Chapter 3: Optimizing the Windows Environment

Exam Objectives

Optimizing operating systems by modifying virtual memory settings

Using utilities to monitor and identify optimization areas

Optimizing hard drives and temporary files

Improve performance by turning off OS features

Managing services and startup of applications to optimize system ­performance

Few things in life are perfect, and if you put them on a scale from perfect to lousy, most things fall somewhere in the middle. Computers play a part in my life, and I can safely say that they are not perfect, especially when dealing with speed and performance. I regularly work with other people’s computers and find the responsiveness of many computers far less — very far less — than perfect. Over time, if left to its own devices, your computer will slow down, sliding down the scale from the perfect end to the lousy end. When I comment on the slow response of a computer that just completed a 15-minute boot and logon, I am often surprised, or absolutely floored, when the owner says that it is acceptable. Although some people find “acceptable” to be, well, acceptable, as the saying goes, “good enough” is never good enough. As a CompTIA A+ Certified Professional, you should be able to identify areas that might cause a slow down — and then resolve those issues.

In this chapter, you look at the major problems responsible for many slowdowns — and how to avoid them.

Identifying Areas of System Bottlenecks

The tapered neck of a bottle, with its substantially smaller diameter than the body of the bottle, restricts the flow of liquid from the bottle. Bottlenecks occur on your computer as well. They happen when most system resources are fine, except for that one subsystem that is heavily overused. To perform any task, a limited number of resources can be applied to a task; when the task exceeds the available resources, you run into problems. Computers have four critical resources that can be the source of a bottleneck:

Processor

Memory

Disk

Network

All system bottlenecks will occur in one of these four resources, which are the main subsystems in a computer.

In addition to resource overuse, hardware errors might also cause problems. This chapter does not examine possible hardware errors that can cause problems or issues that might be specific to a particular type of application or service. Most hardware issues are dealt with in Book IV, Chapter 2, which is devoted to troubleshooting.

Using Monitoring Tools

To effectively diagnose a problem in one of the four critical resources (processor, memory, disk, and network), you need to monitor what is going on with your system. In the following sections, you look at two tools that you can use to diagnose problems in these resource areas.

Task Manager

Task Manager (or taskman.exe) is a nice, quick, and simple tool. It is not as full-featured as Performance Monitor (see the following section), but what it lacks in features, it makes up for in simplicity and speed. To open Task Manager, press Ctrl+Alt+Del and click the Task Manager button in the Security dialog box. In Windows XP computers that are not part of a domain, just pressing Ctrl+Alt+Del opens Task Manager. For Windows Vista or Windows 7 and Windows XP computers in a domain, pressing Ctrl+Alt+Del displays a list of options, of which Start Task Manager is one of them. You can also open Task Manager by right-clicking an empty area of the Taskbar and choosing Task Manager from the contextual menu.

Performance tab

You can use Task Manager to diagnose processor, memory, network (with Windows XP), and service (with Windows Vista or Windows 7) bottlenecks. Figure 3-1 shows the Performance tab of Task Manager, which is typically the tab you will use first to identify a problem.

On the Performance tab, you can find critical data about your system’s performance. This tab is broken down into two main sections: the graphs and the numeric data. In the graph section is CPU usage and PF (Page File) usage information (or Physical Memory usage in Windows 7). In the numeric section, you see information on processes and memory usage. At the very bottom of the window, you see summary information in the status bar.

The Task Manager window stays on top of all others, which is normally preferred; however, if you want it to go to the background, choose Options⇒Always on Top to deselect this option.

In the graphs section is the graph for the overall CPU usage, which is the same image shown in the system tray next to the clock. (This image appears automatically when you open Task Manager.) In this context, CPU usage is the average of CPU usage over all processors in your computer.

Next to this graph is a line graph showing you historic CPU usage over the past few minutes. If you have multiple processors, processors with hyperthreading, or multicore processors, you will see multiple line graphs, each in its own small window. If the graph is too small, resize Task Manager. And if you have multiple graphs, you can get a single graph showing the averages by choosing View⇒CPU History⇒One Graph, All CPUs. If you choose View⇒Show Kernel Times, you get a red line showing kernel processor utilization to help identify whether the problem is related to kernel processes or user processes. It is not uncommon for processor utilization to jump to 100%, but if it is consistently higher than 80% or 90%, you are likely experiencing a slowdown.

Page file usage (also recorded in the graphs section) is actually application-specific virtual memory usage, which includes paging file usage and a portion of the physical memory that the application is using. Just like CPU utilization, two graphs are shown here: a histogram for instantaneous usage and a line graph showing the historical usage. If you are running low on space in your page file, you are likely running short on memory. Windows 7 shows page file usage in the System section of the dialog, and shows physical memory usage in the graph area.

In the numeric section are totals for handles, threads, and processes. Think of processes as applications. However, not all applications run in windows that you can see. Some, like services, run in the background, and these are included in the total number of running processes. Each process is composed of threads of code that are executed. Old applications from the 16-bit Windows and MS-DOS days are single threaded, which means that the program runs a single thread of code from beginning to end. Newer multithreaded applications can run several different threads of code, each performing a different task, all working together to perform the task that the processor is attempting to accomplish. On a multiprocessor computer, these threads can execute simultaneously, improving the overall speed of the process.

Handles are resources that the processes are using, such as memory locations, files, or Registry keys. Most likely, you will be primarily concerned with how many processes are running, because each running process consumes some of the total processor cycles available.

The other numeric sections all deal with memory — physical memory, kernel memory, and commit charge (prior to Windows Vista). Physical memory is the actual RAM that is installed in your computer. In the physical memory section, you can see how much physical memory is on your computer, is free (or available), and is allocated to system cache or disk caching for the disk drives. The cache space dynamically adjusts as demands for memory go up, but the goal is to improve disk access by caching in fast memory.

