Computer Maintenance and Security

Preventive maintenance is a large part of a desktop administrator’s responsibility. This lesson introduces several procedures that help to keep a computer running properly and reduce downtime. Securing a computer can also be considered preventive maintenance in that it helps to prevent malicious attacks against a computer that could render it unusable or compromise the integrity of sensitive data.

Preventive Maintenance

Preventative maintenance involves securing a computer in an effort to safeguard against attacks that would compromise security. There are several aspects involved with preventative maintenance which are detailed throughout the lesson in order to provide you with a foundational knowledge of maintenance and security.

Safe Mode

Safe mode is a diagnostic mode of the Windows operating system. When a computer is started in safe mode, a user will have reduced functionality because many non-core components will have been disabled.

Safe mode is intended to help fix problems within an operating system. It is a key troubleshooting mode that allows a user to disable all non-required components and then turn them back on a few at a time while checking for errors. It is great for removing rogue security software. An installation that will only boot into safe mode typically has a major problem. Safe mode can be accessed through msconfig or F8 at startup.

Task Manager

The task manager is used to check for and stop software and background processes from running. It can be accessed in several different ways:

  1. Right-click the taskbar and select Task Manager
  2. Simultaneously press <ctrl> + <shift> + <esc>
  3. Click the start button and type taskmgr
  4. Simultaneously press <ctrl> + <shift> + <del> then click Task Manager

For More information about the Task Manager, read Reap the Benefits of Window 7’s Task Manager.

Applications Tab

The Applications tab allows a user to determine the status of a task and to end it, switch to another user, or create a new task.

Application Tab of the Task Manager

Figure 1: Screen displaying all running tasks in the Application Tab of the Task Manager

Processes Tab

The Processes tab shown in Figure 2 provides a user with very detailed information about all of the background processes currently running. A user can end a process or find out more information about it by right-clicking or using the menu options.

Processes Tab of the Task Manager

Figure 2: Screen displaying all running tasks in the Processes Tab of the Task Manager

Additional information can be displayed by selecting View > Select Columns > and picking a column to add to the display. The Image Path Name column shows the full path to the running process. The Command Line column shows the full command line, along with the switches used to start the process.

Screen displaying all running tasks with more than the default columns in the Processes Tab of the Task Manager

Figure 3: Screen displaying all running tasks with more than the default columns in the Processes Tab of the Task Manager

Right click on a process, and select either the Open File Location or Properties to display other useful information about a process.

Read Identify and get detailed information about processes in Window 7 for additional details.

Services Tab

The Services tab provides a user with an easy way to view the services that are currently running. Right-click on the name of a service, and select the Go to Process command to determine if that service is tied to another one. If more control is needed, click the Services button to launch the Services mmc.

Services Tab of the Task Manager

Figure 4: Screen displaying all running services in the Services Tab of the Task Manager

Performance Tab

The Performance tab shows detailed information about the performance of the computer’s CPU and RAM.

In the Physical Memory section, the Total entry shows how much RAM is installed on the computer. The Cached entry shows the amount of physical memory used for system resources. The Available entry shows the amount of physical memory not being used.

In the Kernel Memory section, the Paged and Non-paged entries show how much of the RAM used by the Kernel is coming from virtual memory versus physical memory.

In the System section, the Handles entry shows how many object identifiers are currently being used by all running processes. Threads refer to the number of sub-processes running inside of larger processes. The Processes entry displays the number of currently running processes. The Up Time entry shows how long the system has been up. The Commit entry shows Page File usage.

As with Services, the Resource Monitor mmc can be started by clicking the Resource Monitor button.

Performance Tab of the Task Manager

Figure 5: Screen displaying the Performance Tab of the Task Manager

Networking and User Tabs

The Networking tab shows the network status and how it is being utilized.

Networking Tab in Task Manager

Figure 6: Screen displaying the Networking Tab in Task Manager

The User tab shows who is logged into the system.

Users Tab in Task Manager

Figure 7: Screen displaying the Users Tab in Task Manager

System Configuration Tool

The System Configuration tool (msconfig) can help identify problems that might prevent Windows from starting correctly. One of the most important tabs is Startup. From this tool, a user can turn applications and processes on or off that load at login. Lowering the number of startup items can decrease startup time.

startup items listed in System Configuration

Figure 8: Screen displaying startup items listed in System Configuration

Scheduling Backups

Backups are important in case there is an operating system failure or disk failure. Look in the Control Panel for System and Maintenance, then Backup and Restore. Click Setup Backup and follow the prompts of the Wizard. A user can also create a system image and create a system repair disk from here.

