Chapter 3
EXAM OBJECTIVES
Optimizing operating systems by modifying virtual memory settings
Using utilities to monitor and identify optimization areas
Optimizing hard drives and temporary files
Improving performance by turning off OS features
Managing services and startup of applications to optimize system performance
Few things in life are perfect, and if you put them on a scale from perfect to lousy, most things fall somewhere in the middle. Computers play a part in my life, and I can safely say that they are not perfect, especially when dealing with speed and performance. I regularly work with other people’s computers and find the responsiveness of many computers far less — very far less — than perfect. Over time, if left to its own devices, your computer will slow down, sliding down the scale from the perfect end to the lousy end. When I comment on the slow system performance of a computer that just completed a 15-minute boot and logon, I am often surprised, or absolutely floored, when the owner says that it is acceptable. Although some people find “acceptable” to be, well, acceptable, as the saying goes, “good enough” is never good enough. As a CompTIA A+ Certified Professional, you should be able to identify areas that might cause slow system performance — and then resolve those issues.
In this chapter, you look at the major problems responsible for many slowdowns — and how to avoid them.
The tapered neck of a bottle, with its substantially smaller diameter than the body of the bottle, restricts the flow of liquid from the bottle. Bottlenecks occur on your computer as well. They happen when most system resources are fine, except for that one subsystem that is heavily overused. To perform any task, a limited number of resources can be applied to a task; when the task exceeds the available resources, you run into problems. Computers have four critical resources that can be the source of a bottleneck:
In addition to resource overuse, hardware errors might also cause problems. This chapter does not examine possible hardware errors that can cause problems or issues that might be specific to a particular type of application or service. Most hardware issues are dealt with in Book 4, Chapter 2, which is devoted to troubleshooting.
To effectively diagnose a problem in one of the four critical resources (processor, memory, disk, and network), you need to monitor what is going on with your system. In the following sections, you look at two tools that you can use to diagnose problems in these resource areas.
Task Manager (or taskmgr.exe) is a nice, quick, and simple tool. It is not as full-featured as Performance Monitor (see the following section), but what it lacks in features, it makes up for in simplicity and speed. To open Task Manager, press Ctrl+Alt+Del, which will display a list of options, of which Start Task Manager or Task Manager is one. You can also open Task Manager by right-clicking an empty area of the Taskbar and choosing Task Manager from the contextual menu.
You can use Task Manager to diagnose processor, memory, network, and service bottlenecks. Figure 3-1 shows the Performance tab of Task Manager, which is typically the tab you will use first to identify a problem.
On the Performance tab, you can find critical data about your system’s performance. This tab is broken down into two main sections: the graphs and the numeric data. In the graph section is CPU usage and PF (Page File) usage information (or Physical Memory usage in Windows 7). In the numeric section, you see information on processes and memory usage. At the very bottom of the window, you see summary information in the status bar.
In the graphs section is the graph for the overall CPU usage, which is the same image shown in the system tray next to the clock. (This image appears automatically when you open Task Manager.) In this context, CPU usage is the average of CPU usage over all processors in your computer.
Next to this graph is a line graph showing you historic CPU usage over the past few minutes. If you have multiple processors, processors with hyperthreading, or multicore processors, you will see multiple line graphs, each in its own small window. If the graph is too small, resize Task Manager. And if you have multiple graphs, you can get a single graph showing the averages by choosing View ⇒ CPU History ⇒ One Graph, All CPUs. If you choose View ⇒ Show Kernel Times, you get a red line showing kernel processor utilization to help identify whether the problem is related to kernel processes or user processes. It is not uncommon for processor utilization to jump to 100%, but if it is consistently higher than 80% or 90%, you are likely experiencing a slowdown.
Page file usage (also recorded in the graphs section) is actually application-specific virtual memory usage, which includes paging file usage and a portion of the physical memory that the application is using. Just like CPU utilization, two graphs are shown here: a histogram for instantaneous usage and a line graph showing the historical usage. If you are running low on space in your page file, you are likely running short on memory. Windows 7 shows page file usage in the System section of the dialog, and shows physical memory usage in the graph area.
In the numeric section are totals for handles, threads, and processes. Think of processes as applications. However, not all applications run in windows that you can see. Some, like services, run in the background, and these are included in the total number of running processes. Each process is composed of threads of code that are executed. Old applications from the 16-bit Windows and MS-DOS days are single threaded, which means that the program runs a single thread of code from beginning to end. Newer multithreaded applications can run several different threads of code, each performing a different task, all working together to perform the task that the processor is attempting to accomplish. On a multiprocessor computer, these threads can execute simultaneously, improving the overall speed of the process.
