Tag Archives: Windows

Establishing a performance baseline


A performance baseline is a vital part of you system documentation. A baseline should be established immediately after a new system has entered production, and should be repeated with regular intervals. That way you can see how your system performs over time and make informed decisions about when a system will have to be upgraded etc.

Creating a baseline

The primary tool you use to capture a baseline on the Windows platform is Performance Monitor (or just Performance or PerfMon). PerfMon is an MMC snap-in that enables you to record various aspects of you system. These are called objects and counters. An object can be e.g. the Processor which in turn has several counters, e.g. % Processor Time.

Which counters?

Which counters you capture depends on the role of the system you are establishing a baseline for. The counters captures for a SQL server are different from those captures on an Exchange Server.
This table lists some important counters. The Role column indicates which server role the counter is applicable to.
ObjectCounter Definition Recommendations Role
Processor% Processor Time % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the duration of the idle thread is active in the sample interval, and subtracting that time from interval duration.  (Each processor has an idle thread that consumes cycles when no other threads are ready to run). This counter is the primary indicator of processor activity, and displays the average percentage of busy time observed during the sample interval. It is calculated by monitoring the time that the service is inactive, and subtracting that value from 100%. A CPU time of more than 90 % for extended periods of time is generally regarded as a problem. All
MemoryPages/sec Pages/sec is the rate at which pages are read from or written to disk to resolve hard page faults. This counter is a primary indicator of the kinds of faults that cause system-wide delays.  It is the sum of Memory\Pages Input/sec and Memory\Pages Output/sec.  It is counted in numbers of pages, so it can be compared to other counts of pages, such as Memory\Page Faults/sec, without conversion. It includes pages retrieved to satisfy faults in the file system cache (usually requested by applications) non-cached mapped memory files. Although it is normal to have some spikes, this counter generally remains at or close to zero. All
PhysicalDiskAvg. Disk Queue Length Avg. Disk Queue Length is the average number of both read and write requests that were queued for the selected disk during the sample interval. The number of requests should not exceed two times the number of spindles constituting the physical disk. If the number of requests is too high, you can add additional disks or replace the existing disks with faster disks. All
PhysicalDiskAvg. Disk sec/Read Avg. Disk sec/Read is the average time, in seconds, of a read of data from the disk. Should not be above 25 ms.
PhysicalDiskAvg. Disk sec/Write Avg. Disk sec/Write is the average time, in seconds, of a write of data to the disk. Should not be above 25 ms.


Tool name Description Notes
logman.exe CLI utility included in Windows Server 2003 and newer. Logman manages the “Performance Logs and Alerts” service for creating and

managing Event Trace Session logs and Performance logs.
perfmon.exe Performance Monitor Can also be launched by using perfmon.msc
Performance Analysis of Logs (PAL) Tool Open source utility on Codeplex http://pal.codeplex.com/
ExPerfWiz ExPerfWiz is a powershell based script to help automate the collection of performance data on Exchange 2007 and Exchange 2010 servers. http://code.msdn.microsoft.com/ExPerfwiz
LogWiz Automate the collection of Performance monitor logs using logman.exe http://logwiz.codeplex.com/
relog.exe Relog creates new performance logs from data in existing performance logs by changing the sampling rate and/or converting the file format. Supports all performance log formats, including Windows NT 4.0 compressed logs.
Typeperf.exe Typeperf writes performance data to the command window or to a log file.
TraceRpt.exe Tracerpt processes binary Event Trace Session log files or real-time streams from instrumented Event Trace providers

and creates a report or a text (CSV) file describing the events generated.


Establish a one week performance baseline for a Domain Controller:
logman.exe create counter “Active Directory Baseline (1 Week)” -c “Processor(*)% Processor Time” “NTDS*” “DNS*” “PhysicalDisk(*)Avg. Disk Queue Length” “MemoryPages/sec” -max 50 -rf 168:00:00 -cnf


Customizing pinned shortcuts on the Taskbar for Windows Server 2008 R2

OK, this is one way. I am sure there are several others. Can anyone say convoluted…?

(This is mainly intended for use on Remote Desktop Servers.)

