1/22/2003 -- Last week, we stared by examining the first two objectives for Microsoft's Installing, Configuring, and Administering Microsoft Windows XP Professional exam (70-270) (click here to view article). As mentioned last time, this exam can be used as credit on both the MCSA and MCSE tracks, and consists of seven major objective categories:

• Installing Windows XP Professional
• Implementing and Conducting Administration of Resources
• Implementing, Managing, Monitoring, and Troubleshooting Hardware Devices and Drivers
• Monitoring and Optimizing System Performance and Reliability
• Configuring and Troubleshooting the Desktop Environment
• Implementing, Managing, and Troubleshooting Network Protocols and Services
• Configuring, Managing, and Troubleshooting Security

In this article, we will address the middle two, followed by the remaining three in a future article. Note that the complete list of objectives for this exam can be found at http://www.microsoft.com/traincert/exams/70-270.asp.

Objective #3: Implementing, Managing, Monitoring, and Troubleshooting Hardware Devices and Drivers

3.1: Implement, Manage, and Troubleshoot Disk Devices
The Computer Management Tool, which can be accessed a number of ways, including under Control Panel/Administrative Tools, contains the major storage tools - Disk Management and Disk Defragmenter.

Disks can be basic or dynamic; the default is basic. Dynamic volumes can be changed on-the-fly, but they must be created after the disk has been converted to dynamic. Changing disks from basic to dynamic is a one-way avenue; you cannot change back without first deleting the volume.

The following are advantages of converting to dynamic disks:

• Existing partitions become simple volumes.
• All fault-tolerant volumes become dynamic volumes.

Of course, conversion also has its disadvantages and limitations:

• The disk cannot contain partitions or logical drives.
• The disk cannot be accessed by most other operating systems.
• Dynamic disks are not supported on portable computers.

To perform the upgrade, close all applications that could be accessing the disks and verify that there is a minimum of 1MB unallocated space. Although no data is actually affected, you should always make a backup before undertaking any major system change. Several reboots are often required during the conversion, and before each reboot, you are prompted to confirm the action.

3.2: Implement, Manage, and Troubleshoot Display Devices
The Device Manager component of Computer Management is the primary interface for interacting with the display adapter. The following are the three tabs of the adapter's Properties dialog box:

• General. This tab displays the device type, manufacturer, and location. It also includes text regarding whether the device currently is working properly and a command button Troubleshooter to walk you through diagnostics.
• Driver. Access this tab to view information on the current driver and digital signer. Four command buttons allow you to see driver details, uninstall, update the driver, or roll it back to a previously installed driver.
• Resources. This tab shows the system resources in use (I/O, IRQ, and so on) and whether there are conflicts.

A Details or Advanced tab can also appear that will show the item and values associated with the properties.

Multiple monitors and Dualview are the topic of the tips located at http://www.microsoft.com/windowsxp/pro/using/howto/customize/multimonitor.asp.

3.3: Configure Advanced Configuration Power Interface (ACPI)
ACPI (Advanced Configuration and Power Interface) is a standard for supplying power management features of the hardware through the operating system. Windows XP uses ACPI for all power management, from shutdown when the system is low on battery power to startup at the touch of a keyboard key. The options available can be configured from the Power Options applet, which contains five tabs:

• Power Schemes. This tab allows you to choose the role of the machine. The default is often Home/Office Desk, but other choices include Portable/Laptop, Presentation, Always On, Minimal Power Management, and Max Battery. To save power, you can choose the timeframe in which to turn off the monitor and/or hard disks.
• Advanced. From this tab, you can choose whether power-related icons should appear in the taskbar or a password prompt should be given when the computer comes back from standby.
• Hibernate. This tab allows you to choose whether this stage (formerly known as Sleep) is available. The amount of free disk space needed to support this feature is shown (usually equal to the amount of RAM).
• UPS. This tab contains options for checking the status and configuring the options for the uninterruptible power supply.
• APM. The APM tab (Advanced Power Management) does not always show up and appears only on systems that are not ACPI-compliant. If the system is
  ACPI-compliant, then this tab appears to provide backward compatibility with legacy machines.
  

A Microsoft article on how to Conserve Batteries with Hibernate and Standby can be found at http://www.microsoft.com/windowsxp/pro/using/howto/security/hibernate.asp and a video on saving battery life with power management features can be accessed at: http://www.microsoft.com/windowsxp/wmx/howto/mobility_power.asx.

