Chapter 6. Monitor and maintain Windows clients

There are many tasks involved in keeping Windows clients secure and performing at their best. Microsoft helps in that regard by offering the tools you need to manage and maintain them. You can use Windows Update to protect computers from hackers and known security holes. If by chance an update causes problems, you can remove it easily. You can also use Disk Management to manage disk volumes and use tools like Disk Defragmenter, Disk Cleanup, and Check Disk to keep your drives healthy and running efficiently. Finally, you can use myriad tools to monitor performance, including but not limited to Task Manager, Performance Monitor, and Event Viewer.

Objectives in this chapter:

Objective 6.1: Configure and manage updates

Windows Updates are provided by Microsoft and have been part of the ongoing attempt to keep Microsoft operating systems safe and secure week after week, year after year, for decades. These updates often offer new features or functionality, but for the most part they are pushed out to fix security issues, address new security threats, and provide new device drivers. This is a necessary part of any company’s maintenance plan, because there will always be those who will try to hack into systems, unleash viruses, hide malware, and so on. You need to be protected. Thus, you have to install these updates and it’s best if you create a policy for doing so.

In small organizations that do not make use of an Active Directory infrastructure and instead are small peer-to-peer networks, most client computers are configured to automatically install updates. There’s often no policy and no one to oversee the process. In larger organizations, even those that are configured as workgroups (and not Active Directory domains), administrators often prefer to set policies for updates through Local Group Policy. In Active Directory domains, there’s commonly an isolated lab where updates are tested before they are rolled out, and sometimes there’s even a specialized server that caches those updates first to lessen the bandwidth that would be required should each client get updates directly from Microsoft. With this approach, updates can be tested before releasing them to clients, too. Of course, there are Group Policies for Windows Update in domains to help administrators manage them as well.

This objective covers how to:

  • Update Windows Store apps

  • Configure update settings

  • Manage update history

  • Roll back updates

  • Configure Windows Update policies

Update Windows Store apps

Windows Store apps update themselves automatically unless you change the default configuration or apply Group Policies. These updates are generally safe to install, because all apps and app updates go through Microsoft first and are offered through the Microsoft Store only after thorough testing. However, in some instances you might want or need to disable these automatic updates.

Note: Default apps

The first time you log on to a new Windows 8.1 installation, the default apps will be updated.

On a single workstation, you can disable automatic app updates by following these steps:

  1. On the Start screen, click Store.

  2. Press Windows key+I to open the Settings charm.

  3. Click App Updates.

  4. Move the Automatically Update My Apps slider from Yes to No.

If you opt to disable automatic updates, you’ll have to update them manually. Watch for updates from the Store in the upper-right corner.

Before moving on, here are a few more things you should know about Windows Store and app updates:

Group Policy settings can be configured for the Windows Store.
Figure 6-1. Group Policy settings can be configured for the Windows Store.

More Info: Sideloading

Organizations can create their own apps through a process called sideloading. Sideloading enables companies to create their own apps and forgo Microsoft’s inspection process. Apps must be digitally signed and the computers to which you want to offer the apps must be configured to allow the installation (use Group Policy to enable Allow Trusted App To Install).

You might see something about sideloading on the exam, so make sure you’re familiar with these Windows PowerShell commands:

Also, at an elevated command prompt you can use these commands:

The following is a sample command:

add-appxpackage C:\companyapp8.appx –DependencyPath C:\winjs.appx.

Unless you are specifically asked about Store updates or something very specific such as firmware updates, any references to updates on the exam refer to Windows Updates. These are the updates you’re familiar with from Control Panel; these are the updates you’ve been working with for years.

The settings you need to access are available in the Windows Update window, from Control Panel, in System And Security, from Windows Update. Here you’ll find the options Check For Updates, Change Settings, View Update History, Restore Hidden Updates, Installed Updates, and Add Features To Windows 8.1. You’ll also see any available updates that are scheduled to install, optional updates, and information about when you received updates. Figure 6-2 shows this window.

You configure Windows Update settings in Control Panel.
Figure 6-2. You configure Windows Update settings in Control Panel.

Note: Where to set Windows Update

You can use PC Settings, Update And Recovery to quickly see if a client machine is configured to receive updates. You can also view the update history and choose how updates get installed. However, most network administrators still prefer the Windows Update window, available from Control Panel, because all options are available there, not just the ones that end users would likely access.

To configure update settings from Control Panel, follow these steps:

  1. Click System And Security and click Windows Update.

  2. In the Windows Update window shown in Figure 6-2, click Change Settings.

  3. Make your preferred choices using the options available in the Important Updates drop-down list. See Figure 6-3.

    There are four options for obtaining and installing Windows Updates.
    Figure 6-3. There are four options for obtaining and installing Windows Updates.

  4. Click the scheduling option shown. The default entry is Updates Will Be Automatically Installed During The Maintenance Window. See Figure 6-3.

  5. If desired, use the Run Maintenance Tasks Daily At drop-down list to choose a different time. The default is 3 A.M.

  6. If desired, select the Allow Scheduled Maintenance To Wake Up My Computer At The Scheduled Time check box.

  7. Click OK.

  8. Click OK.

  9. Make sure you are knowledgeable about the four options from step 3:

    • Install Updates Automatically (Recommended)

    • Download Updates But Let Me Choose Whether To Install Them

    • Check For Updates But Let Me Choose Whether To Download Or Install Them

    • Never Check For Updates (Not Recommended)

Exam Tips

Windows Update, configured as detailed in this section, is a good solution for small workgroups and organizations (50 or fewer users is a general rule of thumb). If your organization is larger, you should install and configure a Windows Server Update Services (WSUS) server. With WSUS, updates are downloaded to the WSUS server and then the administrator can make them available when they are ready, perhaps after they’ve been tested. They can even pass on the updates to other WSUS servers in large organizations. This saves bandwidth, too, because the updates only need to be downloaded once from the Internet. After that they can be pushed out or downloaded from server to client over the local network.

To use WSUS, Windows clients must be configured to use the WSUS server through Group Policies. You can’t make that change in Control Panel. The policy you’re looking for is Specify Intranet Microsoft Update Service Location. It’s located in the applicable Group Policy editor: Computer Configuration, Administrative Templates, Windows Components, Windows Update. This is only one of many policies available in the Windows Update node. You’ll learn about these later in this section.

In Figure 6-2 you saw the View Update History option in the task pane of the Windows Update window. You click that option to view all of the updates that have been installed on the computer. They are organized by the date installed by default, but you can click any tab on the tab bar to sort them in other ways. You can sort by Importance, which organizes the updates by their type. If you look closely at Figure 6-4, you’ll notice there are lots of updates marked Important and only a handful marked Recommended.

Review your update history to see what kinds of updates have been installed.
Figure 6-4. Review your update history to see what kinds of updates have been installed.

Exam Tip

Make sure you’re familiar with the various types of updates, what they offer, and why they are used: Important, Recommended, Optional, Security, Critical, and Service Packs.