Handles are resources that the processes are using, such as memory locations, files, or Registry keys. Most likely, you will be primarily concerned with how many processes are running, because each running process consumes some of the total processor cycles available.
The other numeric sections all deal with memory — physical memory, kernel memory, and commit charge (prior to Windows Vista). Physical memory is the actual RAM that is installed in your computer. In the physical memory section, you can see how much physical memory is on your computer, is free (or available), and is allocated to system cache or disk caching for the disk drives. The cache space dynamically adjusts as demands for memory go up, but the goal is to improve disk access by caching in fast memory.
Kernel memory is memory allotted to the kernel. The kernel memory section shows you how much memory is allocated to the kernel, which is in charge of running all operations in your computer. If a driver has a memory leak, you might see kernel memory increase higher than normal for your computer, which is typically less than 100MB. The short-term solution is to reboot your computer.
Kernel memory is split between paged and nonpaged memory. Paged memory is part of the page pool, which is the memory swapped between physical RAM and the page file on the hard drive.
Commit charge is the amount of memory that is in use, or committed. This section shows you current usage, total available (including the page file), and the peak usage since the last reboot. Windows Vista and Windows 7 do not have a section for commit charge. Windows Vista displays the total committed memory in the System section as Page File, while Windows 7 calls this Commit.
Windows has a Resource Monitor button to this tab, which opens another performance tool that provides more detailed information related to the four critical resources, as shown in Figure 3-2. One big difference between Resource Monitor and Task Manager is that Resource Monitor shows the resource usage by application or process. Resource Monitor is covered in the section “Windows Resource Monitor,” later in this chapter.
Windows 8.1 completely reworks the Performance tab of Task Manager by providing a series of graphs and numeric data similar to what you would see in Resource Monitor, but substantially scaled back. This new interface, shown in Figure 3-3, can be seen by opening Task Manager and clicking on the More Details link. Key points of the new interface include:
As with earlier versions of Windows, the Performance tab includes a link to the Resource Monitor, which allows a more detailed analysis of system performance.
In most cases, looking at the data on the Performance tab leads you to either the Processes tab or the Networking tab (on Windows Vista or Windows 7). On the Networking tab (shown in Figure 3-4) is a line graph with lines for each network interface on your computer, representing the percentage of bandwidth being used by each one. To see additional information on your graph, choose an option from the View ⇒ Network Adapter History submenu. This allows you to add Bytes Sent and Bytes Received to the existing Bytes Total line on the graph. This is useful for seeing whether a network-related problem is because of data coming in or going out.
You can also find the same information from the graph presented numerically at the bottom of the window. To see more data, choose View ⇒ Select Columns. This opens the tool to a lot more troubleshooting capabilities by allowing analysis of many network-related counters, such as the breakdown of bytes sent, bytes received, and traffic type being unicast or nonunicast. Unicast network traffic is information that is sent only to your computer; nonunicast traffic is simultaneously sent to multiple computers on your network.
If the problems are not network-related, you might be led to look at the Processes tab, which is shown in Figure 3-5. This tab lists all running processes on your system in columns. You can toggle a sort on the columns (ascending or descending) by clicking the column heading. The default columns include Image Name, User Name (the user executing the process), CPU (the percentage utilization of this process), and Memory (the amount of memory this process is using). If you are logged on as an administrator, you can also choose to Show Processes from All Users to see processes other than your own. For Windows 8.1 users, the Processes tab shows a summary of the objects found on the Performance tab, while the Details tab shows information equivalent to the Windows 7 Processes tab.
In most cases, you will be able to locate the process using up most of the CPU cycles and slowing down your computer. To see additional troubleshooting information, choose View ⇒ Select Columns to select from many other counters, such as Virtual Memory Size, Page Faults, and Peak Memory Usage, to list just a few.
Page faults occur when information that your computer wants is not in physical memory and must be initially loaded into memory or be read from the page file on the hard drive. If the number of page faults takes a sharp rise, you might also notice that your available memory is low.
The additional options available in the contextual menu include:
The Services tab shows you the same list of services that you will find in the Services MMC management tool, but in an abridged format. This allows you to stop or start these services, or launch the Services MMC to have full control of the services. When you right-click a service, you have the option of going to the process, for services that have processes listed on the Processes tab. This makes the job of troubleshooting runaway processes and services much easier.
