In Part 1: AD RMS – Data Access Controls we learned about file access controls to data and resources by leveraging permissions via NTFS and share restrictions.

Part 2: AD RMS – Encryption covered the Encrypting File System and BitLocker functionality.

Part 3: AD RMS – Features & Operational Considerations covered some of the higher level features and operational considerations of the technology, reviewing content permission and control.

In today’s post I will be outlining the system requirements of Active Directory Rights Management Services as well as other dependencies for the service.

AD RMS System Requirements

Like any other application, Active Directory Rights Management Services has minimum and recommended system requirements.

Server 2008 R2 and Internet Information Services (IIS) are required in order to successfully install and initialize AD RMS. Additionally, AD RMS also requires access to a database server with SQL Server being identified as part of the system requirements. The database can be run either on the same server as AD RMS or on a remote server.

As defined by Microsoft the “requirement” for AD RMS is:

One (1) Pentium 4 Processors running at 3 GHz or higher
512 MB of RAM
40 GB of free hard disk space

The recommended configuration is:

Two (2) Pentium 4 Processors running at 3 GHz or higher
1 GB of RAM
80 GB of free hard disk space

AD RMS Software Requirements

Below are the software requirements for running your Server 2008 R2 based configuration on the Active Directory Rights Management Services role:

The File system installed should be NTFS and Message Queuing needs to be enabled.

Internet Information Services (IIS) is needed as well as ASP.NET.

Your Server 2008 R2 system in the AD RMS role must be installed in an Active Directory domain. The domain controllers need to be running Windows Server 2000 with Service Pack 3 (SP3), Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2.

An additional requirement is that all users and groups who need to use AD RMS to acquire licenses and publish content must have an e-mail address configured in Active Directory.

AD RMS also requires a database server and Microsoft’s outlined requirements recommend SQL Server 2005 or SQL Server 2008. (SQL Server 2000 is not supported).

Additional Considerations

Before AD RMS can be installed there are several additional considerations that need to be reviewed:

The AD RMS server needs to be installed as a member server in the same domain as the user accounts that will be leveraging the service.

You will need to create a domain user account to be used as the AD RMS service account.

You need to also specify a user account to be used for the installation of AD RMS; this account needs to be different than the AD RMS service account and it must have access to query the Active Directory Domain Services (AD DS) domain.

If you are going to register the AD RMS service connection point (SCP) during installation, the specified user account installing must be a member of the Domain Enterprise Admins group (or have at least the equivalent permissions).

With respect to using an external database server for the AD RMS databases, the user account must have the right to create new databases. If SQL Server 2005 or SQL Server 2008 is used, the user account must be a member of the System Administrators database role, or equivalent

A Few More Recommendations

Microsoft best practices also details the following additional recommendations:

The database server used to host the AD RMS databases should be installed on a separate computer.

When installing an AD RMS cluster, secure sockets layer (SSL) certificates should be used and it should be issued from a trusted root certification authority.

You will need to create a DNS alias (CNAME) record for the AD RMS cluster URL and a separate CNAME record for the computer hosting the AD RMS configuration database. This is helpful in a scenario where the AD RMS servers are no longer in use or taken out of service as the CNAME record can be updated without having to publish all rights-protected files again.

If you are using a named instance for the AD RMS configuration database, the SQL Server Browser service must be started on the database server before installing AD RMS. If the SQL Server Browser service is not started the AD RMS installation will not be able to locate the configuration database and the installation will fail.

And that’s as far as system recommendations and other considerations for AD RMS go.

Next time, we’ll finally get to the fun part — installing AD RMS on a Server 2008 R2 system!

Related posts:

• Active Directory Rights Management Services: Features & Operational Considerations
• Active Directory Rights Management Services: Data Access Controls
• Active Directory Rights Management Services: Encryption – EFS and BitLocker

As I mentioned before, Server 2008 R2 is still in “Release Candidate” status so the details in these articles might change before the product is officially released to manufacturing (RTM), so please keep this in mind.

Now before we get started, let’s do a quick review of what we already covered:

In AD RMS – Data Access Controls we briefly reviewed file access controls to data and resources by leveraging permissions via NTFS and share restrictions. In this article we will take a look at some of the other ways outside of AD RMS that administrators can limit intentional and unintentional data leakage.

In AD RMS – Encryption: EFS and BitLocker we reviewed the Encrypting File System and BitLocker functionality. While not directly related to Active Directory Rights Management Services they are a part of any good security and control strategy.

In today’s segment on Features and Operational Considerations we will review some of the higher level features and operational considerations of the technology in order to get a good understanding of what it offers in terms of content permission and control. I’ll cover:

• Why use AD RMS?
• What AD RMS can do
• How Rights Management works (in a nutshell)
• Shares and Licenses

Why Use AD RMS?

When administrators leverage Active Directory Rights Management Services (AD RMS) as part of their security strategy, they add an additional layer above and beyond standard file based security, EFS, or disk encryption technologies such as BitLocker.

This is accomplished by allowing for the protection of information through persistent usage policies and rights management. The best part of this use and rights security is that it is not limited to where the data is stored but rather it is part of the data itself, which means that no matter where the data resides it effectively carries the permissions and restrictions with it.

AD RMS allows administrators to set up the services that will allow data owners to configure permissions to sensitive information as part of their security efforts to keep it from intentionally or accidentally being sent to or received by people that should not have access to it in the first place.

As an example, if I have general file access rights (read) to a Word document and I have it in my possession there is nothing preventing me from forwarding that out to the world in an email.

AD RMS resolves that issue.

As another example, if I have general file access rights (read) to a Word document and I am fired from my company I will always have access to that Word document saved on my own storage device.

AD RMS resolves this problem as well.

What AD RMS Can Do

The AD RMS environment that administrators will deploy includes a system running Server 2008 R2, the latest version released. This system would be running with the AD RMS server role enabled in order to handle all of the necessary certificates for the data. You would also need it to host database services and the AD RMS client.

The AD RMS client is included as part of Windows 7 and Windows Vista and is leveraged as part of the solution to process the permissions on the data.

Data owners are able to define who can open, modify, print, forward, or take other actions with the data. Policy templates can also be created and can be applied directly to the information so that the users do not have to define permissions or rights individually.

As an example a template could be set up as “INTFTE” which allows for “all rights denied except READ” and that could be applied to Word Documents and Spreadsheet and the like, where only those people that are full time, internal employees would even be granted access to the data and then only at a READ level. At that setting they would be unable to print out the data, copy and paste it out and the ability to create screen shots or clippings would be disabled when that document was open.

If you want to be able to leverage rights management to data created on a given application it must be rights management aware or be able to leverage add-ons that have been created to make an application AD RMS-enabled, even if it does not natively implement RMS functionality. Text files created with Notepad cannot be rights enabled because the application cannot leverage the functionality natively as an example.