You can also sort updates by name. When you do, you can more easily see what is being updated. You’ll likely see a lot of Definition updates for Windows Defender, updates for the Windows 8.1 operating system, updates for the Windows Malicious Software Removal Tool, updates for the dictionary, and more. You’ll also see Cumulative Security Updates for various items including Internet Explorer 11. To learn more about any update, including any related Knowledge Base articles, double-click it, as shown in Figure 6-5. (You can also right-click to copy it.)

Learn more about any update by double-clicking it.
Figure 6-5. Learn more about any update by double-clicking it.

When you roll back an update, you uninstall it. Logically then, it must have been installed first. To access an installed update, you need to open the Windows Update window and click Installed Updates in the upper-left corner. Once you’ve found the update to uninstall, click it and then click Uninstall. See Figure 6-6.

Uninstall problematic updates.
Figure 6-6. Uninstall problematic updates.

If you know ahead of time that an update is coming that you don’t want to install (and you don’t use a WSUS server), you might want to temporarily change the settings in Windows Update so that you are prompted when updates are available while retaining control regarding what to install and when. Then, you can hide the update before it is installed automatically and forgo the need to uninstall it later.

To hide an update, follow these steps:

  1. Open the Windows Update window.

  2. Click the notification for the available updates. Figure 6-7 shows that one update is available.

  3. Locate the update in the Select Updates To Install pane that appears, right-click it, and click Hide Update.

Locate the update before it’s installed to hide it and keep it from installing.
Figure 6-7. Locate the update before it’s installed to hide it and keep it from installing.

If you decide later to install the update, from the Windows Update window, click Restore Hidden Updates. Select the desired updates and click Restore.

When you need more control over how Windows Updates are applied to client machines, you can set local and domain Group Policies. You’ll find the settings in the Group Policy Editor from Computer Configuration, Administrative Templates, Windows Components, Windows Update. There are quite a few to review, and because they aren’t always self-explanatory, we’ll cover them in more depth than previous Group Policy settings.

Remember, when you enable a specific Group Policy setting, you are configuring the policy to do exactly what it says it will do. So, if the policy setting starts with the words “Do not display...,” then when you enable the setting whatever it is will not be displayed. If the policy starts with the words “Turn on...,” then when you enable the policy the thing will be turned on. Unless otherwise stated, when you disable a policy the result is the same as not configuring it at all. So, unless there is a specific issue with a setting, we’ll only discuss what happens when you enable it here. The settings are shown in Figure 6-8.

Windows Update policies in the Local Group Policy Editor.
Figure 6-8. Windows Update policies in the Local Group Policy Editor.

When enabled, Install Updates And Shut Down will not appear as a choice in the Shut Down Windows dialog box, even if the updates are available for installation when the user selects the Shut Down option.

When enabled, the user’s last shut down choice is the default option in the Shut Down Windows dialog box, no matter if the Install Updates And Shut Down option is available in the What Do You Want The Computer To Do? list.

When enabled, Windows Update wakes up a system that is hibernating (using the Windows Power Management feature) to install the updates. If Windows Update wakes the system but discovers it is running on battery power, it goes back into hibernation in two minutes and does not install any updates.

When enabled, a restart timer will begin immediately after Windows Update installs important updates. It will not notify the user in advance of any plans to restart the system. You will then set your own restart timer in minutes. Users will be prompted to save their work, but a restart will occur no matter what the user would rather have happen. (If the No Auto-Restart With Logged On Users For Scheduled Automatic Updates Installations policy is enabled, this policy has no effect. This is another instance of Deny always overriding other settings.

This sets a Group Policy for how Automatic Updates are configured. If enabled, you choose the auto download and installation settings, and if you select Auto Download And Schedule The Install, then you can also opt to make those installs during automatic maintenance periods. You can also configure how often to schedule the installation and the install time. See Figure 6-9.

Configure Automatic Updates has more choices than most policies do.
Figure 6-9. Configure Automatic Updates has more choices than most policies do.

When enabled, you specify a server on your network that will hold Windows Updates. Clients will get the updates from this server. It’s likely a WSUS server, as noted earlier in this chapter. Larger networks will use a System Center Configuration Manager (SCCM) server instead. You need to type two fully qualified domain names (FQDNs) when you enable this policy:

When enabled, you specify the hours that Windows will use to determine how long to wait before checking for available updates. When you set an interval, say every 20 hours, the interval is actually calculated to 80 percent of this number to give a window. For 20 hours, the window becomes between 16 and 20 hours. Windows will check for updates during this interval.

When enabled, the client will not try to obtain any updates, even from the public Windows Update service or the Windows Store. Note that because this policy disables this, it might cause the Windows Store to stop working.

When enabled, non-administrators will receive update notifications. Users can install the updates for which a notification was received. There is a lot more information offered about this setting in the Policy Settings window. Make sure to review this as time allows. See Figure 6-10.

Review the settings for Allow Non-Administrators To Receive Update Notifications.
Figure 6-10. Review the settings for Allow Non-Administrators To Receive Update Notifications.

When enabled, a notification message will appear on the user’s computer when featured software updates are available. The featured software notifications come from the Microsoft update service. This feature should only be used in loosely managed environments.

When enabled, Automatic Updates will immediately install once they are downloaded and ready. If the Configure Automatic Updates policy is disabled, this policy has no effect.

When enabled, Automatic Updates will install recommended updates and important updates.

When enabled, Automatic Updates will not restart a computer automatically during a scheduled installation if a user is logged in. Instead, the user will be prompted to restart the computer. If disabled or not configured, the computer will notify the user and then restart after five minutes to complete the installation. If the Configure Automatic Updates policy is disabled, this setting has no effect.

When enabled, a scheduled restart will occur the specified number of minutes after the previous prompt for a restart was postponed. If this is not set or disabled, the default interval is 10 minutes. If the Configure Automatic Updates policy is disabled, this policy has no effect. It has no effect on Windows RT, either.

When enabled, a scheduled restart will occur the specified number of minutes after the installation is finished. If disabled or not configured, the default is 15 minutes. If the Configure Automatic Updates policy is disabled, this policy has no effect.

When enabled, a scheduled installation that did not take place earlier will occur the specific number of minutes after the computer is next started. When disabled, a missed scheduled installation will occur with the next scheduled installation. If this is not configured, a missed scheduled installation will occur one minute after the computer is next started. If the Configure Automatic Updates policy is disabled, this policy has no effect.

When enabled, the specified target group you name will be sent to the intranet Microsoft update server. This server can be configured to deploy updates as desired to the specified group. You might configure a setting for all laptop users, say, so that you can specify when and how updates are sent or downloaded.

When enabled, Automatic Updates from non-Microsoft companies that are received through the Microsoft update server will be accepted if they are signed with a certificate from within the Trusted Publishers certificate store. Updates signed by Microsoft will also be installed. When this is disabled or not configured, only those signed by Microsoft will be installed.

