Behind The Scenes

[#netwkdoc]: Network documentation

Inexperienced users may mock the concept as a waste of time, but those who have remotely troubleshot many networks with various levels of documentation may know that having information available can save huge amounts of time, particularly when dealing with problems which is when the impact of time savings may be most significant. Even information which can be looked up fairly quickly when connected to a remote system might be information able to be gathered faster by opening up a documentation file and instantiating a search rather than running a program that handles remote connections and then instantiating a connection (particularly if documentation will need to be consulted to help make the remote connection, including authentication).

However, many people starting to document something may just take lots of notes in such a disorganized fashion that finding the information in documentation may take a while, and even take longer than some other methods. This page has some skeletal forms which may help.

[#vrtualiz]: Virtualization
Using Virtual machine software

This is considered a “behind the scenes” task, because ideally an average end user should not typically notice any real difference if an IT administrator moves a machine from a physical hardware setup to a virtualization setup.

Creating a virtual machine
[#inidcmvm]: Initial items to decide when creating a virtual machine

One may wish to document some additional details, such as what IP address the machine will use. An example skeletal form of key system info. If a main collection of documentation for a network/computer has not yet been established, create one. Copy the documentation about this system into the main documentation file.

TOOGAM's Multi-VM tutorial has information about setting up multiple virtual machines, including reference to TOOGAM's tutorial on making a single virtual machine.

[#mkcompat]: Compatability

Software is designed to run on a supported platform. This same software does not work on unsupported platforms. However, a computer environment which is an unsupported platform may be able to be changed so that it does run software designed for a specific platform. This compatibility can often occur by using software that is intentionally designed to provide compatibility.

One option would be to run a virtual machine, although that may use more resources. Therefore, it may not be the most ideal solution, but do keep in mind that it may be an available solution to fall back onto if another solution isn't found. Details about setting up a virtual machine are covered by the section on virtualization.

An emulator is often software that provides compatability, and often this is implemented by creating a virtual machine. However, the term “emulation” can commonly refer to other methods of making software compatible, such as the Linux emulation of OpenBSD (available in prior versions).

Microsoft Windows
See the emulation software for a platform offering compatibility with “Microsoft Windows” code (e.g. Wine), and the list of options related to the Platform of operating systems, and other software, commonly marketed/described as having code meant to run programs that run under “Microsoft Windows” (and compatible platforms).

One option may be to use DOS-compatible operating environments and/or clones/emualators. Wine supports DOS on many platforms. (Wine does not support DOS in some platforms.)

The software called DOSBox is highly praised. News about Wine notes that Wine 1.3.12 has started to integrate code from DOSBox.

DOSEMU is available for Linux (on some hardware architectures).

Linux emulation by BSD
  1. Know that there is likely to be some documentation on the subject.
    OpenBSD documentation about Linux compatibility

    OpenBSD Journal @ : Linux Emulation goes to the great bitbucket of the sky describes OpenBSD dropping support for Linux emulation.

    Here are some older references: OpenBSD FAQ on running Linux binaries (FAQ 9.4), OpenBSD 5.9 Manual Page called “compat_linux” (alternate URL: OpenBSD 5.9 Manual Page called “compat_linux”), OpenBSD 4.9 Manual Page for compat_aout, OpenBSD Manual Page for the mount_procfs command

  2. Kernel support may be needed. This is not an issue if the kernel already has support built-in.
  3. Set a sysctl to enable the emulation. The name of the sysctl may be covered by documentation.
  4. Enable support for /proc. (This may be less impactful than installing a software package to increase compatibility, although just mounting /proc might also be easier and quicker to implement.) (Perhaps this is done when installing a software package to increase compatibility?)
  5. Install a software package to increase compatibility further. For instance, OpenBSD has a package called “fedora/base” (by OpenBSD FAQ on running Linux binaries (FAQ 9.4)), which has fedora_base* as a filespec.
  6. If all else fails, do actually try reading documentation.
  7. If all else still fails, alternative measures may be needed, such as software development to help improve compatibility or getting the developer(s) of the troublesome software to build an OpenBSD port. The latter step may involve becoming part of the software development team. Note that this may be the most worthwhile solution, but is not expected to always be anywhere close to being a solution that is easy to implement.
[#javaplat]: Java and related languages

Java is the name of a programming language. The programs made in Java are usually “compiled” from source code form into “byte code” form. The Java byte code interpretor exists in multiple platforms.

