Module 8: Identify and Resolve Performance Issues Table of Contents Overview Lesson 1: Analyzing Event Logs. Lesson 2: Setting Power Management... Lesson 3: Optimizing Processor Usage Lesson 4: Optimizing Memory Usage Lesson 5: Optimizing Hard Drive Usage... Lesson 6: Optimizing Network Usage..... Lesson 7: Performance Tools... Resolve Performance Issues. Review — Module 8: Identify and Resolve Performance Issues Labs ~ Module &: Identify and Resolve Performance IssuesSep 8 2011 2:37PM Jed Lawrence JedLawrence@hotmail.com ‘This is Jed Lawrence's unique copy and is for product evaluation only- not for distribution or commercial use, Please report any unauthorized use of this content to piracy@microsoft.com or by calling +1 800-785-3448.Module 8: Identify and Resolve Performance Issues _ 8-4 Overview ‘A computer system will have a reduced level of performance over time for a number of reasons. Hardware problems lke disk fragmentation or processor usage issues because of running unnecessary programs are common problems. Memory problems can be caused by loading unneeded prcgrams at startup or running services that are not used by fend-users. Malicious software can also use up resources and cause applications to stop functioning properly. Whatever the cause of the problem, Windows 7 has the necessary tools to diagnose and solve these issues. Using ‘the Event Logs ean provide information about the resources that are not functioning properly. Task Manager, the Services Snap-in, System Configuration & Performance Monitor are some of the tools that can be used to help ‘troubleshoot computer problems. When diagnosing and fixing these problems, a systematic approach often works the best, Performance problems are normally caused by one of the four baseline components on the system. Memory, Processor, Disk or Network. Narrowing down exactly where the problem area is and the applications that are involved will aso help you to come Lup with solutions that prevent the problem from occurring again. Group Policy selings cat be configurad lo wri or disabee options lial affeut performance, Cheri he Visual Effects on @ system allows you to manage the use of memory and processor resources. In addition to normal group policy assignments through Active Directory, the Group Poicy Targeting feature is useful for applying settings to ‘machines based on their hardware resources and not just their OU locations.8. Module 8: Identify and Resolve Performance Issues. In this chapter, we will look at problems that might affect each of the main baseline components, how to solve those probloms with builtin tools and how to prevent them in the future. \We wil also look at some basic optimization recommendations that can be used to improve the performance of any system, regardless of what it is used fer.Module 8: Identify and Resolve Performance Issues __ 8-3 Lesson 1: Analyzing Event Logs ‘The log files in Event Viewer are normally used to diagnose errors that occur wile working on a system, but they can also be used to diagnose and fix performance problems. Ey using alerts and tasks, automatic responses can be configured to error events. Maintaining the performance ol a computer can be enhanced by regularly examining the log files and responding to events in them,8-4 Module 8: Identify and Resolve Performance Issues Applications and Services Logs When an application or hardware component fails on a system, errors can be stored in the Applications and Services Logs. Events that are related to a specific component like memory, processor or disk can be examined in their own individual logs. Each log might contain up to four log subtypes: + Admin: This log subtype has information that is useful toa technician trying to fix a particular hardware Jssue. In addition to identifying the problem, a specific solution will also be presented. + Analytic: The Analytic log subtype also presents information on a specific problem, but will not provide a solution. Details about the program operation that caused the problem willbe included. * Debug: Information about program problems willbe listed inthis log, but the details will mostly be used developers to fix application issues. * Operational: Like the Admin log, Operational logs are used by technicians and end-users to diagnose and fix problems, They also provide the ability to start tasks that can fix the specified problem or links to additional information useful in doing further diagrostics.Module 8: Identify and Resolve Performance Issues __8-5. System & Application Logs If hardware component or application is not performing a: a desired level, this information is not normally logged in Event Viewer. Possible failure or loss of 2 resource can scmetimes be detected by information in the System or Application Logs though. The System log contains information about system components like memory resources or divers, Application logs store events for programs and alerts from the Performance Monitor. For example, a slow hard drive might give warnings before it fails with an Event ID 51 being recorded in the log. A description indicating the hard drive that is having trouble is included with the warning message. A backup of all the data is the first thing thatis done in this situation since this is an indication that the drive might soon fall. Disk defragmentation and a sean for bad sactors might buy sorre time before the disk fil, ‘Sometimes an error message that points to a hardware component as having the problem might really be having trouble withthe drivers. For example, an error message thet indicates thatthe video memory is inadequate or fling rmight be solved by reverting to an older video card driver or updating to a newer one. This problem might also be ‘confirmed by replacing the hardware component