Thought experiment: How to manage Windows Update in larger companies

In this thought experiment, apply what you’ve learned about this objective. You can find answers to these questions in the “Answers” section at the end of this chapter.

You work for an organization that has grown a lot over the past three years. You used to manage Windows Updates using Local Group Policy, but you only had two dozen client computers to manage then. Now you have to manage 65 client computers and the task is taking much too long. You want to work smarter and manage the updates more effectively. Also, you’d like to be able to test the updates on a group of similarly configured test machines before you let your clients install them on their own.

  1. What type of server can you put into place to help you manage the Windows Updates in your larger organization?

  2. What is the name of the Group Policy you must enable to point client computers to this new server for obtaining updates?

  3. Where can you find this policy?

Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of this chapter.

Q:

1. Is it possible to remove the option from the Windows Store that lets users upgrade their Windows 8 machines to Windows 8.1? If so, how?

  1. No, it is not possible to remove the prompt to upgrade to Windows 8.1 in the Windows Store.

  2. Yes. From the Store, click the Settings charm, click App Updates, and clear the option to update to Windows 8.1.

  3. Yes. You must set a Group Policy here: Computer Configuration, Administrative Templates, Windows Components, Store.

  4. Yes, but you must use AppLocker and the computers must be part of an Active Directory domain.

Q:

2. Which of the following statements is false regarding Windows Updates?

  1. Windows Updates can include device drivers.

  2. Standard users can’t install drivers that have been downloaded from Windows Update without a UAC prompt.

  3. Not all updates are installed even if you choose Install Updates Automatically (Recommended) from the Windows Update, Change Settings options.

  4. You can use PC Settings, Update And Recovery to quickly see if a client machine is configured to receive updates.

Q:

3. You need to uninstall a Windows Update that has caused problems with a few specific client computers. You open Windows Update in Control Panel. What do you click in the task pane to locate the offending update and uninstall it?

  1. Change Settings

  2. View Update History

  3. Installed Updates

  4. Both View Update History and Installed Updates will work.

Q:

4. What happens when you enable the Group Policy setting Enabling Windows Update Power Management To Automatically Wake Up The System To Install Scheduled Updates?

  1. When enabled, Windows Update will wake up a system to install the updates. If Windows Update wakes the system but discovers it is running on battery power, it will go back into hibernation in two minutes and will not install any updates.

  2. When enabled, Windows Update will wake up a system to install the updates. If Windows Update wakes the system but discovers it is running on battery power, it will install the updates and then put the computer back into hibernation mode.

  3. When enabled, Windows Update will wake up a system to install the updates. It will not wake the computer if it is running on battery power.

  4. When enabled, Windows Update will not wake up a system to install the updates.

Although it might seem—especially with the integration of SkyDrive (which is being renamed OneDrive) and all the talk about domains and file servers—that no one stores anything locally anymore, they do. Even users who depend on cloud or on- or off-site storage might still use the local machine or attached drives for backups if for no other reason. Thus, it’s still important you understand how to manage local storage. In this objective, you’ll explore disk volumes, learn about file system fragmentation, and learn about a new feature, Storage Spaces.

This objective covers how to:

This objective addresses how to manage existing hard disks. It likely does not ask questions about how to prepare a raw disk for use. However, you should know a little about this, if only to be comfortable with some of the terms you’ll see both on the job and on the exam. So, before we dive in to managing disk volumes, we’ll review (or introduce you to) some common disk-related terms.

When you install Windows 8.1, the installation program configures the hard disks for you. This includes but is not limited to selecting a partition style, selecting a disk type, creating the required volumes or partitions, and formatting the volumes with the desired file system. Once this is done and the operating system is up and running, you can make changes to the options you chose during installation or the options applied automatically.

To fully understand how the installation is achieved and what can be done using the various disk management tools, you need to be familiar with the following terms:

Use Disk Management

You learned about the Disk Management Microsoft Management Console (MMC) and related snap-in in Chapter 1, where you learned how to use it to create a virtual hard disk (VHD). Here you’ll explore this console further and discover options for managing existing disks, including viewing a disk list and disk properties and creating, managing, shrinking, and extending disk volumes, among other things.

One way to open the Disk Management tool is to type compmgmt.msc in a Run dialog box. You can also right-click the Start button and click Computer Management to gain access. In the Navigation pane, click Disk Management (under Storage). See Figure 6-11. Here you can see a list of disks, their status, volume letters, file system types, and so on.

The Disk Management console lets you review and make changes to disk properties.
Figure 6-11. The Disk Management console lets you review and make changes to disk properties.

To view the options for any disk partition or volume, right-click it. You’ll see different options for different entries. For instance, if you right-click the Recovery partition, you’ll only see one option, Help. If you right-click the primary partition, you’ll see other options, including but not limited to Change Drive Letter And Paths, Extend Volume, Shrink Volume, Delete Volume, Properties, and so on, as shown in Figure 6-12. If you right-click the volume and click Properties, you’ll see a familiar Properties dialog box that includes access to various tools including Disk Cleanup, Check Disk, Disk Defragmenter, and even the option to set disk quotas and log events when quota limits are set. Finally, if you right-click the disk box (in Figure 6-11 this is labeled Disk 0 Basic 465.64 GB Online), you’ll see the option to convert to Dynamic Disk and Convert to MBR Disk.

There are limitations to what you can do here, though. For example, you can’t extend a partition if there is no free space to extend to. You can shrink an existing volume (see Figure 6-12) and use the space you’ve created to perform additional tasks, however. You can’t add a mirror if a second disk isn’t available. You can’t delete a volume if it’s the primary volume, and so on. For the most part, though, if you opt to perform a task, you work through a wizard to complete it. You can do a lot of things, including adding disks.

Right-click an active partition to view options such as Shrink Volume.
Figure 6-12. Right-click an active partition to view options such as Shrink Volume.

To introduce you to a few of these tasks, in this section you’ll shrink a partition and create a new, simple volume by following these steps:

  1. Open Disk Management.

  2. Select a disk that has extra storage space that you can shrink.

  3. Right-click the disk and click Shrink Volume.

  4. In the Shrink dialog box, enter the amount of space to shrink in MB. You might want to accept the default for this exercise.

  5. Click Shrink.

  6. Note the newly created space and note that it is unallocated. Right-click it and click New Simple Volume. See Figure 6-13.

    You can create new volumes from unallocated space on a hard disk.
    Figure 6-13. You can create new volumes from unallocated space on a hard disk.

  7. Click Next to start the New Simple Volume Wizard. Click Next again to accept the defaults for the volume size (you could enter your own size here).

  8. Click Next to accept the assigned drive letter or choose a new letter as desired.

  9. Choose how to format the volume. NTFS is best. Type a new name for the volume (New Volume is the default name) and click Next. See Figure 6-14.

    Set the file system and volume label.
    Figure 6-14. Set the file system and volume label.