How Rights Management Works (in a nutshell)

The way the Active Directory Rights Management Service works is that it will issue RMS licenses by way of the AD RMS client which is required for creating the permissions and restrictions on the rights-protected content. The client is also needed for access to that data as well.

Data that is protected by AD RMS leverages encryption and an embedded Usage Policy that defines how each user or group will have access to that data. The data owner will decide the rights that those trusted users will have and they will enable that access right through the application itself.

When a data creator / owner decides that they will rights protect a Word 2007 document, that is done right through Word by selecting the “Office Button” (sometimes called “The Pearl”) in the upper left hand corner of the application and choosing the Prepare option (preparing the document for distribution) and then choosing the Restrict Permission option.

[NOTES FROM THE FIELD] – When content is rights protected (often referred to a “published” or “distributed”) through AD RMS, it is encrypted with Advanced Encryption Standard (AES) 128-bit encryption. (Data Encryption Standard (DES) 56-bit encryption is available for backward compatibility).

In our example above in using Word, AES 128-bit encryption would be used as Microsoft Office 2007 always uses AES 128-bit encryption by default.

AD RMS uses public and private keys to encrypt the content encryption symmetric key. The rights policy data in the publishing license and the use license are also encrypted. AD RMS also uses the public keys to digitally sign AD RMS certificates and licenses as well.

Once the permissions are set (such as READ) then specific users or groups are assigned that license or right to that data. The data owner may then put the Word document out on a share (where the share may have access and permissions rights added to it through the share itself and / or where file permissions may be set via NTFS).

When a user with share and file rights access attempts to view the document they must also have this “licensed” right to do so from the owner or they will be denied access to the data from the rights management perspective.

You can see where combining share, file system, EFS, and BitLocker can add to the security of data and how RMS adds an additional layer even above and beyond that.

Shares and Licenses

If a user was accidentally put into a group that has permissions to a shared resource (such as the Payroll folder and network share), they would suddenly have access to data that they should never have been granted access to in the first place.

However, if the actual data was rights protected this user would not have the license right to access the data; despite the fact they are in a share they don’t otherwise belong in they cannot read the data because they have no RMS access to it.

Additionally, in a situation where someone is fired or quits working for a company, their rights to that data can be revoked. Despite the fact that they may still have data saved on a removable drive or flash memory in their possession, they will no longer be able to access it as their rights, remotely managed via the AD RMS service, will now be denied.

An overly simple way to consider AD RMS is — deny all access rights to all users / groups except those with specific granted rights by way of RMS permissions.

Further Reading

For a much more of a detailed look at the actual process please consider a review of Deploying Active Directory Rights Management Services at Microsoft — specifically the Process That IRM Uses to Generate and Retrieve Licenses section of the article.

Next Time

In my next article AD RMS – System Requirements and other Considerations we’ll go over the recommend system requirements and some of the high level configuration considerations for a standard set up. See you then!

Related posts:

• Active Directory Rights Management Services: System Requirements & Other Considerations
• Active Directory Rights Management Services: Encryption – EFS and BitLocker
• Active Directory Rights Management Services: Data Access Controls

In today’s article we will take a look at some of the other ways outside of AD RMS that administrators can limit intentional and unintentional data leakage.

As I mentioned in my overview post on Active Directory Rights Management Services, AD RMS allows administrators additional ways to protect proprietary information and sensitive data through access and usage restrictions that follow the data wherever it is accessed.

By leveraging AD RMS administrators can dramatically reduce the probability and the possibility that the data is intentionally or accidentally received by users who should not have access to the data in the first place.

As I noted before, the information in this article is subject to change with the RTM, so please keep this in mind and if you do notice any changes feel free to post them in the comments.

Encrypting File System (EFS)

One of the ways to restrict access to data is to encrypt the data (lock it up) so that only the people or groups that have the permissions to access it can — everyone else is denied access.

Much in the same way that very few people have access to your home (only people with the keys to the doors of the house have allowed access) EFS offers administrators a way to set up strict access controls.

What’s different to this method over NTFS permission that we discussed in the last article is that the encryption permissions follow the file around … to an extent.

EFS adds on to the NTFS security layer by effectively scrambling the contents of that data so that it can be read only by someone who has the encryption key to decipher it. Just being an administrator of a system is not necessarily going to allow you to gain ownership of the data and the control to access it because now you’d need the key to unlock / decipher the data as well.

When a user attempts to access an encrypted file and that user does not have the key to unlock it they will receive an access denied message and they will be unable to read the file.

Because encryption is set on the object (and can be inherited) the effect of copying and moving files around can impact their encryption state.

The Rules of Encryption

The overall rules for encryption are as follows:

• Rule # 1

When moving or copying a file within the same NTFS volume an encrypted file will not inherit the encryption state of the target folder when that folder is unencrypted. When you copy or move an encrypted file to an unencrypted folder, the file is still encrypted. If you have enabled a folder to encrypt files and you move or copy an unencrypted file to it, it will become encrypted at that point.

• Rule # 2

When copying or moving a file or folder from one NTFS volume to another, an encrypted file will not inherit the encryption state of the target folder when that folder is unencrypted. When you copy or move an encrypted file to an unencrypted folder, the file is still encrypted. If you have enabled a folder to encrypt files and you move or copy an unencrypted file to it, across partitions, it will become encrypted at that point.

• Rule # 3

Moving or copying a file or folder to a FAT16 or FAT32 volume – EFS supports attribute driven encryption only on the NTFS file system, so when you move or copy an encrypted NTFS file or folder to a FAT volume, (16 or 32) the encryption attribute will be lost. Because most forms of removable media do not support the NTFS file system, the same is also true.

What You Need to Know about EFS

Some key thoughts with respect to encrypting data by way of EFS:

When you need to access encrypted data and you are on a system where the key to the data is present, you can access the encrypted data by simply double clicking on it; there is no other interaction for you. The operating system decrypts the file to access it and then when it is closed it automatically encrypts it again.

You need to back up your encryption certificate and encryption key in case you need to recover these if the system crashes or there is some other error and the system needs to be rebuilt and so on. If you neglect to do this and there is an issue and no other recovery agent is available then these encrypted files are forever locked. This is especially important on standalone systems that are not attached to a domain.

When there are other users that are going to need access to files or folders that you encrypt they will need to have their own EFS certificate added to the files in order to gain access to them. Think of this like having their own key just to this file. They are not leveraging your key – your key unlocks ALL of your encrypted files; their key when added to a file that you lock with your key allows them to access that data and only that data.

