidated view of the four key resources being monitored: CPU, disk activity, network usage, and memory allocation.
The Resource Monitor proves particularly valuable when experiencing unexpected slowdowns in computer performance.
It allows for quick identification of potential bottlenecks affecting system responsiveness.
Utilizing the Resource Monitor
- CPU Tab: Displays processes utilizing CPU cycles.
- Memory Tab: Shows memory usage by applications.
- Disk Tab: Highlights disk activity and processes accessing the hard drive.
- Network Tab: Monitors network connections and data transfer rates.
By examining each tab, users can pinpoint the source of performance issues and take appropriate action.
Reliability Monitor: A System Health Overview
The Reliability Monitor is a sophisticated utility designed to assess both hardware and software issues, as well as any modifications made to your computer’s configuration. Accessing this tool is straightforward; initiate a Run dialog by pressing the Win + R keys simultaneously.
Then, type perfmon /rel and execute the command by pressing Enter.
Understanding the Reliability Graph
Upon launching, you’ll encounter a comprehensive graph illustrating your system’s overall reliability over the preceding week. A stability score, ranging from 1 to 10, is provided, where a score of 1 indicates the poorest reliability and 10 represents optimal stability.
Investigating System Events
Over time, the reliability rating may decrease. However, the graph also highlights specific error occurrences. To examine these events in detail, simply select the corresponding day on the chart.
Analyzing Error Details
The screenshot above reveals a critical event, triggered by a power interruption, which substantially lowered my system’s reliability. Another error was also recorded earlier today, warranting further investigation.
Selecting that day reveals the nature of the second event.
Identifying Recurring Issues
This second event also appears to be related to a power outage. This suggests a need for a UPS (Uninterruptible Power Supply) unit to protect against such occurrences. The Reliability Monitor proves to be a valuable resource for identifying patterns in system performance and potential problems.
Key Benefits of Using Reliability Monitor
- Proactive Problem Detection: Identify issues before they escalate.
- Trend Analysis: Track changes in system stability over time.
- Event Logging: Detailed records of errors and system modifications.
- Easy Access: Quickly launched via the Run command.
Performance Monitor
The Windows Performance Monitor is a tool designed for assessing the performance characteristics of both local and remote computers. It provides real-time measurements and the capability to collect logged data for subsequent analysis.
Accessing the Performance Monitor
To launch the Performance Monitor, simultaneously press the Win + R keys to invoke the Run dialog box. Then, type 'perfmon' and press Enter.
Upon opening the Management Console, navigate to and expand the 'Monitoring Tools' item within the Console Tree. Select 'Performance Monitor' from the expanded options.
A key feature of the Performance Monitor is its ability to display performance information graphically in real time. This is achieved through the utilization of performance counters.
These counters represent measurements of system performance at a specific moment. They can be inherent to the operating system or provided as part of an application.
To incorporate a performance counter into your monitoring view, click the green plus (+) button.
Subsequently, select the desired performance counters from the available list and confirm your selection by clicking the 'Add' button.
While numerous counters exist, certain ones are particularly important for exam preparation. Below is a concise explanation of each key counter:
Processor
The following performance counters are valuable when diagnosing CPU-related problems and can be found within the 'Processor' section:
- % Processor Time: Indicates the percentage of time the CPU is actively processing system requests.
- Interrupts/sec: Represents the average rate at which the processor receives hardware interrupts per second.
Memory
These performance counters assist in troubleshooting memory issues and are located under the 'Memory' section:
- Available MBytes: Displays the amount of memory currently available for running processes.
- Pages/sec: Shows the number of hard page faults occurring each second. Hard faults necessitate disk access.
Physical Disk
The following counters are useful for identifying bottlenecks related to physical disk performance and are found in the 'PhysicalDisk' section:
- % Disk Time: Measures the percentage of time the disk is occupied servicing read or write operations.
- Current Disk Queue Length: Indicates the number of disk requests currently queued and awaiting processing.
Logical Disk
The following performance counter is helpful for diagnosing constraints on logical disks and is available under the 'LogicalDisk' section:
- % Free Space: Displays the percentage of free space remaining on the disk.
Network Interface
The following performance counter is useful for troubleshooting network connectivity and performance issues and is available under the 'NetworkInterface' section:
- Bytes Total/sec: Represents the total number of bytes transmitted and received by the network interface across all protocols.
After adding the desired counters, you can observe the collected data in real time.
Maintaining Current Windows Installations
An exception to the principle of not altering functioning systems lies in the installation of Windows Updates. Windows can be updated through two distinct methods:
- Utilizing an Internet Connection – Newly purchased Windows 7 computers are typically configured to automatically download updates from Microsoft servers when they become available, provided Windows Updates are enabled.