The Applications tab shows what applications are running in the foreground (as shown in Figure 3-6). These applications should list Running in the Status column. If the application is not listed as running, it may not be responding. At this point, you can either give the application more time to respond (after all, it might just be busy), or you can end a task by selecting the application and clicking the End Task button. To bring an application’s window to the foreground, select the application and click the Switch To button. If you want to locate the application on the Processes tab, right-click the application and choose Go to Process. To launch a new application, click the New Task button, which brings up the Run dialog box.
The Users tab shows which users are logged on, if they are currently active, the remote computer they are connected from (Client Name), and the session they are logged on to (either remote or console). For any of the users that are connected, you are able to disconnect the user or to log the user off.
On Windows 8.1 computers, you are able to use this tab to show utilization per user, expand the user to see the applications he is using, access the user’s control panel, and disconnect the user.
New with Windows 8, the Startup tab shows a list of applications that are set to start automatically with the OS or when a user logs on. From this tab you are able to disable the auto-start of the application.
Although Task Manager might be where you first look for solutions to performance problems, it is really a 10,000-foot view of the situation. To get down to ground level, you need a more powerful tool, and that is where the Performance administrative tool comes in, with its two main components: System Monitor and Performance Logs and Alerts.
System Monitor is Task Manager’s big brother. It does not allow you to change settings or terminate tasks, but it does allow you to monitor a whole series of available counters. Launch Performance by choosing Start ⇒ Control Panel ⇒ System and Security ⇒ Administrative Tools ⇒ Performance Monitor, or by running either perfmon.exe or perfmon.msc. A counter is a numeric measure of an element of a system component, such as bytes of available memory. Figure 3-7 shows the standard graph display for a custom set of counters. The only default counter is % Processor Time from the Processor object which shows processor utilization problems.
For each counter, you will see a graph with 100 readings, which by default are taken once per second. To change this frequency, bring up the Properties for the graph by clicking the Properties button on the toolbar or by pressing Ctrl+Q and changing the value of Sample Automatically Every X Seconds. You will have to select the General tab of the Performance Monitor Properties dialog, and in addition to changing the sample frequency, you will also be able to change how many samples will fill the graph.
If you don’t like the line graph look, click the View Histogram button (think bar graph) or View Report button (gives only numeric data). These buttons are indicated in Figure 3-7.
Many other counters can be added to the graph. If you click the Add button on the toolbar or press Ctrl+I, you can add counters to your graph, as shown in Figure 3-8.
By default, you add counters from your computer, but you have the option to add counters for any computer that you have admin rights for. If you prefer to view counters from a remote computer, choose it from the Select Counters from the Computer drop-down menu to type the computer name into the drop-down menu box. If you choose another computer, your list of Performance objects is updated to include the objects on that computer. Many counters are defaults for the OS, and any software you install has the option of adding custom counter objects, which is the case for many Microsoft programs. If you look at the list of counters, you will see that they can be categorized into the four critical system resources: processor, memory, disk, and network. Table 3-1 lists some of the related objects for the four critical system resources.
TABLE 3-1 Related Objects for Critical System Resources
Critical System Resource |
Related Object |
Processor |
Process Processor System |
Memory |
Memory Paging File |
Disk |
Cache Physical Disk |
Network |
Browser IP Network Interface Redirector Server Server Work Queues |
Table 3-1 is just a partial list of all the possible objects available to you. Each object has a series of related counters. For instance, the Process object has counters for % Privileged Time, % Processor Time, and % User Time. Each counter may have a series of instances. In the case of the Process object and % Processor Time, there are instances for each running process on the system.
When you click the Add button to add a counter to your graph, the new counter lines show up immediately. When you have added all the counters you want to view, click Close or OK.
So far, you have been taking data from current activity. If the problem is periodic, you want to create logs and alerts to try to catch the problem when it occurs. If you want to create an alert based on your counters, this is done with Data Collector Sets. To create an alert, follow these steps:
Choose the Performance Counter Alert and click the Next button.
On this screen, you will then be able to use the Add button to select counters and set the alert-firing threshold for each counter, as shown in Figure 3-9.
To finish off the alert, click Next.
The last portion of the wizard brings you to a screen to set the credentials to be used to run the alert (which affects what actions may be performed), as well as the option of saving and starting the data collector right away or editing the settings.
To complete the alert configuration, you will need to open the data collector properties and adjust the settings. From within the User Defined Data Collector Sets, select a Data Collector Set that shows the contents of the set in the right pane, with the default name being DataCollector01 for the first data collector. Right-click the data collector and choose Properties. This allows you to adjust the performance counter thresholds on the Alerts tab, write to the application log and start a Data Collector Set on the Alert Action tab, or specify actions to be performed on the Alert Task tab, as shown in Figure 3-10.