Kernel memory is memory allotted to the kernel. The kernel memory section shows you how much memory is allocated to the kernel, which is in charge of running all operations in your computer. If a driver has a memory leak, you might see kernel memory increase higher than normal for your computer, which is typically less than 100MB. The short-term solution is to reboot your computer.

Kernel memory is split between paged and nonpaged memory. Paged memory is part of the page pool, which is the memory swapped between physical RAM and the page file on the hard drive.

Commit charge is the amount of memory that is in use, or committed. This section shows you current usage, total available (including the page file), and the peak usage since the last reboot. Windows Vista and Windows 7 do not have a section for commit charge. Windows Vista displays the total committed memory in the System section as Page File, while Windows 7 calls this Commit.

Windows Vista and Windows 7 add a Resource Monitor button to this tab, which opens another performance tool that provides more detailed information related to the four critical resources, as shown in Figure 3-2. One big difference between Resource Monitor and Task Manager is that Resource Monitor shows the resource usage by application or process. Resource Monitor is covered in the section “Windows Resource Monitor,” later in this chapter.

Networking tab

In most cases, looking at the data on the Performance tab leads you to either the Processes tab or the Networking tab. On the Networking tab (shown in Figure 3-3) is a line graph with lines for each network interface on your computer, representing the percentage of bandwidth being used by each one. To see additional information on your graph, choose an option from the View⇒Network Adapter History submenu. This allows you to add Bytes Sent and Bytes Received to the existing Bytes Total line on the graph. This is useful for seeing whether a network-related problem is because of data coming in or going out.

You can also find the same information from the graph presented numerically at the bottom of the window. To see more data, choose View⇒Select Columns. This opens the tool to a lot more troubleshooting capabilities by allowing analysis of many network-related counters, such as the breakdown of bytes sent, bytes received, and traffic type being unicast or nonunicast. Unicast network traffic is information that is sent only to your computer; nonunicast traffic is simultaneously sent to multiple computers on your network.

Processes tab

If the problems are not network-related, you might be led to look at the Processes tab, which is shown in Figure 3-4. This tab lists all running processes on your system in columns. You can toggle a sort on the columns (ascending or descending) by clicking the column heading. The default columns include Image Name, User Name (the user executing the process), CPU (the percentage utilization of this process), and Memory (the amount of memory this process is using). If you are logged on as an administrator, you can also choose to Show Processes from All Users to see processes other than your own.

In most cases, you will be able to locate the process using up most of the CPU cycles and slowing down your computer. To see additional troubleshooting information, choose View⇒Select Columns to select from many other counters, such as Virtual Memory Size, Page Faults, and Peak Memory Usage, to list just a few.

Page faults occur when information that your computer wants is not in physical memory and must be initially loaded into memory or be read from the page file on the hard drive. If the number of page faults takes a sharp rise, you might also notice that your available memory is low.

Right-clicking any running task on the Processes tab invokes a contextual menu with several options, including ending the process, ending the process tree, going to the service, and changing the application priority or the processor affinity (if you have more than one processor). If you end the process tree, you terminate the process and any other processes that it started. If you have right-clicked on a process which is used by a service on your computer, then selecting Go to Service(s), will bring you to the Services tab where all related services will be automatically selected. Changing a process’ priority changes the percentage of CPU time that an application gets when it is running. If you set the affinity, then you are able to force it to run on a specific processor.

Be careful when using high and real-time priorities; they can cause system instability. If you have a highly active program, such as a counter, setting it to real-time priority can allow it access to all CPU cycles on your computer, which can cause the system to ignore user input from the mouse or keyboard, preventing you from doing anything else with your computer.

Services tab

The Services tab (Vista and Windows 7) shows you the same list of services that you will find in the Services MMC management tool, but in an abridged format. This allows you to stop or start these services, or launch the Services MMC to have full control of the services. When you right-click a service, you have the option of going to the process, for services that have processes listed on the Processes tab. This makes the job of troubleshooting runaway processes and services much easier.

Applications tab

The Applications tab shows what applications are running in the foreground (as shown in Figure 3-5). These applications should list Running in the Status column. If the application is not listed as running, it may not be responding. At this point, you can either give the application more time to respond (after all, it might just be busy), or you can end a task by selecting the application and clicking the End Task button. To bring an application’s window to the foreground, select the application and click the Switch To button. If you want to locate the application on the Processes tab, right-click the application and choose Go to Process. To launch a new application, click the New Task button, which brings up the Run dialog box.

Users tab

The Users tab (in Windows Vista and Windows 7) shows what users are logged on, if they are currently active, the remote computer they are connected from (Client Name), and the session they are logged on to (either remote or console). For any of the users that are connected, you are able to disconnect the user or to log the user off.

Performance

Although Task Manager might be where you first look for solutions to performance problems, it is really a 10,000-foot view of the situation. To get down to ground level, you need a more powerful tool, and that is where the Performance administrative tool comes in, with its two main components: System Monitor and Performance Logs and Alerts.

Windows Vista calls this tool Reliability and Performance, which can be found in the Windows Vista Administrative Tools. This tool also adds a component called Reliability Monitor, which graphs major failures in the OS and what was happening on the computer at the time, all presented in a timeline. Windows 7, however, has gone back to the full Performance Monitor name and still provides reliability information in the form of the Reliability Monitor. To open the Reliability Monitor, choose Start⇒Control Panel⇒System and Security⇒Action Center⇒Maintenance⇒View Reliability History.