One thing which is widely believed to have helped Java gain some early popularity was Microsoft's previous support for Java. Java support came with a Microsoft product (either Internet Explorer or Windows) and so end users could support Java easily without requiring a separate download. That situation has since changed.

Microsoft has released some programming tools (as part of Visual Studio) for a programming language called J++. Essentially, J++ was Microsoft's proprietary version of Java while Java remained under control of Sun Microsystems. Microsoft did make some differences between Java and J++. An infuriated Sun Microsystems sued Microsoft for making their implementation of the language incompatible. Since then, Microsoft has stopped releasing Visual J++ as well as J# (which is pronounced as “J Sharp”). Additionally, the Microsoft Java Virtual Machine (“MSJVM”) has been discontinued. Microsoft's page about MSJVM's support says, “The MSJVM reached the end of its life as of June 30, 2009. Customers are encouraged to take proactive measures to stay informed about obsolete software and move away from the MSJVM in a timely fashion. The MSJVM is no longer available for distribution from Microsoft and there will be no enhancements to the MSJVM.”

Installing a Java Virtual Machine (“JVM”)

The Java Development Kit (“JDK”) usually or always contains the code used to run Java code. There may be a different way to get Java to work, although in some cases that had been a recommended way to get Java to work. For example, OpenBSD's FAQ 8: section on the Java browser plugin has started out by saying “The Java plugin is part of the Java Development Toolkit (JDK).” So, if another, slimmer, slicker ways do not work, consider that to be an option. For more information on installing and/or using the JDK, see the section on coding. (Such information may not yet be on this site.)

A smaller distribution of files to support Java has generally been made available by Sun Microsystems. The exact name of this release has varied: Names have included “Java Runtime Environment” (“JRE”), Java 2 Standard Edition (“J2SE”) (for version 1.2/2.0 through 5.0), and “Java Standard Edition” (“Java SE”) (for version 1.6/6.0). There are other variations including Enterprise Edition and Micro Edition.

Emulation in OpenBSD
Although there is OpenBSD 4.7's man page for compat_hpux - setup for running HP-UX binaries under emulation, this emulation was removed from OpenBSD 4.8.
Emulation in OpenBSD
OpenBSD man page for compat_ultrix - setup for running Ultrix binaries under emulation
OpenBSD 4.9 manual page called compat_freebsd, but OpenBSD 5.0 changelog notes support for this being removed.
Generic/Other platforms

In Unix, helpful manual pages might be found by running “ apropos compat_ ” In OpenBSD, OpenBSD Manual Page for kernel “options”: section about compatibility options may list some options that require specific kernel support.

Compatability note: OpenBSD -current, after 4.8 was created but before CDs were received, noted “Removed support for loading 64bits kernels from cdboot(8/HPPA).”

[#disasrec]: Disaster Recovery

There may be multiple names for this, such as “Disaster Recovery” efforts that involve using a “Business Continuity Plan”. Details about backups are in this section.

See Disaster Recovery.

[#protsoft]: Protection Software
[#antimalw]: Anti-Malware software
Anti-Virus, Anti-Spyware, etc.
Controlling unsolicited E-Mail
For further details, see the page about protection software.
File integrity checking
For further details, see the page about protection software.
Code signing
For further details, see the page about protection software.
[#sftwinst]: Software installation/updates
Operating System components
[#swpkmgmt]: “Software package (management/installation) systems”/“Software distribution systems”
[#pkgtools]: pkg_*
Setting respositories
Recommended settings for OpenBSD
Recommended settings for FreeBSD

