Monitoring Disk Usage in Windows Server

Hard disk controllers and disk drives  are the two primary components of the disk subsystem. The two objects which gauge hard disk performance are Physical and Logical Disk. Despite the disk subsystem becoming more an powerful, they are still the most common performance bottleneck as their speeds are exponentially slower than other system resources.

In the Windows Server Resource Monitor’s Disk tab, in Windows Server 2008 R2 the physical and logical disk counters are enabled by default . The Disk section in Resource Monitor, shown below,  gives a decent high-level overview of the current combined physical and logical disk activity. For more fine-grained monitoring of the disk activity, you should consider using the Performance Monitor component with the desired counters in the Physical Disk and Logical Disk sections.

Monitor Disk Usage

Monitoring using the Physical and Logical Disk objects comes with a small price however as each object uses a small amount of system resources  when they are used for monitoring. As such, they should be disabled unless you are using them for monitoring purposes.

The most useful  counters to monitor the disk subsystem are the % Disk Time and Avg. Disk Queue Length counters.

  • % Disk Time  monitors the time that  a certain physical or logical drive uses in servicing the read and write requests.
  • Avg. Disk Queue Length counts the number of requests which have not yet been serviced on the physical or logical drive. The Avg. Disk Queue Length is an interval average and therefore is a numerical representation of the number of delays the disk drive is having. In general, if the delay is often higher than 2, the disks are inadequate to service the system workload and  performance may be compromised.

Installing Windows Server Backup

Despite the Windows Server Backup being listed in Administrative Tools, the Windows Server Backup feature will still need to be installed. The easiest way to install Windows Backup tools is by using Add Features in the Server Manager. For Windows Server Core installations, installing with PowerShell is the preferred method.

Installing Windows Server Backup with Server Manager

On every edition of Windows Server 2008 R2, except for Server Core installations, the Windows Server Backup feature can be installed using Server Manager. To install the Windows Server Backup feature, perform the following steps:

  1. Log on to  Windows Server 2008 using an account with admin privileges.
  2. Hit Start, click All Programs, then click Administrative Tools, and select the Server Manager.
  3. On the tree panel, select the node named Features.
  4. Select  Add Features link in the tasks panel.
  5. After the Add Features Wizard has opened,  select the plus sign beside Windows Server Backup Features. Check both boxes to make sure that the commandline tools are also installed. Click Next to continue.
  6. Review the summary on the Confirm Installation Selections page and then click Install.
  7. The installation has now been performed, on the Installation Results page review the installation results, and then click Close.

Installing Windows Server Backup with Windows PowerShell Server Manager

Often, admins may elect to use  PowerShell  to manage a server and for installing roles, role services, or other features. When a feature or role is installed using PowerShell ServerManager module, all features, role services, and role dependencies are added as well. To install Windows Server Backup features, including  Windows Server Backup PowerShell cmdlets with  PowerShell, follow the below steps:

  1. Log on to  Windows Server 2008 using an account with admin privileges.
  2. Hit Start, click All Programs, then click Accessories, and click the PowerShell folder to display the application shortcuts.
  3. Right-click PowerShell and then select Run As Administrator, if the User Account Control window opens, just click Continue to open PowerShell.
  4. Type cd \ and hit Enter.
  5. Type in Import-Module ServerManager and hit Enter.
  6. Type in Add-WindowsFeature Backup-Tools and hit Enter. Once the installation has complete, the results will shown  in the window.
  7. Type in Get-WindowsFeature |More and hit Enter to generate a listing of the installed roles, role services, as well as features. Review the list to make sure that both the Windows Server Backup and Windows Server Backup command-line tools have been installed.
  8. Type in  exit in the PowerShell window and hit Enter.

Installing Windows Server Backup on Server Core Installations

On a Windows  Server Core installation, if the Windows Server Backup feature isn’t already installed, it may be installed by following the below steps:

  1. Log on to  Windows Server Core using an account with admin privileges.
  2. In Command Prompt  type in cd \ and hit Enter.
  3. Type Start /w ocsetup.exe WindowsServerBackup and hit Enter.
  4. Log on to a different Windows Server Enterprise Edition system with an admin account on the local system as well as on the Windows Server Core system (assuming  both systems are part of the same domain and also that the Windows  Server Core system is able to access other resources on the network from the Windows Server Core system).
  5. Select Start > All Programs > Administrative Tools > Windows Server Backup.
  6. In the Actions panel, select Connect to Another Computer and the Computer Chooser window will open.
  7. Select  Another Computer, type the name of the Windows Server Core system, and hit OK.
  8. If you are able to connect to the Windows Server Core system, the installation will have been successful. If the connection should fail, either the Windows Server Core firewall is blocking  the connection or Windows Server Backup has not been successfully installed.