System Monitor is Task Manager’s big brother. It does not allow you to change settings or terminate tasks, but it does allow you to monitor a whole series of available counters. Launch Performance by choosing Start⇒Control Panel⇒System and Security⇒Administrative Tools⇒Performance Monitor, or by running either perfmon.exe or perfmon.msc. The Performance screen for Windows XP starts with three default counters loaded into the System Monitor, as shown in Figure 3-6. A counter is a numeric measure of an element of a system component, such as bytes of available memory. The three default counters are

Pages/sec from the Memory object to show memory shortage problems

Avg. Disk Queue Length from the Physical Disk object to show disk access bottlenecks

% Processor Time from the Processor object to show processor utilization problems (Windows Vista and Windows 7 only include % Processor Time by default)

On the exam, you might see references to System Monitor as well as Performance or Performance Monitor. System Monitor is the component of Performance that makes the graphs of current and logged activity. Windows Vista and Windows 7 have gone back to calling the component that makes the graphs Performance Monitor.

For each counter, you will see a graph with 100 readings, which by default are taken once per second. To change this frequency, bring up the Properties for the graph by clicking the Properties button on the toolbar or by pressing Ctrl+Q and changing the value of Sample Automatically Every X Seconds. For Windows Vista and Windows 7, you will have to select the General tab of the Performance Monitor Properties dialog, and in addition to changing the sample frequency, you will also be able to change how many samples will fill the graph.

If you don’t like the line graph look, click the View Histogram button (think bar graph) or View Report button (gives only numeric data). These buttons are indicated in Figure 3-6.

Many other counters can be added to the graph. If you click the Add button on the toolbar or press Ctrl+I, you can add counters to your graph, as shown in Figure 3-7.

By default, you add counters from your computer, but you have the option to add counters for any computer that you have admin rights for. If you prefer to view counters from a remote computer, choose it from the Select counters from the Computer drop-down menu to type the computer name into the drop-down menu box. If you choose another computer, your list of Performance objects is updated to include the objects on that computer. Many counters are defaults for the OS, and any software you install has the option of adding custom counter objects, which is the case for many Microsoft programs. If you look at the list of counters, you will see that they can be categorized into the four critical system resources: processor, memory, disk, and network. Table 3-1 lists some of the related objects for the four critical system resources.

Table 3-1 Related Objects for Critical System Resources

Critical System Resource	Related Object
Processor	Process Processor System
Memory	Memory Paging File
Disk	Cache Physical Disk
Network	Browser IP Network Interface Redirector Server Server Work Queues

Table 3-1 is just a partial list of all the possible objects available to you. Each object has a series of related counters. For instance, the Process object has counters for % Privileged Time, % Processor Time, and % User Time. Each counter may have a series of instances. In the case of the Process object and % Processor Time, there are instances for each running process on the system.

For any counters that you do not know, select that counter and then click the Explain button to access a description about that counter. Windows Vista and Windows 7 have replaced the Explain button with a Show Description check box.

When you click the Add button to add a counter to your graph, the new counter lines show up immediately. When you have added all the counters you want to view, click Close or OK.

When you have many lines on your graph, click the Highlight button or press Ctrl+H to highlight the line in bold on your graph for any counter you selected on the bottom part of the screen. To delete any counters that you added, select the counter and click the Delete button on the toolbar or press the Delete key on your keyboard.

So far, you have been taking data from current activity. If the problem is periodic, you want to create logs and alerts to try to catch the problem when it occurs. If you want to create an alert based on your counters, with Windows XP, this is done through Performance Logs and Alerts; but for Windows Vista and Windows 7, this is done with Data Collector Sets. To create an alert using Windows Vista and Windows 7, follow these steps:

1. Expand Data Collector Sets in the navigation pane and then right-click User Defined, and choose New⇒Data Collector Set.

2. In the Create New Data Collector Set dialog, you provide a descriptive name used to identify the alert, choose the Create Manually radio button, and click the Next button.

3. Choose the Performance Counter Alert and click the Next button.

4. On this screen, you will then be able to use the Add button to select counters and set the alert-firing threshold for each counter, as shown in Figure 3-8. After adding your counters, click OK and set the threshold value for each counter. To finish off the alert, click Next.

5. The last portion of the wizard brings you to a screen to set the credentials to be used to run the alert (which affects what actions may be performed), as well as the option of saving and starting the data collector right away or editing the settings. Click Finish to complete the process.

To complete the alert configuration, you will need to open the data collector properties and adjust the settings. From within the User Defined Data Collector Sets, select a Data Collector Set that shows the contents of the set in the right pane, with the default name being DataCollector01 for the first data collector. Right-click the data collector and choose Properties. This allows you to adjust the performance counter thresholds on the Alerts tab, write to the application log and start a Data Collector Set on the Alert Action tab, or specify actions to be performed on the Alert Task tab, as shown in Figure 3-9. These values are checked at the Sample interval. When the firing threshold criteria are met, the actions on the Alert Action and Alert Task tabs are performed. With Windows XP, the alert actions include logging the alert in the Event Log, sending a network message to a NetBIOS name, starting a counter log, and running an external program, which might be a script to perform additional actions.

In Windows XP, this alert will be active during the times listed on the Schedule tab, while in Windows Vista and Windows 7, this alert will be active during the times listed on the Schedule tab of the Data Collector Set’s properties.

Rather than looking at the current activity, you can also create a log of counter activity that may be reviewed at a later date. On Windows XP, if you want to create a counter log, click Performance Logs and Alerts; then right-click Counter Logs and choose New Log Settings. Select the counters or objects that you want to log and the interval at which you want to take readings. Then you can set the type of log to create — if you plan to view the data in the Performance Monitor, you need to use a binary log format. Just like the alerts, you can choose a schedule for this log so that it can run at a specific time. For instance, if you are having problems with a computer regularly between 2 p.m. and 4 p.m., you could schedule the log to run from 1 p.m. to 5 p.m. You can also have the log file stop when the file is full or reaches its configured maximum size. When the logging stops, you can have a program run, which might be used to notify you that the logging has stopped or to copy your new logs to another computer or location.

On Windows Vista and Windows 7, to create a log, you will again use the Data Collector Sets. To create a log, follow these steps:

1. Expand Data Collector Sets in the navigation pane, and then right-click User Defined, and choose New⇒Data Collector Set.