  10. Click Finish.

  11. Note the new disk entry in the disk list. Then, open File Explorer, click This PC, and view your new simple volume there.

To explore further, in Disk Management, right-click the new volume. Note that Delete Volume is now available, as is Format. You can also save data to this new volume, as you would do if this were a USB drive or external backup device.

The Disk Management console is a friendly way to work with disks. However, what you can do there is limited, at least compared to what you can achieve through command-line tools, including Diskpart.exe. Network administrators use this tool when they want to automate disk tasks with scripts and batch files.

Exam Tip

The command-line utility Fsutil performs tasks that are related to FAT and NTFS file systems, such as managing reparse points, managing sparse files, and dismounting a volume. If it is used without parameters, Fsutil displays a list of supported subcommands. This command is sometimes associated with tasks that can also involve Diskpart and might be included as a red herring on an exam question.

More Info: Alternatively, you can use Windows PowerShell commands

Diskpart is a command-line tool, but there are Windows PowerShell commands you can use, too. Make sure to review at least a few of these, including Format-Volume, New-Partition, Set-Disk, and Set-Partition.

There are a lot of Diskpart command parameters, including some with which you might already be familiar if you’ve ever created a bootable USB drive. If you have, you’ll likely recognize the commands Create Partition, Select Partition, Active, Format, and so on. You can view all of the command options by typing Diskpart at an elevated command prompt and pressing Enter on the keyboard. When you see the DISKPART> prompt, type Help and press Enter. See Figure 6-15.

Review the Diskpart command-line parameters.
Figure 6-15. Review the Diskpart command-line parameters.

Although you’ll need to familiarize yourself with all of the Diskpart parameters, here are a few you should pay special attention to:

More Info: Diskpart parameters

To review all of the Diskpart command-line parameters, refer to the article at http://technet.microsoft.com/en-us/library/cc766465(v=WS.10).aspx.

Exam Tip

It might or might not be on the exam, but every network administrator should be familiar with how to create a bootable USB flash drive using the Windows ADK, Windows PE, and various Diskpart commands. Review this article to learn how: http://technet.microsoft.com/en-us/library/hh825109.aspx.

Check Disk and Disk Cleanup

Two tools, Check Disk and Disk Cleanup, help you manage disks in two distinct ways. Check Disk will scan the physical disks, look for errors, and fix them automatically (most of the time). Specifically, Check Disk looks for bad storage blocks. You opt to scan the drive, and if errors are found you’ll be prompted to reboot the machine to let Windows fix them. The run line command is Chkdsk. You can also access this tool from the drive’s Properties dialog box on the Tools tab.

Disk Cleanup is also a disk management tool, and with it you can clean the drive by removing temporary files, emptying the Recycle Bin, deleting downloaded program files, and more. Disk Cleanup can be accessed from a drive’s Properties dialog box on the General tab. See Figure 6-16.

Disk management tools are available in the disk’s Properties dialog box.
Figure 6-16. Disk management tools are available in the disk’s Properties dialog box.

Data is written to physical, spinning disks sequentially, from outside to inside, in clusters. When a disk is new, the data is written contiguously, but as data is added and then deleted, areas become open. Data is written to these open areas, too, and eventually data becomes fragmented (stored in noncontiguous segments or clusters). When the disk has to look in multiple places to pull data and offer it to the user, it takes longer than if the data was stored together. Thus, it’s optimal to keep a disk defragmented.

The Disk Defragmenter tool runs automatically and in the background to keep your drives defragmented, but you can run it manually at any time (make sure to do a complete backup first, though). Like Disk Cleanup and Check Disk, you can access Disk Defragmenter from a drive’s Properties dialog box on the Tools tab. When you click Optimize, you’ll see what’s shown in Figure 6-17. From there you can analyze any drive or click Optimize to run Disk Defragmenter. You can also click Change Settings to choose how and when Disk Defragmenter runs on its own.

Disk Defragmenter runs weekly by default, but you can analyze and run your own scans anytime you want.
Figure 6-17. Disk Defragmenter runs weekly by default, but you can analyze and run your own scans anytime you want.

Storage Spaces is new to computers running Windows 8 and lets you combine free space from multiple disks to create a new type of virtual disk for storing data. It does this by using the unallocated space on those disks to create a storage pool. This makes it easy to expand the storage space just by adding disks. You can create a maximum storage limit before you add the disks as well (a limit that exceeds the disk capacity currently connected), and as you near the limit of the currently installed disks, you’ll be prompted to add more.

Here are a few things to know before you get started:

More Info: Storage Spaces

Refer to this TechNet article to learn more about Storage Spaces: http://technet.microsoft.com/en-us/library/hh831739.

To use this feature, you must first create a storage pool by following these steps:

  1. Connect the disks to use. Format them prior to setup (or make sure you’re willing to let Windows do it during setup).

  2. Open Control Panel, click System And Security, and click Storage Spaces.

  3. Click Create A New Pool And Storage Space.

  4. Select the check boxes for the drives to use and click Create Pool.

  5. In the Create A Storage Space window, make additional configurations such as the name of the pool, resilience type, capacity, and so on. Click Create Storage Space.

Exam Tip

When creating a storage space, create a capacity larger than the installed drives to use a feature known as thin provisioning. When you do, you’ll be prompted when more space is required.

Thought experiment: Choose a fault tolerance disk configuration

In this thought experiment, apply what you’ve learned about this objective. You can find answers to these questions in the “Answers” section at the end of this chapter.

Your client has a Windows 8.1 computer with two physical disks installed. They are configured as basic disks. He wants to use these disks to protect his data. It is most important that the solution work to provide fault tolerance, but it is also important to keep costs down and make recovery as quick and easy as possible. He’s not worried about read and write performance, because the computer is well equipped with RAM and CPU resources.

  1. Of simple, striped, spanned, mirrored, or RAID-5 disks, which would you suggest the client use?

  2. Will the user have to install additional disks or otherwise spend any money on the solution?

  3. To implement the solution you selected in Question 1, what must be true of the two hard disks with regard to their size?

  4. What is going to happen to the basic disks when you implement your plan?

Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of this chapter.

Q:

1. You have a Windows 8.1 computer with a single, solid-state 512 GB drive. You also have two external drives that are 4 TB each. How can you configure Storage Spaces for these two additional drives?

  1. Create an 8 TB three-way mirror.

  2. Create a 4 TB three-way mirror.

  3. Create an 8 TB three-way parity.

  4. Create a 4 TB two-way mirror.

  5. None of the above.

Q:

2. You have several USB flash drives that contain data you need to remove. You also want to remove the partition table to completely wipe the drive. What command-line utility should you use?

  1. Diskpart

  2. Fsutil

  3. Format

  4. Diskpart or Format

Q:

3. You suspect there’s something wrong with the hard disk in a computer and you want to scan the disk, locate errors, and fix them. What tool do you use?