Monitoring Processor (CPU) Usage in Windows Server

To analyze the processor (CPU) utilization of your system you should focus on  two counters - % Processor Time and Interrupts/sec.  % Processor Time shows the percentage of overall CPU utilization. If there is more than one  processor  on a system, a counter for each one is shown as well as the total (combined) value counter. If % Processor Time averages a usage rate of over 50% for extended durations, you should first review other system counters to try and identify  processes which may be improperly using the processing resource or alternatively consider upgrading the processor. Consistent CPU utilization around the 50% range does not necessarily impair performance, however, the average processor utilization goes beyond 65%  performance will almost certainly be impaired. If the system has multiple processors installed, you should use the % Total Processor Time counter to determine the average usage of all processors.

Interrupts/sec is useful for providing an overall  guide of processor health. This counter indicates the number of device interrupts which the processor  is handling per second. Similar to the Page Faults/sec counter  this counter can show very high numbers (well into the thousands) without there being a significantly performance drag.

In general, conditions which could indicate a processor bottleneck include the below:

  • “Average of % Processor Time” is consistently beyond 60%–70%. Additionally, spikes which frequently occur frequently of 90% or greater can also indicate a bottleneck even if the average is below  60%–70%.
  • “Maximum of % Processor Time” is consistently beyond 90%.
  • “Average of the System Performance Counter; Context Switches/second” is consistently beyond 20,000.
  • “System Performance Counter; Processor Queue Length” is consistently higher than two.


Monitor Windows Server System Memory and Pagefile Usage

Available memory is usually the most common source for performance issues on a Windows Server installation. Fortunately, however, it is an easy metric to measure since there are several counters in the memory object which can help troubleshoot memory issues. Most notable there are, two very important counters which provide a reasonably accurate overview of memory pressures, namely Page Faults/sec and Pages/sec memory. Just using these two memory counters alone can highlight if the system is correctly configured and experiencing memory issues. The below are the counters necessary to monitor memory and pagefile usage.

  • Committed Bytes – monitors the amount of memory (in bytes) which has been allocated by the various processes. As this increases above available memory so does the pagefile size  since paging has increased.
  • Pages/sec – Shows the number of pages which are read from or written to the disk.
  • Pages Output/sec – Shows the virtual memory pages written to the pagefile per second which can help to identify paging as a bottleneck.
  • Page Faults/sec – Reports both the soft and the hard faults.
  • Working Set,_Total – Shows the amount of virtual memory which is actually being used.
  • %pagefile in use - Shows the percentage of the paging file which is actually being used which can be used to check if the Windows pagefile is a potential bottleneck. If this consistently remains above 50% or 75% you should consider increasing the pagefile size or alternatively moving the pagefile to a another disk.


Using PowerShell with Event Logs

Reading Event logs with PowerShell

An event log is a windows service that manages event logging in a computer. When this service is started, Windows logs important information about the operation of the system and the applications running on it . The logs available on a system depend on the system’s role and the services installed.

Two general types of log files are used;

  1. Windows log
  2. Application and services log

Event log records events of different categories. namely:

  • Information
  • Warning
  • Error
  • Critical
  • Audit success
  • Audit failures

The GUI Event Viewer   is used to view the individual  events in an event log. In addition to  the GUI tool, PowerShell can be used to query the event log. The following PowerShell cmdlets can be used to manage the event log:

  • Get-WinEvent
  • Get-EventLog
  • Clear-EventLog
  • Limit-EventLog
  • Show-EventLog

The below script  displays records from the event log which has an “error” state in the Application, System and Security logs.

PowerShell Read Event Logs

Parameter “-Newest 100” gives only latest 100 entries in event log. Continues…

Windows Server Core Installation

Server Core Prerequisites

Before installing Server Core you will need the following:

  • The original Windows Server 2008 or 2008 R2  installation media.
  • If you are using Windows Server 2008 you will need a  valid product key (installation can be completed on Windows Server 2008 R2 without a product key).
  • A machine for the  clean Server Core installation (note that there is currently no upgrade option for Server Core – only a new clean installation is available).
  • There is no way to upgrade from a . Only a clean installation is supported.
  • There is no way to upgrade from a Server Core installation to a full installation of Windows Server 2008. If you need the Windows® user interface or a server role that is not supported in a Server Core installation, you will need to install a full installation of Windows Server 2008.

