Performance Analysis of Logs (PAL) and Server Performance Advisor (SPA) for Windows Server 2003

 If Performance Monitor Logs and Alerts is giving you an headache these tools will help you make your life easyer doing the performance analysis for you:

"Microsoft Windows Server 2003 Performance Advisor v2.0 is the latest version of Server Performance Advisor, which is a simple but robust tool that helps you diagnose the root causes of performance problems in a Microsoft Windows Server 2003 deployment. It measures the performance and use of resources by your computer to report on the parts that are stressed under workload. It does so by collecting performance data and generating comprehensive diagnostic reports that give you the data to easily analyze problems and develop corrective actions.
SPA provides several specialized reports, including a System Overview (focusing on CPU usage, Memory usage, busy files, busy TCP clients, top CPU consumers) and built-in template reports for server roles such as Active Directory, Internet Information System (IIS), DNS, Terminal Services, SQL, print spooler, and others. In fact, SPA is kind of a Performance Monitor tool that is integrated with Network Monitor and has a built-in logic that allows for easier understanding of the captured data and can help you identify clients or applications that are consuming resources on a server."

For more information click here : Petri IT Knowledgebase it is a great article. It was pointless for me to do the same article.

PAL (Performance Analysis of Logs) tool is a new and powerful tool that reads in a performance monitor counter log (any known format) and analyzes it using complex, but known thresholds (that are provided). The tool comes out-of-the-box with some predefined thresholds defined as high according to the Microsoft consulting/development but those can be adjusted to whatever you like.
The tool generates an HTML based report which graphically charts important performance counters and throws alerts when thresholds are exceeded. The thresholds are originally based on thresholds defined by the Microsoft product teams and members of Microsoft support, but continue to be expanded by this ongoing project. This tool is not a replacement of traditional performance analysis, but it automates the analysis of performance counter logs enough to save you time.

Features

• Thresholds files for most of the major Microsoft products such as IIS, MOSS, SQL Server, BizTalk, Exchange, and Active Directory.

• An easy to use GUI interface which makes creating batch files for the PAL.vbs script.

• A GUI editor for creating or editing your own threshold files.

• Creates an HTML based report for ease of copy/pasting into other applications.

• Analyzes performance counter logs for thresholds using thresholds that change their criteria based on the computer's role or hardware specs.

 You can download it from here.PAL is greater after me because you can use it on any operating system you like.(Tested on Windows 7, Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2)
Note: In Windows 2003 Server sp2 and Windows 2003 Server R2 sp2 it has a little bug that you can export the Treshold Files in html format only in the root folder of the application(C:\Program Files\PAL\PAL v2.0.7).
Another thing that is problematic is that you need to change your Regional and Language Options to Standards:English(United States) & Location:United States otherwise it won't run.

Both applications are free for home and business use.

How to start Windows Reliability and Performance Monitor with elevated privileges

To start Windows Reliability and Performance Monitor with elevated privileges

1. Click Start-->click All Programs-->click Accessories-->right-click Command Prompt, and click Run as Administrator.
2. Enter the user name and password of an account that is a member of the local Administrators group.
3. At the command prompt, type perfmon.exe and press ENTER. Windows Reliability and Performance Monitor will start in the Resource View page.

Note:

You can also start Resource View in its own window by typing perfmon /res or resmon at a command prompt(in cmd).

Network Bottlenecks Performance Counters

Network Bottlenecks

Network Interface\ Bytes Total/sec - is the rate at which bytes are sent and received over each network adapter;Network Interface\Bytes Total/sec is a sum of Network Interface\Bytes Received/sec and Network Interface\Bytes Sent/sec
Network Interface\ Bytes Sent/sec - this counter is self evident
Network Interface\ Bytes Received/sec - this counter is self evident
Network Interface\ Current Bandwidth - is an estimate of the current bandwidth of the network interface in bits per second (BPS). For interfaces that do not vary in bandwidth or for those where no accurate estimation can be made, this value is the nominal bandwidth.