2. In the Create New Data Collector Set dialog, you first provide a descriptive name used to identify the alert, choose the Create from a Template radio button, and then click the Next button.

3. Choose the System Performance template and click the Next button.

4. Use the default root directory to store the logs for this Data Collection Set or specify your own directory. Click Next to continue.

5. The last portion of the wizard brings you to a screen to set the credentials to be used to run the alert (which affects what actions may be performed), as well as the option of saving and starting the data collector right away or editing the settings. Click Finish to complete the process.

Figure 3-10 shows the two types of data collection processes that are running. One tracks kernel performance stats, while you will be more interested in performance counter properties. If you did not start the log file collection at the end of the creation process, you can right-click the Data Collection Set and choose Start to start collecting log data. You can change how long the log files will collect on Windows Vista and Windows 7 logs by editing the settings on the Stop Condition tab of the Data Collection Set properties.

After a log file is created, you can view it from the Performance Monitor by clicking the View Log Data button or by pressing Ctrl+L. You are asked for the name of the log file that you want to use, and then you can add counters to the graph normally, but you can choose only from the counters included in the log file. The resulting graph charts all readings taken for the counters, not just the default 100 readings. The default log file location is the %systemdrive%PerfLogsAdmin directory.

To change the time range displayed on the graph, click the Properties button and the Source tab, from which you can adjust the time range. As you adjust the range, a vertical bar moves through the graph, showing you where that range is. To return to getting graph data from current activity, click the View Current Activity button or press Ctrl+T.

Windows Resource Monitor

Whereas Task Manager is a simple tool that easily shows you key performance statistics at a glance, and Performance Monitor is a powerful, complex, customizable tool for delving into detailed information about system performance, Windows Resource Monitor strikes a middle ground. It was introduced with Windows Vista and enhanced in Windows 7.

Overview

An easy way to open Windows Resource Monitor is to click the link on the Resource Monitor button on the Performance tab of Task Manager. On the initial window, shown in Figure 3-11, Resource Monitor will show you key summary information across all four resource categories: CPU, disk, network, and memory. If you see issues with your system related to performance, this initial screen should offer suggestions as to which of the four critical resources are being overconsumed.

Each table of data in Resource Monitor allows you to add or remove columns from the display, providing you with additional detail.

To view additional information related to each of the resource categories, you can choose the appropriate tab at the top of the application window.

CPU

The CPU tab provides detailed information related to processes that are consuming processor cycles on your computer. Issues in the CPU area will show up as highly busy threads in the processes or services categories. In addition to the tables of performance data, you also find two charts showing CPU utilization, as can be seen in Figure 3-12.

While troubleshooting issues with processes, you can right-click a process and choose End Process or End Process Tree, as you can with Task Manager. In addition to these options, you can choose Suspend Process and Resume Process (temporarily pausing the process rather than stopping it) and Analyze Wait Chain. If you use Analyze Wait Chain for a process, you will be able to see whether issues with this process are actually a result of other processes that are waiting for processes to be completed.

Memory

If you find that the performance issues are related to memory, the Memory tab is where you should focus your attention. Figure 3-13 shows that this again gives you a table of processes, but this time, it shows you memory statistics related to each process in addition to a chart showing you how that memory is allocated.

Memory-related performance issues should be identifiable on this page, with a focus spent on the processes that are consuming the greatest amount of memory.

Disk

Because not all processes make use of the hard drive, the Disk tab, as seen in Figure 3-14, filters down the list of processes to only those that have disk activity. From this page, you can see the process, its disk activity, the files that are read or written to, and the overall disk utilization per disk. Higher-than-normal disk activity may be related to problems with the process, or it can identify processes that are overconsuming resources.

Network

Resource Monitor’s Network tab, shown in Figure 3-15, provides you with detailed data on network utilization. As with the disk, this tab will filter out processes that do not generate network traffic, and for remaining services, you will see the network traffic that is generated for each process. In addition to the network activity, you will see tables listing the active TCP connections as well as any ports that are open to accept incoming connections.

Network activity shows not only the data throughput through the network cards but also the network addresses that are used by each of the ­processes.

Other tools

Windows Vista has introduced two new tools in an attempt to allow for more functions to be completed from the command line interface: tasklist.exe and taskkill.exe. These tools take the functionality of the Processes and Services tabs of the Task Manager and bring them to the command line. One additional feature of these programs is that they can be run locally on the computer, or they can be used to view processes on another computer on the network.

The tasklist.exe program will show you what processes are running on the computer, which can be seen in greater detail using the /v option, which is just one of many options. The basic output from the command looks like Listing 3-1:

Listing 3-1: tasklist.exe Output

C:UsersUser>tasklist

Image Name                     PID Session Name        Session#    Mem Usage

========================= ======== ================ =========== ============

System Idle Process              0 Services                   0         24 K

System                           4 Services                   0      2,312 K

smss.exe                       416 Services                   0        640 K

csrss.exe                      504 Services                   0      3,932 K

wininit.exe                    540 Services                   0      3,816 K

csrss.exe                      560 Console                    1      3,260 K

winlogon.exe                   604 Console                    1      4,736 K

services.exe                   636 Services                   0      6,412 K

lsass.exe                      656 Services                   0      2,464 K

lsm.exe                        664 Services                   0      5,512 K

svchost.exe                    832 Services                   0      6,496 K

LogonUI.exe                    980 Console                    1     15,460 K

audiodg.exe                    548 Services                   0     12,964 K

SLsvc.exe                      884 Services                   0      4,328 K

aswUpdSv.exe                  1320 Services                   0        528 K

ashServ.exe                   1348 Services                   0     15,944 K

spoolsv.exe                   1616 Services                   0      8,548 K

svchost.exe                    824 Services                   0      4,768 K

SearchIndexer.exe             2076 Services                   0     14,508 K

ashMaiSv.exe                  2372 Services                   0      1,688 K

ashWebSv.exe                  2436 Services                   0     26,124 K

msdtc.exe                     3020 Services                   0      4,908 K

taskeng.exe                   2288 Services                   0      5,976 K

csrss.exe                     3068 RDP-Tcp#0                  2      5,812 K

winlogon.exe                   492 RDP-Tcp#0                  2      5,184 K

taskeng.exe                   2244 RDP-Tcp#0                  2     10,004 K

rdpclip.exe                   3184 RDP-Tcp#0                  2      5,612 K

dwm.exe                       3496 RDP-Tcp#0                  2      5,288 K

explorer.exe                  3516 RDP-Tcp#0                  2     51,836 K

MSASCui.exe                   3744 RDP-Tcp#0                  2      7,620 K

ashDisp.exe                   4044 RDP-Tcp#0                  2      4,496 K

wmpnscfg.exe                  4052 RDP-Tcp#0                  2      5,004 K

svchost.exe                   2180 Services                   0      4,648 K

EasyCapture.EXE               2324 RDP-Tcp#0                  2      7,404 K

mmc.exe                       3692 RDP-Tcp#0                  2     27,344 K

taskmgr.exe                   3380 RDP-Tcp#0                  2      9,548 K

cmd.exe                       3528 RDP-Tcp#0                  2      2,464 K

WmiPrvSE.exe                  2216 Services                   0      9,036 K

tasklist.exe                  1892 RDP-Tcp#0                  2      5,992 K

The taskkill.exe program is used to terminate tasks that you need to stop, in the same manner you would with End Process option in Task Manager. If I were to terminate the EasyCapture.exe process in Listing 3-1, I would be able to run the following command:

taskkill /PID 2324

Optimization Best Practices

There are many simple steps that you can take to optimize your system for best performance. Some components that you can make changes to include virtual memory, hard drives, printers, scanners, system services, running processes, and temporary files. After you make changes to the components, you can use Task Manager and System Monitor to see whether your changes had any effect on system performance.

Virtual memory

Virtual memory uses both RAM and hard drive space to create a memory pool. The hard drive space used is called a paging file; in Windows, the filename is pagefile.sys. Access to the paging file is much slower than access to RAM, so the paging file is used for information that is accessed less often. The default paging file size is 1.5 times the amount of RAM in your computer. To improve performance, you should not set this any larger than it really needs to be. You can find out what your maximum size should be by running your system for several days of typical or hard use and then checking your peak usage in Task Manager or System Monitor. Set your paging file size between 1.25 times to 1.5 times your peak paging-file usage. To see how to gather your memory usage data using Task Manager or System Monitor, review the “Using Monitoring Tools” section earlier in this chapter; to see how to change the size of your paging file read Book V, Chapter 2; and to get an overview of how virtual memory works, go to www.dummies.com/go/aplusaio.

Windows now defaults to a page file setting of System Managed Size, which will initially set the page file to the amount of RAM on your system and then dynamically adjust the size as needed by the system. This takes away much of the effort in maintaining your page file.

If you find that you are using a lot of virtual memory and accessing the paging file, you need to either reduce the processes using RAM or add more RAM (see Book II, Chapter 3) to improve overall system performance by reducing paging-file usage.

If neither step is an option, move the page file to a drive other than the drive that holds your Windows installation. You should also choose the fastest drive that you have. That is, 7,200 rpm or 10,000 rpm drives over 5,400 RPM drives, ATA 133 drives over ATA 66, and so on. The chosen drive should not have other highly intensive processes using it.

To avoid having your page file fragmented, defragment your drive prior to creating your page file. Microsoft has a downloadable SysInternals tool called PageDefrag, which will defragment your page file on reboots of your computer. PageDefrag and other SysInternals tools can be downloaded from http://technet.microsoft.com/en-us/sysinternals.

To change the location of your paging file, follow these steps:

1. Choose Start⇒Control Panel and open the System applet.

2. Click the Advanced tab and click the Performance Settings button.

3. In the Performance Options dialog box, click the Advanced tab and then click the Virtual Memory Change button.

4. From the Virtual Memory dialog box, shown in Figure 3-16, select the drive you want the paging file saved on, choose the size, and then click the Set button.

5. To finish, press the series of OK buttons to close the dialog boxes.

Depending on the changes you made, you may need to reboot your ­computer.

Depending on the Startup and Recovery setting in your System control panel applet, you might require a paging file on the drive that contains your Windows directory that is at least equal to the amount of RAM installed in your computer.

Hard drive

You can do several things to optimize your hard drives. The first thing is to choose the fastest possible drives for your system. If you can choose ATA 133 over ATA 66 or SATA 300 over SATA 150, do so. Keep enough free space on your drives to allow for efficient defragmentation; Disk Defragmenter suggests 15% free space. If you have multiple drives in your system and you are suffering from a disk bottleneck, move some applications from one drive to another to better balance drive utilization.

Printers

To optimize printing, here are a few things that you can do.

Use current drivers for your printers. Upgraded drivers often implement new features and are better optimized for your hardware. Most major manufacturers publish their printer drivers through Windows Update.

Move your spool directory to a different drive. Prior to sending data to the printer, the data is spooled to the computer’s hard disk. In order to improve disk access, you should always try to place the spool directory on a fast disk that does not have competition from other applications or services that are running on the computer. For information about spooling, refer to Book III, Chapter 5.

To change the location of the spool directory on Windows 7, choose Start⇒Control Panel⇒Hardware and Sound⇒Devices and Printers. Then select a printer, choose Print Server Properties from the menu bar, and then click the Advanced tab, as shown in Figure 3-17. From there, you can change the spool folder path. To get to the Print Server properties on Windows XP, choose Start⇒Printers and Faxes to open the Printers and Faxes window, and then choose File⇒Server Properties,

If you are just printing the odd document, optimizing the printing process is not an issue. But if you are using a computer as a print server for an office and interfacing with multiple printers, these steps improve your printing performance.