with a new device of the same type but experiencing the same issues. Verify that all devices and drivers are compatible with Windows 7 to reduce the likelihood of this problem occurring,8. Module 8: Identify and Resolve Performance Issues. When the error message indicates that a resource is being used too heavily, changes to the configuration of the ‘computer might be necessary. If the computer is running low on disk space, a cleanup of the hard drive or partition rmight be needed. Some files might also be moved to different volumes. Memory and processor resource problems ‘might be solved by uninstalling or disabling unneeded services. Every running service on a computer uses these resources, even when they are idleModule 8: Identify and Resolve Performance Issues _ 8-7, Recording Performance Events Hareware components, services and some applications can be monitored from the Performance Monitor tool. When alerts are configured for these resources, they can be recordad in the application log automatically. This mechanism ccan be used to record behavior that would not normally be sent tothe log files. Ifyou wantad to create a record of “what processes are running on the system when the processor usage hits 70% or higher, this could be automated by creating an alert that runs a script to run and record information from the taskiist exe command,8-8 Module 8: Identify and Resolve Performance Issues Responding to Events Events in any of the log files can be configured to run a task the next time that they occur. The task can be setup to run a program, send an email or display a message. feature allows you to send an attachment and to ‘forward messages using an SMTP server. This mechanism can be used to proactively deal with problems before they create more issues. A display message could be corvigured to remind users to remove unnecessary fles and archive documents in response to an event indicating that drive space is getting low.Module 8: Identify and Resolve Performance Issues _ 8-9 Lesson 2: Setting Power Management Power management options are normally used for laptop computers to increase the amount of time the battery will provide power to the system. Improving the performance of the system in this area involves reducing unnecessary power consumption when working on the device. In doing so, itis best to focus on the resources that use the most power such as the display, CPU, hard drive and Wi-Fi components. The built-in tools for Windows 7 also allow you to ‘manage power consumption using GUI or commandline tools. Active Directory group policies allo centralized configuration and enforcement of these settings.8-10 Module 8: Identify and Resolve Performance Issues Hibernation & Sleep Modes Hibernation and Sleep modes are useful power saving options that can be configured on a laptop. Sleep mode shuts dow all components except RAM. The state ofall applications is saved there so no work is lost. Everything returns ‘to normal within a few seconds when the user starts workirg again. Hybrid Sleep mode is @ derivative ofthis that also stores the information in memory to the hard drive in case of total power loss. This option is useful for reducing ower consumption on both mobile and desktop computers. Hibernation mode also reduces power consumption, but it does so by shutting down the system completely. As with hybrid sleep mode, information in memory is saved to the hard-drive first so that no data is lost. Instead of just choosing one of these modas, they can be used depending on which is most appropriate for the situation. Ifa laptop is running on battery power and power usage most be used as efficiently as possible, the hibemation mode would be most advantageous. To autorratically reduce power usage on a desktop computer when itis not in use, the hybrid sleep mode should be used. I laptop is configured for sleep mode and is running critically low on power, it will automatically be put into hibemation mode, When the sleep or hibernation modes are unavailable on a computer, it could be because the power management options are disabled in the BIOS or they are not configured on the system. Older devices or drivers might not support ‘some power management options.Module 8: Identify and Resolve Performance Issues Laptop Components ‘The display can consume the most power on some laptop compuiers. This can be reduced by changing the brightness ofthe display. Shortaning the amount of time the computers waits to tum off or dim the display can also be helpful ‘Shutting down unnecessary applications can reduce the load on the CPU and hard-drive of a computer. Maintenance tasks can be paused or stopped ifthe systerr is running on battery power. The battery life can also be extended significantly if extemal devices that draw power are disconnected (¢.g, USB external hard-drives). Wi-Fi ‘and other wireless components might also draw power, even if they are not being used. They should be tuned off until needed.8-12 Module 8: Identify and Resolve Performance Issues Configuration Options ‘The most convenient way to manage power settings for many machines is through group policy settings (Computer Configuration > Policies > Administrative Templates > System > Power Management). When ths is not feasible, the Power Options can be directly configured through the Control Panel on the computer. The powercfg.exe command allows these options to be viewed and configured from the commandline. .d Lawrence JedLawrence@hotmail.com Juct evaluation only— stent to piracy@microsoft.com or by calling +Module 8: Identify and Resolve Performance Issues __8- Lesson 3: Optimizing Processor Usage Applications that need processing resources on a computer will be automatically given access to them by the: ‘operating system when they become