Notes about archived versions being moved from the original location

Finding software/listing software available
Using websites, or downloading a list of ports and searching through that information
Installing software
In OpenBSD
Details on “ pkg_add -ivv package_name
In FreeBSD
Verification needed: If getting from the main repository, one may simply use “ pkg_add -r package_name ” may be one option.
Showing installed software
Removing software
Checking for updates
Updating software
To find out if there is an update to the software, see the section on updating software. This section is simply a quick guide on how to apply updates using this package management software.
Setting respositories
Finding software / listing software available
Installing software
Showing installed software
Removing software
Checking for updates
Updating software
Microsoft Windows
In the Control Panel of Windows 95, there is a control panel applet related to showing programs. Additionally, third party package management software does exist. Additionally, there are popular archives. Some recommended ones include:, DevEdge's list of popular Firefox add-ons, TOOGAM's software archive, SysInternals, SourceForge (also having a lot of software for platforms other than Microsoft Windows)
Updating software

Updates in software are often able to be implemented in one of two basic ways: applying an update to the older software, or completely removing the older software and then installing the newer software. Using an update may be faster, and may be smaller to download than an entire newer version.

Some software will have an option to automatically check for updates. The clearest example of this may be anti-malware software, where updates are generally considered essential to continue to be decently useful. A well-done implementation is Firefox, which informs users (and may automatically download) when the program is started. A comparatively poor method used by some software is to run a special program whenever the operating system starts up. This method not only increases the time of the system's startup process before the system is decently useful, but ends up costing resources even if a user has stopped using the software.

Some software will come with a method to update the software. In some cases, updates may be checked for by going to the program's “Help” menu. (e.g. Adobe Reader?) In a small number of cases, Windows Control Panel may have a control panel applet for the software (e.g. Java (what? JRE?), QuickTime?) and that control panel application may have an option for updating.

Software that supports package systems, such as pkg_*, apt, and yum, may often have a way to update software. This can be advantageous. Instead of the developer's sites needing to support bandwidth, software repositories dedicated to sharing software can take on the role of providing the bandwidth. Administrators of a computer system or a network of computer systems can roll out updates of multiple pieces of software at a time when it is convenient for the administrator to spend time implementing the updates and when there will likely be time for handling the additional support that updates may cause. The Administrator may also be able to use a rather uniform process to roll back an update on multiple computer systems if the update ends up being problematic.

Automatic updates may be applied in some cases. Centralized updates may be applied in some cases, and individuals wishing to upgrade earlier might be barred (by security permissions) to perform that task (or they might be allowed to do so at their own risk).

Updates may be made available from a vendor.

Wayback Machine @ cache of a page about updating OpenBSD (info from, Wayback Machine @ cache of a page about More Packages for OpenBSD

Power Management

Benefits include longer runtime when on battery power, lower costs, less unnecessary heat, and increased help regarding sustainability of natural resources.

Currently details may be in the hardware section.

Hardware Testing/Repair/Optimizing

Hopefully testing is behind the scenes. Repair may not be entirely behind the scenes, as people may notice the improvement as something becomes functional again. However, hopefully the choice of whether to repair, or completely replace, is fairly transparent.

Hard drives, memory, network

[#opthardw]: Optimizing hardware

There may be options, such as optimizing for speed, optimizing for low power usage, and/or other optimizations designed to help increase longevity.

It may be useful to create a baseline before making changes, and to be familiar with system performance monitoring/reporting so that the impact of changes can be noticed.

Perhaps some of this should be moved to the hardware section?

Speed testing: overview

The concept of “speed” can be quite subjective. Some systems are sufficiently fast in what they are designed to do, such as handling network requests and/or serving data from a disk, even if the system is comparitively slow in other areas, such as processing numbers with a fast processor. This brings up two points: the part that will matter the most is likely to be the “weakest link in the chain”. The second is that measuring one method of speed may not provide relevant information on a system which is suffering in another area. Therefore, there are multiple methods to measure speed. Some of these methods will be more useful in some situations, dealing with some computers, than other methods.