Scanners

Optimizing the scanning process relies mostly on the hardware being used. Scanners come with a variety of interfaces, with the oldest being SCSI and parallel. To improve scanning performance, choose a scanner that matches the fastest bus architecture (see Book II, Chapter 1) available on your ­computer — that usually means USB or FireWire. This increases the transfer rate between the scanner and the computer.

The other factor that affects scanner performance is the dots per inch (DPI) level at which you are scanning. If you scan at a lower rate, your scans run faster, and the output has a smaller file size — but the quality of the image is lower. The lowest acceptable quality level is dictated by how you want to use the image. Photographic reproduction requires a higher quality level than does newsprint.

Temporary files

Many applications create temporary files, which are kind of like a scratch pad that is a working area for data. An application uses a temporary file to store data that it is working with and then deletes the file when the task is completed. For instance, when you open a document in Microsoft Word, Word creates other files in the same directory that start with a ~ character. These other files are temporary files, which hold changes to the original document as well as automatic recovery information. When you close the document, Word deletes these files — or, at least, it is supposed to.

It is the job of each application to delete its temporary files when they are no longer needed. Windows uses the environment variables of %temp% and %tmp% to point applications to the temporary directory. The default location for the temporary directory is in the user’s profile, using the path

XP: %USERPROFILE%Local SettingsTemp

Vista and Windows 7: %USERPROFILE%AppDataLocalTemp

Having the temporary file directory in the user’s profile means that a temporary directory exists for every user on the computer. You can modify each user’s temporary directory settings to point to a single location and schedule a task to run a command like C:Windowssystem32cmd.exe /c del /s /q c: emp when the computer starts up. Applications are supposed to clean up their files, but after a period of time, you will likely have several files in your temporary directory. You can use the Windows Disk Cleanup utility can delete temporary files, as well as other files not needed on your hard drive.

To get to Disk Cleanup, choose Start⇒All Programs⇒Accessories⇒System Tools⇒Disk Cleanup button. A Disk Cleanup dialog box will open allowing you to choose the drive to clean up, and after scanning your disk the dialog box will change, presenting you a list of items that can be cleaned off your hard disk, such as temporary Internet files, items in the Recycle Bin, and temporary files. Place a check in the box next to any items you want cleaned, click OK, and then click Yes in the confirmation dialog box.

Services

Each service represents an application running on your computer. The more applications that are running, the fewer system resources you have available for other applications or processes. To improve overall resource availability and system security, disable any services that are not required. You can see a list of all system services though the Services Administrative Tool. Choose Start⇒Run (or Search Programs and Files with Windows 7) and type services.msc, or locate it in the Administrative Tools folder, which is found in the Control Panel folder. The Services tool lists

Name: The name of service

Description: A brief description of what the service does

Status: Tells you whether the service is currently running

Startup Type: Tells you whether the service startup is Automatic or Manual, or whether the service is disabled

Log On As: The user credentials used to start the service

Most services start as the Local System, which is the computer’s own account.

When you select a service, you can read its description on the left of the window. With that information, you might be able to decide whether you need that service running. To test whether you need a service, turn it off, right-click the service name, and choose Stop. You can then tell quickly whether you need that service because something you use will stop working. When you turn off services by choosing Stop, the service restarts when you reboot. To have a service remain stopped after a reboot, right-click the service name and choose Properties; to open the service properties dialog box, choose Manual from the Startup Type drop-down menu, and click then OK to close the dialog box.

Prior to randomly turning off services, you can check whether the service is required by using Internet resources, like the Microsoft Web site, which will provide detailed descriptions of what most services are used for. If you still cannot decide whether a service is required, disable the service on a test computer and see what happens. Table 3-2 has a summary of the major services that are part of Windows.

Table 3-2 Windows Services

Name	Description
Alerter	Processes and delivers administrative alerts
Computer Browser	Maintains a list of other computers on the network
Error Reporting Service or Windows Error Reporting Service	Allows error reporting to user and to Microsoft
Event Log or Windows Event Log	Logs messages issued by Windows-based programs and components into logs viewed with Event Viewer
Fast User Switching Compatibility	Provides management for applications in a multiple user environment
Help and Support	Enables the Help and Support Center to run
IMAPI CD-Burning COM Service	Manages Windows-based CD recording, rather than using third-party tools
Indexing Service or Windows Search	Indexes contents and properties of files
Logical Disk Manager	Detects and monitors new hard disk drives and sends disk volume information to the Logical Disk Manager Administrative Service
Messenger	Transmits and receives net send and Alerter service messages
Network Connections	Manages the Network and Dial-Up Connections folder
Performance Logs and Alerts	Collects performance data from local or remote computers and generates alerts, based on settings found in Performance Logs and Alerts
Print Spooler	Loads files for deferred printing
Secondary Logon	Allows starting of applications using an alternate set of user credentials
Security Center	Monitors system security settings and configuration
Server	Supports file and print sharing over the network
System Restore Service	Performs system restore functions based on System Restore Points
Task Scheduler	Enables configuration and scheduling of automated tasks
Terminal Services or Remote Desktop Services	Holds base multiuser components used by Remote Desktop, Fast User Switching, Remote Assistance, and Terminal Server
Themes	Manages XP general desktop themes
Volume Shadow Copy	Allows Volume Shadow Copies used for backup and other purposes
Windows Firewall/Internet Connection Sharing (ICS)	Provides firewall and Internet gateway services, such as name resolution, network address translation, and intrusion prevention services
Windows Installer	Base Windows component that allows for the installation of MSI files
Wireless Zero Configuration	Provides a standard configuration interface for 802.11 adapters (called WLAN Autoconfig in Windows Vista and Windows 7)
Workstation	Creates and maintains client network connections to remote computers

Properties can be set and managed for services. To change the properties of a service, open the Services Administrative Tool, as previously mentioned; then locate and select the service you want to modify or view settings for and then right-click Properties. This opens the service properties dialog box, which has four tabs: General, Log On, Recovery, and Dependencies.