These values are checked at the Sample interval. When the firing threshold criteria are met, the actions on the Alert Action and Alert Task tabs are performed. The alert action will be a custom executable or script that allows you to perform additional actions. The alert will be active during the times listed on the Schedule tab of the Data Collector Set’s properties.
Rather than looking at the current activity, you can also create a log of counter activity that may be reviewed at a later date. Just like the alerts, you can choose a schedule for this log so that it can run at a specific time. For instance, if you are having problems with a computer regularly between 2 p.m. and 4 p.m., you could schedule the log to run from 1 p.m. to 5 p.m. You can also have the log file stop when the file is full or reaches its configured maximum size. When the logging stops, you can have a program run, which might be used to notify you that the logging has stopped or to copy your new logs to another computer or location.
To create a log, you will again use the Data Collector Sets. To create a log, follow these steps:
Use the default root directory to store the logs for this Data Collection Set or specify your own directory, and click Next to continue.
The last portion of the wizard brings you to a screen to set the credentials to be used to run the alert (which affects what actions may be performed), as well as the option of saving and starting the data collector right away or editing the settings.
Figure 3-11 shows the two types of data collection processes that are running. One tracks kernel performance stats, while you will be more interested in performance counter properties. If you did not start the log file collection at the end of the creation process, you can right-click the Data Collection Set and choose Start to start collecting log data. You can change how long the log files will collect on Windows Vista and Windows 7 by editing the settings on the Stop Condition tab of the Data Collection Set properties.
After a log file is created, you can view it from the Performance Monitor by clicking the View Log Data button or by pressing Ctrl+L. You are asked for the name of the log file that you want to use, and then you can add counters to the graph normally, but you can choose only from the counters included in the log file. The resulting graph charts all readings taken for the counters, not just the default 100 readings. The default log file location is the %systemdrive%\PerfLogs\Admin directory.
To change the time range displayed on the graph, click the Properties button and the Source tab, from which you can adjust the time range. As you adjust the range, a vertical bar moves through the graph, showing you where that range is. To return to getting graph data from current activity, click the View Current Activity button or press Ctrl+T.
Whereas Task Manager is a simple tool that easily shows you key performance statistics at a glance, and Performance Monitor is a powerful, complex, customizable tool for delving into detailed information about system performance, Windows Resource Monitor strikes a middle ground. It was introduced with Windows Vista and enhanced in Windows 7 and Windows 8.1.
An easy way to open Windows Resource Monitor is to click the link on the Resource Monitor button on the Performance tab of Task Manager. On the initial window, shown in Figure 3-12, Resource Monitor will show you key summary information across all four resource categories: CPU, disk, network, and memory. If you see issues with your system related to performance, this initial screen should offer suggestions as to which of the four critical resources are being overconsumed.
Each table of data in Resource Monitor allows you to add or remove columns from the display, providing you with additional detail.
To view additional information related to each of the resource categories, you can choose the appropriate tab at the top of the application window.
The CPU tab provides detailed information related to processes that are consuming processor cycles on your computer. Issues in the CPU area will show up as highly busy threads in the processes or services categories. In addition to the tables of performance data, you also find two charts showing CPU utilization, as can be seen in Figure 3-13.
While troubleshooting issues with processes, you can right-click a process and choose End Process or End Process Tree, as you can with Task Manager. In addition to these options, you can choose Suspend Process and Resume Process (temporarily pausing the process rather than stopping it) and Analyze Wait Chain. If you use Analyze Wait Chain for a process, you will be able to see whether issues with this process are actually a result of other processes that are waiting for processes to be completed.
If you find that the performance issues are related to memory, the Memory tab is where you should focus your attention. Figure 3-14 shows that this again gives you a table of processes, but this time, it shows you memory statistics related to each process in addition to a chart showing you how that memory is allocated.
Memory-related performance issues should be identifiable on this page, with a focus spent on the processes that are consuming the greatest amount of memory.
Because not all processes make use of the hard drive, the Disk tab, as seen in Figure 3-15, filters down the list of processes to only those that have disk activity. From this page, you can see the process, its disk activity, the files that are read or written to, and the overall disk utilization per disk. Higher-than-normal disk activity may be related to problems with the process, or it can identify processes that are overconsuming resources.
Resource Monitor’s Network tab, shown in Figure 3-16, provides you with detailed data on network utilization. As with the disk, this tab will filter out processes that do not generate network traffic, and for remaining services, you will see the network traffic that is generated for each process. In addition to the network activity, you will see tables listing the active TCP connections as well as any ports that are open to accept incoming connections.
