The Computer Management window includes an important set of management tools that you can reach two ways:
From the Start menu, right-click Computer, select Manage.
From Administrative Tools, select Computer Management.
Either method opens the Microsoft Management Console (MMC), a UAC-protected feature in Windows 7. MMC (see Figure 1)
provides one-stop access to the major system management features in
Windows 7 and, through its use of snap-in extensions, additional
management tasks as well. When you start Computer Management, Windows 7
launches MMC and installs the Computer Management snap-in extension.
Computer Management provides easy access to the following tasks:
Managing local users and groups
Managing shared devices and drives
Checking system event logs containing information such as logon times and application errors
Seeing which remote users are logged in to the system
Viewing currently running system services, starting and stopping them, and setting automatic startup times for them
Managing server applications and services such as the Indexing service and web services
The Computer Management tool looks similar to the familiar Windows Explorer. It uses a three-pane view, with the console tree
(for navigation and tool selection) in the left pane, details of the
active item shown in the center pane, and actions that can be performed
on the selected item in the right pane.
Items in the tree are called nodes (akin to folders in Explorer). The three nodes in Computer Management are as follows:
The System Tools section of Computer Management contains the following tools:
Task Scheduler— A utility program for automating execution of programs.
Event Viewer— Used to view the event details contained in the Application, Security, and System logs. This tool is discussed shortly.
Shared Folders— Used to manage shared folders and remote users accessing shared folders.
Local Users and Groups— Used to manage local user accounts and groups.
Performance.
Device Manager
The
Storage section contains the Disk Management tool, which is used to
define new drives as Basic or Dynamic, create/delete/manage partitions
and volumes, format, assign drive letters, and so on.
As you would
expect, you can conduct administrative chores by selecting a tool in
the console tree and then clicking items in the center pane. When you
select an item in the center pane, views and actions (right pane)
change as appropriate for that item, typically displaying attributes of
the item or tool you selected. For example, the Local Users and Groups
branch can display the names and properties of all the users on the
machine.
Explore with the interface to
uncover all that is available from these three “little” nodes in the
left pane. However, avoid making any changes or modifications (where
possible) unless you know what effects your alterations will have.
You’ll be surprised. Open each node by clicking the right arrow. If you
use the default Detail view, some helpful information about various
items in the right pane is displayed along with the items in most cases.
By
default, you manage the local computer. To manage a remote computer
(assuming you have permission), right-click the topmost item in the
tree—Computer Management (Local)—and choose Connect to Another Computer.
Experienced
system managers may want to go to Computer Management and dig through
submenus themselves, but the Administrative Tools window, as we’ve
already seen (refer to Figure 23.32), provides shortcuts to the most
significant features of the MMC, most of which will be discussed in the
following sections.
1. Task Scheduler
Task
Scheduler can be run from the Administrative Tools window in Control
Panel, the System Tools node in Computer Management, or from the Start
menu (All Programs, Accessories, System Tools, Task Scheduler). Using
Task Scheduler, you can set up any program or script (or even open a
document) to be run automatically at predetermined times. This utility
is very useful for running system maintenance programs or your own
scripts and programs when you can’t be around to execute them manually.
2. Event Viewer
Event
Viewer is an administrative application used to view the log files that
record hardware, software, and system problems and security events. You
can think of an “event” as any occurrence of significance to the OS.
Logs are useful because, like a seismograph in earthquake country or a
black box in an airplane, they provide a historical record of when
events occurred. For example, you can see when services were started,
stopped, paused, and resumed; when hardware failed to start properly;
when a user attempted to access protected files; or when a user
attempted to remove a printer over which the user doesn’t have control.
The logs report the level of danger to the system, as you can see in Figure 2.
Event Viewer can be accessed directly from the Administrative Tools
window or from the Event Viewer section of the MMC. It is protected by
UAC and contains four nodes:
The
logging features built in to Windows 7 record all types of events,
including many that never trigger an error message but can inform you
of various problems or potential problems with your system’s
configuration.
Types of Log Files
Windows 7 generates five primary logs (files) in its Windows Logs category. These logs are explained in Table 1.
Table 1. Windows Log Files
Type of Log | Description |
---|
Application log | Contains
events logged by applications or programs. For example, a database
program might record a file error in the Application log. The program
developer decides which events to record. |
Security log | Can
record security events such as valid and invalid logon attempts, as
well as events related to resource use such as creating, opening, or
deleting files. An administrator can specify which events are recorded
in the Security log. For example, if you have enabled logon auditing,
attempts to log on to the system are recorded in the Security log. |
Setup log | Contains entries pertaining to the installation and activation of updates for Windows 7 and its components. |
System log | Contains
numerous entries pertaining to system events such as booting up,
shutting down, loading drivers, and errors with hardware conflicts. For
example, the failure of a driver or other system component to load
during startup is recorded in the System log. The event types logged by
system components are predetermined by Windows 7 and cannot be altered
by the user or administrator. |
Forwarded events | Contains
entries pertaining to events forwarded to another computer that has
subscribed to these events. Use this feature to monitor events on a
remote computer by configuring the monitoring computer to subscribe to
events on the remote computer, and by configuring the remote computer
to forward events to the monitoring computer. |
Windows
7 also generates many additional logs in other categories. Under the
Custom Views node, the Administrative Events log file displays errors
and warnings derived from the Application and System logs. It’s a
convenient way to view problems in a single location. Under the
Application and Services Logs node, Windows 7 includes many empty log
files (DFS Replication, Hardware Events, Internet Explorer, Key
Management Services, and Media Center), which can be enabled by using
the Windows Event Collector Utility (wecutil.exe) to subscribe to the appropriate event. Open the Microsoft and Windows nodes to view logs of many Windows 7 features.
Now
that you have a basic understanding, let’s consider Event Viewer, an
application that displays each of the log files and also lets you do
the following:
Apply sorting, searching, and filtering that make it easier to look for specific events
Control settings that affect future log entries, such as maximum log size and the time old entries should be deleted
Note
Only
a user with Administrative privileges can work with the Security log.
Any user can view the Application and System logs, however. |
Clear all log entries to start a log from scratch
Archive logs on disk for later examination and load those files when needed
Overview and Summary
When you open Event Viewer, it opens an Overview and Summary of administrative events (shown earlier in Figure 3).
You might want to switch Event Viewer to full-screen mode and drag the
dividers between panes, to see all the details at once.
The Overview and Summary displays five categories, listed in order from most serious to least serious:
Critical
Error
Warning
Information
Audit Success
To
help you more quickly determine any trouble spots in your system, each
category totals up events in the last hour, last 24 hours, last 7 days,
and a grand total. On the system shown in Figure 3,
one error event has taken place in the last hour, but 188 error events
have been logged in the last 24 hours. To expand a category, click the
plus (+) sign next to the category name.
Viewing Event Details
To view the details of a particular event, double-click it. Figure 3 displays the details for an Error event.
The
General tab displays an overview of the log entry. To see the log entry
in its native XML format, click the Details tab. XML View is selected
by default. To return to the previous view, use the back (left arrow)
button at the top of the Event Viewer dialog box.
Event Viewer Actions
Windows
7’s Event Viewer makes actions easy to use by displaying them in the
Actions pane on the right side of the dialog box at all times. By using
the Actions pane, you can create or import custom views, connect to
another computer to view its events, view all instances of a particular
problem or event, view event properties, save events, and filter the
current log.