available, When these resources are scarce, this can be detected through the formance cf the applications or by using the Task Manager. A number of strategies can be used to improve labilly of processing threads.8-14 Module 8: Identify and Resolve Performance Issues Application Configuration ‘Some client applications can be configured to use resources from the remote server they connect to. The lst of programs that startup automatically can also be chacked and cleaned up to remove unnecessary applications. These are not alvays used and ran lengthen the startup time cf tre computer. The System Configuration utility can be used to check and change these settings. The memory and processor usage during the bect process can also be managed in this tool Multzprocessing systems can be configured to control which processors are used by an application. This is sometimes done for older programs that do not request and use processing resources efficiently. Using the Processes tab in Task Manager, the "Set Affity" option on any process can be changed to limit which processor it uses. Upgrading an application to a version written for Wirdows 7 often eliminates these problems. ‘The option to “Set Priority” can also be used to increase or decrease its use of processing resources. There are six settings availabe for this option. These offer increased processor access starting from Low, Below Normal, Normal, ‘Above Normal, High and Realtime. Most applications will use the Normal level, but this can be increased or decreased without stopping the program or losing any data. The option to start an application with a specific priority ccan be configured with the start command directly or from a shortcut. Like the affinity setting, prioiies can also be changed from Task Manager.Module 8: Identify and Resolve Performance Issues Configuring Services Each servic running on @ systom will quire the use of processing resources, even when idle. Programs that install such services shouid be removed, or the service should be disabled if they are not being used. Service dependencies should be chocked carefully before doing this. ‘The performance options in System Properties also allow you to adjust the way the computer allocates processor resources. The performance can be optimized to get the best performance for applications or services running on the computer.8-16 Module 8: Identify and Resolve Performance Issues Rouge Applications ‘When you unsuccessfully try to end 2 program, the resources dedicated to it wil be unavailable for other applications. ‘The best way to close these programs is through the Task Manager console. The Applications tab allows you to end ‘the task in most cases. It might also be necessary to end any processes started by the application using the Processes tab. If you are unsure which processes to close, the “End Process Tree” option can be used to shutdown all processes started directly or indirectly by the programModule 8: Identify and Resolve Performance Issues Lesson 4: Optimizing Memory Usage ‘Most computers will have improved performance from additional and faster RAM being installed on the system. When memory issues start affecting performance adversely, it could be because ofthe limited amount of memory, improper usage of memory by applications or too many applications running at the same time. Slow performance, ‘memory notifications and error messages are a clear indication ofthis problem.8-18 Module 8: Identify and Resolve Performance Issues Alternative Memory Ifthe random access memory (RAM) on the system is not enough to handle all the requirements demanded by the applications, the system will start using memory from other sources to supplement it. The main source ofthis ‘memory is virtual memory in the form of 2 page fle. Page iles move data that cannot fit into the existing RAM to @ system controlled file that is stored on a local hard drive. The name of the file is pagefil.sys and it stores the data ‘temporarily until memory becomes available in RAM The operating system normally controls the size and location ofthis il, but this can be manually changed. Moving the file to a hard-drive on which operating system files are rot stored can sometimes improve performance. The page file also has a minimum and maximum size satting. Increasing both of these options can reduce low memory notifications, but the performance of the system might be adversely affected because cf the much slower speed of the hard-drive vs. RAM, ReadyBoost is another useful option to improve memory performance. This feature allows you to use memory on a ‘fash drive as virtual memory. If desired, only @ portion of tre flash drive resources can be dedicated for this purpose. Whether the virtual memory is used from the hard-drive or flash drive, it wil never perform as well as adding ‘additional RAM to the system,Application Use of Memory ‘Some applications will use more memory than others because ofthe type of operations they are doing. Delaying these operations when more important applications are rurning is one strategy to deal with this. Some cient ‘applications can also be configured to use the memory of remote servers when doing some operations. Memory leak problems can be detected by monitoring memory usage in applications like Task Manager. Programs that fall to shutdown properly when they are closed down might also leave a detectable tail in the Processes tab. ‘Stopping and restarting the application is sometimes necessary. If this is a persistent problem, then an upgrade or fix {for the application should be sought from the vendor. (Older applications written for 16-bit operating systems will normally run without problems on Windows 7, but they can create problems when two or more of them are running in fhe same memory