Network activity shows not only the data throughput through the network cards but also the network addresses that are used by each of the processes.
Windows Vista has introduced two new tools in an attempt to allow for more functions to be completed from the command line interface: tasklist.exe and taskkill.exe. These tools take the functionality of the Processes and Services tabs of the Task Manager and bring them to the command line. One additional feature of these programs is that they can be run locally on the computer, or they can be used to view processes on another computer on the network.
The tasklist.exe program will show you what processes are running on the computer, which can be seen in greater detail using the /v option, which is just one of many options. The basic output from the command looks like Listing 3-1:
LISTING 3-1: tasklist.exe Output
C:\Users\User>tasklist
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 2,312 K
smss.exe 416 Services 0 640 K
csrss.exe 504 Services 0 3,932 K
wininit.exe 540 Services 0 3,816 K
csrss.exe 560 Console 1 3,260 K
winlogon.exe 604 Console 1 4,736 K
ashDisp.exe 4044 RDP-Tcp#0 2 4,496 K
wmpnscfg.exe 4052 RDP-Tcp#0 2 5,004 K
svchost.exe 2180 Services 0 4,648 K
EasyCapture.EXE 2324 RDP-Tcp#0 2 7,404 K
mmc.exe 3692 RDP-Tcp#0 2 27,344 K
taskmgr.exe 3380 RDP-Tcp#0 2 9,548 K
cmd.exe 3528 RDP-Tcp#0 2 2,464 K
WmiPrvSE.exe 2216 Services 0 9,036 K
tasklist.exe 1892 RDP-Tcp#0 2 5,992 K
The taskkill.exe program is used to terminate tasks that you need to stop, in the same manner you would with End Process option in Task Manager. If I were to terminate the EasyCapture.exe process in Listing 3-1, I would be able to run the following command:
taskkill /PID 2324
There are many simple steps that you can take to optimize your system for best performance. Some components that you can make changes to include virtual memory, hard drives, printers, scanners, system services, running processes, and temporary files. After you make changes to the components, you can use Task Manager and System Monitor to see whether your changes had any effect on system performance.
Virtual memory uses both RAM and hard drive space to create a memory pool. The hard drive space used is called a paging file; in Windows, the filename is pagefile.sys. Access to the paging file is much slower than access to RAM, so the paging file is used for information that is accessed less often. The default paging file size is 1.5 times the amount of RAM in your computer. To improve performance, you should not set this any larger than it really needs to be. You can find out what your maximum size should be by running your system for several days of typical or hard use and then checking your peak usage in Task Manager or System Monitor. Set your paging file size between 1.25 times to 1.5 times your peak paging-file usage. To see how to gather your memory usage data using Task Manager or System Monitor, review the “Using Monitoring Tools” section earlier in this chapter; and to see how to change the size of your paging file, read Book 5, Chapter 2.
If you find that you are using a lot of virtual memory and accessing the paging file, you need to either reduce the processes using RAM or add more RAM (see Book 2, Chapter 3) to improve overall system performance by reducing paging-file usage.
If neither step is an option, move the page file to a drive other than the drive that holds your Windows installation. You should also choose the fastest drive that you have. That is, 7,200 rpm or 10,000 rpm drives over 5,400 rpm drives, ATA 133 drives over ATA 66, and so on. The chosen drive should not have other highly intensive processes using it.
To change the location of your paging file, follow these steps:
To finish, press the series of OK buttons to close the dialog boxes.
Depending on the changes you made, you may need to reboot your computer.
Depending on the Startup and Recovery setting in your System control panel applet, you might require a paging file on the drive that contains your Windows directory that is at least equal to the amount of RAM installed in your computer.
You can do several things to optimize your hard drives. The first thing is to choose the fastest possible drives for your system. If you can choose ATA 133 over ATA 66 or SATA 300 over SATA 150 or SSD over spindle drives, do so. Keep enough free space on your drives to allow for efficient defragmentation; Disk Defragmenter suggests 15% free space. If you have multiple drives in your system and you are suffering from a disk bottleneck, move some applications from one drive to another to better balance drive utilization. Remember, your SSD does not need to be defragmented.
To optimize printing, here are a few things that you can do.
To change the location of the spool directory on Windows 7, choose Start ⇒ Control Panel ⇒ Hardware and Sound ⇒ Devices and Printers. Then select a printer, choose Print Server Properties from the menu bar, and then click the Advanced tab, as shown in Figure 3-18. From there, you can change the spool folder path.
If you are just printing the odd document, optimizing the printing process is not an issue. But if you are using a computer as a print server for an office and interfacing with multiple printers, these steps improve your printing performance.