Testing in Unix

In traditional, historical Unix operating systems, many pieces of software may output to standard output. Any sort of test which regularly reads or writes data to a file, or any sort of “device” which acts like a file, can have speed measured in real time using a program (which might frequently need to be downloaded separately) called pv. Note that this might not be a great method to benchmark: CStream web page notes that accessing /dev/null and /dev/zero may have results showing that “speed varies greatly among operating systems, redirecting from” (such a special “device”) “isn't appropriate benchmarking and a waste of resources anyway.” Examples of using pv shows some various tests, such as network speed.

Any program which regularly shows some output in comparison to its performance also should be able to be captuerd. At least, that seems like a good theory. Can it be put to the test, for example, by somehow piping the hash marks from the simple default command line ftp client?

Testing in Windows


Disk optimizing
Optimizing disk Speed/wear/tear

First, an obsolete tip: if using PATA, check the cables. An “All-in-One” book by Mike Meyers @ Total Seminar, about the CompTIA A+ Exam (probably 7th Edition?), on page 415 says, “If you plug an ATA/66 drive into an older controller, it will work—just not in ATA/66 mode. The only risky action is to use an ATA/66 controller and hard drive with a non-ATA/66 cable. Doing so will amost certainly cause nasty data losses!” However, this doesn't mean to avoid such controllers or drives: the recommended method was to upgrade the cables. (A more modern recommendation may be to simply upgrade/replace such older equipment.) In cases where using 40-pin cables with newer hard drives doesn't cause data loss, they can still cause slowdowns for newer PATA drives. Check if the cables are using 80-wires or 40. (Counting the pins is not a valid way to do this.) Newer cables may also have a blue end for the motherboard, a black connector on the opposite end for a Master cable-select option, and a gray connector in the middle. If using a cable that doesn't fully support the drive's features, replace the cable. (They are probably available for inexpensive prices if they can be found. An online auction site may be an effective way to find at least one supplier.)

The most well known method of optimizing may be “defragmentation”, although there are other methods (such as placing executables in a file system in a way so they may load faster, or storing data in a location where a drive is anticipated to be physically faster to read from than other physical locations on the drive.) For further details, see the section about handling data: section about optimizing volumes.

Other disk features
Redundancy (e.g. RAID)
Optmizing power usage
Details may currently be available in the hardware section (in the section about “power management” and/or possibly some details in the section about electrical power).
Optimizing disk longevity
e.g. parking old hard drives
Memory optimizing
Having more memory is generally best. Having enough disk space for a decent sized swap file may be good. Running unnecessary programs may hurt memory usage (as well as take time when the program starts up). Using newer software/firmware may help this in some cases, while other times the newer software may be bloated and hurt this endeavor. (Unfortunately in such cases, using newer software is often recommended despite this cost, primarily so that security updates are applied.) In MS-DOS, placing programs in certain areas of memory could be helpful.
Network optimizing

To see how much network bandwidth exists, see network bandwidth testing. Perhaps some other topics may contain information that could somehow be releated to this, and be useful: Perhaps see: logging network traffic or network sniffing.

[#dlpotspd]: Dial-up modem speed

Presumably, the best way to increase commuication speed on a computer using a dial-up modem is to start using more modern technology. Even modern wireless technology will typically slaughter the speeds of the more limited connections of using the “dial-up” connections used for wired telephone lines.

[#atselevn]: General advice that helps in most cases

Usually using tone dialing is the default, but if not, switching to tone dialing can be a method to speed up the dialing process.

In most cases, using ATS11=40 (or higher numbers after the equal sign if needed, such as ATS11=55 or maybe even ATS11=60) causes a faster total dial time. (The dial tone may actually play longer (senselessly?), but then the actual dialing goes quicker.) This does not affect the connect time after connected.

Note, however, that sometimes a value that is too low may be too fast (every time, or perhaps even only occassionally) when a modem is at a certain location. When a modem moves to another location, there may need to be a change if someone used trial and error to maximize speed (by minimizing the number) at another location. A value like ATS11=60 or maybe even ATS11=55 may work in more locations than the faster ATS11=40 value.