  1. Create a test user.
    My user is named Bob in this example.
  2. Log on as Bob and pin the shortcuts you want on the Taskbar, and remove the ones you do not want.
  3. Log off Bob and log on as an Administrator.
  4. Load the Default User registry hive:
    reg.exe load HKUDefaultUser c:UsersDefaultNTUSER.DAT
  5. Load Bob’s registry hive:
    reg.exe load HKUBob c:UsersBobNTUSER.DAT
    (Your path may be different.)
  6. Export the following key:
    (reg.exe export HKEY_USERSBobSoftwareMicrosoftWindowsCurrentVersionExplorerTaskband Taskbar.reg)
  7. Edit the Taskbar.reg file:
    1. Remove the FavoritesResolve value.
    2. Change the key path from Bob to DefaultUser (this is the name in the registry path where you mounted the Default User hive). This so we can import the changes that Bob made to his Taskbar into the loaded Default User profile registry.
    3. Save and import
      The changes should now be in the Default User registry.
  8. Unload Bob’s hive and the Default User hive:
    reg.exe unload HKUBob
    reg.exe unload HKUDefaultUser
  9. Navigate to the following folder in Bob’s profile:
    <Bob’s profile root>AppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser Pinned
  10. Copy the entire contents of the folder into the same location in the Default User profile.
    (xcopy.exe “c:UsersBobAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser Pinned*.*” “c:UsersDefaultAppDataRoaming
    MicrosoftInternet ExplorerQuick Launch”
  11. Run the following commands to remove the Everyone and BUILTINUsers security principals from the Server Manager and PowerShell shortcuts. These are copied into the User Pinned folder for every new profile, and the only way to prevent this (that I have found), is to prevent access to them. The Administrator still retains access through the remaining permissions on the shortcut files.
    1. icacls.exe “%ProgramData%MicrosoftWindowsStart MenuProgramsAccessoriesWindows PowerShell” /T /inheritance:d
    2. icacls.exe “%ProgramData%MicrosoftWindowsStart MenuProgramsAccessoriesWindows PowerShell” /T /remove:g *S-1-1-0 *S-1-5-32-545
    3. icacls.exe “%ProgramData%MicrosoftWindowsStart MenuProgramsAdministrative ToolsServer Manager.lnk” /inheritance:d
    4. icacls.exe “%ProgramData%MicrosoftWindowsStart MenuProgramsAdministrative ToolsServer Manager.lnk” /remove:g  *S-1-1-0 *S-1-5-32-545
      NOTE: These file system security settings can be propagated with Group Policy Security Policies. A template file doing just that is attached to this post.
  12. Log on as another regular user (not Bob) and verify that the pinned programs are available.
  13. Duplicate the Default User profile to other servers if necessary.


Security Policy Template File


Automatic Updates Client command line parameters

The Automatic Updates Client Utility (wuauclt.exe) supports a few command line parameters. Some of them are documented, others not. Here are the ones I have found:

Parameter Explanation
/detectnow Run a detection cycle
/a /resetauthorization Resets the WSUS cookie. (If used together with /detectnow; /resetauthorization must be entered before /detectnow.)
/r /ReportNow Sends all queued reporting events to the server asynchronously.
/ShowSettingsDialog Display the Windows Update settings dialogue
/ShowWU Open the Windows Update Control Panel Applet
/ShowWindowsUpdate Open the Windows Update Control Panel Applet
/ShowWUAutoScan Open Windows Update Control Panel Applet and scan for updates
/ShowFeaturedUpdates Opens the Features Updates list
/ShowOptions Opens the Windows Updates Settings window
/ShowFeaturedOptInDialog Opens the OptIn dialogue for Featured Updates
/DemoUI Display Windows Update notification in tray

More info:

One thing to be aware of when it comes to wuauclt.exe is that it has no desire or need whatsoever to inform you whether any of the parameters you submitted actually worked, or were even vaild! No matter what you supply as a parameter to wuauclt.exe you will get absolutely nothing back. So check your typing. You have been warned.

Some Windows Server 2008 R2 Failover Cluster Notes

  • You should format you shared disks with NTFS before you form you cluster. If not the disks will not be eligible as witness disks. (NTFS is a requirement for a disk witness.) Do not assign a drive letter or mount point to your witness disk. (Disks used e.g. for a clustered file server needs a drive letter assigned. Do this through Failover Cluster Manager.)
  • If you want to run, say, a clustered file server, the corresponding role must be installed on the nodes of the cluster. This is true for all built-in roles.
  • To be able to add a share to a clustered file server in Failover Cluster Manager; the Remote Volume Management firewall exception must be enabled on all nodes. To enable this exception from the command line:
    netsh advfirewall firewall set rule group=”Remote Volume Managmenet” new enable=yes
  • To move the default cluster group (called Cluster Group by default) with PowerShell:
    Move-ClusterGroup –Name “Cluster Group” –Node <name of destination node>
  • To see the owner of the default cluster group with PowerShell (the only way you can actually see that information, to my knowledge (except with cluster.exe, of course)):
    Get-ClusterGroup “Cluster Group”

Happy clustering!


Getting volume data with PowerShell

It has always irritated me that I cannot export data from the disk management snap-in in Windows. Take this example from an Exchange server:


It would be very nice to be able to export this data to a CSV to create a quick storage report. Unfortunately you can’t. But with PowerShell you can!