Last Thoughts on EFS

EFS does not offer a complete solution for securing files that are sent across the network. EFS secured files are decrypted when they need to be sent over the wire, which can expose the file to possible interception and attacks if someone is monitoring (sniffing) the wire. In order to secure the transmission of sensitive data on an internal or external network another form of encryption would be needed such as IPSec or SSL depending on the need.

As you can see from this high level overview, there are ways to better secure the data but there are still some pretty big loop holes when it comes to storing the data, moving it around on portable drives and transmitting it over the wire.

[NOTES FROM THE FIELD] – Because this was an introductory overview of EFS there are a lot of details I glossed over. I would recommend reviewing the details of the Encrypting File System information on the Microsoft website to get more details.

Of special interest would be the Changes in Functionality from Windows Server 2003 with SP1 to Windows Server 2008 section.

BitLocker / BitLocker to Go

So with our review of EFS done I’ll turn our attention to BitLocker and Bitlocker To Go.

BitLocker Drive Encryption is available on some versions of Windows Vista, Windows Server 2008 R2 and in some editions of Windows 7. When leveraged BitLocker Drive Encryption is one of the best ways to protect portable systems such as laptops from loss of data and information when the laptops themselves are lost or stolen.

Additionally, the use of Bitlocker on desktop systems is also a good consideration when you consider how much information can be lost from recycled desktop systems that have not undergone a proper hard drive wipe routine before being sold off.

[NOTES FROM THE FIELD] – Bitlocker leverages the Trusted Platform Module (TPM) version 1.2 to help protect user data and to ensure that a computer has not been tampered with while the system was offline.

The main focus of this topic for the article is to talk about securing files and access control, so this part of what it offers is a little beyond the scope of the conversation.

For additional details on this there is the “What is a TPM” section of the BitLocker Drive Encryption Overview; it is a Vista based article but it is still applicable.

The Windows BitLocker Drive Encryption Step-by-Step Guide is another good detailed document to review.

For our conversation regarding securing files, BitLocker works well on a local drive on a laptop or a desktop as it completely prevents someone from accessing a system in its entirety unless they have a password to start up the system.

Without that password (or the recovery key if the password is lost) the entire system is unavailable.

Fairly skilled people understand that there are ways to get around regular file based security that the operating system offers by installing another version of the operating system locally or booting from a DVD or USB key to work from a lower level of disk access to get to the stored data.

When BitLocker is correctly enabled, the whole area of disk data that is locked out under the encryption is inaccessible to that person even at that low level.

With respect to BitLocker To Go this security of the data is expanded further as it can be leveraged on portable devices to lock all the data even when it is stored on FAT formatted drives keeping the data completely secured from unauthorized access.

The User – the Single Point of Failure

The problem with EFS and BitLocker to Go (most specifically) is that the single point of failure is the end user.

If the end user un-encrypts their EFS locked data or transfers it to a FAT or FAT32 drive it ends up being accessible to anyone that can get to it. If the user sends that data off to themselves in an email it can be left behind in the SENT folder and so forth allowing people that should not have access to it the possibility of getting access to it.

If the end user with the BitLocker to Go device like a USB stick needs to make edits and changes to data and temporarily copies it off the protected device to work on it (as would be the situation under a legacy operating system like Windows XP) and then forgets to delete the local copy, it is left behind unprotected and potentially available to others that should not have access to it.

Active Directory Rights Management Services (AD RMS) takes that point of failure and removes it by taking the control of the data away from the user.

But we’ll cover this in more detail in my next AD RMS article. Stay tuned!

Related posts:

• Active Directory Rights Management Services: Features & Operational Considerations
• Active Directory Rights Management Services: Data Access Controls
• Active Directory Rights Management Services: System Requirements & Other Considerations

This is accomplished through access and usage restrictions that follow the data wherever it is accessed, above and beyond what is set at the folder and file level through NTFS and / or the Encrypting File System (EFS).

By fully leveraging the rights management and access controls available in AD RMS an administrator can drastically reduce the probability (and the possibility) that the data is intentionally or accidentally received by other users that should not have access to the data in the first place.

Today we’ll review Active Directory Rights Management Services as it applies to both Windows Server 2008 as well as Windows Server 2008 R2, and I’ll focus specifically on data access controls.

[NOTES FROM THE FIELD] – Because Server 2008 R2 is in “Release Candidate” status at the moment until it is officially released to manufacturing (RTM), the information is subject to change.

The Basics: Other Types of Access Control

Before we take a look at all the benefits that AD RMS and the AD RMS client offers in the way of locking down permission to data and access rights, I think it’s important to do a historic review of how this was done.

[NOTES FROM THE FIELD] – NTFS permission settings on files and folders are not necessarily relevant when it comes to what AD RMS offers directly, but it does make sense to have an understanding of where the “first” set of permission controls and rights access were introduced.

When your job as a system administrator involved the responsibilities of securing access control to information, historically this meant that you set permissions on the folders and data files themselves. If it was across networks then share permissions might come into play.

These access control permissions were set through the file system and leveraged by the operating system in use. These file and folder access controls could be set to users and / or groups.

ALLOW permissions were cumulative on the local system in that if you were a member of one group and had READ permission and a member of another you had CHANGE / WRITE — so the permissions would combine to give you the least restrictive level of access (in other words, the most control).

If there was a DENY permission anywhere from any one of the groups you were a member of that was a permission setting that trumped all others. Even if the combined access control allowed you FULL CONTROL of a set of data the DENY always had the override and prohibited all access.

This was a problem whenever you had a large environment where a user was a member of many groups for obvious reasons. It got even worse if the administrator decided to set very granular levels of access control by way of NTFS and you’re dealing with inheritance.

More subtly, there might be a reason to limit most people’s READ rights (as an example) to very sensitive information such as exact employee salary and compensation, but what would you do if someone had permission to read and access this information and wanted others to see it?

They could print it out or copy it to a FAT drive (file allocation table) where the file system permissions set by NTFS are removed and anyone that could physically access the data could get their hands on it.

These are some clear and obvious limitations of file system access controls.

Summary of File Based Access Control

So with all these details I thought it made sense to try to net them all out.

There is the additional consideration of inheritance and so forth but in an effort to just keep the overview simple for now consider permissions set on the data object itself.