Using the right hardware

Ideally, non-software modems are better. They were also more costly to manufacture, and so become less common with modems that used faster speeds.

Faster modems are better: A V.92 modem is recommended as an upgrade for any modem which is not using either V.92 or V.90 as the communications standard. V.92 modems are likely to be very cheap today nd they should be fairly cheap to locate if found.

Setting up the connection settings
Setting speed, compression, error correction.

Note that the most sensible upgrade may be to use data transmitting technology that does not rely on a dial-up modem. However, even if there is a desire to use a dial-up modem (such as wanting to try to use a pre-existing setup without adding any additional monthly service costs), there may still be some benefit to consider upgrading.

Upgrade info

If a modem is not a V.92 modem, consider upgrading the modem. Some older modems which are not V.92 capable may be able to be freely upgraded to support V.92. If so, don't miss out on features needlessly.

Instructions for performing a software logic upgrade

For 56K modems, there may be little need to purchase a faster modem, but do see if there is a free upgrade to V.92 because many of the modems from that 56K pre-V.92 era were designed to be upgradable.

Note that performing a flash upgrade on some hardware should only be done using an upgrade that is documented to work with the specific model of hardware that is being upgraded. Even still, there is some risk that the upgrade could permanently damage equipment, although such a risk is probably worth taking. Just be prepared to obtain a V.92 modem quickly in the event that the device does break.)

Having a free upgrade available may be especially likely to be worth checking out if using a modem that uses Lucent's K56 protocol, Rockwell's 56flex protocol, the combined K56flex protocol, the X2 protocol by rival US Robotics, or the unified subsequent standard of V.90. USR V.92 Upgrade modem qualifier

Reasons to replace older modems

A modem which is not V.92 and not V.90 might be able to be upgraded to V.90 (although V.92 is likely preferred if that is also available.) For any modem that transmits and under 56K modem, if a person is ever likely to be waiting on the data of a dial-up connection, consider upgrading the modem to a V.92 modem (even if there would be a cost for doing so). The reason to do this may simply humanitarian: don't cause a person to wait on technology needlessly. However, there can also be financial reasons. If the person is getting paid for the amount of time worked, reducing the need to wait for technology can be worthwhile. Also, if there is any possibility of toll charges (such as charges for making a “long-distance” phone call), consider upgrading the modem to a V.92 modem (even if there would be a cost for performing the ugprade, because the result may turn into a cost savings achieved through lower toll charges).

More information about dial-up modems may be found in the section about dial-up modems.

[#taskedul]: Scheduling tasks

Two methods involve using cron and at. Debian may have names for these, shown during start: e.g. calling one a scheduler?

[#mshdtskw]: Microsoft Windows (task scheduling)

See: Microsoft Task Scheduler. There may also be more information in the section on reporting events (Microsoft Windows sub-section).

Also, perhaps see: WMI.

WMIC JOB get /?
[#mnitrept] : Monitoring/reporting

Some of this may be a bit related to troubleshooting, but a lot of this is more about gathering data, often automatically. The information this has may help report errors, assist with troubleshooting and determining if an issue seems resolved, and provide details to help determine how much impact an upgrade is likely to have.

Currently, much of this guide may involve using GUI tools. In Windows XP, some command line options may also exist: See: Windows XP Pro Product Documentation: logman command, Windows XP Pro Product Documentation: typeperf command, Windows XP Pro Product Documentation: tracerpt command, Windows XP Pro Product Documentation: relog command, Windows XP Pro Product Documentation: Unlodctr command.

[#reprtevt]: Reporting Events

When information gets logged to a log, such an event may be noteworthy. Here are some ways to get informed about such an incident:

Microsoft Windows (reporting events)
Using built-in software
Windows Vista (and Server 2008) and Newer
Using a command line tool

It may be helpful to be familiar with the type of XPath that is used by SchTasks and Task Scheduler.

(A full guide is not currently available here, but for further information...

SchTasks /Create /?