space. If the applications only have problems when being run at the same time, they can be configured manually or through a short-cut to run in their own memory space. This requires more resources but eliminates problems caused by resource conficts.8-20 _ Module 8: Identify and Resolve Performance Issues Visual Effects Visual Effects | Advanced | Data Execution Prevention Select the settings you want to use for the appearance and performance of Animate controls and elements inside windows w Animations in the taskbar and Start Menu ‘The visual effects on computer can be turned off to free up resources and improve performance, A number of ‘options which include animations, fading effects and transrarency can be disabled in order to get better performance ‘or applications. ‘The option provided to “Adjust for best performance” disables all visual effects and frees up resources for other desktop operations. The ‘Performance Options” window can be accessed through the “System Propertias" window by clicking the “Advanced” tab and using the "Settings" button under the Performance section.Module 8: Identify and Resolve Performance Issues Lesson 5: Optimizing Hard Drive Usage Regular maintenance of the hard-drive is needed in order to get the best performance fromit. Defragmentation, deleting temporary files and checking for bad sectors can rot only help you to get increased performance, but reveal problems before they resuit in a loss of productivity and dava ‘The effect of features and operations that reduce drive performance should also be weighed against their advantages. BitLocker encryption is a useful security feature, but it will also siow down disk access. Most end-users will not notice the 5 percent or less performance hit taken ty enabling BitLocker encryption on the hard-drive.8. Module 8: Identify and Resolve Performance Issues Free Space Cleaning up the hard-drive and deleting other unnecessary files can improve day to day read/vrite tasks and will allow other maintenance tasks to run more efficiently. You should normally have at least 20 percent of free space available on each partition that you use on the system. If ¢ cleanup does not provide enough free space, moving resources to a diferent drive or archiving them would be advantageous. Disk cleanup operations can be scheduled to run regularly using the Task Scheduler or they can run in response to low free space messages logged on the computer. Disk maintenance tasks should be executed during hours when users are least likely to be working. Scheduled tasks can also be set to run only ifthe computer is idle for a specified period of time. Automatic restart of the tasks i thay fail and maximum execution times can also be configured.Module 8: Identify and Resolve Performance Issues Disk Fragmentation Busy hard-drives should also be configured for regular defragmentation. Writing and re-writing to the drive often causes separate sections ofa file to be stored in different locations on the drive. Reorganizing these files so allits sections are in the same place can improve the performance of applications. Disk defragmentation operations are executed with a low priority by defaul, but this can be charged. .d Lawrence JedLawrence@hotmail.com Juct evaluation only— stent to piracy@microsoft.com or by calling +8-24 Module 8: Identify and Resolve Performance Issues Disk Integrity Problems with corrupt fles and bad sectors on a hard drive sometimes signal that itis going bad and needs to be replaced soon. Running a utility like chkdsk might be able to fix the files and mark the bad sactors, but a backup of important data on that drive should be scheduled quick’y a well. Chkdsk can be executed from the command-line or by opening the properties of the drive in the Computer console and using the “Check now’ button on the Tools tab. .d Lawrence JedLawrence@hotmail.com Juct evaluation only— stent to piracy@microsoft.com or by calling +Module 8: Identify and Resolve Performance Issues Indexing ‘Searching for documents on a partition can be sped up sigvificantly by using indexing. Only file types that you work ‘with regularly should be indexed. There are options to control where the index fie is located, the file types that will be included, whether or not to include encrypted fies and what locations or folders on the system wil be included. The ability to index emails and their attachments is useful to many business users. The Windows Search service is responsible for managing index operations on the computer.8-26 Module 8: Identify and Resolve Performance Issues Lesson 6: Optimizing Network Usage Poor network performance on a computer can be caused ty a numberof factors that include the configuration of client applications, network card setings, the use of caching and protocol configuration. In most cases, Windows ‘tools can be used to modify features and settings to get the performance desired. Problems caused by application configuration can sometimes be fixed inthe program, but sometimes, changes on the server might be necessary.Module 8: Identify and Resolve Performance Issues Adapter Configuration ‘Changing the configuration of the network card can be done from the Device Manager. Poor performance is, sometimes caused by using an out-of-date or incorrect driver. Updating it can fix some problems. You should also verity that the network adapter is on the Microsoft Hardware Compatibility List (HCL). BIOS updates on the motherboard can sometimes fix compatibility problems, ‘The network switch to which the network card connects should also be checked to verify that it uses appropriate settings. Full-duplex is configured on most NICs to get the best bandwidth performance, but this will not work if the switch isnot also setup to work in full-duplex mode as well. If