Recommendations:

  1. Don’t backup files to the same hard disk on which Windows is installed
  2. Always store backup media in a secure place, preferably offsite
  3. Keep them in a fireproof location separate from the computer location
  4. Create and maintain a regular schedule

options for scheduling backups and restores

Figure 9: Screen displaying options for scheduling backups and restores

A backup can also be started from the Properties of a drive as shown in Figure 10.

how to perform a backup from Properties of a disk

Figure 10: Screen displaying how to perform a backup from Properties of a disk

Scheduling Check Disks

The Check Disk tool can verify that the hard disk is free of errors. If any are found, the tool either fixes the bad sector or attempts to move any data located on the bad sector and marks it as bad. It can be accessed by right-clicking the hard disk and selecting properties. From the tools tab, click Check now…

Select the automatically fix file system errors box to automatically repair any problems that the scan finds. Otherwise, this tool will only report problems but not fix them.

Also, select Scan for and attempt recovery of bad sectors to perform a thorough disk check. It will fix physical errors or at least move as much data as possible from the corrupted sector and mark the sector is bad, so it can’t be used anymore. The best option is to check both options when running a scan, but the scan can take much longer to complete.

how to run Check Disk

Figure 11: Screen displaying how to run Check Disk

Scheduling Disk Defragmenter

The Disk Defragmenter rearranges fragmented files on a volume so it works more efficiently. This task can be automated to run at regular intervals. It can also be run manually. It is scheduled to run once a week by default in Windows 7, but that can be changed to meet the needs of the user.

To access the Disk Defragmenter, right-click the drive and select Properties. Select Defragment now… on the Tools tab.

how to defragment a drive from Properties of the drive

Figure 12: Screen displaying how to defragment a drive from Properties of the drive

Note: Defragmentation cannot be scheduled for solid-state drives as well as some types of virtual hard drives, because those drives do not become fragmented.

how to schedule a job that will defragment a drive from Properties of the drive

Figure 13: Screen displaying how to schedule a job that will defragment a drive from Properties of the drive

Windows Updates

Windows updates help to keep a PC safer and the software current by installing the latest security and feature updates from Microsoft. Turn on automatic updating if updates should be installed as they become available.

Important updates provide significant benefits, like improved security and reliability. It is a good practice to automatically update both important and recommended updates.

Windows Update can be opened from All Programs on the Start button. Best practices recommend changing the automatic update settings and selecting all the options as shown in Figure 14.

how to configure Windows Updates

Figure 14: Screen displaying how to configure Windows Updates

Driver Updates

Drivers add functionality to a computer. Without them, devices connected to a computer, for example, a mouse, a printer, or external hard drive, won’t work properly. Drivers periodically need to be updated also.

Windows can automatically look for updated drivers for new devices that are connected to a computer but not all will be updated from Windows Update. Manual installs may be required. To make sure all the hardware and devices continue working properly, this process should be followed. Information about a driver and updating it can be accessed from the Device Manager or from Devices and Printers.

how to update a driver

Figure 15: Screen displaying how to update a driver

Antivirus Updates

Antivirus and anti-malware must be updated regularly to be effective against new malicious software. Some are designed to update automatically, and some are not. Security software can also be updated manually to be safe.

There are many free and paid versions of antivirus software available. The status of antivirus software can be displayed in the Windows Security Center on Windows Vista or in the Action Center on Windows 7. If Windows can detect the installed antivirus software, it will be listed under Virus protection.

the antivirus status in Action Center

Figure 16: Screen displaying the antivirus status in Action Center

System Restore

Installing a new driver or application can cause a computer to malfunction or not even reboot. Using System Restore can return a system to a state when everything worked properly. It essentially creates a backup of the registry that can be reinstalled at any time. A restore point should always be created before installing or updating any software or the operating system.

System restore can be opened by clicking System in the Control Panel. Then click the Advanced system settings in the left panel. From the System Protection tab, click System Restore. Save any open files before starting a system restore since it restarts the computer.

Screen displaying System Restore

Figure 17: Screen displaying System Restore

Automated System Recovery

An Automated System Recovery (ASR) disk should be created as part of a plan to recover from a failure. Use ASR only as a last resort after other options, like Safe Mode and Last Known Good Configuration, have been exhausted.

ASR backs up system services, system state data, and any other information needed to restore the configuration of a computer. No data found on the hard drives is backed up. This disk can be created by selecting Control Panel > Backup and Restore > Create a system repair disk from the left panel. The restore part of ASR can be accessed by pressing F2 when prompted during boot up.

where to create a system repair disc

Figure 18: Screen displaying where to create a system repair disc

Basic Security

Security should be at the forefront of all of our minds today. Having a good security plan will save hours of troubleshooting and work in the long run.

