If you want to auto start a guest image, perform the following steps…
1) VMware Guest Machine > Settings > Options > Power
Check the box, “Power on after opening this virtual machine”
2)Right-click on the Guest .VMX file and make sure VMware Workstation is the default application associated with .VMX file type.
3) Add the .VMX file (as a shortcut) to the Windows Start-up Program group. (If you have VMware WS set to run the guest image “headless”, you can set the Short-cut in Start up to Run: Minimized)
I’ve been configuring my LAN for spiceworks this afternoon. The Windows XP firewall is enabled on most of our PCs, and I didn’t want to visit each station to configure it to allow spiceworks to inventory the machine. I’m also not big into group policy here at the office (what the saying about the cobbler’s son’s shoes?) so I didn’t want to make the setting change that way.
My first idea was to use remote desktop to access the computers from my machine. That worked fine, since I have local administrator access on each machine… but I’d have to interrupt each user’s work, log them off, make my firewall adjustments, then tell them it’s okay to log on now… assuming that I could even get into their machines remotely.
I needed a solution for users with remote desktop disabled. If your remote user has administrator access to their machine, have them click on Start - Run and type:
netsh firewall set service remoteadmin enable
netsh firewall set service remotedesktop enable
[note: remoteadmin = remote administration, while remotedesktop = remote assistance and remote desktop]
You can also enable remote desktop over the network via regedit if you have administrator rights to the remote machine:
This worked okay, but I like to implement the most elegant solution possible.
So I fired up the command line on my local machine, and used psexec to configure the firewall service on the remote machine via netsh. The users never even knew I was working on their computer, which is fine by me.
To enable remote access to a machine via the command line, type:
psexec \\remotecomputername netsh firewall set service remoteadmin enable
psexec \\remotecomputername netsh firewall set service remotedesktop enable
If you aren’t familiar with the PStools suite of utilities, and you like administration from the command line, you need to check out the Sysinternals web site. Too bad they were acquired by Microsoft in 2006.
Windows 2008 Server Core uses the SCregEdit.wsf script found in C:\Windows\System32 to configure Terminal Services (TS) behavior. TS is the method of remote controlling your Server Core system through Remote Desktop (RDP).
To view the current Terminal Server settings for Vista/Windows 2008 clients, at the server command prompt type:
c:\windows\system32\scregedit.wsf /AR /v
The following values correspond to the response generated by the scregedit.wsf script.
1 = Terminal Services Disabled (remote access disabled)
0 = Terminal Services Enabled (remote access enabled)
To enable Terminal Services access from Vista/Windows 2008, at the server command prompt type:
c:\windows\system32\scregedit.wsf /AR 0
To disable Terminal Services access from Vista/Windows 2008, at the server command prompt type:
c:\windows\system32\scregedit.wsf /AR 1
Note:
The /AR setting applies to Windows Vista/2008 machines. If you want to allow Terminal Services connections to the Windows 2008 server from Windows XP machines, you have to use the /CS switch.
To view the current Terminal Server settings for Windows XP clients, at the server command prompt type:
c:\windows\system32\scregedit.wsf /AR /v
To enable Terminal Services access from Windows XP, at the server command prompt type:
c:\windows\system32\scregedit.wsf /CS 0
To disable Terminal Services access from Windows XP, at the server command prompt type:
c:\windows\system32\scregedit.wsf /CS 1
You could also edit the registry directly to enable Terminal Services using the same registry entry I wrote about when describing how to enable remote access for Windows XP machines remotely.