  1. Fsutil

  2. Chkdsk

  3. Disk Cleanup

  4. Disk Defragmenter

  5. Diskpart

  6. Disk Management snap-in

Q:

4. You need to improve the performance of a computer by increasing how quickly data can be written to it. You’ve added four hard disks. How should you configure these to improve write time?

  1. As dynamic disks configured as spanned volumes

  2. As dynamic disks configured as striped volumes

  3. As basic disks configured as mirrored volumes

  4. As basic disks configured as primary volumes

  5. As dynamic disks configured as mirrored volumes

Once computer systems are configured and protected, you’ll need to monitor system performance to make sure those systems are functioning effectively and efficiently. There are many tools available to help you with this. In this objective, you’ll learn about some of these tools, specifically those that will be covered on the exam, including Task Manager and Performance Monitor.

This objective covers how to:

  • Configure Task Manager

  • Monitor system resources

  • Configure indexing options

  • Configure and analyze event logs

  • Configure event subscriptions

  • Optimize networking performance

Configure Task Manager

Task Manager is one of the most useful tools available in Windows 8.1. Task Manager enables you to manage processes (discrete tasks) that use system resources and see how those resources are affected by those active processes. Because of its simplicity, end users can use it to end problematic processes, disable apps that don’t need to run at startup, view logged-on users, and more. Because it is such a powerful and feature-rich tool, the savviest network administrator can use it to monitor, diagnose, and improve computer performance quickly.

Because running processes are so important to system performance, Task Manager has been redesigned so you can see the process tree, which groups related processes together. The entire interface is much more user-friendly, too. Task Manager has seven tabs. You need to know how you can use each of these to improve performance, and you need to be well versed in what each offers before you take the exam. There are several ways to open Task Monitor, but the simplest is to use the Ctrl+Shift+Esc key combination. Open Task Manager on your own computer now and explore the tabs as you read the rest of this section.

The Processes tab shows all running processes, grouped together as process trees. Processes with trees have a right-facing arrow beside them. You click the arrow to see the related processes. Click a single process or a process tree name and click End Task when you want to close a process that is problematic.

You can sort the processes based on resource usage. As shown in Figure 6-18, the Store is using 53.5 MB of memory. If you believe the Store app is causing problems, you can click End Task to end and close it. Also note in Figure 6-18 that underneath the Store, Internet Explorer is using 47.8 MB of memory and has a right-facing arrow beside it, showing it includes a process tree.

Use the Processes tab to select and end problematic processes.
Figure 6-18. Use the Processes tab to select and end problematic processes.

The Performance tab shows real-time statistics for CPU, Memory, Disk, Ethernet, Bluetooth, and Wi-Fi usage. Figure 6-19 shows this tab with Wi-Fi selected. Under the graph you can see the adapter name, Service Set Identifier (SSID), Domain Name Service (DNS) name, connection type, IPv4 and IPv6 addresses, and signal strength. Right-click any entry on the left and click Summary View to minimize the window and show only the left pane. Doing this lets you keep an eye on the usage without using up much of your desktop area.

View real-time usage statistics on the Performance tab.
Figure 6-19. View real-time usage statistics on the Performance tab.

The App History tab shows usage associated with apps (not desktop apps). All apps are represented here, even if they are not currently in use. You can use this tab to determine the load placed on the system from these apps. Columns here include CPU Time, Network, Metered Network, and Tile Updates. Like the Processes tab, you might see related trees. For instance, the Mail, Calendar, and People app has a right-facing arrow beside it. You can double-click any entry here to open the app or switch to it.

The Startup tab shows what applications start when the computer boots. You can select any application listed here and disable it to keep it from starting when Windows does. Once disabled, you can return to this tab to enable it. You can also view the startup impact caused by the application, which can be marked None, Low, Medium, or High; its status (Enabled or Disabled); and more. You can also right-click any entry to open the file location for it.

Exam Tip

In previous operating system editions, you could type msconfig.exe in the Run dialog box to open the System Configuration dialog box (which you can still do), and from there you could click the Startup tab to configure what applications started when Windows did. If you do that now, on the Startup tab of the System Configuration dialog box, you’ll only see one option: Open Task Manager.

The Users tab shows all of the users logged on to the computer, including those logged on remotely. You can expand the tree associated with any user (click the right-facing arrow) to view the processes open for that user. You can select any of these processes and end them by clicking End Task at the bottom of the window, and you can disconnect a user by clicking that user’s name and clicking Disconnect. The active user will be prompted regarding the disconnect command when you use it.

The Details tab shows what the Processes tab showed in previous versions of Task Manager. You can right-click any process to end the task, end the process tree, set a priority, set affinity, create a dump file, and more. Like other tabs, you can click any category name to sort the lists appropriately. See Figure 6-20.

End tasks and processes on the Details tab by using a right-click.
Figure 6-20. End tasks and processes on the Details tab by using a right-click.

The Services tab displays all of the enabled services. Like other tabs, you can right-click a service to perform a task. The options include Start, Stop, Restart, Open Services, Search Online, and Go To Details.

Exam Tip

Explore the bottom of each tab of Task Manager. Know that on the Performance tab there’s an option to Open Resource Monitor and on the Services tab there’s an option to Open Services.

Resource Monitor is a powerful tool you can use to see even more statistics regarding real-time resources than Task Manager offers. You can open Resource Monitor on the Performance tab of Task Manager or in myriad other ways including searching for it from the Start screen. You can also launch it directly by typing resmon.exe in a Run dialog box. Once it is open, you’ll need to spend some time reviewing each tab.

Figure 6-21 shows Resource Monitor, the Overview tab, the graphs available (which are available from any tab), and what happens when you right-click a process that has been suspended. Suspended processes can cause problems, so if you see them, take note.

For the most part, you use Resource Monitor to troubleshoot problems that you were unable to uncover and resolve using Task Manager and other tools. For instance, on the Memory tab, you can sort processes by how much memory is committed to them. You might find that a single process is using a lot of memory and is problematic. You might not even need to run the application. From there you can right-click to end the process and then return to the Task Manager Startup tab to stop it from starting when Windows does to keep the problem from occurring in the future. This also reduces the load on memory, which will improve computer performance. As you can see in Figure 6-21, there are four graphs: CPU, Disk, Network, and Memory. These also show real-time information.

Resource Monitor lets you view real-time graphs for hardware components.
Figure 6-21. Resource Monitor lets you view real-time graphs for hardware components.

More Info: Resource Monitor terms you should know

As you explore each tab, you’ll see a lot of terms you’ll need to know with regard to Resource Monitor, including PID (the Process ID of the application) and Commit (the amount of memory committed by an application). There’s not enough space here to discuss all of these terms, so you’ll have to take on that task yourself. You can learn about Resource Monitor from the TechNet article at http://technet.microsoft.com/en-us/library/dd883276(WS.10).aspx.

