Built-in Windows monitoring tools

- [Instructor] Sysadmins can use monitoring tools to tell how their Windows servers and clients are running. There's also monitoring tools for Linux and Macintosh as well, but I'll be focusing just on Windows servers for this video. The first thing I'd like to show is going to be the Task Manager, and I can get there by right-clicking on the task bar at the bottom and clicking on Task Manager. Now many sysadmins already have a lot of experience with the Task Manager, but there may be some new things you can learn. For instance, we can right-click anywhere on the processes area, and we can add in various different additional columns. The Process ID is very important because it tells us the ID of the application or the executable that's running. And it also matches up to the Details and Services tabs, where you can match up the ID from the service, to the executable, to the process, and that can help us troubleshoot which particular executable or service may be causing problems. If we have a stuck application or process, then we can certainly right-click on it and choose to end that task, and then that will cause that to go away. Now certain processes you may end up causing to have the server crash or you may get a message saying you don't have the rights to do that. And that does happen with specific types, so it's a good idea to fully understand what you're about to end before you right-click and end it. However, if it says that it's stuck, it's usually a good idea to go ahead and try to end it. Under the Services tab, here's where we see services that match up to the Services utility. So if you go into Server Manager, Tools, Services, you'll see that. However, what you'll find is the names are not the same here, as you see, when you go to Server Manager, and you go to Tools, and you go to Services. They're a little bit more cryptic in our Task Manager. However, there is a way to get around that. So, for instance, we can see Active Directory Domain Services here. So if I double-click on it, then we can usually see that the name here matches up to the description that you'll see here. So even though the name shows as NTDS, it matches up in the description, so that's how we know it's the same thing. And each one of these descriptions matches up pretty well to the services that you see in the Services utility. If we go to Details, we can see all the executables that are matched up. Now if I right-click on a service, for instance, and I choose Go to details, we can see the servicehost.exe, which is the process ID 3668, matches up to that service that we had right-clicked on. So what that tells me is if I'm in Details and I see servicehost.exe, I may not know what service that is tied to, so I can go to Services and see that. And it works both ways. I can right-click here and choose Go to service, and it shows me that service. If I go to Users, I can see what users are logged into the server. And I found more than one hacker this way. So if I go into Users, and I see someone logged in that shouldn't be logged into the server, then I know that that server might have been hacked. I can right-click and end their session by choosing Disconnect, and then I can disconnect the server, and then I can use my Event Logs and Task Manager to see what they might have been doing. If I go to Performance, this is a great way to see whether my CPU, memory, or network is being overly taxed. And this doesn't give me a lot of information. It just gives me really general information. So I can get better information by going down here to where it says Resource Monitor. I can also open this from my Tools menu and Server Manager as well. So what this does is it gives me granular access to what each of the different executables and services are doing based on memory, network, CPU, and something you don't see in Task Manager, disk as well. So I can highlight any particular one, and I can see, for instance, on the disk side, the read, the write, the total bytes per second that's being used. If I see something that's out of place, then I can end up going back into the Task Manager. I can end that task or restart the service, whatever needs to be done. Instead of seeing everything on one page, I can also go into each of the tabs for each of these different items. And it gives me even more granular information, such as TCP Connections on my network. I can see what type of connections, the executables that go along with them, the remote IP address that's connected to them as well. Now, in this case, this is the IP address on the server itself, but you're going to see, sometimes, as you see here, some other IP addresses as well. Another tool that sysadmin should be very well informed about is the System Information. You can get there by just typing system information in the search box, and it gives us a lot of information all at once about our computer. It tells us, on the right-hand side, under the System Summary, things like the Operating System Manufacturer, System Type, BIOS Mode, which we see is UEFI. We see Secure Boot is turned on, all these different things. And if I go into Hardware Resources or Components, I can drill down to various pieces of information, such as the Display. And sysadmins can use this to help them update drivers. If you need to update a driver, say for a graphics card, then you don't really want to have to shut down the server and then open it up and pull the card out to see what it is. You can go here to see exactly what type of device that you have. And then you can go to the manufacturer website and do your updates. And you can do that with each of the different device components that you see here. If we go into Software Environment, we can also see Drivers, and Variables, Print Jobs, Running Tasks, things like that, that can really help us with troubleshooting our environment, and we can use that in conjunction with our Task Manager and Resource Monitor as well. Monitoring tools can definitely help us know the state of our computers and where we need to troubleshoot if monitoring goes offline.