UDP\ Datagrams Received/sec - the rate at which UDP datagrams are delivered to UDP users
UDP\ Datagrams Sent/sec - is the rate at which UDP datagrams are sent from the entity.
TCP\ Segments Sent/sec - is the rate at which segments are sent, including those on current connections, but excluding those containing only retransmitted bytes
TCP\ Segments Received/sec - is the rate at which segments are received, including those received in error. This count includes segments received on currently established connections

Server\ Bytes Total/sec - the number of bytes the server has sent to and received from the network. This value provides an overall indication of how busy the server is
Server\ Bytes Received/sec - this counter is self evident
Server\ Bytes Transmitted/sec - this counter is self evident

Network Interface\Output Queue Length - is the length of the output packet queue (in packets). If this is longer than two, there are delays and the bottleneck should be found and eliminated, if possible. Since the requests are queued by the Network Driver Interface Specification (NDIS) in this implementation, this will always be 0.
Network Interface\Packets Outbound Discarded - is the number of outbound packets that were chosen to be discarded even though no errors had been detected to prevent transmission. One possible reason for discarding packets could be to free up buffer space.
Network Interface\Packets Outbound Errors - is the number of outbound packets that could not be transmitted because of errors.You should check if someone upgraded the network driver recently.
Network Interface\Packets Received Discarded - is the number of inbound packets that were chosen to be discarded even though no errors had been detected to prevent their delivery to a higher-layer protocol. One possible reason for discarding packets could be to free up buffer space.
Network Interface\Packets Received Errors - is the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.

Hard Disk Bottlenecks Performance Counters

Hard Disk Bottlenecks

Physical Disk\Disk Transfers/sec – watch this counter for each physical disk and if it goes above 25 disk I/Os per second then you've got poor response time for your disk

Physical Disk\Idle Time - measures the percent time that your hard disk is idle during the measurement interval, and if you see this counter fall below 20% then you've likely got read/write requests queuing up for your disk which is unable to service these requests in a timely fashion;then is time for a new faster hard disk.

PhysicalDisk\Avg. Read Queue Length Should be less than 2

PhysicalDisk\Avg. Write Queue Length Should be less than 2

PhysicalDisk\ %Disk Time more than 50% indicates a bottleneck

diskperf - is a command line tool that can be used to start disk performance counters from cmd

Note. No counters should be monitored alone you need counters of all groups processor,memory,hard disk,network interface to make a valid decision .Otherwise you might be fulled by the results of only one counter

Memory Bottlenecks Performance Counters

Memory Bottlenecks

Memory\Available MBytes - if this counter is greater than 10% of the actual RAM in your machine then you probably have more than enough RAM and don't need to worry ;set an alert to trigger if it drops below 2% of the installed RAM ;

Memory\Pages/sec - indicates the number of paging operations to disk during the measuring interval ; you should create an Perfmon Alert for this counter when number of pages per second exceeds 50 per paging disk to alert you that you need more RAM.

Memory\PageFaults/sec - is the sum of hard and soft page faults

Process\Working Set - determine which process is consuming larger and larger amounts of RAM

Memory\Cache Bytes - which measures memory leaks; a reboot solves memory leakage into the non-paged pool;

Memory\Committed Bytes - If the value for committed bytes is greater than physical memory, then more RAM would help ;

Memory\Transition Faults/sec - which measures how often recently trimmed page on the standby

list are re-referenced ; if this counter value increases over time you have insufficient RAM

Page File\Usage (_Total) - create an alerter to notify if it exceeds 70.Then is the case to move the page file to another drive or split it across drives.

Hardware Bottlenecks Performance Counters

Hardware Bottlenecks

System\Context Switches/sec -measures how frequently the processor has to switch from user- to kernel-mode to handle a request from a thread running in user mode ; the heavier the workload running on your machine, the higher this counter will generally be, but over long term the value of this counter should remain fairly constant ;you should create a baseline and then create a Perfomance Monitor Alert for this counter.

Processor\Interrupts/sec (_Total) -if this counter with the above counter suddenly start increasing

it may be an indicating of a malfunctioning device ;over 40% you have a driver or hardware problem

Processor\Privileged Time (_Total) – if this counter increases too then you might have problemems with a device driver.