Finally you will need to create a hole in your server’s Windows Firewall for inbound RDP traffic on port 3389. KB 947709 details how to use the netsh advfirewall firewall command to configure the firewall in several different ways. I suggest running the following at the server command prompt:
netsh advfirewall firewall set rule group=”remote desktop” new enable=yes
| 1. | Start Registry Editor. |
| 2. | Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters Note If the Parameters key does not exist, create it now. |
| 3. | On the Edit menu, point to New, and then click DWORD Value. |
| 4. | Type MaxPacketSize, and then press ENTER. |
| 5. | Double-click MaxPacketSize, type 1 in the Value data box, click to select the Decimal option, and then click OK. |
| 6. | Quit Registry Editor. |
| 7. | Restart your computer. |
CLASS MACHINE CATEGORY !!KRB_PARAMS KEYNAME "SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters" POLICY !!SET_MAXPACKETSIZE EXPLAIN !!MAXPACKETSIZE_HELP PART !!MAXPACKETSIZE NUMERIC REQUIRED VALUENAME "MaxPacketSize" MIN 1 MAX 2000 DEFAULT 2000 END PART PART !!MAXPACKETSIZE_TIP TEXT END PART END POLICY POLICY !!LOGLEVEL EXPLAIN !!LOGLEVEL_HELP VALUENAME "LogLevel" END POLICY END CATEGORY [strings] KRB_PARAMS="Kerberos Parameters" SET_MAXPACKETSIZE="Set MaxPacketSize" MAXPACKETSIZE_HELP="The Windows 2000 Kerberos Authentication package is the default in Windows 2000. It coexists with challenge/response (NTLM) and is used in instances in which both a client and server can negotiate Kerberos. Request for Comments (RFC) 1510 states that when a client contacts the Key Distribution Center (KDC), it should send a User Datagram Protocol (UDP) datagram to port 88 at the KDC's IP address. The KDC should respond with a reply datagram to the sending port at the sender's IP address.\n\nWindows 2000, by default, uses UDP when the data can be fit in packets under 2,000 bytes. Any data above this value uses TCP to carry the packets. The value of 2,000 bytes is configurable via this policy." MAXPACKETSIZE="Bytes: " MAXPACKETSIZE_TIP="Range is from 1 to 2000. Use 1 to force Kerberos to use TCP." LOGLEVEL="Kerberos Event Logging" LOGLEVEL_HELP="Windows 2000 offers the capability of tracing detailed Kerberos events through the event log mechanism. You can use this information when you troubleshoot Kerberos. All Kerberos errors are logged to the System log."
To enable forwarding by rule:
Suggestions for Optimizing Memory Usage
Servers running IIS 5.0, like other high-performance file servers, benefit from ample physical memory. Generally, the more memory you add, the more the servers use and the better they perform. IIS 5.0 requires a minimum of 64 MB of memory; at least 128 MB is recommended. If you are running memory-intensive applications, your server could require a much larger amount of memory to run optimally (for example, most of the servers that service the microsoft.com Web site have at least 512 MB of memory).
Adding RAM to your system is not the only option, however. Here are a few suggestions for optimizing memory performance without adding memory:
| • | Improve Data Organization Keep related Web files on the same logical partitions of a disk. Keeping files together improves the performance of the File System Cache. Also, defragment your disks. Even well-organized files take more time to retrieve if they are fragmented. | ||||||||||||||||||||||||||||||||||||||||||||||||
| • | Try Disk Mirroring or Striping The optimum configuration is to have enough physical memory to hold all static Web pages. However, if pages must be retrieved from disk, use mirroring or striping to make reading from disk sets faster. In some cases, a caching disk controller may help. | ||||||||||||||||||||||||||||||||||||||||||||||||
| • | Replace or Convert CGI Applications CGI applications use much more processor time and memory space than equivalent ASP or ISAPI applications. For more information about ASP, ISAPI, and CGI applications, see Web Applications . | ||||||||||||||||||||||||||||||||||||||||||||||||
| • | Enlarge Paging Files Add paging files and increase the size of the ones you have. The Windows 2000 operating system creates one paging file on the system disk, but you can also create a new paging file on each logical partition of each disk. | ||||||||||||||||||||||||||||||||||||||||||||||||
| • | Retime the IIS Object Cache Consider lengthening the period that an unused object can remain in the cache (use the ObjectCacheTTL setting in the registry, as mentioned earlier in this section, to accomplish this). | ||||||||||||||||||||||||||||||||||||||||||||||||
| • | Change the Balance of the File System Cache to the IIS 5.0 Working Set By default, servers running the Windows 2000 operating system are configured to give preference to the File System Cache over the working sets of processes when allocating memory space. Although IIS 5.0based servers benefit from a large File System Cache, the setting Maximize Throughput for File Sharing often causes the IIS 5.0 pageable code to be written to disk, which results in lengthy processing delays. To avoid these processing delays, set Server properties to the Maximize data throughput for network applications option. To change Server properties
| ||||||||||||||||||||||||||||||||||||||||||||||||
| • | Limit Connections If your server doesnt have enough memory, limiting the number of connections on the server might help alleviate the shortage because some physical memory (about 10 KB per connection) is consumed by the data structures the system uses to keep track of connections. To control the number of current connections
| ||||||||||||||||||||||||||||||||||||||||||||||||
| • | Eliminate Unnecessary Features You can also disable the performance boost for applications in the foreground. In addition, at times when you are not actively checking performance, you can disable performance-related logging in order to squeeze a bit more performance from your server.