Optimizing the scanning process relies mostly on the hardware being used. Scanners come with a variety of interfaces. To improve scanning performance, choose a scanner that matches the fastest system architecture (see Book 2, Chapter 1) available on your computer — that usually means USB 3.0. This increases the transfer rate between the scanner and the computer.
The other factor that affects scanner performance is the dots per inch (DPI) level at which you are scanning. If you scan at a lower rate, your scans run faster, and the output has a smaller file size — but the quality of the image is lower. The lowest acceptable quality level is dictated by how you want to use the image. Photographic reproduction requires a higher quality level than does newsprint.
Many applications create temporary files, which are kind of like a scratchpad that is a working area for data. An application uses a temporary file to store data that it is working with and then deletes the file when the task is completed. For instance, when you open a document in Microsoft Word, Word creates other files in the same directory that start with a ~ character. These other files are temporary files, which hold changes to the original document as well as automatic recovery information. When you close the document, Word deletes these files — or, at least, it is supposed to.
It is the job of each application to delete its temporary files when they are no longer needed. Windows uses the environment variables of %temp% and %tmp% to point applications to the temporary directory. The default location for the temporary directory is in the user’s profile, using the path %USERPROFILE%\AppData\Local\Temp.
Having the temporary file directory in the user’s profile means that a temporary directory exists for every user on the computer. You can modify each user’s temporary directory settings to point to a single location and schedule a task to run a command like C:\Windows\system32\cmd.exe /c del /s /q c:\temp when the computer starts up. Applications are supposed to clean up their files, but after a period of time, you will likely have several files in your temporary directory. You can use the Windows Disk Cleanup utility to delete temporary files, as well as other files not needed on your hard drive.
To get to Disk Cleanup, choose Start ⇒ All Programs ⇒ Accessories ⇒ System Tools ⇒ Disk Cleanup button. On a Windows 8.1 computer, you will get to Disk Cleanup by right-clicking Start and selecting Control Panel, and then selecting “Free up disk space by deleting unnecessary files.” A Disk Cleanup dialog box will open, allowing you to choose the drive to clean up, and after scanning your disk the dialog box will change, presenting you a list of items that can be cleaned off your hard disk, such as temporary Internet files, items in the Recycle Bin, and temporary files. Place a check in the box next to any items you want cleaned, click OK, and then click Yes in the confirmation dialog box.
Each service represents an application running on your computer. The more applications that are running, the fewer system resources you have available for other applications or processes. To improve overall resource availability and system security, disable any services that are not required. You can see a list of all system services through the Services Administrative tool. Choose Start ⇒ Run (or Search Programs and Files with Windows 7 and Windows 8.1) and type services.msc, or locate it in the Administrative Tools folder, which is found in the Control Panel folder. The Services Administrative tool lists the following information:
Log On As: The user credentials used to start the service
Most services start as the Local System, which is the computer’s own account.
When you select a service, you can read its description on the left of the window. With that information, you might be able to decide whether you need that service running. To test whether you need a service, turn it off, right-click the service name, and choose Stop. You can then tell quickly whether you need that service because something you use will stop working. When you turn off services by choosing Stop, the service restarts when you reboot. To have a service remain stopped after a reboot, right-click the service name and choose Properties; to open the Service Properties dialog box, choose Manual from the Startup Type drop-down menu, and click then OK to close the dialog box.
Prior to randomly turning off services, you can check whether the service is required by using Internet resources, like the Microsoft website, which will provide detailed descriptions of what most services are used for. If you still cannot decide whether a service is required, disable the service on a test computer and see what happens. Table 3-2 summarizes the major services that are part of Windows.