The results might eventually end up looking something like this:
SchTasks /Create /TN MyCustomTask /SC ONEVENT

Interacting with Task Scheduler

Open the Task Scheduler. (Under either %ProgramData%\ or %ALLUSERSPROFILE%\, a “ \Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk ” file may run “ %SystemRoot%\system32\taskschd.msc /s ”.

Expand the folder to one meant for Event Viewer Tasks. This may be under “Task Scheduler (Local)\Task Scheduler Library\Event Viewer Tasks”. (Selecting this specific folder might not be strictly technically necessary, but it makes sense since this folder is the one that will be used if creating a task from within Event Viewer.)

Creating a new task

Choose to “Create Basic Task”.

On the “Task Trigger” screen of options, choose “When a specific event is logged”.

Although the “Source:” is represented by a drop-down box, it is also possible to type in a custom value (for an event that hasn't yet occurred).

Editing an existing task

Select the task. Then access the properties for that task. There's a few ways to do that: (In the right frame), choose “Properties”. Or press the Shortcut/Context menu key (or right click, but Shift-F10 doesn't seem to work when tested in Vista) and choose “Properties”. Or just interact with the lower part of the split-screen window.

On the “Triggers” tab, create a “New...” event (or, if desired, “Edit...” or “Delete” an existing event.)

In the “Begin the task:” section, choose “On an event”.

Creating a scheduled task from within Event Viewer

Select the log, or a pre-existing event of the type to create the task from.

In ther right frame, choose “Attach Task To This Event...” or, to be less specific, choose “Attach a Task To this Log...”.

The process will look fairly similar to creating such a Task from withing the Task Scheduler, but some of the options will be greyed out. To change an option that is greyed out, either continue making the task (using the undesirable option) from within the Event Viewer and then edit the task after it is made, or make the task from within Task Scheduler.

Windows XP

It looks like a solution is available using EventTriggers. See: EventTriggers, Windows XP Pro Product Documentation: the EventTriggers command. The following information may be untested. The command lines may be grouped into the following categories:

Original parameter

If no command line parameters are provided, triggers get output.

Otherwise, the first parameter should specify what the command is doing. Options include: /create or /delete or /query.

Using the right system
Specifying the system may be done with /s and authentication may be done with /u and /p. (Note: this authentication simply refers to interacting with the system to view the triggers and make changes. The task that may be run isn't authenticated with these command line options: /ru is used for that.)
When creating a trigger

The /tr customName may be optional: Others may be more needed. The /l logName specifies to use a specific log. (Information might be available at the section about Windows Event Logs.)

Strangely, /eid and /t and /so are all mutually exclusive. The /d would also be related to specifying an event.

When deleting a trigger
Use /tid.
How to respond

/tk specifies the task. Windows XP Pro Product Documentation: the EventTriggers command notes, “In the case that an event fails to execute, eventtriggers creates a log file called TriggerConsumer.log in the \windows\system32\wbem\logs directory containing a message that the event failed to trigger.” (It seems more likely that the directory is something else, like perhaps %SystemRoot%\wbem\logs\.)

/ru specifies authentication to use. (Windows XP Pro Product Documentation: the EventTriggers referred to running SchTasks. Most likely that was a typo, but this typo indicates a similarity to the syntax used by SchTasks?)

Third party solutions
GKrellM (ported for Microsoft Windows)

GKrellM (GKrellM home page/ is multi-platform. Although the main page's “System Requirements” indicates a need for Gtk+ 2.4, the server does not have the same requirement and software has been released for Linux, FreeBSD, Mac OSX, NetBSD, OpenBSD, and Microsoft Windows. Details/hyperlinks are provided on the software's main page. GKrellM over SSH describes running the monitoring software on one system, and displaying information on aother system.

The referenced webpages have a hyperlink to GKrellM for Windows. An OpenBSD port is available, as noted by: page about GKrellM. The page about the GKrellM package has two descriptions. The description related to the client says, “GKrellM2 is a single process stack of system monitors which supports applying themes to match its appearance to your window manager, Gtk, or any other theme.” There is also a description for the “main” component: “A server module which allows users to monitor an X-less server.”


