by February 22, 2006 0 comments



In our other articles on Windows Vista so far, we have
looked at it in bits and pieces and examined its user interface and some of the
cosmetic changes that have been made. Those were meant to give you an idea of
the general look and feel of the system. In this series, we’ll drill deeper
and tell you about new features and services in the OS that could affect you as
a user or a network administrator. We’ve used the build 5270 for this article,
which we may update to future builds as they become available.

Direct Hit!
Applies to:
System administrators
USP:
Learn about new Vista services, security features and more that would affect enterprise deployment
Primary Link:
http://microsoft.com/technet/windowsvista/
Google keywords:
vista new features

Security features
We found that the Vista build we tested had very tight security, so
much so that almost any system management application like Task Manager,
Registry Editor, anything that uses MMC, which a user launched was subject to a
Permit/Deny prompt. This would not have been an annoyance had these actions been
recorded, so that you would only face them once. Possibly the final release will
take care of this. However, the funny thing was that programs (especially
installers) could start and stop processes at will and make changes to the
registry. We managed to install lots of third party applications on Vista, and
we didn’t get any security warnings. So even a program with a hidden malware
plug-in could easily slip through. Does this go to say that users are the
malware and not the applications?

Vista is also supposed to have the new User Authentication
Protocol (UAP), which is supposed to enhance its security. In this, the less
privileged user accounts won’t be allowed to install anything on the system,
without first providing the administrator’s username and password. However, if
users login as administrators into the local machine, then UAP is useless.
It’s therefore up to the network administrator to control the setup.
Currently, there’s a lot of debate happening on its true capabilities. Let’s
see what finally comes out.

In Win XP, you could prevent certain programs from running
by turning off the related service or preventing the executable from
auto-starting. Vista didn’t seem to allow us to do that in this build. No
matter what we tried to turn off, warnings kept appearing out of nowhere.

P2P services
While network administrators scramble to block P2P clients and ports
on their systems, Vista introduces at least four new services that integrate P2P
into the OS itself! These include a new protocol called PNRP (Peer Name
Resolution Protocol) and three services viz. Peer Networking Grouping, Peer
Networking Identity Manager and the PNRP Auto Registration. While the
description for the last service reads ‘This is a temporary Beta 1 service’,
there are no such promises for the other three. These of course, also affect the
‘People Near Me’ program in Vista where it lets you establish P2P sessions
with other Vista users ‘near’ you. Disabling these four services in build
5270 did not impair the system’s normal abilities in anyway.

The Health Monitor in Vista displays the vital system instability information at a glance The Event Viewer provides more detailed information, along with an XML detail view

Lots of services
Vista has 26 services in all and more than 50 percent of them can be
safely turned off. However, some of these are interesting and we examine some of
them briefly below. Rest will be discussed in subsequent issues.

Base Filtering Engine: This manages both the firewall and
IPSec policies on the system. Unless you plan to turn off the firewall and IPSec,
leave this one working. It runs under the Local Service account, hosted by the
‘svchost’ environment.

Group Policy Client: As the name suggests, this is the
service to blame if changes to the Group Policy are not applied. Strangely this
service seems to be needed on standalone Vista PCs too and if you try to stop
it, you get an ‘Access Denied’ message.

Multimedia Class Scheduler: Needed for all multimedia on
the PC, even for basic sound to work. The service is meant to change thread
priorities of multimedia tasks based on performance demands.

Network Store Interface: This is a user-mode service and
basic services like IP and Network Location Awareness depend on it. It maintains
a list of network interfaces and helps manage them.

Software Licensing: A separate ‘SL UI Notification
Service’ is now in charge of licensing and activation related notifications.
This service is responsible for actually enforcing licensing on the system.
There is an attached warning that programs aware of this service may run with
reduced functionality if the service is disabled.

Thread Ordering Server: At the root of all multi-threaded
applications on your system, this service manages threads and schedules their
prioritized execution. Other services like the Windows Audio in-turn depend on
this service.

User Experience Session Management: Manages the desktop and
user session. Unless you want the Vista theme running, you could turn this off.

User Profile: Manages user profiles, loads and saves them
and so forth. Windows now strongly uses the profile system, even if you’re
using an isolated desktop with just one user. So, you need to leave this on.