TABLE 3-2 Windows Services
Name |
Description |
Computer Browser |
Maintains a list of other computers on the network |
Windows Error Reporting Service |
Allows error reporting to user and to Microsoft |
Windows Event Log |
Logs messages issued by Windows-based programs and components into logs viewed with Event Viewer |
Windows Search |
Indexes contents and properties of files |
Network Connections |
Manages the Network and Dial-Up Connections folder |
Performance Logs and Alerts |
Collects performance data from local or remote computers and generates alerts, based on settings found in Performance Logs and Alerts |
Print Spooler |
Loads files for deferred printing |
Secondary Logon |
Allows starting of applications using an alternate set of user credentials |
Security Center |
Monitors system security settings and configuration |
Server |
Supports file and print sharing over the network |
Task Scheduler |
Enables configuration and scheduling of automated tasks |
Terminal Services or Remote Desktop Services |
Holds base multiuser components used by Remote Desktop, Fast User Switching, Remote Assistance, and Terminal Server |
Themes |
Manages XP general desktop themes |
Volume Shadow Copy |
Allows Volume Shadow Copies used for backup and other purposes |
Windows Firewall/Internet Connection Sharing (ICS) |
Provides firewall and Internet gateway services, such as name resolution, network address translation, and intrusion prevention services |
Windows Installer |
Base Windows component that allows for the installation of MSI files |
Wireless Zero Configuration |
Provides a standard configuration interface for 802.11 adapters (called WLAN Autoconfig in Windows Vista and Windows 7) |
Workstation |
Creates and maintains client network connections to remote computers |
Properties can be set and managed for services. To change the properties of a service, open the Services Administrative Tool, as previously mentioned; then locate and select the service you want to modify or view settings for and then right-click Properties. This opens the service Properties dialog box, which has four tabs: General, Log On, Recovery, and Dependencies.
On the General tab, you can see basic information for the service, and, most of the time, this is the only tab you need to use. This shows you the display name used in the Services tool, as well as the path to the executable that is run to start the service. A startup type can be set to Automatic, Manual, or Disabled. The Automatic settings start the service on computer reboot; Manual allows it to be started by using the net start command or the Services tool; Disabled disallows the service to be run at all.
There are also service control buttons to start, stop, pause, and resume a service. Start and Stop are self-explanatory and are supported by all, but some services support Pause and Resume. Pause typically prevents new requests from being processed by the service, but will allow existing requests to be processed. Resume restores a paused service to normal operation. One case in which you might use this is with the Server service, which allows people to access files on your computer from across the network. Stopping the service disconnects all users. Pausing the service prevents new users from accessing files on your computer, but people who already have that connection open are able to finish their work. After all users have completed their work and have disconnected from your computer, you can complete what you were intending to do, which might be to stop the service, make a configuration change, and restart the service.
Some services accept startup parameters in the same way that you can pass parameters to other applications. When a service is stopped, you can add or change the Start parameters, and then start the service.
All services are programs, and all programs on a Windows NT-based computer will run using security settings of a user account. Most services run using the OS’s account, also called Local System; however, you might want a service to run using a different account so that you can restrict what the service can do or so that the service can interact with other computers on the network.
In addition to account settings, the Log On tab allows you to specify which hardware profile this service should run for. This allows you to use hardware profiles as tools to control which services are loaded during any reboot. Hardware profiles were removed in Windows 7 but are covered in Book 6, Chapter 1 for earlier OSes.
The Recovery tab allows you to deal with what to do when the service stops unexpectedly. Three drop-down menus enable you to specify an action for the First failure, Second failure, and Subsequent failures. For each menu, you can choose Take No Action, Restart the Service, Run a Program, or Restart the Computer. Windows will attempt to restart the service twice before taking no further action.
If you specify to run a program, you can use the bottom of the Properties dialog box to specify what program or batch file you want to run and the parameters to pass to the program. The program or batch file may be used to automatically fix a known problem or to send an email or alert to the administrator of the computer.
If you choose to restart the computer, click the Restart Computer Options button at the bottom of the dialog box to set the delay for the reboot, and a message to send to people connected to the computer.
Windows Vista introduced the Enable Actions for Stops with Errors option, which deals with a rare situation where services may stop normally, but fail to set the ERROR_SUCCESS flag. By not setting the success flag, it makes it look like they had failed, while they had actually shut down properly. To deal with this unique situation, and to prevent inappropriate restarts of the service, this setting is off. But if you suspect that this is preventing an expected restart of your services, enable this feature.
Finally, the Recovery tab enables you to specify the number of days at which you will reset the failure counter and the time to wait before restarting a service.
Some services require that other services are running prior to starting up. If you try to start a service that depends on other services not running, the required services will also be started. The Dependencies tab allows you to see both services that the selected service requires as well as what other services need the selected service.
When your computer starts up, it loads all its services as well as any applications that are referenced in the Run Registry keys and the Startup group in your Start menu. The Run Registry keys include:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
These items represent applications running on your computer. Many of these items, as well as some services, are responsible for the ever-growing string of icons next to your clock in the system tray. Each is a running application or process that takes system resources away from other applications or processes.
Many icons in your system tray have preferences or options that allow you to stop the background process from running. If you disable this service, some applications might take longer to load. For instance, Sun’s Java and Apple’s QuickTime use the startup Registry key to place one of their startup applications in the system tray, and they use the application to prelaunch their main application environments. For example, when you launch a QuickTime movie, QuickTime is already running and only needs to open the media file. If this process were not running, you would have to load QuickTime into memory before running the media file. On systems with limited resources, you want to remove many of these preloaded components to free the critical resources they use. Even though each icon represents a small amount of resource, they all make up the straws on the camel’s back, and you never know where the breaking point is.