Unknown: Perhaps the following may be some indications to start: On OpenBSD Journal @ article called “BSD load demystified”: sthen's comment on Thu Jul 16 21:33:10 2009 (GMT) states, “if you prefer something graphical, symon/syweb (in ports) are pretty good for this.”

Perhaps GKrellM (GKrellM home page/, which is multi-platform. (Also, if an alphabetical listing of software in a software repository is available, see if there are plugins/addons that start with the name “gkrellm”. Info about software repositories may be in the section about software installation.)

Perhaps Conky? (Perhaps this was named after Conky 2000?)

Perhaps “triggers” from igmus code?

[#perfrprt]: Reporting performance issues

This section is mainly about automatic reporting options. For details about just seeing if there is a current issue, including details on how to resolve such an issue if there is a current issue, check out the troubleshooting section's sub-section on system slowness.

Microsoft Windows

Counters are used. Values provided by the counters may be seen with the System/Peformance Monitor. Also, tools that come with the operating system can cause an “Alert” to happen. An alert may be configured to write to the operating system log and/or to perform a task.

Windows Server 2008
TechNet: What's New in Windows Server 2008: Changes in Functionality in Windows Server 2008: Windows Reliability and Performance Monitor
Windows Vista

To run the “Reliability and Performance Monitor” program, find the icon in (Control Panel's) Administrative Tools. That icon is designed to run everything shown after the word “start” in the following command line:

start %SystemRoot%\system32\perfmon.msc /s

In the left frame (under the “Reliability and Performance” row), expand the “Data Colector Sets” folder, and then choose the “User Defined” sub-folder. Choose the Actions menu or bring up the Shortcut/Context/“Right-click” menu for that folder. Choose New, then “Data Collector Set”. Optionally (but recommended), fill out the “Name:” field. Then, choose the Create manually (Advanced)”. On the Next screen, choose “Performance Counter Alert”. “Add...” an entry to the “Performance counters:” section.

When choosing to add a counter, the list of “Added counters” section will be shown on the right side. To add a counter, use the “Available counters” section on the left side. Identify a useful counter: For example, locate the counter in the Processor section's “% Privileged Time”. If desired, choose the “Show description”. Pick an “Instance of select object”, such as “_Total”. (To be alert if any one CPU core is overloaded, choose “<All instances>”, and then in the drop down box below, also choose “<All instances>”. If doing this, the “Added counters” section may show a * in the “Instance” column.) Highlight more than one counter, if desired. Choose to “Add >>” the counter to the “Added counters” section. Note that although the “Added counters section may show a * under certain columns like “Instance” or even “counter”, after pressing OK the “Performance counters” section will list each counter/instance separately.

Now, in the “User Defined” section, the new Data Collector Set appears. Select it. In the right column, find the relevant Named object which has a “Type” of Alert. (The Name may be DataCollector01.) Select that object (in the right part of the screen), and then choose to view the Properties. If desired, in the “Alert Action” tab, check the box to “Log an entry in the application event log”. (Note that this does not refer to the Windows log called Application. It refers to the log at “Applications and Services Logs\Microsoft\Windows\Diagnosis-PLA\Operational”, and may generate an Info Event with Event ID 2031 and a Task Category of None.) Also, fill out the desired etails on the “Alert Task” tab.

Start the Data Collector Set. One way to do this from the left frame of the main “Reliability and Performance Monitor”, by choosing the Shortcut/Context/Right-click menu of the data set. (One might think that another way is from the screen when editing an Alert type of object within the Data Collector Set. From the “Alert Action” tab, choose a Data Collector Set from the drop-down box that is titled “Start a data collector set:”. However, that does not seem to have an immediate effect. Rather, it seems that interface allows an Alert from a running Data Collector Set to start another Data Collector Set.)