Configure indexing options

Windows 8.1 indexes the files, folders, documents, and other data on your computer so that the data can be found quickly when it’s needed. By default, specific areas are indexed, including the data associated with users and application data you access often, such as Microsoft Office Outlook or Windows Sticky Notes. You can control what is indexed from the Indexing Options dialog box and add or remove locations to suit your needs. You’ll need to do this if you store files on the hard drive where indexing doesn’t occur by default or if areas are being indexed that don’t require it. You can also reconfigure advanced settings from the Indexing Options dialog box to gain even more control. Type Index on the Start screen and click Indexing Options to see the Indexing Options dialog box shown in Figure 6-22.

Data is indexed to decrease the amount of time it takes to retrieve data.
Figure 6-22. Data is indexed to decrease the amount of time it takes to retrieve data.

Note: Don’t index everything

Although you might think that indexing your entire hard disk would improve performance, it won’t. The size of the index, which would then include things like program and application files, would hinder searches.

When you click Modify in Figure 6-22, you can see exactly what’s being indexed and you can click Show All Locations to see any locations that are hidden by default. From there you can clear the check boxes for items you feel don’t require indexing. You can also click any right-facing arrow to see the subfolders available from the parent folder and from there you can add areas to index. Figure 6-23 shows this.

You can select what to index.
Figure 6-23. You can select what to index.

Finally, in the Indexing Options dialog box you can click Advanced. The Advanced Options dialog box has two tabs: Index Settings and File Types. The Index Settings tab lets you add or exclude encrypted files, treat similar words as different words, delete and rebuild the index (if it becomes corrupt), and change the index location. The File Types tab lets you exclude any type of file you want, and hundreds might be listed there. You can opt not to index files of a specific type or you can add file types that Windows doesn’t currently list. Some programs create proprietary file formats that you’ll need to add manually to index.

Another way you can manage and maintain computer performance is to use Event Viewer to analyze Windows logs. These include Application, Security, Setup, System, and Forwarded Events. These logs can help you uncover problems that are difficult if not impossible to diagnose elsewhere.

You can launch Event Viewer in many ways, including searching for it from the Start screen, adding it as a snap-in to an MMC, and opening it from the Administrative Tools window or from the Computer Management console. You learned how to configure object access auditing in Chapter 4, set alerts for the events when they occur, and more. Thus, you already know quite a bit about Event Viewer if you read this book from start to finish.

Each log you’ll explore here offers information about events that occur and their importance. While reviewing logs, you’ll see these levels of events:

  • Information. Events labeled as Information are normal events, but they have been logged to provide information about a change related to a component or process.

  • Error. These events warn that a problem has occurred, but the problem probably won’t affect the performance of the component being called out. It might affect the performance of other components, though.

  • Warning. These events warn of problems that you might need to deal with (unless noted otherwise in the log entry). If they are not resolved, problems will likely ensue.

  • Critical. These events warn of catastrophic failure or loss of function of a component. These events must be addressed quickly.

  • Verbose. These events only provide information related to progress or successes and do not imply any problem has or might occur.

Like other lists you’ve seen so far, including the lists you viewed earlier in Task Manager, you can sort any log’s entries by clicking any category title at the top of the log (such as Date And Time, Source, Level, and so on). Figure 6-24 shows the Application log.

Event logs offer information about events, including what level event has occurred.
Figure 6-24. Event logs offer information about events, including what level event has occurred.

Make sure you are familiar with the default logs:

You’ll want to explore Event Viewer and make sure you understand what is available from the interface, how to configure different views, how to create custom views, how to add and remove columns using those views, and so on. The Actions pane also offers tools with which you need to be familiar, including but not limited to saving a log, clearing a log, opening a saved log, and attaching a task to an event. Like other areas of this book, there is simply too much to cover here, and thus it’s up to you to learn what’s available on your own. However, for the sake of completeness, here are the steps required to create a custom view that shows only Critical events created in the System log.

To create a custom view in Event Viewer, follow these steps:

  1. Open Event Viewer.

  2. Click the Action menu and click Create Custom View.

  3. On the Filter tab, for Event Level, select Critical (you could select additional entries).

  4. From the By Log option, in the Event Logs window, click the down arrow, expand Windows Logs, and select the System check box (you could select additional entries as well).

  5. Click outside the drop-down list to hide it.

  6. Optionally, include entries for Keywords, User, or Computer(s); click OK. See Figure 6-25.

    Create a custom log.
    Figure 6-25. Create a custom log.

  7. Type a name for the log (perhaps Critical System) and click OK.

  8. Note any entries.

You can use Event Viewer for more than sorting already-logged events on a local computer or creating custom views. When you add the Event Viewer snap-in to an MMC, you can also opt to view other computers’ event logs. As you’ve likely experienced, though, these logs (whether they are local or on remote computers) are cumbersome because they contain so many entries. When you only want to receive information about specific events from other computers, you create event subscriptions. There are a few terms to know first, though:

There are two kinds of subscriptions you can create:

Before you can configure any subscription, you must configure both computers to run the required services. You can’t just start remotely administering computers. You must first enable a service on the source computer called Windows Remote Management. This service enables the remote computer to be remotely managed. You must also enable a service on the collector computer called the Windows Event Collector service. This service enables a collector computer to collect events from remote computers.

On your collector computer, the workstation you’ll use to view subscriptions, perform the following steps:

  1. Open an elevated command prompt.

  2. Type wecutil qc and press Enter.

  3. Type Y and press Enter when prompted to start the service.

    Note the entry: Windows Event Collector service was configured successfully.

  4. Close the command prompt window.

On the source computer, the workstation from which you’ll collect events, follow these steps:

  1. Open an elevated command prompt.

  2. Type winrm quickconfig and press Enter.

  3. Type Y and press Enter when prompted; repeat when prompted.

    Note the entry: WinRM firewall exception enabled.

  4. Close the command prompt window.

Exam Tip

For event log subscriptions to be successfully configured, the firewalls on both must be configured to allow traffic on TCP port 80 for HTTP or on TCP port 443 for HTTPS.

Recall that you can create two kinds of subscriptions: collector initiated and source computer initiated. Follow these steps to create a source computer–initiated subscription:

  1. Open Event Viewer.

  2. Right-click the Subscriptions node and click Create Subscription.

  3. Type a name for the subscription.

  4. Select Source Computer-Initiated and click Select Computer Groups. See Figure 6-26.

    Create a source computer–initiated subscription.
    Figure 6-26. Create a source computer–initiated subscription.

  5. Click either Add Domain Computers or Add Non-Domain Computers as applicable.

  6. Enter a computer name and click OK. What you must do here depends on your choice in step 5.

  7. If prompted, perform additional steps, such as adding a certificate, entering credentials, and so on.

  8. Click Select Events (shown in Figure 6-26).

  9. Select Critical in Event Level, choose the desired logs to monitor, add keywords, and so on, as detailed earlier during the creation of Custom Logs.