There are many GUI enhancements that have been added to the Windows OS over time. These enhancements have made the user interface more attractive, and in some cases more functional — but always at a cost of resource utilization. On computers that are underpowered, turning off these enhancements can provide a significant performance increase. These enhancements include:
Each of these enhancements can be disabled to improve the overall performance of the computer, but at a loss of the features provided.
The Aero desktop experience provides much of Windows Vista’s and Windows 7’s eye candy in features such as Windows Flip, Windows Flip 3D, Glass effects, and the live taskbar thumbnails. All of these features make the later Windows OSes a little nicer to use, but each feature consumes system resources.
To disable the Aero desktop in Windows 7, use the following steps:
To disable the Aero desktop in Windows Vista, use the following steps:
Windows 7, Windows Vista, and Windows XP have default desktop themes that present windows and dialogs using windows with rounded corners, and other window dressings. Displaying windows this way consumes more system resources. Microsoft provides a theme called Windows Classic, which does not use these appearance features.
To change your theme using Windows 7, follow these steps:
To change your theme using Windows Vista, follow these steps:
To change your theme using Windows XP, follow these steps:
Visual Effects adds basic enhancements to the GUI, which include displaying window contents when moving or resizing windows, animating windows minimize and maximize actions, sliding taskbar buttons, and so on. Each of these niceties uses system resources. To turn off all visual effects, use the following process:
This process turns off all GUI enhancements that have been covered in this section thus far. If you only want to disable the rounded corners on your window and buttons, you only need to turn off Use Visual Styles on Windows and Buttons.
The Windows Sidebar in Vista provides an area where Gadgets are loaded. These gadgets provide many functions from displaying a slide show of your pictures to showing CPU utilization; the possibilities are endless. Each gadget that is running, performing some task, will utilize system resources, and to improve system performance, should be closed. To close the entire Sidebar, right-click anywhere in the Sidebar and choose Close Sidebar.
The next generation of the Windows Vista Sidebar features take the form of Windows 7 Gadgets. The big difference between the Sidebar feature and Gadgets is that you can drag gadgets to any position on your desktop, so they are not limited to the Sidebar area. To remove the overhead associated with a gadget, you only need to close the gadget by moving your mouse over the gadget and clicking the Close box that will appear.
Indexing was first introduced in Book 5, Chapter 4. This process reviews all data on your hard drive and builds a content index to allow you to search for the data much faster than would otherwise be possible — think of it like the index in this book. The process of building and maintaining the index takes some of your system resources. This feature should be carefully evaluated before disabling, as it greatly improves search times.
In Windows Vista and Windows 7, this feature is called Windows Search. It not only indexes files, it also indexes emails, and most other content on your computer. If you stop the Windows Search service, then virtual folder views will not be available, and searching for files will use the slower item-by-item searching.
To stop the indexing process from running, you can go to the Services applet using the following process:
Right-click My Computer (or Computer on Windows Vista) ⇒ Manage.
The Computer Management window opens.
Locate Indexing Service (Windows Search for Windows Vista and Windows 7), and choose the Stop button on the toolbar.
If you want to prevent the service starting up during a restart of the computer, right-click on the service and choose Properties, then change the Startup type to either manual or disabled.
This chapter reviews optimization of the Windows environment. Major points covered in this chapter include
1. You are working with a client and noticed that the disk activity light is constantly on. You need to find out what is causing the issue. What tools would you use to monitor disk I/O? (Choose all that apply.)
(A) replmon
(B) perfmon
(C) defrag
(D) taskman
2. Your client has asked you to install more virtual memory on her computer. You need to explain to her exactly what virtual memory is. Virtual memory contains which item?
(A) A special section of memory used for caching data
(B) An area of a hard drive for caching data
(C) An expanded memory PCI expansion card
(D) An extended memory PCI expansion card
3. What tool manages your virtual memory settings?
(A) Memory Diagnostics
(B) setver command
(C) System Control Panel
(D) mem command
4. You are working with a customer who has reported performance problems with his computer. He is complaining that everything he tries do on the computer takes a very long time. What two steps can you take to improve hard disk access? (Choose two.)
(A) Double the number of pins on his drive that are carrying data.
(B) Defragment his drive.
(C) Add a speed doubler to the drive bus.
(D) Change to a faster bus architecture.