the switch is setup to auto-sense the bandwidth capability of the NIC but s not datacting it properly, this might have to be manually configured to force it to use the best data transfer rate8-28 Module 8: Identify and Resolve Performance Issues Application Configuration ‘Some applications can be configured to cache information locally on the cient computor. If this is information that is ‘accessed regularly but does not change too often, then it might be @ good candidate for caching to reduce network bandwidth usage. Configuring offine settings for network shares can help to alleviate this problem as well To find out what percentage of the bandwidth on a NIC is teing used, you can use tools ike Task Manager. For ‘more detailed information about what applications are using the network and how much bandwidth they are using, the Resource Monitor can be used.Module 8: Identify and Resolve Performance Issues Protocol Configuration Installing mutiple network protocols on a network card can increase the connectivity options available and the systems you may communicate with. This produces an adsitional load for the NIC drivers however and wil utimately slovr down performance. If they are not needed by applications, additional network protocols should be removed ‘from the computer. Systems that use multiple NICs can have different protocol settings configured for each of them. Most networks use TCP/IP and will have computers configured to use both IPv4 and IPV6. In most cases, neither protocol should be disabled, even if you are using only one of them. If there is @ need to disable one of them, these changes should be thoroughly tested before deployment.8-30__ Module 8: Identify and Resolve Performance Issues Lesson 7: Performance Tools = Task Manager = Resource Monitor = Event Viewer = Services Snap-in * System Configuration = Disk Defragmenter For most ofthe performance problems that you will have on a computer, the Windows operating system will provide the tools needed to diagnose, and in some cases fixthe issue. Here isa list of some of the more common tools you ‘will work with and how they can be used. + Task Manager: This tool shows a lst of the applications and processes running on a system. Itis often used to close unresponsive applications or processes. How these processes use CPU resources can also be controlled from this tol. It also allows an administrator to see how memory, processor and network resources are used on the computer, Services cen also be stopped and started from Task Manager. ‘Applications can also be identified by the user account that was used to start them. + Resource Monitor: Like the Task Manager tool, Resource Monitor will monitor resources in real time, but it gives more details about how the Memory, Processor, Network & Disk components are being used. The user friendly interface allows you to quickly identify botleneck resources and the processes that are causing the problem. Other similaftes to the Task Manager include the abilty to stop and start services or end processes. The option to suspend a process is useful if you need to temporaily free up resources. Some data loss is possible when using this option * Event Viewer: The logs in the Event Viewer store information about events and errors on a system. They ‘can log information about resource problems ike imited free drive space. Hardware specific data can be found in the Application and Services Logs to diagnose specific component issues. Information about ‘operating system problems can often be found in the Systam log, while errors generated by programs are likely to be found in the Application log. Installatcn problems with applications can sometimes be found in the Setup log. The Event Forwarding feature is useful for copying log data between systems automatically to make them more accessible. Tasks can be attached to specific og entries to configure automatic responses to certain eventsModule 8: Identify and Resolve Performance Issues Services Snap-in: The Services MMC Snap-in is available from the Administrative Tools or the Computer Management consola. These are applications that run in the background without being manually launched ‘and they normally have preferential access to resources on the computer. The snap-in allows you to see all the services installed on @ system and how they are configured. Services can be stopped and started ‘manually and their startup settngs can be changed. Services that are no longer needed can be disabled {rom this tool, although uninstaling the associated application is normally a bettor option. The Services ‘snap-in also allows you to see the dependencies that exist between the services and the credentials used to start them up. The recovery options allow you to automatically restart a service ifit fils for some reason ‘System Configuration: Systom Configuration alows you to manage the startup settings on a computer. ‘Services and other applications that startup automatically during the boot process can be enabled or disabled. To diagnose issues with memory and processor resources, System Configuration can be configured to change how they are used during boot up. Disk Defragmenter: This too! is normally run from the Computer Management console, but it can also be ‘executed from the commandline using dafrag.exe, Running the tool regularly can help to maintain the performance of the hard-drive on the computer. Reotganizing fles in the fie system often improves read ‘and writa performance on the disk. A sufficient amount of free space (at least 20 percent) should be avaliable bafore defragmentation.8-32 _ Module 8: Identify and Resolve Performance Issues Resolve Performance Issues ere eee cert niente mer tar Pitot) Whiten} ‘The logs and tools provided in Windows 7 allow anyone wih