General tab

On the General tab, you can see basic information for the service, and, most of the time, this is the only tab you need to use. This shows you the display name used in the Services tool, as well as the path to the executable that is run to start the service. A startup type can be set to Automatic, Manual, or Disabled. The Automatic settings start the service on computer reboot; Manual allows it to be started by using the net start command or the Services tool; Disabled disallows the service to be run at all.

There are also service control buttons to start, stop, pause, and resume a service. Start and Stop are self-explanatory and are supported by all, but some services support Pause and Resume. Pause typically prevents new requests from being processed by the service, but will allow existing requests to be processed. Resume restores a paused service to normal operation. One case in which you might use this is with the Server service, which allows people to access files on your computer from across the network. Stopping the service disconnects all users. Pausing the service prevents new users from accessing files on your computer, but people who already have that connection open are able to finish their work. After all users have completed their work and have disconnected from your computer, you can complete what you were intending to do, which might be to stop the service, make a configuration change, and restart the service.

Some services accept start-up parameters in the same way that you can pass parameters to other applications. When a service is stopped, you can add or change the Start parameters, and then start the service.

Log On tab

All services are programs, and all programs on a Windows NT-based computer will run using security settings of a user account. Most services run using the OS’s account, also called Local System; however, you might want a service to run using a different account so that you can restrict what the service can do or so that the service can interact with other computers on the network.

In addition to account settings, the Log On tab allows you to specify which hardware profile this service should run for. This allows you to use hardware profiles as tools to control which services are loaded during any reboot. Hardware profiles were removed in Windows 7 but are covered in Book VI, Chapter 1 for earlier OSes.

Recovery tab

The Recovery tab allows you to deal with what to do when the service stops unexpectedly. Three drop-down menus enable you to specify an action for the First failure, Second failure, and Subsequent failures. For each menu, you can choose Take No Action, Restart the Service, Run a Program, or Restart the Computer. Windows XP defaults to take no action, while Windows Vista and Windows 7 will attempt to restart the service twice before taking no further action.

If a service fails for an unknown reason, you can set the service to restart on failure while you are trying to find the root cause, which might be enough to continue to provide the functionality required.

If you specify to run a program, you can use the bottom of the Properties dialog box to specify what program or batch file you want to run and the parameters to pass to the program. The program or batch file may be used to automatically fix a known problem or to send an e-mail or alert to the administrator of the computer.

If you choose to restart the computer, click the Restart Computer Options button at the bottom of the dialog box to set the delay for the reboot, and a message to send to people connected to the computer.

Windows Vista introduced the Enable Actions for Stops with Errors option, which deals with a rare situation where services may stop normally, but fail to set the ERROR_SUCCESS flag. By not setting the success flag, it makes it look like they had failed, while they had actually shut down properly. To deal with this unique situation, and to prevent inappropriate restarts of the service, this setting is off. But if you suspect that this is preventing an expected restart of your services, enable this feature.

Finally, the Recovery tab enables you to specify the number of days at which you will reset the failure counter and the time to wait before restarting a ­service.

Dependencies tab

Some services require that other services are running prior to starting up. If you try to start a service that depends on other services not running, the required services will also be started. The Dependencies tab allows you to see both services that the selected service requires as well as what other services need the selected service.

One service that I often disable on systems with limited resources is the Themes service. This service is responsible for drawing windows with rounded corners and most of the graphical enhancements that started with Windows XP. All these items take processor time and memory to render for the user. By disabling the Theme service, these enhancements are automatically disabled. There may be some cases in which a user might feel that this service is required, and the same can be said of any service. For instance, an anti-spyware service running in real-time mode, checking each file that is accessed on your hard drive is a good service to have running on a computer connected to the Internet and used for Web browsing, but this same service may be of limited use on an isolated computer with no Internet access.

Startup

When your computer starts up, it loads all its services as well as any applications that are referenced in the Run Registry keys and the Startup group in your start menu. The Run Registry keys include:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnceEx

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce

These items represent applications running on your computer. Many of these items, as well as some services, are responsible for the ever-growing string of icons next to your clock in the system tray. Each is a running application or process that takes system resources away from other applications or processes.

Many icons in your system tray have preferences or options that allow you to stop the background process from running. If you disable this service, some applications might take longer to load. For instance, Sun’s Java or Apple’s QuickTime use the startup Registry key to place one of their startup applications in the system tray, and they use the application to prelaunch their main application environments. For example, when you launch a QuickTime movie, QuickTime is already running and only needs to open the media file. If this process were not running, you would have to load QuickTime into memory before running the media file. On systems with limited resources, you want to remove many of these preloaded components to free the critical resources they use. Even though each icon represents a small amount of resource, they all make up the straws on the camel’s back, and you never know where the breaking point is.

GUI Enhancements

There are many GUI Enhancements that have been added to the Windows OS over time. These enhancements have made the user interface more attractive, and in some cases more functional; but always at a cost of resource utilization. On computers that are underpowered, turning off these enhancements can provide a significant performance increase. These enhancements include:

Windows Aero in Windows Vista and Windows 7

Advanced Themes

Visual Effects

Desktop Gadgets in Windows 7

Windows Sidebar in Windows Vista

Each of these enhancements can be disabled to improve the overall performance of the computer, but at a loss of the features provided.

Windows Aero

The Aero desktop experience provides much of Windows Vista’s and Windows 7’s eye candy in features such as Windows Flip, Windows Flip 3D, Glass effects, and the live taskbar thumbnails. All of these features make the later Windows OSes a little nicer to use, but each feature consumes system resources.