This command will export the same data:

Get-WmiObject win32_volume | select Name,Label,@{Name=”Capacity (GB)”; Expression={“{0:N2}” –f ($_.capacity/1GB)}},@{Name=”Free Space (GB)”; Expression={“{0:N2}” -f ($_.freespace/1GB)}},@{Name=”Used Space (GB)”; Expression={“{0:N2}” -f ( ($_.capacity/1GB) – ($_.freespace/1GB) ) }} | ft –AutoSize

The result:

Name        Label        Capacity (GB) Free Space (GB) Used Space (GB)
—-        —–        ————- ————— —————
C:                      72,50         18,17           54,33
E:LogLUN1 ExchangeLogs 1 249,87      1 245,32        4,55
E:         Exchange     0,97          0,93            0,03
E:DBLUN1  DBLUN1       2 046,87      1 358,92        687,95
E:DBLUN2  DBLUN2       2 046,87      1 467,69        579,19
E:DBLUN3  DBLUN3       2 046,87      1 527,84        519,03
E:DBLUN4  DBLUN4       499,87        375,19          124,68

Of course, you can export this to CSV etc.

Enabling Windows Search on Windows Server 2008 R2

As with Windows Server 2008, Windows Search is included as part of the OS and can be installed through Server Manager or PowerShell. Unfortunately it is located in a not quite intuitive place…

To enable Windows Search on Windows Server 2008 R2 you must start the Add Roles wizard and then select File Services Role, on the Role Services page you will find Windows Search:


The Role Service File Server is selected by default, so if you only want Windows Search uncheck it.

To use PowerShell to install Windows Search run:

Add-WindowsFeature FS-Search-Service

(Remember to do ImportSystemModules first.)

Some Windows Virtual PC Notes

  • Press the DEL key to enter the VM BIOS
  • If you can’t install the Virtual PC Integration Components on Windows XP and you get a 1603 error in the log file; delete the c:windowssystem32driverswdf01000.sys and retry the install.
  • Press SHIFT+ESC while the VM is starting to view the console instead of just the progress bar.
  • To mount a floppy image, use the scripts provided here: http://blogs.msdn.com/b/virtual_pc_guy/archive/2009/10/01/using-floppy-disks-with-windows-virtual-pc.aspx
  • Sysinternals’ Disk2Vhd is an excellent tool to P2V your machines into Windows Virtual PC. It even takes care of setting the correct HAL in the boot.ini file. Get it here: http://technet.microsoft.com/en-us/sysinternals/ee656415.aspx
    NOTE: The technique that Disk2Vhd uses will make it impossoble for you to install a Windows XP service pack. More info here: http://support.microsoft.com/kb/327101
  • If you need to run older OSs on Windows Virtual PC you can use the AV Additions from Virtual PC 2007. This will give you VM Additions support for Windows 2000 and DOS. Get the Virtual PC 2007 install file and extract it, then run an administrative install using msiexec.exe /a <path>. In the folder you specified you will find the ISO file with the VM Additions from Virtual PC 2007. Mount the file in your guest as you would any ISO file.
  • Microsoft has published a Windows Virtual PC Tips document: Windows Virtual PC Tips
  • The Windows Virtual PC blog can be found here: http://blogs.technet.com/b/windows_vpc/
  • The acronym RAIL means Remote Applications Installed Locally. RAIL technology is used to publish apps in the VM to the host.
  • The Windows Virtual PC Home page: http://www.microsoft.com/windows/virtual-pc/default.aspx

Morgan’s list of great (free) applications and utilities

So I thought I would put together a list of the stuff I use. Mostly as sort of a memo to myself, but if anyone finds this useful, so much the better.

Name Description
Audacity Sound file editing
Paint.NET Image editing
HashCheck Checksum verification/creation
MyDefrag Defragmentation
VirtualDub Video edition
Foxit Reader PDF Reader/PDF Ifilter
7-Zip File archiver
Putty Telnet/SSH client
FileZilla FTP client
Simp Instant messaging encryption
VLC Media player
Wireshark Network protocol analyzer
Notepad++ Text editor
Bullzip PDF Printer
CDBurnerXP CD/DVD Burning Application
Folder2ISO ISO file creation
Exact Audio Copy (EAC) CD Ripping
Nmap Network mapping
MailSend SMTP command line sender
VHD Resizer Resizes VHD files
VMDK to VHD Converter Convert VMware VMDK disk files to VHD
Angry IP Scanner IP address scanner
WinSCP SFTP, FTP and SCP client
Fiddler HTTP Debugging proxy
Stellarium Planetarium
TFTPD32 TFTP client and DHCP, TFTP, DNS, SNTP and Syslog server
RawWrite Disk image writer
WinTail Tail application for Windows
Cygwin Linux environment for Windows
Free Download Manager Like the name says…
uTorrent Tiny BitTorrent client
MediaCoder Transcode files for portable devices
Frhed Free Hex Editor
OpenSSL Open Source toolkit for SSL/TLS and cryptography
MediaInfo Supplies technical and tag information about a video or audio file
Cuttermaran Cut program for MPEG1 or MPEG2 video streams
iCopy Turn you scanner and printer into a free photocopier
Synergy Keyboard, mouse and clipboard sharing across computers on a LAN
Unetbootin Cross-platform for creating bootable flash drives with various Linux distributions on them.
VirtualBox Cross-platform hosted-hypervisor virtualization software from Oracle.
Xbox Media Center (XBMC) The world’s best Media Center for HTPCs.
Pandora Recovery Recover deleted files
HWiNFO Hardware inventory