appropriate permissions to quickly diagnose most problems that affect performance on the computer. Some of these problems are common issues that might occur because of general usage. Other issues are caused by user behavior or software problems. Let us examine some of the problems that are likely to affect performance and howto deal with them. You have been asked to create a process that automatcally deletes temporary files on a computer when the drive space gets low. What mechanism can be used to do this? In the Event Viewer System Log, configure a task for the low disk space event that will run a program or script to clean up the fle. To better understand the resource problems on a computer, you want to configure it to record details about processor usage, when more than 75% of the processing power Is being used. How can this be done? Use the Performance Monitor too! to eraate an alert for a data collector set. The event logs indicate that the memory on a video card Is defective and so it Is replaced with an identical card which is having the same problem. What should you try doing before getting another video card? Iry replacing the existing drivers being used to manage the cara Auser is complaining that the laptop he uses does not have the hibernation or sleep options available. What could be causing this problem? “The power management options might be disabled in the EIOS of the computer. Another problem could be with the devices or drivers not supporting power management.Module 8: Identify and Resolve Performance Issues You need to configure an application to always startup with a higher than normal priority setting. How can this be done as simply as possible for end-users to work with? Create a shortcut that uses the start command to initialize the program. Use the high or abovenormal priority setting “withthe start command. Using the reattime priority setting is normally only recommended for operating system ‘You need to configure a group of laptops to completely shutdown after two hours of inactivity. This should be done without losing any data. The user should be able to pick up where they left off when the computer is turned back on. How can this be done? ‘The hibernation mode should be configured in the power management options on the laptops. This can be done on atl: machine ut by leveiayiny yioup polity uplivns in Avtive Directory. A busy application is using too much of the processing resources on a computer. How can you forcefully reduce its use of the processor without stopping it? Reduce the prioity setting ofthe process running the application by using Task Manager, One of the computer systems on your network is getting memory errors because it Is running out of RAM ‘when multiple applications are active at the same time. How can you eliminate these error messages without ‘adding more RAM to the system? Increasing the size of the virtual memory available to the system will reduce or eliminate these messages, but the performance of the applications will be affected. After doubling the RAM on a system to 8 gigabytes, the user disables the use of virtual memory. The user is surprised when he starts getting error messages stating that the system Is running out of memory. Why did this happen when the RAM doubled? If many applications are executed at the same time, it's possible that the computer would stil need virtual memory. The pagefile is sometimes used to preomptivaly store data that is in RAM in case it needs to clear that space quickly Itis best to let the operating system decide when the pagetie sys is, ris not needed ‘You have an old application that is using too much of the processor resources on the multl-processing systems where itis installed. What can you do to prevent this? (Change the processor affinity to foree it to use just one processor. Three applications are running on a computer but you want to prevent two of them from using the second processor so its resources can be mainly dedicated to the third program. How can this be done? Use Task Manager to change the afiity seting ofthe appications to allow or prevent them from using a particular processor. This can be done in the Processes tab. ‘user is getting errors in an application because of corrupted documents on the file system. A virus scan has verified that the computer is clean, The same problem has been happening with other documents for at least a week. How should this problem be handled? Try to fix wth corrupt files with chkdsk and perform a backup of important documents as soon as possible. ifthe problem persists, i could indicate that the hard-drive is going bad and needs to be replaced, ‘Some of your remote users want to use BitLocker encryption for their laptops but are concerned about performance and application compatibility. What can you tell them? BitLocker encryption is transparent to any application running in Windows and the performance hit because of slower drive access time can be up to § percent. This depends on the other related computer resources like the processor, bt in most cases, the change in performance will not be noticed for normal desktop usage.8-34 Module 8: Identify and Resolve Performance Issues To get the best network performance from a machine, the port to which itis connected on a network switch Is set to full-duplex mode. You are unable to get the improved bandwidth performance you expect from the system however. What is the most likely cause of this problem? In order to double the bandwidth by sending and receiving data at the same time at full network speed (full-duplex mode), the switch and the network eard must be configured. Change the duplex settings on the NIC by using the Device Manager.Module 8: Identify and Resolve Performance Issues Review - Module 8: Identify and Resolve Performance Issues 1. In what log file can Performance Monitor alerts be configured to record events? 