Using PerfMon to Monitor the File System Cache There are several counters in the Memory and Cache performance objects that you can use to monitor the size and effectiveness of the File System Cache. Table 5.3 lists these counters. Table 5.3 Counters for Monitoring the File System Cache
|
To monitor your servers processors, use PerfMon to log data from the counters listed in Table 5.4:
Table 5.4 Counters for Processor Activity Monitoring
Counter | Indicates |
System\ Processor Queue Length | Threads waiting for processor time. If this value exceeds 2 for a sustained period of time, the processor may be bottlenecked. |
Processor\ % Processor Time (Total instance) | The sum of processor use on each processor. |
Processor\ % Processor Time | Processor use on each processor (#0, #1, and so on). In a multiprocessor server, this counter reveals unequal distribution of processor load. |
Processor\ % Privileged Time | Proportion of the processors time spent in privileged mode. In the Windows 2000 operating system, only privileged mode code has direct access to hardware and to all memory in the system. The Windows 2000 Executive runs in privileged mode. Application threads can be switched to privileged mode to run operating system services. |
Processor\ % User Time | Proportion of the processors time spent in user mode. User mode is the processor mode in which applications like IIS 5.0 services run. |
Process\ % Processor Time | The processor use attributable to each processor, either for a particular process or for the total for all processes. (These are shown in the list of instances.) |
CPU:
Processor\% Processor Time\_Total - just a handy idea of how 'loaded' the server is at any given time.
Processor\% Processor Time\_Instance - just a handy idea of how 'loaded' any particular CPU is at any given time.
System\Processor Queue Length - number of threads queued and waiting for time on the CPU. The number of non-running ready threads in the processor queue. There is a single queue for processor time even on computers with multiple processors. If a computer has multiple processors, you need to divide this value by the number of processors servicing the workload. A sustained processor queue of less than 10 threads per processor is normally acceptable, depending on workload. Divide this by the number of CPUs in the system. If the answer is less than 10, the system is most likely running well.
Processor(_Total)\Interrupts/sec
An indirect indicator of the activity of hardware devices that generate interrupts, such as the system clock, the mouse, disk drivers, data communication lines, network interface cards, and other peripheral devices.
Memory:
Process (All processes)\Working Set
the set of recently touched memory pages for all processes. If free memory in the computer is above a threshold, pages are left in the Working Set of a process even if they are not in use. When free memory falls below a threshold, pages are trimmed from Working Sets. If they are needed they will then be soft-faulted back into the Working Set before leaving main memory. (more)
Memory\Pages/sec
the rate at which pages are read from or written to disk to resolve hard page faults. This is a primary indicator of the kinds of faults that cause system-wide delays. It includes pages retrieved to satisfy faults in the file system cache.
Memory\ Page Reads /sec – The rate of page faults, although it cannot be used in isolation, is should be less than 20% of the I/O throughput capacity.
Process\Working Set\_Total (or per specific process) - this basically shows how much memory is in the working set, or currently allocated RAM.
Memory\Available MBytes - amount of free RAM available to be used by new processes.
Memory\Pages Input/Sec - The best indicator of whether you are memory-bound, this counter shows the rate at which pages are read from disk to resolve hard page faults. In other words, the number of times the system was forced to retrieve something from disk that should have been in RAM. Occasional spikes are fine, but this should generally flat line at zero.
Memory\%Committed Bytes in Use – Sum of main memory and paging file size and reflects what % of that total is in use.
Disk:
Available Disk Space - Self explanatory
PhysicalDisk\% Disk Time
the percentage of elapsed time that the selected disk drive was busy servicing read or writes requests.
PhysicalDisk\Bytes/sec\_Total (or per process) - shows the number of bytes per second being written to or read from the disk.
PhysicalDisk\Current Disk Queue Length\driveletter - this is probably the single most valuable counter to watch. It shows how many read or write requests are waiting to execute to the disk. For single disks, it should idle at 2-3 or lower, with occasional spikes being okay. For RAID arrays, divide by the number of active spindles in the array; again try for 2-3 or lower. Because a shortage of RAM will tend to beat on the disk, look closely at the Memory\Pages Input/Sec counter if disk queue lengths are high.
\%Idle Time
Shows the percentage of elapsed time during the sample interval that the selected disk drive was idle
The recommended counter for measuring disk utilisation
\ Avg. Disk Queue Length
Shows the average number of both read and write requests that were queued for the selected disk during the sample interval
As a guide, a disk bottleneck may be identified when the average disk queue length is consistently greater than 2 * number physical disks and %Idle Time is consistently less than 20%
\ Avg. Disk sec/Transfer
Average response time across the disk subsystem in seconds
Includes all subsystem layers, e.g. device driver layer, I/O bus and I/O channel
Includes queuing time at these layers
Does not pinpoint where delays are occurring
\% Free Space
Shows the percentage of the total usable space on the selected disk that is free
As a guide for NTFS volumes, usable capacity is exhausted when this counter reaches 15%
\ Free Megabytes
Shows the unallocated space, in megabytes, on the disk
Should be employed with the previous counter in order to assess disk space capacity
Network
Network Interface\Bytes Total/Sec\nic name - Measures the number of bytes sent or received.
