Nov 24, 2009

Suggested Thresholds for Essential Counters

This is excerpted from an MS article for w2k resource kit. Most of the numbers should still be applicable to newer version of OSes.

Resource
Object/Counter
Threshold
Comments

Disk
PhysicalDisk\% Disk Time
90%

Disk
PhysicalDisk\ Disk Reads/sec, PhysicalDisk\Disk
Depends on manufacturer's specifications
Check the disk's specified transfer rate to verify that the logged rate doesn't exceed specifications.(1)

Sep 22, 2009

Account Logon vs. Logon/Logoff events in security log

Ever confused by the "Account Logon" events and "Logon/Logoff" events in your Security Log? Read on.

[Edit: Dec 19, 2011]: This is applicable to Windows 2003. In Windows 2008, "account logon" is changed to "credential validation" to better reflect what it really is.
****************************************
This is a complete copy/paste from MSDN.
****************************************

One of the most common questions that I get about Windows Auditing is, how come you guys were so @#%! stupid that you put in two logon categories?

The answer is actually pretty simple- we're bad at choosing names. "Account Logon" isn't really about logon, it's about credential validation.

Here's the low down on what is the difference between Logon/Logoff and Account Logon events, and how to decipher Account Logon events.

Sep 3, 2009

Backup and restore TCP/IP stack config using command line

netsh -c interface dump > ipconfig.txt
netsh -f ipconfig.txt

Jan 28, 2009

Change TSM client password on cluster

Or when there are more than one scheduler services.

On the active node, open command prompt
>dsmc -optfile="the opt file that you want to change"
>q se
>set password

Failover to second node, do the same.

Jan 15, 2009

Replacing a cert without losing existing cert in IIS

http://support.microsoft.com/kb/295281

Recently I ran into a problem when I tried to generate a CSR. The current cert in use was from VeriSign and we wanted to switch to thawte. The problem was that the option "Replace current cert" was grayed out because existing cert was still valid. The above KB is the perfect workaround.