Users and Groups

A user group or security group is as it sounds – a grouping of user accounts that all have the same rights and permissions. A user can belong to more than one group at a time. As discussed in an earlier lesson, there are two basic types of security accounts: the standard user and the administrator.

When logged in as administrator, custom user groups can be created. Windows 7 Professional or higher is required to create custom groups. To access Users and Groups, select Administrative Tools in Control Panel, and open Computer Management. Then in the left panel, click Local Users and Groups.

how to create a new group

Figure 19: Screen displaying how to create a new group

Administrative Shares

Administrative shares or default network shares are automatically created when the operating system is installed. Every hard drive partition in the system has several administrative shares which cannot be removed. These shares allow anyone who can authenticate as a member of the local administrators’ group to gain access to all hard drives in the system. This type of share is not accessible by default on home additions of XP, Vista, or Windows 7.

Anyone with administrative rights can access the shares by placing a dollar sign at the end of the UNC path. C$ and ADMIN$ are created by default at the time of installation:

  1. \\MyComputer\C$
  2. \\MyComputer\ADMIN$ (shares access to %SYSTEMROOT%)

To view the open shares, go to Computer Management in Administrative Tools on Control Panel. Then click shared folders in the left pane.

how to view and create a share

Figure 20: Screen displaying how to view and create a share

Share Permissions

Share permissions were discussed in an earlier lesson; however, this section will act as a review and will also provide additional information.

By default, later versions of Windows grant everyone the Read permissions to files and folders that are shared over the network. Best practices recommend that the Everyone group be removed and only specific users that need access be added.

If everyone in an organization needs access to the data, remove Everyone and add the Authenticated Users group. This will at least lock down access to users who have been authenticated on the local network.

Share permissions do not apply to anyone working on the computer that has shared files and/or folders. This type of permission only works when the share is being accessed across a network. To lock down files and/or folders on a local drive, that drive must be using the NTFS file system and those permissions must be applied.

how to set Share Permissions

Figure 21: Screen displaying how to set Share Permissions

Share permissions can be granted through the GUI as shown in Figure 21 or with these command line instructions:

  1. cacls <filename> /G <user>:<permission> (grant access to user)
  2. cacls <filename> /D <user>:<permission> (deny access to user)
  3. cacls <filename> /P <user>:<permission> (replace user access)

The following permissions can be set:

  1. No Access – by Denying one of the following permissions
  2. R (Read)
  3. C (Change)
  4. F (Full control)

how to set Share Permissions from a CLI

Figure 22: Screen displaying how to set Share Permissions from a CLI

NTFS Permissions

NTFS permissions apply to anyone logged into a computer locally, or anyone accessing a computer through a UNC from the run command, a mapped drive, or terminal services. These permissions can only be set on NTFS file systems. As with the shared permissions, remove the Everyone group and only add select users that require access to the Authenticated Users group.

how to set NTFS Permissions

Figure 23: Screen displaying how to set NTFS Permissions

Summary

In this lesson, you learned important concepts about relating to Computer Maintenance and Security. Keep the following in mind:

  1. Several tools and procedures were introduced in this lesson:
    1. When a computer is not functioning properly, it can be booted into Safe Mode so that it only loads its basic operating system and additional services can be added one at the time until the misbehaving service is found.
    2. The Task Manager allows a user to see the status of applications and stop one that is not running or hung. The Process tab not only displays what processes are running and the amount of CPU and memory each is using, but it also displays the location of the process and the command used to start it. The Services tab is similar to the Process tab in that is displays all installed services, the service process ID, the status of the service, and what user the service is running as. The Performance tab details the state of the CPU and memory.
    3. The System Configuration tool allows a user to see and control how computer boots and what services and applications are loaded after a computer is booted.
    4. How to schedule or manually perform a backup was outlined. Best practices for backups were also discussed.
    5. Checking for and attempting to fix bad sectors on a hard drive can be done with the Check Disk tools.
    6. The Disk Defragmenter moves data into contiguous blocks which helps with read/write performance on a hard drive.
    7. Windows Updates can be automatically downloaded and installed, including important OS and security patches. It also provides optional updates that can be applied at a user’s discretion.
    8. Some device drivers can be updated through Windows Updates; however, the most common way to update a driver is through Device Manager. Updates are performed to provide better security and functionality.
    9. The System Restore tool allows a user to return a computer to the state it was in before a patch was applied or an application was installed.
    10. A recovery disk called an Automated System Recovery disk, can be created that can be used to recover from a system failure.
  2. Security can be provided by assigning permissions to users and/or groups. The combination of Share and NTFS permissions help to prevent unauthorized access to data located on a computer.