Note that the only option for installing Server Core is a new clean installation, it is not possible to upgrade from a  full installation of Windows Server 2008 to a Server Core installation nor is it possible  to upgrade from any previous version of Windows Server  to  Server Core.

Installation Method 1 – Manually Install Server Core.

Follow the below procedure to install  Server Core:

  1. Insert the  Windows Server 2008 installation media in the DVD drive.
  2. The auto-run dialog will appear, click Install Now.
  3. Follow the stepped instructions  to complete the Server Core Setup.
  4. When Setup has completed, hit   CTRL+ALT+DELETE, click Other User, then type Administrator with a blank password, and hit ENTER. You will then be prompted to create a password for the Administrator account, and the installation will then be complete.

In Windows Server 2008 R2the setup procedure no longer prompts you for a product key.

IIS Application Pools for ASP.NET Apps

IIS Application Pools allow for grouping of similar or related applications to facilitate easy management and configuration. Each application assigned to an application pools (or app pool) is isolated from other apps so that issues in one pool do not impact apps in other pools. Applications which have similar performance profiles or which belong to the same department in the business can be grouped together.

IIS 7 automatically creates serveral application pools, including the default app pool which is used  when you create a new application. When you create  a new application, it is automatically  assigned to the default application pool (DefaultAppPool), and a previously deployed app can have its application pool changed (for a varierty of reasons such as to enable it to use a newer version of the .NET framework). Application pools can be created and managed  using IIS . In the IIS Management Console expand the server and select Application Pools. This lists the app pools currently set up on the server as shown below:

IIS Application Pools

Application pools set up in IIS

The application pool listing displays most of the key characteristics of each app pool:

  • Name : The name of the application pool which cannot be changed after it has been created.
  • Status : Whether the application pool is running or stopped.
  • .NET Framework Version : The .NET Framework version  which will  execute the code.
  • Managed Pipeline Mode : IIS  supports Integrated and Classic pipeline modes for handling requests.
  • Identity : The Windows account which runs the apps  in the pool.
  • Applications : The number of applications running in the pool.

Creating a New Application Pool

Create a custom application pool by  clicking the  Add Application Pool link from the right hand panel of the Application Pools screen.

Install an SSL Certificate using IIS 7

To install an SSL in IIS , you first  need to issue a certificate for your web server. For this purpose you have to select the webserver root node in the navigation tree of the management console, and select the Server Certificates feature, as shown below:

SSL Certificate IIS

After selecting Sever Certificates, the IIS management console lists all the server certificates installed on the web server (see below). The first thing to note is that  in IIS 7   you can install multiple server certificates on one web server, which can be used for multiple websites set up  on the web server (previous IIS versions allowed you to install only one server certificate per web server).

SSL Certificate IIS
In the Server Certificates feature details view in the IIS Management Console, the task pane on the right side  shows the necessary task(s) for installing server certificates. You can create a certificate request automatically that you can then use to requesting a new certificate at a CA. To create a new request, click the Create Certificate Request task link on the  pane,  this creates the same Base64-encoded request as  in previous versions of IIS. Use this Base64-encoded request file for submitting your request at the CA. After retrieving the certificate from the CA, you complete the running request by clicking the Complete Certificate Request  link. Thus you can both request and configure an SSL certificate for a standalone webserver. If you need to request an SSL  certificate for your own CA, use the Online Certification Authority wizard by clicking the Create Domain Certificate link. This certificate will then be configured in your own CA and will be used for signing certificates issued by this CA.

This process is quite laborious if you are a developer who just wants to test SSL with your own web apps. Therefore, IIS 7  ships with an additional option – creating a self-signed certificate for just your own machine. Just click the Create a Self-Signed Certificate link in the console and all you will need to specify  is a friendly name which will be displayed in the listing. The wizard creates a certificate by using the cryptographic functions of your local machine and automatically installs the certificate in your web server. 

Windows Server File Level Security

Files on Windows Server are only as secure as their permissions. Thus, it is essential to know that Windows Server 2008 R2 does not give the Everyone group full control over NTFS-level and share-level. Additionally, important   system files and directories are secured to prevent  unauthorized access. This is a definite improvement over previous versions of Windows Server, but  a solid understanding of file-level security is still  important to fully ensure the security of files on Windows Server.