• NTFS File Permissions

NTFS File Permissions are those set on the files themselves:

Full Control allows for the following level of access control:

• Read
• Write
• Modify
• Execute
• Change attributes
• Permissions
• Take ownership of the file

Modify allows for the following level of access control:

• Read
• Write
• Modify
• Execute
• Change the file’s attributes

Read & Execute:

• Read
• Run / Execute the file — run a program as allowed by other access controls

Read — display the file’s data, attributes, owner, and permissions

Write — write to the file, append the file, and read or change file attributes

• NTFS Folder Permissions

NTFS Folder Permissions are settings made at the folder level locally on the system:

Full Control:

• Read
• Write
• Modify
• Execute files in the folder
• Change attributes permissions
• Take ownership of the folder or files within the folder

Modify:

• Read
• Write
• Modify
• Execute files in the folder
• Take ownership of the folder or files within the folder

Read & Execute:

• Read
• Run / Execute the file — run a program as allowed by other access controls

List Folder Contents:

• Display the folder’s contents
• Display the data itself
• Display the data attributes
• Display the data owner
• Display the data permissions for files within the folder
• Run / Execute the file — run a program as allowed by other access controls

Read — display the file’s data, attributes, owner, and permissions

Write — write to the file, append the file, and read or change file attributes

• Share Permissions

Share Permissions are given to the shared resource over the network:

Read:

• View files and subdirectories
• Execute applications
• No changes can be made

Change:

• View files and subdirectories
• Execute applications
• Add data / subdirectories
• Delete data / subdirectories
• Change / append files or subdirectories

Full Control:

• All of the above

NTFS permissions and share permissions are independent and the most restrictive of the two will be applied to the shared resource.

This would be in the situation that a resource access is attempted across the network (as local access renders share permissions irrelevant).

So in the example of where JOHN has FULL CONTROL of a file locally (NTFS) at the system console but across the network that user only has READ access to the share, JOHN will only be able to READ the data — that would be the maximum control level that user would have accessing the data remotely.

Next Time

In my next article I will go over some of summary details of how the Encrypting File System (EFS) offers another form of access control over data.

Related posts:

• Active Directory Rights Management Services: Features & Operational Considerations
• Active Directory Rights Management Services: Encryption – EFS and BitLocker
• Active Directory Rights Management Services: System Requirements & Other Considerations

Around the same time that service pack 2 was released, Server 2008 R2 (Release Candidate) was made available for download.

Last time I provided you with a brief introduction to R2 and some of the high level comparisons of both releases, system requirements and so forth. I also outlined a few high level, expected changes under Windows Server 2008 R2.

Today I will show you the steps for installing Server 2008 R2 from an ISO image on a Hyper V server.

[NOTES FROM THE FIELD] — The steps outlined in this walkthrough may differ slightly when installing to a physical system as opposed to a virtual installation but for the most part the steps are the same. In addition, since this is a Release Candidate and not the RTM bits, there’s always the rare possibility that something may change in the installation routine in the final version as well.

Also note that because Server 2008 R2 is in “Release Candidate” status the details of the steps of this walkthrough are more set than when the product was in beta.

Having said that, until the product is officially released to manufacturing (RTM), the information is subject to change.

The Basics: Setting the Virtual Stage

Before you start your installation to your virtual environment, it’s a good idea to have your virtual drive all ready to go.

In the event that you haven’t done this already, the overview of the steps are:

1. Open Hyper-V Manager under Start → Administrative Tools → Hyper-V Manager

2. From the Action pane, click New, and then click Virtual Machine

3. From the New Virtual Machine Wizard, click Next

4. On the Specify Name and Location page, specify the name of your virtual machine and location of the virtual machine files

5. On the Memory page, denote the amount of memory that you want to allocate for the virtual machine to run the guest operating system

6. On the Networking page, select the network adapter configuration you want to use (to identify if you want to have a live network connection to the physical adapter or not)

7. On the Connect Virtual Hard Disk page, specify a name, location, and size to create a virtual hard disk so you can install an operating system on it

8. On the Installation Options page, choose the method you want to use to install the operating system:

• Install an operating system from a boot CD/DVD-ROM. You can use either physical media or an image file (.iso file).
• Install an operating system from a boot floppy disk (where applicable)
• Install an operating system from a network-based installation server. To use this option, you must configure the virtual machine with a legacy network adapter connected to an external virtual network. The external virtual network must have access to the same network as the image server.

9. Click Finish

[NOTES FROM THE FIELD] – For this walkthrough I chose to select the networking option that allows us to connect to the physical network card so we could have network connectivity.

Additionally, at the Installation Options page, I choose the method to install from the ISO file directly.

Step Two: Starting the Install from the ISO Image

At this point we are ready to go, so I’ve placed the DVD into the drive and set the running virtual machine to capture the drive so the virtual environment will engage from the ISO configuration.

Once the setup environment is engaged the first screen you will see is the familiar Install Windows screen where you can initially choose the language to install, the time and currency format, and the keyboard input method as shown below:

Once you’ve made those choices you can click NEXT to continue.

The next screen will bring you to all of the available choices for installation (as provided in the ISO image that I am using). For our walkthrough I’ll choose the Windows Server 2008 R2 Enterprise (Full Installation) option.

The next screen that will appear is the ever familiar license terms page. You’ll need to select the “I accept the license terms” check box to continue.

[NOTES FROM THE FIELD] – If you do not select the box and accept the terms, you cannot continue with the installation. This has pretty much been the standard forever with respect to Microsoft operating systems and I am sure many other software companies.

Next is the “which type of installation do you want” page, where we will select CUSTOM as there is no existing operating system installed on our VHD drive to upgrade from.

Once the installation routine continues to the next page you’ll arrive at the options of where you want to install Windows. In the image below you’ll see just one choice for us in the virtual environment (Disk 0); in other installation scenarios such as on a physical machine, you may be presented with other disk locations to choose from.

Once you make that choice (and provided that no formatting is needed on that volume) the routine will begin the file copy and expansion of files on the selected volume.

[NOTES FROM THE FIELD] – If the volume was not already formatted the routine would have performed that step prior to the file copy step for obvious reasons of needing a place to copy the files.

The system will restart a number of times without user intervention needed throughout this part of the process as shown in the sequence of images below.

The Wrap Up: Finishing Steps

As the system starts for the first time where it requires logon by an administrator you will see the following screen:

In order to continue you will need to change the password before logging on for the first time. That’s actually a misleading screen of sorts as we’ve never set a password up to this point. What we are actually doing is setting the initial administrator password for account use.

Once that action is completed setup will continue.

At this point we are presented with the Initial Configuration Tasks window:

What you’ll notice at this point is that Windows has not been activated, the time zone is default selected to Pacific, and the computer name was generated at random and established. You may recall, we made no mention of these activities in the steps above as the installation routine from the ISO image did not prompt us for any of these options, including entering a product key.

Let’s close this window for now. Once we do that the Server Manager window is presented as shown below:

It too shows that Windows has not been activated and that there are other options that can be configured for the system, such as Roles and other connection settings.

[NOTES FROM THE FIELD] – Between my setup steps I chose to change the default name of the machine; on this screen you’ll see the Full Computer Name as SERVER2008R2 where on the prior screen it showed the randomly generated name.