The alternative to this approach involves leveraging Windows Server Update Services (WSUS).
- WSUS – Employing WSUS establishes a central server responsible for downloading all updates for every Microsoft product within an organization, not limited to Windows alone. Instead of numerous client computers independently connecting to the internet to acquire the same files during installation, they connect to the WSUS server, utilizing the network’s internal bandwidth. This results in substantial bandwidth savings, as updates are downloaded only once.
Modifying the Source of Your Updates
While the setup of a WSUS server falls outside the scope of the exam, understanding how to configure a Windows 7 client to utilize one is essential. WSUS is most effectively implemented with at least ten clients, making Group Policy Objects (GPOs) the preferred configuration method. Begin by pressing the Win + R keys to open the Run dialog, then type gpedit.msc and press Enter.
It’s important to remember that we are configuring a GPO on a single Windows 7 client. In a typical organizational setting, this configuration is performed on a central server and linked to an Organizational Unit (OU) containing the relevant machines, eliminating the need for individual machine adjustments.
Navigate through the following path:
Computer Configuration\Administrative Templates\Windows Components\Windows Update
Then, double-click the "Specify intranet Microsoft update service location" setting located on the right side of the window.
Enable the policy and input the URI of the WSUS server.
This completes the configuration process.
Adjusting Windows Update Configurations
It should be noted that if WSUS is in use, these settings are typically managed through Group Policy, rather than being adjusted on individual clients as demonstrated below.
Access the Start Menu and select the Windows Update option.
A "Change settings" link will be visible on the left-hand side.
From this central location, nearly all aspects of Windows Updates can be modified.
Be aware that the Windows Update behavior can be altered using the provided drop-down list.
Understanding Windows System Monitoring Tools
Maintaining a stable and secure computing environment requires consistent monitoring. Windows provides a suite of built-in tools designed to help users and administrators track system health and performance.
Windows Event Viewer
The Windows Event Viewer serves as a central repository for log files. These logs document significant events occurring on your computer, offering valuable insights into system behavior.
Analyzing these logs can help diagnose issues and understand the sequence of events leading to errors or unexpected behavior.
Resource Monitor
For a more detailed view of system activity, Resource Monitor provides granular information. It expands upon the functionality of Task Manager, offering a comprehensive overview of resource utilization.
This tool allows you to observe processes consuming CPU, memory, disk, and network resources in real-time.
Reliability Monitor
Identifying trends that negatively impact system stability is crucial. The Reliability Monitor simplifies this process by visually highlighting factors contributing to decreased PC reliability.
It presents a historical view of system stability, making it easier to pinpoint recurring issues and potential problem areas.
Windows Performance Monitor
The Windows Performance Monitor offers a highly customizable approach to tracking system performance. It enables users to view specific performance metrics in real-time.
Furthermore, it allows for the collection and analysis of performance data over extended periods, facilitating in-depth performance analysis.
Windows Updates and Management
Keeping your system updated with the latest security patches is paramount. Windows Updates provides this functionality, ensuring your PC remains protected against vulnerabilities.
While the default Windows Update configuration may suffice for individual users or very small businesses, utilizing WSUS (Windows Server Update Services) and Group Policy is the recommended approach for larger organizations to maintain control and consistency.
These tools allow centralized management of updates, ensuring all machines within a network are consistently patched and secure.
Assignment: Windows 7 Performance and Monitoring
This assignment requires practical experience with Windows 7, specifically focusing on event subscriptions and performance monitoring. You will need access to two virtual machines running Windows 7 to complete the first part.
Core Tasks
- Establish and configure event subscriptions utilizing a pair of Windows 7 virtual machines.
- Gain proficiency in utilizing Data Collector Sets to monitor and record performance data over extended periods via the Performance Monitor.
Beyond the core tasks, supplemental reading is assigned to broaden your understanding of Windows 7 performance optimization techniques. These topics are also included in the upcoming examination.
Supplemental Reading
- Familiarize yourself with the intricacies of the Windows Page File, as detailed in Chris Hoffman’s informative article.
- Investigate methods for enhancing system performance through the implementation of ReadyBoost.
- Discover how to optimize boot times by disabling unnecessary startup programs using the MSConfig utility.
- Explore the capabilities of the powercfg command for assessing your computer’s energy efficiency.
- Understand the process of switching between different power plans within Windows 7.
Should any questions arise during your work, feel free to reach out via Twitter @taybgibb, or simply post a comment below.
Related Posts
Touchscreen on Windows PC: Do You Need It?
Find Lost Windows or Office Product Keys - Easy Guide
Windows 10 Setup: Express vs. Custom - What's the Difference?
Manage Accessibility Features in Windows 10 - A Comprehensive Guide
Windows 10 Start Menu: A Comprehensive Guide