Understanding NT File System (NTFS) Security

Windows Server 2008 R2 ships with the latest revision of NTFS (NT File System). Each object which is referenced in NTFS, including files and folders, is marked by an ACE (access control entry) that physically limits the users that can access a resource. NTFS permissions use this concept to control the read, write, and other access type permissions on files. File servers should avail of NTFS-level permissions, and all directories should have their file-level permissions examined to ascertain if there are holes in the NTFS permission set. Modifying NTFS permissions in Windows Server 2008 R2 is a simple process; simply follow the below steps:

  1. Right-click the file or folder to which the security will be applied, and select Properties.
  2. Click the Security tab.
  3. Click  Advanced.
  4. Click  Change Permissions .
  5. Uncheck   Include Inheritable Permissions from This Object’s Parent .
  6. When prompted about the use of parent permissions click Remove.
  7. When in the Advanced dialog box, click Add to grant access to the users and/or groups  who require access to the files or folders.
  8. Check  Replace All Child Object Permissions with Inheritable Permissions from This Object checkbox. Click OK.
  9. When prompted regarding replacing security on child objects, hit Yes to replace the child object security.
  10. Click OK, and finally click OK again to close Properties.

Share-Level Security Versus NTFS Security

Previous versions of Windows Server security used share-level permissions that were independently set. Continues…

Windows Intune Review

Windows Intune is a new product from Microsoft which is designed for system admins to manage and secure PC’s across an enterprise.

Windows Server administrators have numerous tools to manage a network of Servers (for example security patches etc  can be managed in-house using WSUS), however for the managing individual PC’s spread across multiple locations in the  enterprise.

Intune is a cloud based solution, allowing  administrators to logon to the Intune online portal and manage remote PC’s. Note that every remote PC which is being administered from Intune will need to have the Intune client installed.

Intune can performance the below roles:

  • Manage Updates :  Manage the deployment of the Windows OS updates and service packs to remote PCs.
  • Protect PCs from malware : Helps safeguard the enterprises PCs from the latest threats with  centralized protection built using the Microsoft Malware Protection Engine, Microsoft Forefront Endpoint Protection and Microsoft Security Essentials.
  • Proactively monitor PCs : Get alerts on updates and threats to proactively identify and resolve problems PCs.
  • Provide remote assistance : Resolve PC issues using remote assistance.
  • Track hardware and software inventory : Track the hardware and software assets used in the enterprise to efficiently manage your assets, licenses, and compliance.
  • Set global security policies : Centrally manage updates as well as  firewall and malware protection settings across the enterprise even on remote machines outside the corporate network.

Requirements are quite minimal, for client PCs XP or higher is required and for administrators to access the online portal a browser support Silverlight 2 is required.

Getting Started Using Windows Intune

The first screen you are presented with after logging into the Intune online portal is the Overview screen which provides a summary of the PC system status’ across the enterprise.

Windows Intune

Windows Intune Overview Page

Clicking on the Computers link on the left gives a listing of the computers which are being administered using Windows Intune. PCs can also be grouped for the purposes of administration.

Windows Intune

Windows Intune Computers Listing

Selecting one of the computers in the listing provides the full details of the hardware and software specs of the  PC as well as the system updates applied.

Windows Intune

PC System Details

Across the enterprises PCs Intune will show a listing of all the software products installed.

Windows Intune

Listing of Software Installed across all the enterprise’s PCs

From the Intune online portal admins can assign updates for distribution to PC’s connected to Intune. Click on security updates for a listing of all updates for the various Windows OSs on the PC’s connected via Intune.  The patches can be reviewed and the Approved for distribution to PCs.

Windows Intune

Intune provides in-built protection against malware (such as trojans, spyware, rootkits and virsuses) using the Microsoft Malware Protection Engine.  PCs will automatically be protected with no intervention required from the administrator via Intune. In the event an attack is detected the malware engine will attempt to block the attack and report the events on Alerts Overview page of the Intune portal.

Security policies can be set for managed PCs using the Policy Overview page. A security policy allows  you to create new policy settings based on simple template based configurations. The template agent allows administrators to  create standard policies to configure security updates, firewall policies and malware protection.

A common issue for administrators is diagnosing and fixing issues on remote PCs. Windows Intune allows admins to remotely access, diagnose and fix problems on PCs managed by Intune.

The Windows Intune Center which will be installed on client PCs allows the admin to remotely take control of the client desktop (after the client grants permission) via Microsoft Easy Assist.

In addition the PC user will also be able to check the status of Windows Updates and scan their PC or attached storage for malware from their native Windows Intune Center.

Windows Intune Center
Microsoft Windows Intune Center

Overall, Intune is a capable offering from Microsoft. It will offer admins a simple and efficient way to manage a PCs across and enterprise. However the product does still have some shortcomings such as the lack of an ability to manage software application distributions and versioning across managed PCs.