  10. Click OK and click OK again.

After you complete the process to create a source computer–initiated subscription, you must then enable the source computers to forward their events. The setting is in Group Policy, from Computer Configuration, Policies, Administrative Templates, Windows Components, Event Forwarding. You’ll enable the Configure Target Subscription Manager and input the applicable information there.

Exam Tip

There are a lot more tools than those detailed in this chapter for managing computer performance. You should review all of the available tools before taking the exam. One way to access some of them is to open Administrative Tools. From there, explore Resource Monitor and Performance Monitor in depth, as well as System Configuration and System Information. Also, search for Reliability Monitor on the Start screen and click View Reliability History. This is where you’ll review your computer’s reliability and problem history. Finally, make sure you check out the Windows Experience Index; you can find this in the Performance Information And Tools window in Control Panel.

Users expect network uptime to be at 100 percent, every day, week after week, year after year. This might be one of your biggest challenges with regard to performance, because when the network is down, everyone notices and work comes to a standstill. You must maintain network components at all costs to make sure network performance is the best it can be.

There are a few things to keep in mind:

In addition, before trying any troubleshooting that involves wizards or tools, check for these common issues:

You are likely familiar with the most basic troubleshooting tools available in Windows. There is an icon on the taskbar that will show when a network is unavailable. You can right-click the network icon in the taskbar to access the troubleshooting wizards (click Troubleshoot Problems) or to open the Network And Sharing Center. When you choose the former, the Windows Network Diagnostics Wizard opens and lets you state what type of problem you’re having if Windows doesn’t detect it automatically (Figure 6-27). The latter opens the Network And Sharing Center where you can review the most basic configurations, including whether the computer is connected to the Internet, part of a homegroup, part of a public or private network, and so on.

If the Windows Network Diagnostics Wizard doesn’t solve your problem, there are still a few options you can try before you turn to the more advanced tools. Return to Chapter 3, and review the options that enable you to reconfigure IP settings, networking settings, or change the network location; configure name resolution; and use command-line tools such as Ping, IPconfig, Netsh, and others to troubleshoot problems.

The Windows Network Diagnostics Wizard lets you state the type of problem you’re having.
Figure 6-27. The Windows Network Diagnostics Wizard lets you state the type of problem you’re having.

Performance Monitor (Perfmon.exe) lets you view your computer’s current performance. What you see is a snapshot, but you can use the information to uncover otherwise difficult-to-diagnose networking problems. For instance, you can monitor very specific performance data related to both the network adapter and the network interface. You can also monitor statistics related to the physical network interface card activity. You can monitor TCP/IP performance diagnostics, too, among other things. You create your own personal console views by adding counters for only the statistics you want to watch.

To understand what counters are available to add, open Performance Monitor and browse what’s available by following these steps:

  1. In a Run dialog box, type perfmon.exe and press Enter.

  2. In the left pane, click Performance Monitor. Note the single counter already configured: %ProcessorTime.

  3. Right-click inside the graph and click Add Counters. See Figure 6-28.

    Add counters to choose what statistics to monitor.
    Figure 6-28. Add counters to choose what statistics to monitor.

  4. Although you could browse to a different computer, verify Local Computer is selected in the Select Counters From Computer window.

  5. In the window under Local Computer, click the arrow beside Network Interface.

  6. Click Bytes Total/sec. See Figure 6-29.

  7. Click Add.

  8. If desired, select an option under Instances Of Selected Objects.

  9. Repeat to add any other counters you’d like to review.

  10. Click OK when finished.

    Add counters to choose what statistics to monitor.
    Figure 6-29. Add counters to choose what statistics to monitor.

  11. Inside the graph, click any line to see what it represents; in the list underneath the graph, click any line to see its representation on the graph.

  12. Deselect any counter instance to hide it on the graph.

  13. Right-click inside the graph to configure properties, save the image, remove all counters, and more.

More Info: Counters in Performance Monitor

For more information about the available counters in Performance Monitor, review this TechNet article: http://technet.microsoft.com/en-us/library/cc749249.aspx.

There’s a lot more you can learn about Performance Monitor, including how to create Data Collector Sets. A Data Collector Set can be used to monitor multiple data collections that can be incorporated into logs. You can configure the data collected so that Performance Monitor will generate alerts when thresholds are reached. To learn more about Data Collector Sets, refer to this TechNet article: http://technet.microsoft.com/en-us/library/cc749337.aspx. Beyond that you can create user-defined reports and view system reports. You can review Event Trace Sessions. Event trace data is collected from trace providers, which are components of the operating system or of individual applications that report actions or events. Output from multiple trace providers can be combined into a trace session.

As you can see, there’s quite a bit to Performance Monitor, and too much to discuss here. However, there are many resources available on the Internet, specifically from TechNet and MSDN. Make sure you familiarize yourself with this tool and the terms related to it before taking the exam.

Thought experiment: Monitor computers remotely

In this thought experiment, apply what you’ve learned about this objective. You can find answers to these questions in the “Answers” section at the end of this chapter.

You notice that a computer on your small business network is having performance problems. You suspect that this has to do with a desktop application you’ve recently installed. You want to monitor the computer remotely, specifically looking for errors that occur because of this application. Answer the following questions to state how you’d do this.

  1. What snap-in will you need to add to an MMC to access these kinds of errors on a remote computer?

  2. What kind of subscription would you create to best obtain the data on your small business network?

  3. What command must you enter on the source computer to enable Windows Remote Management?

  4. What command must you enter on the collector computer to enable the Windows Event Collector service?

  5. If you have problems with this event subscription, what ports must be enabled in the firewall to allow TCP, HTTP, and/or HTTPS traffic?

Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of this chapter.

Q:

1. Which tab of Task Manager would be most helpful in determining an overloaded CPU?

  1. App History

  2. Performance

  3. Startup

  4. Users

  5. Services

Q:

2. You use an application that saves files in a proprietary file format in a file folder it created on the root drive. You want to index these files. How do you do this?

  1. There is no need to do this. All file types are indexed by default. You can exclude files if desired, though.

  2. In the Indexing Options dialog box, click Modify. Then, click the File Types tab. Add the file type to index there.

  3. In the Indexing Options dialog box, right-click inside the Index These Locations window. Add the root drive as a location.

  4. In the Indexing Options dialog box, click Advanced. From there, click the File Types tab. Add the file type to index there.

Q:

3. Which of the following Windows logs in Event Viewer do not have anything in them by default? (Choose all that apply.)

  1. Application

  2. Security

  3. Setup

  4. System

  5. Forwarded Events

Q:

4. In Performance Monitor, what counter is always available in the Performance Monitor graph before any counters are added?

  1. No counters are added by default.

  2. Bytes Total/Sec

  3. % Processor Time

  4. Current Bandwidth

This section contains the solutions to the thought experiments and answers to the objective review questions in this chapter.