3.4: Implement, Manage, and Troubleshoot Input and Output (I/O) Devices
Device Manager is the primary tool for interacting with all hardware (Input/Output devices) connected to the system. Right-click on the system name or use the Action menu and choose Scan for Hardware Changes to force the system to look for new additions/deletions it might have missed.
Properties exist for every item within Device Manager, and often the Properties dialog box contains several tabs. There will always be a General tab, which shows the device type, manufacturer, and location, as well as whether it is working properly. You can use the Troubleshooter command button on the General tab to start the diagnostic process, if necessary.

The second tab is generally the Properties tab (although this can differ by device). This tab offers specific entries for that particular device only. The Properties tab of a CD-ROM drive, for example, contains settings for player volume and the enabling/disabling of digital CD audio. On a hard drive, the only setting would be whether write cache is enabled.

A Driver tab is often the third tab. This tab offers text descriptions of the driver the device is employing, including the provider, date, version, and digital signer. The tab contains one command button for viewing more details and one for updating the driver. In many cases, the tab also offers an Uninstall command button.

The dialog box often contains a Resources tab, which shows the system resources the device is consuming. Three types of resources can be used:

• Interrupt Request Lines (IRQs)
• Direct Memory Access (DMA)
• Input/Output (I/O) Memory Range

Devices can use just one type of resource or many types. The keyboard, for example, uses IRQ 01 (16 are available) and often uses I/O ranges 0060 and 0064. The standard floppy disk controller, on the other hand, can use IRQ 06, DMA 02, and I/O addresses 03F7 and 03F0-03F5.

3.5: Manage and Troubleshoot Drivers and Driver Signing
When Microsoft released Windows 95, it wanted to make sure that vendors who wrote programs and applications for it followed a specific set of rules. To enforce this, Microsoft came up with the following plan: Any vendor who plays properly is granted permission to use a logo on their product to signify that it works properly. Those who chose not to follow the rules don't get permission to use the logo. (It cannot be verified that their programs won't harm other applications, interfere with system services, and so on.)

After a while, Microsoft decided to use a different approach, because they feared the granting/denying of the logo might not be significant enough. With Windows 2000, and following through to Windows XP, a vendor of a third-party product is encouraged to submit the drivers and operating system files (.dll, .exe, .fon, .ocx, .ttf, .sys) to Microsoft. If Microsoft can verify that the files do not behave erratically or cause system problems or identifiable failures, Microsoft signs the file digitally.
When an administrator or user attempts to install a new component on her system, the system automatically looks for the signature. If it does not find a signature, a dialog box appears, prompting the user to decide whether she wants to continue.

NOTE: By default, a system always looks for a driver signature; this feature is known as System File Protection.

You can also access Driver Signing by choosing the System applet in Control Panel, selecting the Hardware tab, and clicking the Driver Signing button. From the options menu, you can choose from three options to indicate what should occur when the system encounters an unsigned file: Ignore, Warn and Block

Microsoft has a brief tip on Finding Driver Information at http://www.microsoft.com/WindowsXP/pro/using/tips/maintain/finddrivers.asp and how to roll back a device driver is discussed at http://www.microsoft.com/windowsxp/pro/using/howto/gethelp/driverrollback.asp.

3.6: Monitor and Configure Multiprocessor Computers
You can add multiple processors to a system to offload the bottleneck on a single processor and enable intensive operations to be performed quicker. After you install the additional processors, use Device Manager to add them to the system. Information detailing multiple computer processor time is available in the help file as computer_maint_perf_mgmt.htm.

Objective #4: Monitoring and Optimizing System Performance and Reliability

4.1: Monitor, Optimize and Troubleshoot Performance of the Windows XP Professional Desktop
Before you can optimize performance, you first must place it within a framework. First and foremost, you are always striving for optimal performance from a system, which is attained when a system is running (processing, responding and so on) as fast as it possibly can, given the resources available to it.

Those "resources" are a combination of everything internal to the system (CPU, disk, and so on) and external determinants (such as network and modem). If you can point to any one item and say that it is holding up all the others, that one item is preventing the system from operating at optimal performance and is known as a bottleneck. For example, assume that a workstation is used to open and append lines to hundreds of document files or log files each day. If that workstation has 128MB RAM, a Pentium III processor, and an ultra-slow IDE hard drive, it's reasonable to think that the hard drive is the bottleneck and files could be opened faster throughout the day (thus increasing productivity) if a faster hard drive were installed.