Network Interface\Output Queue Length\nic name – is the number of packets in queue waiting to be sent. If there is a sustained average of more than two packets in queue, you should be looking to resolve a network bottleneck.
Network Interface\Packets Received Errors\nic name - packet errors that kept the TCP/IP stack from delivering packets to higher layers. This value should stay low.
Packet drop rates
Router CPU – CPU utilisation on router
Router memory – CPU memory utilisation
Latency – Measure of time taken for traffic to be sent and return from a given point. High latency may indicate congestion.
Errors- Measure of data packets dropped by network may indicate malfunctioning equipment.
Link Up/Link Down – Change in port status
Up time – Router availability
% availability – Availability over time
Those of you who subscribe to mailing lists will no doubt have periodically received a bunch of Out Of Office replies from fellow subscribers when you have posted to the mailing list.
Previously, the best way to handle this has been to subscribe both your normal mailbox address and a public folder to the mailing list. The idea is that you subscribe your normal mailbox address with the 'NOMAIL' option that many lists provide. The mailing list posts are delivered into your public folder, but replies are sent from your mailbox address. The 'NOMAIL' option set on your normal mailbox address prevents the mailing list messages from being delivered to your mailbox. Therefore, no Out Of Office responses are sent back to other list members when set on your normal mailbox.
In Exchange 2003, it is now possible to modify the Out Of Office behaviour to help in these situations. A new registry key exists that prevents the sending of Out Of Office responses unless the recipient is explicitly listed in either the TO: or CC: fields of the message. Since mailing list posts aren't addressed explicitly to list members, the suppression of Out Of Office responses to mailing list members is achieved.
To enable this feature, add the DWORD parameter SuppressOOFsToDistributionLists with a value of 1 into the following registry location:
HKLM\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
This key should help some mailing list members from upsetting others!
| What exclusions should I use for Antivirus software with SBS 2003? |
| This question is asked regardless of the AV software that you use. Below I've compiled the standard exclusions that you should use for SBS 2003. These are the ones that we use on our clients. Server Folder Exclusions The exclusions listed here should be applied to your SBS server, and where applicable to other servers that host similar applications in your domain. Exchange related Exclusions First up you need to be aware, that the default installation of CSM for SMB v3.0 will exclude the Exchange database folders from file level scanning. Therefore I am NOT recommending including these in your exclusions. However there are some other Exchange related exclusions that you need to add to ensure that things operation smoothly. Listed below are the items and their default locations - your installation may be different. Exchange Server Database = C:\Program Files\Exchsrvr\Mdbdata (see note above) Exchange MTA files = C:\Program Files\Exchsrvr\Mtadata Exchange Message tracking log files = C:\Program Files\Exchsrvr\server_name.log Exchange SMTP Mailroot = C:\Program Files\Exchsrvr\Mailroot Exchange working files = C:\Program Files\Exchsrvr\Mdbdata Site Replication Service (not normally used in SBS but should be excluded anyway) = C:\Program Files\Exchsrvr\srsdata C:\Program Files\Exchsrvr\Conndata IIS related Exclusions IIS System Files = C:\WINDOWS\system32\inetsrv IIS Compression Folder = C:\WINDOWS\IIS Temporary Compressed Files Domain Controller related exclusions Active Directory database files = C:\WINDOWS\NTDS SYSVOL C:\WINDOWS\SYSVOL NTFRS Database Files = C:\WINDOWS\ntfrs Windows SharePoint Services Temporary SharePoint space = C:\windows\temp\Frontpagetempdir Additional Exclusions Removable Storage Database (used by SBS Backup) = C:\Windows\System32\ntmsdata SBS POP3 connector Failed Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail SBS POP3 connector Incoming Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore DHCP Database Store = C:\WINDOWS\system32\dhcp WINS Database Store = C:\WINDOWS\system32\wins Desktop Folder Exclusions These folders need to be excluded in the desktops and notebooks clients. Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore |
To install WSUS 3.0 on Windows Server 2008, you must have the following installed on your computer. If any of these updates require restarting the server when installation is completed, restart your server before installing WSUS 3.0.
Ensure that the following components are enabled:
http://learn.iis.net/page.aspx/239/wsus-30/
Posts
All Comments