Our final steps will be for activating Windows which will require a connection to the internet (for the easiest way to go about this) and the 25 digit key to enter in.

We will go to Start → Computer → Properties as shown above to bring up the System information page below:

At the bottom of the page we can see that there are just 3 days until automatic activation (which would fail at this point because the key has not been entered for this system). When you choose the Activate Window now option the Windows Activation screen appears as shown below:

When you attempt to do this you are automatically presented with the page to enter in your key.

You need to make sure the key you try to use is applicable to the product you installed or you will see an error message like this:

[NOTES FROM THE FIELD] – To generate that error for the purposes of demonstration, I entered the Standard Key which is different that the installed edition of the operating system which was the Enterprise edition.

Once you provide the correct key the Activating Windows routine will complete and you’ll be up and running.

Congratulations! Your Windows Server 2008 R2 has been successfully installed and activated.

Related posts:

• What’s New in Server 2008 R2
• Windows Server 2008: Install Active Directory Domain Services
• Install DHCP Role on Windows Server 2008

Windows Server 2008 has been available in release since the May 2008 timeframe (according to the Microsoft Lifecycle page for Server 2008) and service pack 2 released in April of 2009.

Around the same time of the release of service pack 2, the Windows Server 2008 R2 (Release Candidate) was been made available for download to MSDN and TechNet subscribers, and the availability of public downloads came out a few days after that.

Today I’m going to review some of the important details of Server 2008 R2 and in my next article I’ll do an installation walkthrough.

[NOTES FROM THE FIELD] – Because Windows Server 2008 R2 is currently in “Release Candidate” status, the details are more formally announced than when the product was in beta.

Having said that, until the product is officially released to manufacturing (RTM), the information is subject to change.

The Basics — System Requirements

The system requirements for Server 2008 are outlined on the Microsoft website and have not been adjusted with respect to R2 at this point.

If this follows the Release Candidate all the way to RTM the details will be:

• Processor – Minimum: 1.4 GHz (x64 processor)
• Processor – Recommended: 2 GHz or faster (x64 processor)

• Memory – Minimum 512MB

• Recommended: (x64 systems): 2 GB or more
• Maximum (x64 systems): 32 GB (Standard)
• Maximum (x64 systems): 2 TB (Enterprise, Datacenter, and Itanium-Based Systems)

• Disk Space Requirements

• Minimum: 20 GB or greater
• Recommended: 40 GB or greater

• Display – Super VGA (800 × 600) or higher resolution monitor

The main point to remember is that you need to discard all of the presented x86 information as R2 will be released in x64 editions only.

[NOTES FROM THE FIELD] – These are the minimum system requirements to run Windows Server 2008 as a based installation and in a minimum supported state.

Your actual needed and recommended minimum requirements will vary based on system configuration and role designation of the server. As one example, processor requirements specifically needed to manage expected performance load are dependent upon not only the clock frequency of the processor, but the number of cores and the size of the processor cache as well as the number of physical processors present.

Additionally, disk space requirements for the system partition are approximate and do not take into consideration the role of the system and the amount of memory installed (which affects the needed available disk space for paging, hibernation, dump files and so forth).

Installation and Activation — The Past Highlights

When you are installing Windows Server 2008 proper, you are not required to deal with product activation or entering a product key for an initial 60 days under the license terms for evaluation.

Under those same terms, the 60 day evaluation period can be reset a total of three times, extending the original 60 day evaluation period by up to 180 days for a total of 240 days. At that time you would need to uninstall the software or go through the product activation process which would require a valid product key.

[NOTES FROM THE FIELD] – If you are in a situation where you need to automate the extension of the evaluation period, there is a knowledge base article titled: How to extend the Windows Server 2008 evaluation period that details these steps.

The release notes for the RC indicate “Evaluating this early release of Windows Server 2008 R2 software does not require product activation or entering a product key. This release of Windows Server 2008 R2 may be installed without activation and evaluated for an initial 60 days.”

Expected Changes under Windows Server 2008 R2

There are some expected changes to be found with the release of Server 2008 R2.

While the Server 2008 R2 release is expected to mirror other past R2 releases (in this case building on the original Windows Server 2008) it will be different in one major way in that it is the first 64-bit only Server release.

Server 2008 R2 also has several CPU-specific enhancements, one of which expands CPU support to run systems with up to 256 logical processors installed.

R2 also supports Second Level Translation (SLAT), which enables R2 to take advantage of the Enhanced Page Tables feature found in the latest AMD CPUs as well as the similar Nested Page Tables feature found in Intel’s latest processors.

Changes in Hyper-V allow for access of up to 64 logical CPUs on host computers which can allow for greater virtual machine consolidation ratios per physical server.

Virtual Desktop Integration (VDI) technology is included in R2 which extends the functionality of Terminal Services which allows administrators to install applications remotely and deliver them to end users. Once VDI is configured, programs that Remote Desktop Services sends to a computer are now available on the Start menu right alongside programs that are locally installed.

There are also some improvements to power management as well.

Next Time …

In my next article I will walk you through the actual Server 2008 R2 installation steps in my virtual environment.

I hope you’ve enjoyed this article and I am looking forward to any feedback you have on it. Additionally, I would welcome any topics of interest that you would like to see and based on demand and column space I’ll do what I can to deliver them to you.

Best of luck in your studies.

Related posts:

• How to Install Server 2008 R2 (RC)
• How to Install Windows Server 2008
• Overview of Server 2008 R2 — The Half Version Upgrade

Windows Reliability and Performance Monitor can be leveraged by systems administrators to gather baseline information for review of system performance. This allows admins to review their server installations as well as carry out server tune ups of their Server 2008 systems.

In this series of articles we’ve been reviewing the most common uses and major functions of the tool.

Part 1 – Introduction to the Reliability and Performance Monitor took an overview look at the tool providing an introduction to basic elements of function, the interface and some of the initial features and default settings.

Part 2 – Performance Monitor Demystified was a review of some of the features and functions of the Performance part of the tool, including some of the best practices with respect to collecting and working with Performance Logs.

In this final installment, Reliability Monitor — What’s Working and What’s Not , we’ll go over some of the features and best practices with respect to troubleshooting problems found on systems reports from the tool’s output.

What Can You Do With The Reliability Monitor?

The Reliability Monitor part of the Reliability and Performance Monitor MMC allows you to review a computer’s stability details with respect to the events that impact the reliability of the system.

This is both from a positive aspect, such as a completed installation of an update, or a negative one, such as the failure of a software operation that causes it to stop working or otherwise fail.

This is done by calculating the Stability Index of all the events as part of the System Stability Chart over the span of system uptime (over the past rolling year as a maximum).