The primary tool for gathering usage information in Windows XP is the Performance tool that's located in the Administrative Tools folder of Control Panel. The Performance tool is divided into two sections: System Monitor, and Performance Logs and Alerts. System Monitor allows you to gather real-time statistics about what the system is doing right now in chart format (the default), histogram format (similar to a bar chart) or report format. Performance Logs and Alerts let you record data to create and compare with a baseline (to get a long-term look at how the system is operating) or send administrative alerts when thresholds are reached.

NOTE: A baseline is a history of performance over time and is used to compare against current activity. Using it, you can see if it is normal for your processor to be 80 percent utilized, or determine that it is a current abnormality, etc.

Within the System Monitor, the workstation is divided into a number of different objects. The number of objects depends on how the workstation is configured: As more items are added to the workstation, more objects become available in System Monitor. For each object, System Monitor has one or more counters-subsets of the overall object. Those counters may be one of two types: actual (a true number or an average) or a percentage (from 0 to 100). When looking at disk operations, for example, you can see how many reads are performed per second, which might be either a real number or the percent of time the disk is busy performing reads.
When selecting counters, you want to avoid mixing and matching actual numbers and percentages in the same report or chart. Because the highest number a percentage counter can obtain is 100, and the highest number an actual counter can obtain is unlimited, the scale will be confusing, and you may not be able to interpret what you are seeing without confusion.

If the workstation has more than one like item, the multiples are known as instances. For example, if you want to look at disk activity, you would view the object called PhysicalDisk. A good counter to choose would be %Disk Read Time. If you have more than one physical disk in the system, choose the instance (disk) that you want to monitor. One of the instances that will always appear when there are multiples is _Total. The _Total instance provides an aggregate measurement of all instances for a full system view.

As opposed to real-time monitoring, Performance Logs and Alerts breaks into three sections:

• Counter logs
• Trace logs
• Alerts

Counter logs allow you to automatically or manually record data on system usage, which you can then view with System Monitor, a spreadsheet, or any other tool. Trace logs are tied to events that are written when an activity (error) occurs. Alerts are messages sent when an administrator-defined threshold is reached (such as when the hard disk reaches 90 percent full).

Most often, five areas tend to become bottlenecks: memory, processor, disk, network and applications.

Task Manager is one of the most overlooked utilities in most implementations of Windows. This is partially because it does not appear anywhere on the Start menu options. With the release of Windows XP, this tool has been greatly enhanced in capability, and you can bring it up in one of three ways:

1. Press Ctrl+Alt+Del.
2. Right-click on the taskbar and choose Task Manager from the popup menu.
3. Hold down the Ctrl+Shift keys and press Esc.

The utility has three tabs that are carryovers from previous implementations: Applications, Processes and Performance. With Windows XP, there are also tabs for Networking and Users.

The Applications tab shows applications that the current user is running (not those started by Task Scheduler) and lets you start new ones, switch between them or end them.

The Processes tab is a Pandora's box of possibilities. Here, it shows all running processes-those the current user is interacting with as well as the system, the Task Scheduler and anything else. The columns can change (by selecting View, Select Columns…), but among the most important after the Image Name are:

• PID. The Process ID number. This number can be used by some applications to interact directly with the process (as in running kill from the command line, etc.).
• CPU. The percentage of CPU utilization the process is currently using. Adding all the entries together will always total 100%, as the System Idle Process always adjusts for any non-usage.
• CPU Time. The actual amount of processor time.
• Mem Usage. The amount of memory the process is utilizing.

You can highlight any of the processes and click on the End Process button to stop a process from running. It is also possible to right-click on a process and see four choices on a pop-up menu:

• End Process
• End Process Tree. Not just the process, but all processes associated with it.
• Debug. Usually not available, but when it is, it allows interaction with the process.
• Set Priority. The dangerous one (more on this below).