If the Data Collector Set is running, there will be a little icon with a green triangle pointing to the right, and the Status will be “Running” This Status can be seen by selecting the folder that holds the Data Collection Set. You may check the log at “Applications and Services Logs\Microsoft\Windows\Diagnosis-PLA\Operational” (within Event Viewer). The log file may be stored at %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx

Windows Server 2003
MSDN (SQL Server 2005 Documentation) Monitoring Notification Services Performance and Activity: Using Performance Logs and Alerts, TechNet: Windows Server 2003 Performance Logs and Alerts overview. Windows XP Documentation: Performance Logs and Alerts overview Check: Alerts provides a brief overview.
Windows XP
Windows XP Pro Documentation: Adding counters to System Monitor (and various documentation hyperlinked from that page).
Windows 2000
Microsoft KB Q244640, TechNet: Win2K RK: Server Operations Guide: Performance Logs and Alerts, TechNet: Win2K RK: Server Operations Guide: Resource Kit Performance Tools, Microsoft KB Q244389: “Log Is Not Started When You Try to Start a Log with Remote Counters in System Monitor” (in Win2K)

Performance Analysis of Logs: Modern versions use PowerShell. This “generates an HTML report containing graphical charts and alerts of the performance counters using known thresholds.” (Quote from PAL Releases page.) PAL v1.2 “is primarily a VBScript” according to's review of PAL. That review notes, “The tool comes out-of-the-box with some predefined thresholds defined as high according to the Microsoft consulting/development but those can be adjusted to whatever you like.” There is also a PAL 1.3.6.

[#vulnscan]: Vulnerability scanning / security testing

Finding a collection of such tools in the disk space assigned to a user account may be a potential concern when the user doesn't help administer the network where the tools are found on. Because of the potential for such software to frequently be misused, and perhaps other reasons (such as bundled advertisements causing some tools to be considered to be adware), anti-malware scanners might detect such tools as being known to be potential concerns.

However, such tools may help a network administrator to find a problem more quickly than how long (if ever) it would take for the problem to be found if the scanner was not used. Whether such tools are used for legitimate purposes, or remain unused, it may not be bad for a network administrator to be familiar with their existance.

Examples of such software may be Nessus and Retina (by eEye), which were highly ranked in the 2006 survey at (where these two pieces of software were also marked as generally costing money). Another example may be Bastille UNIX.)

Of course, a port scanner such as Nmap (which has an official GUI: Zenmap) can help point to potential openings.

Funny story: In a TV article for the first Pacific Rim CCDC, a member of the “red team” found a vulnerability report that was created by a member of one of the other teams. (For more details, see the section about the CCDC.) Clearly, such an incident could be more problematic in a less controlled environment.

incident response

Create alerts and perform fixes automtically: incident response.

[#syspolcy]: System policy settings

Besides filesystem-based attributes/ownerships/permissions and authentication usage (where a person logs in), one way to restrict activities is to have the computer enforce a “policy”.

An implementation for Linux is SELinux (Security-Enhanced Linux). (See: Wikipedia on Security-Enhanced Linux: “Implementations” section.)

Microsoft Windows Policies
Local policy
Group policy

Circumventing Group Policies, OttoHelweg2 wrote on Mark Russinovich blog, saying “if you’re a user you’ve almost certainly been frustrated by the limitations imposed by those policies.” Options may be greyed out, or, much worse, disappear (which might waste time for a person who doesn't know that somebody set a policy to make the option disappear, and may spend some time trying to find an option). Mark notes, “you should be aware that if the users in your network belong to the local administrator’s group they can get around policies any time they want.” The article then describes how to do that.

See: How to See Which Registry Settings a Group Policy Object Modifies (which shows how to gather that information using Proc Mon).

Windows components: policy.

See: Group Policy Settings Reference Version 1.3 (for Windows Server 2003 Service Pack 1) [Spreadsheet, usable by Excel]


There are lots of ways that a computer's behavior can help implement security. This is absolutely not the only section that discusses security. However, this “catch-all” section does provide some information, and provides pointers to some other information.

See: Security

[#traktask]: tracking tasks

A “ticketing” system can be used to track tasks.

[#managnet]: managing networks

Software designed for helping technical staff to perform administrative tasks on networks, including providing easy remote access, and automating tasks like performing tests and alerting on certain types of events.