System Availability and Processor Performance Counters

System Avalilability

System\System Up Time - how many Seconds passed since your server's last restart

Process\Elapsed Time – time since winlogon process has started;monitor processes associated with specific applications and services to monitor the availability of these applications and services

Processor Bottlenecks

Processor\ Processor Time (_Total) - measures the total utilization of your processor by all running processes ;if you have a server with multiple processor then this counter measures the average processor utilization of your machine ;50%-healthy,50%-90% monitor or caution;over 91% critical the processor can't handle it.

Process\Processor Time – see what processes utilize most of the processors power;use all instances when you want to detect which process consumes most processor time;(Process Store – Excange,Process Inetinfo – IIS)

Processor\Privileged Time (_Total) - processor utilization for kernel processes;the server is underpowered;constantly over 75% indicates a bottleneck

Processor\User Time (_Total) - show processor utilization for user-mode processes ;if this counter is high you have to many roles installed on this server

System\Processor Queue Length - how many threads are waiting for execution ; if you have multiple roles installed and the counter value is over 8 you have a problem;if you have multiple processors or cores this number will be divided amongs them;then the queue lenght per processor/core must not be over 2;

What should I do if I can't remove or reinstall Microsoft Office ?

For Office XP or Office 2003

1. Insert the first disk of your Office CD set in the CD-ROM drive.
2.Right click and open the cd. DO NOT RUN THE INSTALLER.
3. Search for the file : Offcln.exe.(you can use the search from explorer).Run it.

User State Migration Tool-How to migrate user accounts and user settings

1. Log on to the source computer as an administrator, and specify:
   
   scanstate \\fileserver\migration\mystore /i:miguser.xml /i:migapp.xml /o
   
   
2. Log on to the destination computer as an administrator.
   
   
3. Do one of the following:
   
   
   • If you are migrating domain accounts, specify:
     
     loadstate \\fileserver\migration\mystore /i:miguser.xml /i:migapp.xml
     
     
   • If you are migrating local accounts along with domain accounts, specify:
     
     loadstate \\fileserver\migration\mystore /i:miguser.xml /i:migapp.xml /lac /lae
     

Can't Creat a Performance log alerter

Start the Performance Logs and Alerts service by using the Local System account instead of the Network Service account:

1. Click Start, click Run, type services.msc in the Open box, and then click OK.
2. In the Name list, double-click Performance Logs and Alerts.
3. Click the Log On tab, click Local System account, click Apply, and then click OK.
4. Quit the Services dialog box, and then restart the ISA Server performance counter log.

Changing System Restore Options in the Windows Registry

In most situations, the default System Restore operation is satisfactory. However
there might be situations in which you need to change how System Restore functions. There are four settings that you can change in the Windows Registry tha affect the intervals System Restore uses when creating automatic restore point and the disk space it uses.
Each of these settings is located in the HKEY_LOCAL_MACHINE\SOFT
WARE\Microsoft\Windows NT\CurrentVersion\SystemRestore subkey.
These settings include the following:
1.RPSessionInterval This setting specifies the intervals, in seconds between scheduled restore-point creations during an active user session. The default value is 0 seconds (disabled).
2.RPGlobalInterval This setting specifies the time interval, in seconds, a which scheduled restore points are created (regardless of whether or no there is an active user session). The default value is 86,400 seconds (24 hours).
3.RPLifeInterval This setting specifies the time interval, in seconds, for which restore points are kept. System Restore deletes restore points older than the specified value. The default value is 7,776,000 seconds (90 days).
4.DiskPercent This setting specifies the maximum amount of disk space on each drive that System Restore can use. This value is specified as a percentage of the total drive space. The default value is 12 percent.

File Encription with Cipher

The Cipher command provides the capability to encrypt and decrypt files and folders
from a command prompt. The following example shows the available switches for the
Cipher command:

cipher [/e | /d] [/s:folder_name] [/a] [/i] [/f] [/q] [/h] [/k] [file_name [...]]

/e Encrypts the specified folders. Folders are marked so any files that are added later are encrypted.
/d Decrypts the specified folders. Folders are marked so any files that are added later are not encrypted.
/s Performs the specified operation on files in the given folder and all subfolders.
/a Performs the specified operation on files as well as folders. Encrypted files could be decrypted when modified if the parent folder is not encrypted. Encrypt the file and the parent folder to avoid problems.
/i Continues performing the specified operation even after errors have occurred. By default, Cipher stops when an error is encountered.
/f Forces the encryption operation on all specified files, even those that are already encrypted. Files that are already encrypted are skipped by default.
/q Reports only the most essential information.
/h Displays files with the hidden or system attributes, which are not shown by
default.
/k Creates a new file encryption key for the user running the Cipher command. Using this option causes the Cipher command to ignore all other options.
file_name specifies a pattern, file, or folder.