New in diagnostics
When things go wrong, Vista has a lot to offer in terms of the
built-in diagnostic tools. It does remain to be seen how much of them would
remain accessible or usable when there’s a real problem. There are mainly two
tools for this, both accessible from the Computer Management console. The first
is the Reliability Monitor and the second is the Diagnostic Console. Then there
are specific tools for disk and memory. We look at each below.

Reliability Monitor
This monitor is sparsely functional now, but looks promising as the
product heads to release. Right now, all you can do with it is view the data it
collects. There’s a calendar to the right of the pane with the report, but it
does not seem to let you change a date. You can however click on the vertically
arranged dates just under the reliability graph, or the points marked on the
graph itself. Also, it does not seem to need any active service. Once a
particular date or range of dates has been selected, the pane below the graph
updates to show specific failures or incidents viz software changes, application
crashes, driver failures, hardware failures and failures in Windows subsystems
itself. This is useful if you’d like to know more or less at a glance what’s
been happening on the system. But for more details and specifics, you need to
look to other tools.

The event tracer agents can be configured to a high degree. It allows the setup of what providers to poll for trace information This is the main diagnostics console screen that provides vital performance information at a glance

Diagnostic Console
This is a single point console for diagnostic and monitoring activity. You have
four items under this — System Monitor, Data Collector Sets, Reports and Event
Trace Sessions. The System Monitor is nothing but the old Performance Monitor,
looks and behaves the same familiar way too. Although a wizard opens up when you
click on ‘New’ under Data Collector Sets, you can only cancel it so that’s
not of much use now. And there are no predefined sets to play with. Reports is
also blank and Event Trace Sessions is a list of active agents that are
collecting diagnostic data. You can double-click (or select Properties from its
context menu) to set up each agent. Settings include everything from security to
trigger conditions and alarms. You can have each agent save its logs to a
different directory and configure its polling intervals.

The console’s main screen (when you click its main node
in the tree) is a very informative on a number of points. It tells you at a
glance, graphically, what’s happening in the CPU, disk, network and memory.
You can double-click on one of the graphs or on the dropdown arrows to get
further details of that particular subsystem. This lists all processes using
that resource with individual usage counts.

Disk and Memory Diagnostic Tools
You can launch the memory from Accessories>System Tools. But it
will run only on boot up and cannot be run from within the Windows environment.
So, you should use one of the two options on the dialog to schedule for next
boot or reboot and run immediately. This tool will scan your system’s RAM
thoroughly for any problems and tell you if you need to replace memory. We have
seen similar tools before in other third party troubleshooting software, but
this is the first time that it comes with Windows. The disk diagnostic is
nothing but good old CHKDSK that we know from the NT days. It is a little more
verbose and lets the user know what’s happening instead of just the dumb
progress bar we’re used to. It is also a little faster than before.

Event Viewer
The old event viewer was an interface where you saw reports from a
fixed set of event sinks. You couldn’t make your own or customize it to
something more comfortable. Now all that is changed. If you’d like to see
events from any software subsystem, you can now do that with just two clicks.
What you need to do is open the Event Viewer node and click on the ‘Add
Application View’ menu item from the right-side pane. From the small dialog
that appears, select the item you want to see events of and that’s it. Do note
though that this can make your system take a performance hit on some PCs. This
new event viewer also has a new section called ‘Critical and error events in
global logs’ (under the ‘Views’ node) where all the critical items from
all the logs under the ‘Global logs’ set come in automatically.

And, haven’t you ever wished that you could automatically
run the Disk Cleanup agent or a batch task when your disk is full? Now that can
be done. From the event viewer, you can attach a scheduled task to be triggered
whenever a particular item is logged. This is as simple as selecting ‘Attach
Task to this Event’ from the right-side pane after selecting some event entry
first. Do note that the Task Scheduler Service should be started before you can
attach tasks. The new ‘details’ pane for each event log entry displays
content in XML format. You can change to ‘Friendly view’ by clicking the
almost invisible radio field just above the XML field to see what exactly it is.

We shall see some more interesting aspects of Vista that
will impact its use in your enterprise in the forthcoming parts of this series.

Sujay V Sarma

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.