The screen shot below shows the reference system chart and subsequent events at the time of first start up of the operating system.

[NOTES FROM THE FIELD] — If I had expanded the details of the Software (Un)Installs section it would be readily apparent that this was a completed new installation of the operating system as there were over 100 software updates and driver installs that were successful.

You may also see that within a couple of working days there were some events that negatively affected the system reliability and the resulting stability index results which caused that “perfect” 10 number to begin decreasing in value.

Invariably over time with system use there is going to be negative impact on a system that takes its index rating down from 10.00. The main use of the tool, other than a quick review of recent and historical events, is to allow the system administrator the ability to quickly gauge what is going on and how it is impacting the system. Additionally, reviewing a series of reliability drops might be a good starting point for troubleshooting efforts.

[NOTES FROM THE FIELD] – There’s a very good reason why above I indicated “a good starting point for troubleshooting efforts.”

On this particular system I had daily events where Outlook was crashing. This was peculiar to me because I had performed no recent updates to the operating system nor to any of the applications so I wasn’t sure what was now suddenly causing an issue. And the system’s performance was off in that it was responding a little slowly. This was shown daily in the System Stability Chart as OUTLOOK.EXE with a Failure Type of “stopped working.”

I continued to think the issue was with Outlook over the next couple of days as it was the only majorly impacted application on my system (nothing else was showing in the reliability monitor). In short order, the system performance got really bad and I had the time to do some additional troubleshooting. I leveraged the Event Viewer which revealed a slew of Errors in the system log; Event ID 55.

The issue I was actually experiencing was a file system structure corruption which was making it difficult for the operating system and the Outlook application to make needed reads and writes to the file system in the application volume. After I ran the chkdsk utility on the volume and fixed the issues my problems disappeared and the System Stability Chart began to show an improvement in the index rating component.

The moral of the story here is that the trouble you’re having with an application is not always necessarily the direct fault of the application itself — always check potentially extraneous events and if they are or are not in fact related to the issue you’re having.

The System Stability Report

The information that is available to you via the System Stability Chart is not only reflected in just the graphical format there but within the table data at the bottom which is part of the System Stability Report.

In the report you will find information relevant by date, subsection delineation and event with respect to:

• Software (Un)Installs
• Application Failures
• Hardware Failures
• Windows Failures
• Miscellaneous Failures

The information provided in the different sections of details of the events will be highlighted by the regular icon family that was standardized for use under Windows Vista. These icons highlight the results as they occur and are reflective of the event — informational, warning, and error. Additional details for these standard icons are available at Microsoft MSDN.

[NOTES FROM THE FIELD] – You won’t generally see the question mark icon used to indicate a Help entry point within the Reliability Monitor.

  • Software (Un)Installs

In the Software (Un)Installs section you will see details regarding:

• software being reported out (the name of the application being installed or removed)
• version of that software
• activity (system update install, driver install, application install, application configuration change, etc)
• activity status (success/failure)
• date the activity took place

  • Application Failures

In the Application Failures section you can see information pertaining to:

• listed application that experienced the reported problem
• version of that application as reported
• failure type
• date the event occurred

[NOTES FROM THE FIELD] – It’s important to note that normally most of the details within the System Stability Report will also show up somewhere in the Event Viewer logs with the same reported information as shown.

Generally there will be additional information within the Event View logs (event IDs, error codes, etc).

  • Hardware Failures

In the Hardware Failures section you will see details regarding:

• reported component type
• device
• failure type
• date the event occurred

The information commonly show within this section of the tool is going to be limited to memory and disk failures.

[NOTES FROM THE FIELD] – Earlier in the article I mentioned I had an issue where corruption of my file system was causing an issue with Outlook. The problem didn’t show up in the Hardware Failures section because the failure was not a physical disk problem (bad sectors, controller failure, etc) but a problem with the NTFS file system.

  • Windows Failures

The next set of details within the Reliability Monitor are shown in the Windows Failures section. The Failure Type section will detail an issue with a boot failure (in circumstances where there is a successful system start on subsequent attempts and where that original failure can actually be logged).

More often than a boot failure event, you will see information as a result of failures from the operating system processes. The Device section will report out which device is failing and the Failure Type will be outlined in the next column. Finally the date of the event will be shown in the Date column.

  • Miscellaneous Failures

All events that do not fit into the above categories will show up in the Miscellaneous Failures section. One of the major events that will show up in the Failure Type section is a scenario where the system shutdown was unexpected.

The Version column will indicate the version of the software failure (in the example above this would be the operating system version and the installed service pack if applicable). The Failure Detail will show the information pertinent to the resulting type of failure and the Date will host the information of when the event took place.

[NOTES FROM THE FIELD] – There is an additional reliability event that may be recorded in special circumstances when a significant change to the system time is tracked. The System Clock Changes category will show information on the day that a significant clock change occurs and will be headed by the Information icon.

The Old Time section will contain the date and time prior to the clock change and the New Time section will contain the date and time selected during the clock change.

The Date column will reflect the date and time when the clock change occurred and the entry will reflect this information based on the newly applied time changes so they are relevant to the new system time in use.

And with that we are at the end of the Reliability and Performance Monitor series.

I hope you found this article series informative and a good investment of your time. I welcome any feedback that you might have on it. Additionally, I welcome any input on topics of interest that you would like to see and based on demand and column space I’ll do what we can to deliver them to you.

Best of luck in your studies.

Related posts:

• Server 2008 Reliability and Performance Monitor – Part 1
• Server 2008 Reliability and Performance Monitor – Part 2
• 7 Server Management Improvements in Server 2008 R2

When considering the different tools that are available as part of the Windows Server 2008 operating system that will allow you to review and analyze system performance, the Windows Reliability and Performance Monitor can be leveraged by systems administrator to gather baseline information and to perform server tune ups. In this series of articles we will review the most common uses of the tool and break down some of the tool’s major functions.

Part 1 – Introduction to the Reliability and Performance Monitor took an overview look at the tool and the basic elements of function to get you familiar with the interface and some of the initial features and default settings.

In this segment, Part 2 – Reliability and Performance Monitor – Performance Monitor Demystified, I will go over some of the features and functions of the Performance Monitor part of the tool as well as some best practices with respect to collecting and working with Performance Logs.

What Can You Do With The Performance Monitor?

The Performance Monitor section of the Reliability and Performance Monitor tool can be used to view live performance data as a system is in use. It can also be set up to collect log files over a designated period of time so as to review snapshots of system performance for a historical reference in graphical or report format.

This allows you to have a known baseline for a system if a capture is made during first system build or around the time of initial deployment of a system into a production scenario. By having this baseline capture, you can use it to review against system performance results in the future when there are issues with system response time or if you are doing a capacity review of a server in a given role (e.g. Domain Controller, Database Server, etc).