Create a Run Shortcut

You can create a shortcut to the Run command. Simply select the Run command on the Start menu, and drag it to the Quick Launch toolbar or to Desktop. The new shortcut uses the same icon, so it's easy to identify.

Hot to use Run As in Comman Prompt

About runas

Enables a user to execute a program on another computer as yourself or as another user.

syntax

RUNAS [/profile] [/env] [/netonly] /user: program

/profile if the user's profile needs to be loaded
/env to use current environment instead of user's.
/netonly use if the credentials specified are for remote access only.
/user should be in form USER@DOMAIN or DOMAIN\USER
program command line for EXE. See below for examples

Examples:
runas /profile /user:mymachinename\administrator cmd
runas /profile /env /user:mydomain\admin "mmc %windir%\system32\gpedit.msc"
runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""

How to permit restricted users to creat shared folders

Create permanent shared objects

This user right determines which accounts can be used by processes to create a directory object in the Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and Windows Server 2003 family object manager.

You can configure this security setting by opening the appropriate group policy object and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create Permanent Shared Objects (add users group or domain users group).Reboot PC done.

I can't open my stick from my computer

Today I met a stick malware that stops your from accesing your USB from my computer.
This is a malware that is very annoing and is spreads very fast thru your stick.No antivirus i tried coul'd find it.The problem is that it spreads on the computer that you put your stick in and if another person puts his stick in the infected computer it infects that stick too.
I found a malware remover ComboFix.exe that removes it finnaly.Good luck

Windows domain using a ntp time server how to

If you want your Domain Controllers to be in sync especially if you are in Eastern Europe Contry's windows 2000 server does not know when the time changes on the other hand the windows 2003 server knows and where i work they are primary and aditional DC.
So what to do make them bouth use the same external ntp time server.

Step 1

Run-->cmd

Step 2

Type net time /setsntp:1.ro.pool.ntp.org (ntp_server adress)

Step 3 restart the time service

net stop w32time
net start w32time

Step 4

Verify the ntp server was added to registry.Type:
net time /querysntp

If you want to stop using ntp server type:
net time /setsntp
and restart the time server like i showd you above.

According to posts in Usenet newsgroups, the following sequence of commands (entered at the command prompt) fixes timekeeping problems under Windows XP:
net stop w32time
w32tm /unregister [ignore error message]
w32tm /unregister [enter a second time]
w32tm /register
net start w32time

Change Microsoft Office 2007 License Key

Follow these steps:

1. Close all Microsoft Office applications.

2. Click Start, click Run, type regedit in the Open box, and then click OK.

3. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Registration

Note You may also find another subkey that resembles the following subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Registration\{91120000-0011-0000-0000-0000000FF1CE}

4. If you find additional subkeys that reference Microsoft 12.0 registration, open each subkey, and then identify the product by the ProductName entry.
For example: ProductName=Microsoft Office Professional Plus 2007

5. When you find the subkey for the product from which you want to remove the existing product license key, delete the following entries:
* DigitalProductID
* ProductID

6. Exit Registry Editor.

The next time that you try to run an Office application, you will be prompted for a new product license key. Then, you can enter the product license key.That's it.

How to find open ports on a computer on windows machines

To find open ports on a computer, you can use netstat command line.

1. To display all open ports, open DOS command, type netstat and press Enter.
2. To list all listening ports, use netstat -an |find /i "listening" command.
3. To see what ports your computer actually communicates with, use netstat -an |find /i "established"
4. To find specified open port, use find switch. For example, to find if the port 445 is open or not, do netstat -an |find /i "445".
5. You can use PULIST from the Windows Resource Kit to find which process is using a specified port. For example, pulist |find /i "4125" may display

Move the Favorites folder

1.run->regedit

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

There you will find the path
Replace the path and presto

ex:C:\Favorites