To disable the Aero desktop in Windows 7, use the following steps:

1. Right-click an empty spot on your desktop and choose Personalize.

2. Choose any desktop theme, other than the ones in the Aero Themes section.

3. Close the Personalization control panel.

To disable the Aero desktop in Windows Vista, use the following steps:

1. Right-click an empty spot on your desktop and click Personalize.

2. Click on the Window Color and Appearance link.

3. When the Windows Color and Appearance window opens, click on the “Open classic appearance properties for more color options” link.

4. Choose any Desktop theme, other than the Vista Aero theme.

5. Choose OK to save your settings.

Advanced Themes

Windows 7, Windows Vista, and Windows XP have default desktop themes that present windows and dialogs using windows with rounded corners, and other window dressings. Displaying windows this way consumes more system resources. Microsoft provides a theme called Windows Classic, which does not use these appearance features.

To change your theme using Windows 7, follow these steps:

1. Right-click an empty spot on your desktop and choose Personalize.

2. Choose any desktop theme from the Basic and High Contrast Themes section, other than Windows 7 Basic.

3. Close the Personalization control panel.

To change your theme using Windows Vista, follow these steps:

1. Right-click an empty spot on your desktop and click Personalize.

2. Click on the Theme link.

3. When the Theme Settings dialog opens, choose Windows Classic from the Theme menu.

4. Choose OK to save your settings.

To change your theme using Windows XP, follow these steps:

1. Right-click an empty spot on your desktop and click Properties.

2. When the Display Properties dialog opens, choose Windows Classic from the Theme menu.

3. Choose OK to save your settings.

Visual Effects

Visual Effects add basic enhancements to the GUI, which include displaying window contents when moving or resizing windows, animating windows minimize and maximize actions, sliding taskbar buttons, etc. Each of these niceties uses system resources. To turn off all visual effects, use the following process:

1. Click Start, right-click Computer (My Computer for Windows XP), and then click Properties. The System window will open.

2. Click Advanced System Settings (or the Advanced tab for Windows XP). The System Properties window will open.

3. Under Performance, click Settings. The Performance Options window will open.

4. Click the Visual Effects tab.

5. Select Adjust for best performance, and then click Apply.

This process turns off all GUI Enhancements that have been covered in this section thus far. If you only want to disable the rounded corners on your window and buttons, you only need to turn off Use Visual Styles on Windows and Buttons.

Windows Vista Sidebar

The Windows Sidebar in Vista provides an area where Gadgets are loaded. These gadgets provide many functions from displaying a slide show of your pictures to showing CPU utilization; the possibilities are endless. Each gadget that is running, performing some task, will utilize system resources, and to improve system performance, should be closed. To close the entire Sidebar, right-click anywhere in the Sidebar and choose Close Sidebar.

Windows 7 Gadgets

The next generation of the Windows Vista Sidebar features take the form of Windows 7 Gadgets. The big difference between the Sidebar feature and Gadgets is that you can drag gadgets to any position on your desktop, so they are not limited to the Sidebar area. To remove the overhead associated with a gadget, you only need to close the gadget by moving your mouse over the gadget and clicking the Close box that will appear.

Indexing

Indexing was first introduced in Book V, Chapter 4. This process reviews all data on your hard drive and builds a content index to allow you to search for the data much faster than would otherwise be possible — think of it like the index in this book. The process of building and maintaining the index take some of your system resources. This feature should be carefully evaluated before disabling, as it greatly improves search times.

In Windows Vista and Windows 7, this feature is called Windows Search. It not only indexes files, it also indexes e-mails, and most other content on your computer. If you stop the Windows Search service, then virtual folder views will not be available, and searching for files will use the slower item-by-item searching.

To stop the indexing process from running you can go to the Services applet using the following process:

1. Right-click My Computer (or Computer on Windows Vista)⇒Manage.

The Computer Management window opens.

2. Choose Services and Applications in the navigation pane, and then choose Services.

3. Locate Indexing Service (Windows Search for Windows Vista and Windows 7), and choose the Stop button on the tool bar.

If you want to prevent the service starting up during a restart of the computer, right-click on the service and choose Properties, then change the Startup type to either manual or disabled

4. Click OK to close the Properties window.

Getting an A+

This chapter reviews optimization of the Windows environment. Major points covered in this chapter include

Virtual memory and applications that access the paging file reduce performance.

Performance is increased by using the computer’s faster interface available for a device, such as using FireWire rather than serial.

To improve performance, reduce the number of processes and services running.

Printers can be optimized by changing the location of the spool directory.

Prep Test

1 What tools would you use to monitor disk I/O? (Choose all that apply.)

A replmon

B perfmon

C defrag

D taskman

2 Virtual memory contains which item?

A A special section of memory used for caching data

B An area of a hard drive for caching data

C An expanded memory PCI expansion card

D An extended memory PCI expansion card

3 What tool manages your virtual memory settings?

A Memory Control Panel

B setver command

C System Control Panel

D mem command

4 What two steps can you take to improve hard disk access? (Choose two.)

A Double the number of pins on your drive that are carrying data.

B Defragment your drive.

C Add a speed doubler to the drive bus.

D Change to a faster bus architecture.

5 Which of the following will not help optimize printer performance?

A Using a newer driver

B Moving the spool directory to a faster drive

C Reducing the number of other applications running on the print server

D Allocating more RAM to the printer cache

Answers

1 B, D. Both Task Manager and Performance Monitor can be used to monitor disk input and output. Performance Monitor has more detailed results, while Task Manager provides only a few basic counters. See “Using Monitoring Tools.”

2 B. Virtual memory is created by using a page file, which resides on a hard drive. Disk caching uses memory to cache data from the hard drive. Review “Virtual memory.”

3 C. Virtual memory settings are managed through the System Control Panel. Check out “Virtual memory.”

4 B, D. Two things that can be done to speed up disk access are defragmenting your hard drive and changing to disks that have faster bus architectures. Peruse “Hard drive.”

5 D. There is no specific area of RAM that is used for caching printer data. Take a look at “Printers.”