  1. A WSUS server

  2. Specify Intranet Microsoft Update Service Location

  3. Computer Configuration, Administrative Templates, Windows Components, Windows Update

  1. Correct Answer: C

    1. Incorrect: It is possible to remove the prompt to upgrade to Windows 8.1 in the Windows Store.

    2. Incorrect: You can configure whether apps are updated automatically from the Settings charm while in the Store, but this is not a place where you can remove specific app updates from the Store.

    3. Correct: You must set a Group Policy to remove that option here: Computer Configuration, Administrative Templates, Windows Components, Store.

    4. Incorrect: You can control the Store using AppLocker in an Active Directory domain, but you don’t have to do so in this instance.

  2. Correct Answer: B

    1. Incorrect: Windows Updates can include device drivers.

    2. Correct: Standard users can install drivers that have been downloaded from Windows Update without a UAC prompt.

    3. Incorrect: This is true: not all updates are installed even if you choose Install Updates Automatically (Recommended) from the Windows Update, Change Settings options.

    4. Incorrect: This is true: you can use PC Settings, Update and Recovery to quickly see if a client machine is configured to receive updates.

  3. Correct Answer: C

    1. Incorrect: Change Settings lets you change how and when updates are downloaded and installed.

    2. Incorrect: View Update History lets you view and sort updates by type, name, date, and other options, but offers no way to uninstall an update.

    3. Correct: Installed Updates is where you can uninstall a specific update.

    4. Incorrect: View Update History can’t be used to uninstall unwanted updates.

  4. Correct Answer: A

    1. Correct: When enabled, Windows Update will wake up a system to install the updates. If Windows Update wakes the system but discovers it is running on battery power, it will go back into hibernation in two minutes and will not install any updates.

    2. Incorrect:. When enabled, Windows Update will wake up a system to install the updates. If Windows Update wakes the system but discovers it is running on battery power, it will not install the updates; instead, it will go back into hibernation mode.

    3. Incorrect: When enabled, Windows Update will wake up a system to install the updates even if it is running on battery power.

    4. Incorrect: When enabled, Windows Update will wake up a system to install the updates.

  1. Mirrored. Simple does not support any fault tolerance, nor do striped or spanned disks. RAID-5 isn’t supported in Windows 8.1. That leaves mirrored, which will write the data two times, once to each disk. Although this will cause a performance hit, the client is not worried about this.

  2. No.

  3. They must be the same size.

  4. The basic disks will be converted to dynamic disks.

  1. Correct Answer: D

    1. Incorrect: You cannot create an 8 TB three-way mirror because you can’t use the disk with the operating system on it as part of the storage space. Thus, you only have two disks to work with.

    2. Incorrect: You cannot create a three-way mirror because you can’t use the disk with the operating system on it as part of the storage space.

    3. Incorrect: You cannot create a three-way parity because you can’t use the disk with the operating system on it as part of the storage space.

    4. Correct: You can create a 4 TB two-way mirror.

    5. Incorrect: You can create a two-way mirror that is larger than the capacity of the connected drives.

  2. Correct Answer: A

    1. Correct: Diskpart with the appropriate parameters can completely wipe the drive and partition table.

    2. Incorrect: Fsutil can’t be used to remove the files from the drive.

    3. Incorrect: Format lets you remove the data but does nothing with regard to the disk volumes and related partition tables.

    4. Incorrect: Format is not a valid option. Format lets you remove the data but does nothing with regard to the disk volumes and related partition tables.

  3. Correct Answer: B

    1. Incorrect: Fsutil is used to manage reparse points and dismount volumes.

    2. Correct: Chkdsk (Check Disk) scans for hard disk errors including bad storage blocks and attempts to repair them automatically.

    3. Incorrect: Disk Cleanup lets users safely delete temporary files, downloaded program installation files, and more to maintain a hard drive.

    4. Incorrect: Disk Defragmenter runs automatically in the background and is used to move fragmented files closer together so they are stored on contiguous hard drive sectors.

    5. Incorrect: Diskpart is used to create bootable USB drives, to create boot partitions, to manage drives, and to wipe files from drives, among other things.

    6. Incorrect: The Disk Management snap-in is used to manage installed drives and can be used to extend and shrink volumes, among other things.

  4. Correct Answer: B

    1. Incorrect: Dynamic disks configured as spanned volumes is a type of solution, but data is written sequentially onto the disks, which does nothing to improve the write time.

    2. Correct: Dynamic disks configured as striped volumes will write data in stripes to each disk (one disk at a time), increasing the write time.

    3. Incorrect: Only dynamic disks can be configured as mirrored volumes. However, mirrored volumes actually slow down the write time because data is written twice, once to each disk.

    4. Incorrect: Basic disks configured as primary volumes are just normal disks. This does not improve write time.

    5. Incorrect: Although dynamic disks can be configured as mirrored volumes, this does nothing to improve write time. In fact, data must be written two times, once to each disk, slowing write time.

  1. Event Viewer

  2. Collector initiated

  3. Winrm quickconfig

  4. Wecutil qc

  5. For event log subscriptions to be successfully configured, the firewalls on both must be configured to allow traffic on TCP port 80 for HTTP or on TCP port 443 for HTTPS.

  1. Correct Answer: B

    1. Incorrect: The App History tab lists the available apps and information about data usage. Although it does have a tab for CPU, because it only offers information about apps and not all aspects of the system, it is not the proper choice.

    2. Correct: The Performance tab offers an overview of CPU, Memory, Disk, Ethernet, Bluetooth, and Wi-Fi in the form of a graph. You can easily tell here if the CPU is overworked.

    3. Incorrect: The Startup tab lists the applications configured to start when Windows does. It does not offer a CPU tab.

    4. Incorrect: The Users tab shows who is logged on and what apps, services, and applications are running. Although it offers a CPU tab, what is shown there only relates to the selected user, not the entire system.

    5. Incorrect: The Services tab lists services and does not offer a CPU tab.

  2. Correct Answer: D

    1. Incorrect: All file types are not indexed by default, only those that Windows recognizes.

    2. Incorrect: You must click the Advanced option to add file types to the indexing list.

    3. Incorrect: This is not how you add areas of the hard drive to index. Additionally, it would be a bad idea to index the entire root drive.

    4. Correct: In the Indexing Options dialog box, click Advanced. From there, click the File Types tab. Add the file type to index there.

  3. Correct Answer: E

    1. Incorrect: Application does contain events.

    2. Incorrect: Security does contain events.

    3. Incorrect: Setup does contain events.

    4. Incorrect: System does contain events.

    5. Correct: Forwarded Events does not have any entries by default. You must choose the events you want to appear here by creating subscriptions.

  4. Correct Answer: C

    1. Incorrect: One counter is added by default: % Processor Time.

    2. Incorrect: Bytes Total/Sec is not shown by default and must be added from Network Adapter or Network Interface.

    3. Correct: % Processor Time is added by default.

    4. Incorrect: Current Bandwidth is not shown by default and must be added from Network Adapter or Network Interface.