In most cases, as the systems administrator of a newly configured system, you would want to have a baseline of corresponding performance counters that might be relative for the system’s intended workload.

While you might want to collect many of the base counters like Logical Disk, CPU, Network Interface (etc), you might choose to pick from system specific ones as well. If a system is being put together to be a print server you might want to collect information relative to that role (Print Queue) so that you would have the original baseline for the system.

[NOTES FROM THE FIELD] – Server roles are not always sole designations any more as they used to be. Many systems are configured for dual or multipurpose use. When you are collecting baseline data to be saved as a Data Collector Set you’ll need to decide beforehand what you want to use as a base standard for all systems and then add custom counters for given server roles.

Using the Performance Monitor

The user account being used to leverage the Reliability and Performance Monitor MMC needs to be in the local Performance Log Users group or will need at least those minimum permissions in order to use the tool successfully to set up standard data collections. In some instances you may need full Administrator permissions to collect certain data from some counters.

You can use Performance Monitor to view real-time performance data on a remote computer as well as a local system. When you start the Performance Monitor MMC the default configuration forces you to the local system.

To connect to a remote computer with Performance Monitor you would need to right-click Reliability and Performance, and then click Connect to another computer. The Select Computer dialog box will appear and you would then type the name of the computer you want to monitor or click Browse To in order to select it from a system in the browse list.

For the remainder of this walk through we’ll assume we’re using the local system.

When you take simple view of the tool once Performance Monitor is accessed, the default screen will show the Current Activity view for the % Processor Time counter for the Processor object.

FIGURE 1 – Performance Monitor showing the Processor Time counter

If you want to edit the view of a current counter you can go to the Action Menu item and select PROPERTIES which will bring up the properties page and you can adjust your settings from there.

[NOTES FROM THE FIELD] – You can also configure these settings by right clicking your mouse in the Performance Monitor display area and clicking Properties. The right click menu also allows you to save the current Performance Monitor display as a web page or to save the current Performance Monitor display as an image.

On the General Tab you can add or remove the Legend, Value Bar and Toolbar elements as well as change the report and histogram data. You can also make adjustments to your sample time and duration from here as well.

On the Data Tab you have the ability to make additional configuration changes to the graph color, line width and scale of the measured output.

FIGURE 2 – View of the Performance Monitor Properties Data tab

If you need to add additional counters, you can do so by right clicking anywhere in the results pane and selecting Add Counters from the popup menu which will bring up the Add Counters property page. This can also be done by choosing the green plus (or green cross) on the upper display elements toolbar. You can also use the CTRL+I keyboard shortcut as well.

[NOTES FROM THE FIELD] – You can delete counters by highlighting them and by selecting the red X.

Creating Data Collector Sets

Data Collector Sets are used to organize collected data for review in Performance Monitor. The collected data can also be leveraged to generate alerts when upper or lower thresholds are reached.

Data Collector Sets will generally contain Performance counter information, Event trace data, and system configuration information from registry key values.

You can create your own Data Collector Set or leverage preconfigured templates that focus on performance data and / or general system diagnosis information for corresponding installed applications, or based on server roles deployed on the system.

To create a Data Collector Set from Performance Monitor you would either right click at the Performance Monitor in the tree view and select New, then choose Data Collector Set. This will start the Create New Data Collector Set Wizard, but you can also select that action from the Action menu option. This will allow you to have the customer Data Collector Set that will contain all of the live data collectors / counter selected in the current Performance Monitor view.

FIGURE 3 – Starting the Create New Data Collector Set Wizard

From here you would choose a name for your Data Collector Set and click Next.

The default location of %systemdrive%\PerfLogs\ will contain the saved data collected by the Data Collector Set but you can change the location if you want to store the Data Collector Set elsewhere and this can be done by entering in the path or by browsing to a location.

FIGURE 4 – Showing the default file location of the custom Data Collector Set from within the Create New Data Collector Set Wizard

You would then choose Next to define a specific user account for the Data Collector Set to run as (or you can leave it as <default>)

Before you click Finish to save your current settings and exit the wizard you have the option to change the Save and close radio button to Start this data collector set now if that is what you’d like to do.

Rather than do that for this walk through we will just save the custom Data Collector Set and exit the wizard.

Using Predefined Data Collector Sets

Instead of creating your own Data Collector Set you can use one of the predefined ones on the system. In the console tree you would expand Data Collector Sets, expand System and choose one of the sets shown.

[NOTES FROM THE FIELD] – By left clicking one of the sets shown you can see in the results pane all of the counters that have been configured by default for a given collector set. In the screen capture below you will see the defaults for System Diagnostics on my system. You will notice as well that defaults for System Diagnostics on my system are actually configuration types as opposed to performance counters.

FIGURE 5 – Showing the results pane view of the default configuration for System Diagnostics Data Collector Set.

The description for the System Diagnostics Data Collector Set reads:

“Generate a report detailing the status of local hardware resources, system response times, and processes on the local computer along with system information and configuration data. This report includes suggestions for ways to maximize performance and streamline system operation. Membership in the local Administrators group, or equivalent, is the minimum required to run this Data Collector Set.”

If you want to start the process you would right click the custom or default Data Collector Set you want to use and choose Start.

FIGURE 6 – Starting the Data Collector Set

Once the data collection starts you’ll see Report Status showing as “Collecting Data for 60 seconds” after which you’ll be able to review the results.

FIGURE 7 – Showing the data collection process.

Once the data collection is completed you are able to review it either in report form or you can view the results right in the Performance Monitor as a graphical representation of the data collected.

FIGURE 8 – Report format of the results of the data collection.

FIGURE 9 – Performance Monitor view of the results of the data collection.

As you can see from Image 8 I have a warning message regarding low disk space (and that is shown as well in the Basic System Checks under Disk Checks if that field were expanded) and there are a couple of informational messages there as well regarding my anti-virus not showing up in the Security Center part of the check.

Lower in the report (not shown in the screen shot) is detailed information on my software configuration showing my settings and the results for “OS Checks” as well as Security Center Information, System Services, and Startup Programs.

In the Hardware Configuration details section there is information supplied for Disk Checks, System, Desktop Rating, BIOS and Devices.

There are also separate sections that outline the details for CPU, Network, Disk Memory and Report Statistics.

Windows Server 2008 includes operating system performance counters that are enabled by default which can be used by Windows Reliability and Performance Monitor. Additional details on these counters are available on the Windows Performance Counters page which is a subsection of the Windows Server 2008 Technical Library.

Next Time …

So that ends my overview of the Reliability and Performance Monitor with respect to the Performance Monitor section.

