4.4.8. System Supervision

 Back  Windows XP  Next

In Chapter 3.4.1 it was explained that it is a process. During operation, it is possible that some of the processes or applications stuck. Windows XP is not a complete multi-processing system, and it can happen that one of the failure process stops work computer completely. These can occur when trying to read the plain badly recorded CD media, information is there but it is an annoyance to read and the system trying to get them working for you ... Then the specified task best stop. For this purpose serves 'Windows Task Manager' software support to stop the current process, which refers to the combination of the <CTRL> + <ALT> + <DEL>.

 Task Manager

Figure*** 4.4.53 Monitoring current system work. ( +/- )

The upper set of images show that this very significant 'piece of software' can. Can not stop the application running (CD read for example), processes or the work of a service (some of svchost processes for example), to monitor how much CPU (no point something clicked while the processor is 100% busy) or monitor network bandwidth when downloading a file .

Most interesting are the processes that support file [Windows\system32\SVCHOST.EXE]. Each Svchost.exe session can contain a grouping of services that can be run independently of each other, depending on how and where Svchost.exe is started. The most beautiful part is when some bad 'virus' or 'worm' mimic his name and performs as a system resource, or if take the name of antivirus support.

Each of the displayed processes can be identified and choice |End Process| stop and extinguish. It used to be the tagging process and stopping several times to repeat the process of 'disappeared from the list', that has stopped. It's basically painless stop process initiated by the user, while stopping system processes can result in blocking or reset the computer.

Some of the services can be directly monitored from the start of program support {Start}~{Control Panel}~{Administrative Tools}~{Services}, which offers the following window.

Figure 4.4.54 Status of services of operating system.

Service can be started automatically when turn on the computer (AUTOMATIC), available in case of need (MANUAL) or disabled (DISABLED). Each of the services uses some CPU and memory resources. Therefore unnecessary services should be disabled. What kept constantly involved network services if the computer is not connected to the network because it is employed as a supervisor of a measuring process? Computer users who have less computing power will be happy to turn off some services as to release resources for playing.

If the computer is used in computer facilities and offers his resources (share) available to a group of users, it is useful to all the services that run set to AUTOMATIC that you turn on the computer after the holiday days resources mutually recognized without any special user intervention because data about their relationship stored and cached deleted. As the OS is not able to recognize the dynamic changes in the inclusion, Missing shared printer will automatically turn off and stay off, regardless if it is subsequently available. So first involves a computer that provides resources and then only computers that use them.

In the same group as the previous program support icon is instituting a program of aid for reading events (EVENT). Specifically analyzed .LOG file systems and their contents are displayed in a comprehensible form. Part of the display that shows they contain notes (.log files) on the work of application is shown in the following Figure.

 Viewing of events
Figure 4.4.55 Viewing of errors in the system during operation.

From the presented example demonstrates three states: correct operation, warning and error. Regardless of whether the analysis of records of applications and systems, errors are not worrisome phenomenon if sporadically appear. Aforementioned unfortunate 'baked' CD tracks will cause the error. But from time to time, the situation should be monitored, especially if you installed a new version of a driver, or a completely new program support. It would not be the first time that the installation of software comes in 'fight' with a firewall, as shown in the records might read, and facilitate problem solving. If the situation is stable it is useful to periodically delete records D1 action and choice {Clear all Events}.

It has already been mentioned in previous Chapters that the firewall operating system can only monitor the incoming traffic, not outgoing traffic. But one of the commands that allows to compensate for this deficiency is SECPol (Local Security Policy Editor), one of the admin tools such as GPEdit. The difference in what is referred to GPEdit can be used on all computers in the domain to which they belong, while SECPol settings apply only to the computer on which they operate, so locally. GPEdit is versatile and usable locally on the computer and the monitor and adjust all the computers in the domain. SECPol is more focused on security related registry entries PC user. Activating SECPol program support by the selection {Start}~{Run...} and typing 'secpol.msc' into the available form. Figure 4.4.56a shows what can be adjusted with this tool, while other pictures show how to use the ban on the execution of arbitrary programs.

 Software support 'secpol.msc'
Figure** 4.4.56 Prohibition of file execution. ( +/- )

How to use the above tool? Some installed programs, particularly their free versions tend to every little warn the user that they are available and the professional version, which of course must pay. Then simply ban (choice |Security level:|) part of software by selecting the proper file by completing forms and admission records by selecting File button also by |Browse...|, which performs this notification beneficiaries, as shown in Figure 4.4.56b. It is possible that some of the programs are designed so that each time you are active send some data vendor, or trigger program support visible as an icon in the system menu (System Tray Icons), which attempts to contact a service on the Internet that already exists (or at another address). It is possible that a service runs in the background and is active no matter what is in the list of services excluded (Figure 4.4.54). Then you can make the prohibition of this communication is initiated by the computer, because the firewall settings specified can not do as a firewall only monitors incoming traffic. One example of this is the use of image in Figure 4.4.56c. What should be left to say? System Manual in hand and read.


 Content - Home
 Content  Informatics Alphabet
Citing this page:
Radic, Drago. " IT - Informatics Alphabet " Split-Croatia.
{Date of access}. <http://www.informatics.buzdo.com/>.
Copyright © by Drago Radic. All rights reserved. | Disclaimer