Almost all processes start at Normal priority, which means they compete for the attention of the processor equally with other processes. Once a program has been started, there is only one way to change its priority without adding additional utilities: through the Task Manager. The six priorities, from lowest to highest, are as follows:

• Low. For applications that need to complete sometime, but you don't want them interfering with other applications. On a numerical scale from 0 to 31, this equates to a base priority of 4.
• BelowNormal. For applications not needing to drop all the way down to Low. This equates to a base priority of 6.
• Normal. The default priority for most applications. This equates to a base priority of 8.
• AboveNormal. This is for applications that don't need to boost all the way to High. This equates to a base priority of 10.
• High. For applications that must complete soon and you don't want other applications to interfere with their performance. This equates to a base priority of 13.
• Realtime. For applications that must have the processor's attention to handle time-critical tasks. Applications can be run at this priority only by a member of the Administrators group. This equates to a base priority of 24.

If you decide to change the priority of an application, you'll be warned that changing the priority of an application may make it unstable. You can generally ignore this option when changing the priority to Low, BelowNormal, AboveNormal or High, but you should heed this warning when changing applications to the Realtime priority. Realtime means that the processor gives precedence to this process over all others-over security processes, over spooling -- over everything -- and is sure to make the system unstable.

Task Manager changes the priority only for that instance of the running application. The next time the process is started, priorities revert back to that of the base (typically Normal).

The Performance tab shows memory and CPU utilization and a number of statistics. Among the statistics found on this tab are the amount of Physical and Kernel memory, as well as what is currently available.

The Networking tab graphically shows the connection as well as offers information on the adapter, utilization, and state. The Users tab shows the users connected, their ID, and status.

It is important to note that with the release of Windows XP, the Shut Down options moved to the menu of Task Manager, allowing you to choose between: Stand By, Hibernate, Turn Off, Restart, Log Off and Switch User.

4.2: Manage, Monitor and Optimize System Performance for Mobile Users
Most desktop computers should have only one hardware profile, because the hardware connected to them will not deviate greatly from one day to the next. The hardware connected to laptop/mobile computers can differ greatly from day to day, however, based on whether they are sitting in a docking station at the office, being used by a manager at home in the evening, or being used by a salesman making a presentation to a customer in the field.

Just as user profiles allow you to configure different parameters for multiple users, hardware profiles allow you to configure different parameters for different hardware-accessible possibilities the system may encounter. In brief, hardware profiles offer a way to create and maintain different hardware configurations (including which services and devices are used) for different computing scenarios.

If a system has multiple hardware profiles, a menu of the choices will appear during the boot process (after you are prompted to press the spacebar for the Last Known Good Configuration). By default, you have a number of seconds in which to make a choice from the menu. If you do not make a choice in the allotted time, the default profile is used.

To create a hardware profile, double-click on the System applet in Control Panel. From the tabs that appear, choose Hardware to create a new hardware profile. This is accomplished by following these steps:

1. Choose an existing or original profile from the Available Hardware Profiles list box, and then choose Copy.
2. Enter the name of the new profile and click OK.
3. Use the arrow buttons to the right of the profile list to determine the order preference of the profiles. This determines which order Windows XP uses to load the profiles during system startup.
4. Click the Properties button to indicate whether the computer is a portable, to specify its docking state, and to indicate whether this profile should always be included as an option during boot. Then click OK.
5. Specify what should be done during startup. If you want Windows XP to display a list of profiles at startup that you make a selection from, choose Wait Until I Select a Hardware Profile. With that option selected, Windows XP does not continue with the startup operation until a profile is selected.
6. If you don't want to wait indefinitely, set a timeout value for how long you have to select a profile before Windows XP selects the first profile in the list. This is the default operation; 30 seconds is the standard. If you set the timeout value to 0, Windows XP simply boots with the highest-order profile on startup.

After you have created different profiles, you need to identify which services to enable and disable for each profile. You do this through the Services applet in the Administrative Tools folder of Control Panel.

When studying for this exam objective, you should also briefly review all the information pertinent to Windows XP and mobile users, found at: http://www.microsoft.com/windowsxp/pro/using/howto/default.asp#section4.

4.3: Restore and Back Up the Operating System, System State Data and User Data
Except for the occasional sadist, no one looks forward to system disasters that force him to rebuild his computer systems and data. Unfortunately, almost every component used to store files and data has a mean-to-failure ratio associated with it. Devices do fail. And when they do, data can be lost.