2. What three operations can be performed by an Event Viewer task? 3. Which Event log file is most ikely to contain information about failed system drivers? 4. What components normally use the most on a laptop? 5. What power management setting will shut devn a computer but save the running state of the system? 8. True or False. A laptop will completely lose power and data eventually iflaftin sleep mode? 7. What feature allows you to use memory on a flash drive as virtual memory for the machine? 8. What isthe purpose of the pagefile.sys system file? 8. How does an application gain access to processing resources on a computer?8-36 __ Module 8: Identify and Resolve Performance Issues 410. What option in Task Manager allows you to contra the processors an application uses? 11. How can you close down a non-functioning program and all processes related fo it? 12, True orFalse, Services will continue to use computer resources even ithey are idle. 13, Whats the minimum recommended free space fer hard-ive partitions? 14. True or False. Scheduled maintenance operations can be configured to run only when the system is idle.Module 8: Identify and Resolve Performance Issues Labs - Module 8: Identify and Resolve Performance Issues Overview: Use Built-in Windows tools to diagnose and fix network, disk and memory problems. Unless stated otherwise, startup the Windows 7 client and the domain controller images. Login with the Contoso\Admint user account with a password of PaS$w0rd. Estimated time to complete this lab is 60 minutes. Exercise 1: Schedule and Perform a Disk Defragmentation 1. Open the “System Properties” window, click the Remote tab and enable “Allow connections from computers. running any version of Remote Desktop”. Click OK. (if prompted for credential, verify that you are logged Jn.as Contoso\Admint and that the account has lecal administrator privileges. [Module 4, Exercise 1)) Create a System Restore point named "Pre_Labs" Click Start» All Programs > Accessories > System Tools > Disk Defragmenter. In Disk Defragmenter click "Configure schedule’ ‘Change the details ot ine schedule to be weekly, on Sunday at &:UUPM Tor tne LU: drive only. Lek UK. Highlight the C: drive and click Defragment disk. 2o the same for the D: and E: drives. Deo not wait for the defragmentation to complete. Immediately proceed to the following stops. Map the S: drive to the \INYC-DC1\CLASSFILES share, Verify that Disk Defragmenter does net allow youto work on the S: drive (non-local disk) 0. Login to NYC-0C1 as Contaso\Administrator and enable Remote Desktop using the instructions in the first step of this exercise. 14, On Computert, click Start > All Programs > Accessories » Remote Desktop Connection. Login to NYC-DC1 using Contoso\Administrator credentials. 12. Defragment the C: drive on NYC-DC1 using the Lisk Defragmenter.8-38__ Module 8: Identify and Resolve Performance Issues 18. Do not wait for the defragmentation process to end. Disconnect the Remote Desktop and continue to the next exercise 14. Note: Remote defragmentation can also be accomplished with PowerShell scripts using the win32_volume dofrag method. Example: ‘2. Se=gwmi win32_volume -computer nye-dct -fiter‘riveette b. Sedefrag(Strue) Exercise 2: Using Task Manager ‘Open the Windows Task Menager Goto the Applications tab Open the Control Panel, Windows Exolorer, Notepad and Intemet Explore. Go back tothe Task Manager and notice the nev'y started applications and their Status, In the menu bar click Options > Always on Top. Notice the behavior of any application when you ty to bring it to the front Go to the Processes tab. Click on the Memory column to sort the processes in order or memory used. Right click on explorer.exe and notice the diferent options available. 0. Click "UAC Virtualization’ and read the message box provided. (This option is often used on Terminal Servers where multiple people use the same programs, but it should be tested thoroughly fist. 11. Click Cancal 412. Right click on iexplore.exe then click Set Priory. (The Below Normal option is sometimes used for unimportant background applications or processes. Above Normal s used for important appiicaons. The other setings should not normally be used 18, Right cick iexploreexe and then “End Process Tree" 14, Read the message box provided and click "End process tee". 18. Click the “Show processes from all users” button. 18, Press Ct +A + Delete and choose “Switch User. 417. Login as Computert\Usert and open the Contol Panel, Windows Explorer, Noteped and intemet Explorer. 18. Switch User account back to Admin1 and go back to Task Manager. 19. Find the applications launched by User! by sorting the Processes tab by the ‘User Name" column. 20. Clase the Notepad and Windows Explorer applications opened by Usert by ending their processes. 21. Click the Services tab 22. Notice the Services button in the lower right hand comer for opening the Services console. 23, Sort the Services alphabetically by clicking the Neme colurn, 24. Right click the Spooler service and clck “Go to Process". You are back in the Processes tab withthe spoolsv.exe file highlighted. 25. In the Services tab make a note ofthe Process ID (PID) ofthe Spooler service. (Ifthe PID column isnot Visible, adit by using the View > Select Columns option on the menu bar.) 28, Stop and restart the Spocler service, Note the new PID number. (Note: Thisis an easy way to verify ifa process or service has been restarted.) 27. Click the Performance tab. 128. Notice tho Provoseor and Momory information. Make a note ofthe number of processes running and the up time of the machine. Notice the ‘Resource Miter” button. 