In Part 3 – Reliability and Performance Monitor – Reliability Monitor: What’s Working and What’s Not I will go over some of the features and functions of this part of the tool as well as going over some best practices with respect to troubleshooting problems found in the tool reports.

I hope you found this article informative and I am looking forward to any feedback you have on it.

Additionally, I would welcome any topics of interest that you would like to see and based on demand and column space we’ll do what we can to deliver them to you.

Best of luck in your studies.

Related posts:

• Server 2008 Reliability and Performance Monitor – Part 1
• Server 2008 Reliability & Performance Monitor – Part 3
• 7 Server Management Improvements in Server 2008 R2

There are a number of different tools that are available to use on your Windows Server 2008 system that will allow you to review and analyze system performance. The Windows family of operating systems has historically provided a number of these tools and the most recent version of resource monitoring comes in the Microsoft Windows Reliability and Performance Monitor. In this series of articles we will review the most common uses of the tool and break down some of the tool’s major functions.

Part 1 – Introduction to the Reliability and Performance Monitor will take an overview look at the tool and the basic elements of function and to get you familiar with the interface and some of the initial features and default settings.

How to Launch the Reliability and Performance Monitor

The Reliability and Performance Monitor is launched off of the Start Menu by choosing the Administrative Tools sub-menu and opens in the standard Microsoft Management Console format.

It can be launched directly from the Control Panel as well via the System and Maintenance option and choosing Administrative Tools (if you’re using the Standard view; if you’re using Classic views for the Control Panel then you’d access this directly by the Administrative Tools link).

Additionally, you can select START and right click COMPUTER and choose MANAGE which will bring up the Server Manger MMC. In the Server Manager MMC you can go to the Diagnostics node and choose Reliability and Performance.

FIGURE 1 – Launching the Reliability and Performance Monitor MMC

The Reliability and Performance Monitor MMC

Once you launch the MMC you’ll notice on the left side is the Console Tree pane which shows you all of the loaded snap in modules for the active MMC. This is your main navigation source for all of the Microsoft Management Consoles and selections made from the tree will affect the results shown in the Result pane and the Action pane.

Generally a system designed MMC such as the Reliability and Performance Monitor will have default snap-ins preloaded but you can add to them and SAVE AS to customize what you feel you may need for a given tool.

This is done by going to the FILE menu option and choosing ADD/REMOVE SNAP-IN and then choosing any additional snap-ins that you’d prefer to add to the custom console you’re creating.

The Result Pane in generally the center pane in the default view which provides details of the selected node from the Console Tree.

The Action Pane is the far right default view which offers the actions to take for the highlighted item in the Console Tree pane. These are the same options available to you from the ACTION menu option.

FIGURE 2 – The Reliability and Performance Monitor MMC default display

When the Reliability and Performance Monitor MMC opens up in the default view (as shown above) it will display at the top in the graphical display the current resource overview for the system.

The CPU view will show the current percentage of total processor use and maximum use limit which is 100%. This is an overall CPU commit reading of all cores and processors available and show in a single view.

Additionally the default view will show over all Disk activity in terms of KB / second (kilobytes) or in larger units as needed and the percentage of highest active time which has a maximum of 100% committed use. This view shows the total committed rate of all of the disk subsystem regardless of the number of physical disks or volume configurations).

The next graph that is available to review is the Network monitor which displays current network activity in Mbps (megabytes per second) and the percentage of network utilization active at the time.

The final view shows system Memory and the number of Hard Faults per second along with the percentage of Used Physical Memory.

[NOTES FROM THE FIELD] – With respect to the Network Monitor portion of the tool, this will show the current network activity with respect to the local system and the local network connection (Ethernet port, wireless, telephone line in, etc). The percentage of network utilization active is for the machine only and not the Local Area Network (LAN) or the Wide Area Network (WAN). Additionally, this measurement should not be considered the reading for your internet connection either. When you review FIGURE 2 you will see that my network utilization is about 2%. At the time that I took that screen shot I was downloading a file from a remote location across the internet via my DSL connection which has a download throughput of about 2.4 Mbps or about 2% of my 100MB Ethernet controller. I am leveraging about 90% of my internet connection throughput (as the download is coming in at about 2 Mbps) but I am only using about 2% of the total capacity of the network card itself.

Immediately below the graphs in the default view you will see detail subsections that are available to review for CPU, Disk, Network and Memory.

If you select the arrows at the far right of each row or click in the graphs at the top for a given monitor, you will be able to expand the details section of the chosen monitor to be able to get a real time view of resource consumption events on the system.

Each resource section has different sets of details to review and they can be sorted by their respective columns.

The CPU Module

FIGURE 3 – The CPU module details section expanded

As you can see from the above screenshot, the CPU resource details are provided when the list is expanded which allows you to see current resources committed to the CPU, the number of threads attached to the processes along with the process ID and the average CPU use.

As mentioned above, if you wanted to sort the details numerically by process ID all you’d need to do would be to click on the PID header for the sort function to work from the low number to the high number. (If you select the same option a second time it sorts from high to low). If you decided to sort by active thread count you would simply select that column and so on.

The Disk Module

FIGURE 4 – The Disk module details section expanded

The Disk resource details are provided when the list is expanded and these details allow you to see current resources committed to the Disk subsystem including the listed process and corresponding ID, read time in bytes per minutes as well and the write time in bytes per minute. Additionally, you’ll see the listed IO priority as well as the response time in milliseconds.

The Network Module

FIGURE 5 – The Network module details section expanded

The expanded Network resource section details the currently active network service or application and its process ID. The Address section provides information on the local or remote resource that is tied to the running service. There is also a section that details the Send bytes per minute, the Receive bytes per minute and the Total bytes per minute.

The Memory Module

FIGURE 6 – The Memory module details section expanded

The last of the resource details is system memory which shows all of the active applications and services committed to memory and their relative PIDs. There is a column which outlines the Hard Faults per minute on an individual level as well as the Commit charge (listed in KB – kilobytes). You can also see the Working Set of memory, what is shown as Sharable memory and what is committed in a Private address space.

Next Time …

So that ends my overview of the Reliability and Performance Monitor with respect to the Resource Overview section.

In Part 2 – Reliability and Performance Monitor – Performance Monitor Demystified I will go over some of the features and functions of this part of the tool as well as going over some best practices with respect to collecting and working with Performance Logs.

I hope you found this article informative and I am looking forward to any feedback you have on it. Additionally, I would welcome any topics of interest that you would like to see and based on demand and column space we’ll do what we can to deliver them to you.

Best of luck in your studies.

Related posts:

• Server 2008 Reliability and Performance Monitor – Part 2
• Server 2008 Reliability & Performance Monitor – Part 3
• 7 Server Management Improvements in Server 2008 R2