The best insurance policy you have against such a devastating loss is a backup of the data that you can turn to when the system is rebuilt. Windows XP includes the Backup Utility which is really a collection of a number of tools and features you can use to prepare for a failure and recover from one. These tools and features are the subjects of the next few pages.

To access this tool, choose Start, All Programs, Accessories, System Tools, Backup. The Backup or Restore Wizard walks you through the creation of a backup job. Alternatively, you can switch to "Advanced Mode," choose the Backup tab and avoid the wizard altogether (but you can only access jobs that are already created).

The wizard first asks what you want to back up. You can choose from three options:

• All Files
• Selected Files
• Only System State Data

After you specify what you want to back up, you must specify where you want to back up to. By default, the backup location is a file named Backup.bkf, which can be located anywhere (A: drive, C: drive, tape, network and so on). The wizard's confirmation screen shows you your selections. It also contains an Advanced button, where you can configure such settings as the type of backup you want to perform. Five choices are available:

• Normal. A full backup of all files, regardless of the state of the archive bit (the default). After the files are backed up, the archive bit is turned off.
• Copy. A full backup of all files, regardless of the state of the archive bit. The archive bit is left in its current state.
• Incremental. Only the files for which the archive bit is currently turned on. After the files are backed up, the archive bit is turned off.
• Differential. Only the files for which the archive bit is currently turned on. The archive bit is left in its current state.
• Daily. Only those files with today's date, regardless of archive bit status.

A good backup regimen uses at least two of the preceding types. You must be careful how you mix and match them, however. For example, you might want to do a full (normal) backup every Sunday and an incremental backup Monday through Saturday. The incremental will back up only files that changed on Monday for Monday's backup, the files that changed on Tuesday for Tuesday's backup, and so on. If the system crashes on Saturday (prior to the backup), you must first restore last Sunday's full backup, then the incrementals for Monday, Tuesday, Wednesday, Thursday and Friday to get your system back.

If you did a full (normal) backup every Sunday and a differential backup Monday through Saturday, you would need only two tapes to do the restore. If the system crashes on Saturday (prior to the backup), you must first restore last Sunday's full, then the differential for Friday. Each differential done throughout the week takes longer to complete, because it holds successively more data, but the number of tapes and time needed for restore operations is greatly reduced.

After the backup runs, you can view a report of the operations in the log file.

Just as the Wizard helps you create backup jobs, the Restore and Manage Media portion helps you simplify configuration tasks. You can restore an individual file, an entire backup set, or any combination of the two. Specify what you want to restore, and you then see a summation screen with an Advanced button. By clicking this button you can choose to restore the data to one of these locations:

• Original location
• Alternate location
• Single folder

Next, choose whether the files you are restoring should overwrite existing files in all cases, replace the disk files only if the disk files are older, or not replace any existing files at all (the default). Choose whether to restore any special files (security, removable storage and so on), if applicable. Then the job begins.

The last tab of the Backup Utility allows you to schedule jobs to run routinely. A calendar allows you to see dates and schedule jobs for those dates. Double-click on a job and select the Properties button. From the dialog box that appears, you can configure the task, its schedule, and settings.

Articles from Microsoft on these topics can be found at http://www.microsoft.com/windowsxp/pro/using/howto/security/backup.asp and http://www.microsoft.com/windowsxp/pro/using/howto/gethelp/systemrestore.asp. There's also a video at http://www.microsoft.com/windowsxp/wmx/howto/help_restore.asx.

Observations
While the topics are pretty straightforward, the Windows XP Professional exam, like many other Microsoft exams, adds a level of difficulty by being so lengthy. Questions that you could easily answer on the fly become more difficult after ninety minutes of staring at verbose questions trying to ascertain which minutia is relevant. No one is infatigueable, and it is important when taking this exam to allot your time well so that you will have enough left over to dissect questions at the end of the exam as distinctly as you did at the beginning.

That's it for this time. Soon we'll cover the final three topic categories: "Configuring and Troubleshooting the Desktop Environment," "Implementing, Managing, and Troubleshooting Network Protocols and Services," and "Configuring, Managing, and Troubleshooting Security."

More articles by Emmett Dulaney:

• Does SuSE Stand a Chance?
  
• 'Nix Password Administration 101
  
• Questions Types 101: How Many Ways Can You Ask the Same Thing?
  
• CertCities.com's Mega-Guide to Microsoft's 70-210 Exam, Part III