29, Click the Users tab 30. Note the status of both logged on accounts 31. Use the “Send Message’ button to send a message of “Please Logof the System this evening” to Usert 532. Right click User 1 and cick Connect. Provide the User! password and press OK. 33. Verify that the message from Admin? was sent successfully. 34. Open Task Manager and cick the Users tab. Rignt click Admint and cick Connect. Provide the Admint password and press OK. Make a note ofthe ero” message. 35, Use the Start Menu options to switch to the Admint user account login 38. In the Users tab ofthe Windows Task Manager, Use the Logoff button to logoff User!37. Close Task Manager. Exercise 3: Using Resource Monitor 1. Verify that atleast one instance of Notepad, Internet Explorer, Windows Explorer and the Control Panel are ‘open. Click Start and in the “Search programs and fles” box type Resource Monitor. Click Enter. In the Overview tab, click on the grey bars for CPU, Disk, Network & Memory to view detailed information about how each of these resources is being used ‘On the menu bar, clk Monitor > “Stop Monitor” and notice that the displays are static. (On the menu bar, click Monitor > “Start Monitoring” and notice that the displays are being updated again. Click the Memory column and sort the processes by "Working Set" in descending order. From the Physical Memory bar, decipher how much RAM is in use and how much is available for new applications. Hardware reserved memory is used by davicas like video cards on the system. 8. Click the CPU tab. 8. Sort the Processes table by CPU usage 10. Sor the Services table by CPU usage 114, In the Processes table, right click expiore.exe and choose “Analyze Walt Chain”. 12. Ifthe application is running normally, then itis not waiting on other processes. This feature can be used to troublashoot unresponsive programs. 1. In the Processes table, rightclick iexplore.exe and choose “Suspend Process”. Note the effact on the CPU sage and on the application itself (It frees up resources without forcing you to end an application. 114, Right click iexplore exe and choose "Resume Prozess' 15. In the Services table, locate and stop the Spocler service. Verify that you are unable to see or add new printers. Restart the Spooler service. 16. Inthe Services table. try to locate the Server and Workstation services, 17. Use the Services Window to stop the Server and Workstation services. Note the effect on your ability to sshare local folders and your abilty to connect to network shares. 18, Restart the Server and Workstation services and close the Services window. 19. In the Resource Monitor, click the Disk tab. 20. In the “Processes with Disk Activity” table, sort by Read (B/sec)"to find the process that is performing the ‘most read operations on your disk. 21. Right click the process and notice the option to “Search Online" for more information about that process. 22. Click the Network tab. 23. Use the ‘Network Activity" table to find the names of the network computers you are communicating with ‘and locate the system that you have sent the most data to. If there is no activity, copy files from the S: drive to the local C:\Temp folder to generate some activity. 24, Use the "TCP Connections’ table to see the local IP and Port data for connections. Notice that you can also ‘see the IP and Port information of the remote computer. You can also verify f there are packet losses when ‘communicating with an application. 25, Use the ‘Listening Ports” table to verify what ports your computer is listening on, the protocol being used and the firewall status. 26. Cloce Rocouree Monitor. Exercise 4: Configure a warning message when a service stops Use the "Command Prompt" to go to the folder C:WINDOWSISYSTEMS2, (Run as Administrator) 2. Copy the PRINT_SPOOLER_EVENT.CMD file fram the server using the following command: XCOPY \INYC-DC1ICLASSFILES\MODOS\PRINT_SPOOLER_EVENT.CMD C:\WINDOWSISYSTEM32 3. Use Notepad to examine the file without making any changes ta it. (Note: You can use the EVENTOREATE EXE /? Command to understanc the command options.) 4, Stop the Print Spooler service by running the command: net stop spooler8-40 Module 8: Identify and Resolve Performance Issues 5. Run the command print_spooler_event.cmd 8. Use the Event Viewer to verify that a new Waring message has been created in the System Log with a ‘Source of Print Spooler" (Event Viewer > Windows Log > System) 7. Right click the ‘Print Spooler’ message in Event Viewer and choose “Attach Task To This Event” 8. In the “Create a Basic Task Wizard” window, click Next. 8. Click Next again to open the Action window. 10. Click Display a message and click Next 11. In the Title box type “Print Spooler Error’ 12. In the Message box type "The Print Spooler service has stopped!”. Click Next 18. Check the box for: “Open the Properties dialog" end then Finish, “Ibe Properties svindow, ciech “Runt will higltes: privileges” and click OK. 416. In the System Log, find any event with an ID of 7¢36 (Generated when a service is stopped or started.) 416. Right click on that event and choose “Attach Task To This Event” 17. Click Next twice to get to the Action page. 18. Choose the radio button for "Start a program” and click Next. 19. In the “Programiscript” box, type the path: C:\WINDOWS\SYSTEM32\PRINT_SPOOLER_EVENT.CMD. (Click Next 20. Check the box for: “Open the Properties dialog’ end then Finish. 21. Inthe Properties window, check “Run with highes: privileges” and click OK. 22. Open the Services console and verify that the Print Spooler service is running 23. Stop and then Start the Print Spooler service to verify that the message box does appear. 24, Click Start > Task Scheduler and press Enter. 25. In the Task Scheduler Library > Event Viewer Tasks folder, disable the two tasks that were just created.