10.4 Performance Tweaks

When it comes to computers--particularly those running Windows 2000 or NT--you can never have too much speed. The least expensive performance upgrade for Windows machines is usually just additional RAM, since the computer can productively use as much as you can stuff into it. Failing that, you can make a few small changes to improve both your computers' speed and their availability.

10.4.1 Automatically Delete Cached User Profiles

User profiles make it easy to centralize and distribute user-specific settings. This enables users to have their same desktop settings follow them as they wander around your network. However, these profiles take up space; if you have many users who interactively log onto a particular machine, their cached profiles will slowly accumulate, stealing your disk space as they build up.

You can tell your system to automatically delete cached profiles when they're no longer needed. When a user logs on, if her profile isn't on the local machine, the system fetches it and keeps it there until it's removed or updated (in which case the updated version is downloaded into the cache). This makes it possible to log on and get profile information even when the domain controller(s) aren't answering profile requests. If you enable automatic removal, the system deletes the cached profile when the user logs out. The good news is that this approach saves disk space at a small cost in extra profile downloads. The bad news is that users may not be able to log on when your domain controllers are unavailable; there won't be a cached profile on the machine for them to use when logging on.

If you want cached profiles to be deleted automatically, add a REG_DWORD value named DeleteRoamingCache to HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon. Give it a value of 1 to enable removal or to allow cached profiles to stay around.

10.4.2 Enable Automatic Reboot After a Crash

Normally when an NT machine crashes, it produces a "Blue Screen of Death" (BSOD), which indicates the cause of the crash and gives some information about the system's state when the crash happened. The problem with this approach is that the server sits there, BSOD proudly displayed, until a human comes along and reboots it. This is not ideal for most server applications; if no one is able to get to the machine to reboot it, none of its users can use it. Imagine having your Exchange server go down while you're on vacation, with users unable to get mail until you can find someone in the office to go reboot it for you!

As an administrator, you can force Windows 2000 to automatically reboot after a crash by setting the value of HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot to 1; this forces the system to automatically reboot after writing out the crash log file. Under NT, use the value HKLM\SYSTEM\CurrentControlSet\CrashControl\AutoReboot. While this change is necessary for NT and Windows 2000 Professional, Windows 2000 Server reboots after a crash by default.

10.4.3 Record Evidence of a Crash

Besides the standard crash dump file, you can also tell Windows 2000 and NT to record the occurrence of a crash in two ways. First, the kernel can send an administrative alert to another machine; this alert may provide the first warning you get of a fresh crash. Second, the kernel can record a crash message in the event log. If you've turned on the automatic reboot option as discussed in the previous section, having a message in the event log gives you positive confirmation of the time when the crash occurred.

These two capabilities can be set only by an administrator. The values controlling these capabilities are found under the HKLM\SYSTEM\CurrentControlSet\CrashControl key. To turn on alert broadcasting for Windows 2000 Professional or NT, set the SendAlert value to 1, instead of its default 0. To turn on event log messages, set the LogEvent value to 1 as well. Both of these capabilities are already turned on by default on the Windows 2000 Server.

All the values under the CrashControl key, including the aforementioned automatic reboot, can be set through the System control panel. These settings can be found on the Startup/Shutdown tab on an NT machine or gotten to from the Advanced tab on Windows 2000. Better still, you can control them by writing a policy template file to automatically install the settings you want on all machines in your domain.

10.4.4 Enabling Automatic Logon After Boot

My local library has a batch of PCs running an electronic library catalog application. These machines are basically single-function kiosks; the librarians don't want people using them for anything else. To get the machines set up to run with as little intervention as possible, the catalog software is installed as part of the Startup group; that way, it runs when Windows 95 starts. An NT-based kiosk system allows the library to keep their computers more secure and administer them with less hassle; they can even get the automatic logon feature Windows 95 offers.

Never enable auto-logon with an account that has administrative privileges. If you ever leave your machine unattended, an office prankster (or determined attacker) can have the run of your network right from your machine. Good security practice dictates that you only log in with an administrative account when you need to do something that requires the extra privileges.

To enable automatic logons, you have to make a total of four changes to values under HKLM\Software\Microsoft\Windows NT\Current Version\Winlogon:

Once you make these changes, the next reboot automatically logs on the account you specified. If you want to log on as a different user, hold down the Shift key as you log off the machine; the operating system allows you to use the standard logon dialog to log on as another user.

One final warning: realize that the Registry stores these values in plain text. By enabling this feature, you could be disclosing the default password for this user account to anyone who can read your Registry.

10.4.5 Power Off at Shutdown

Most laptops, many workstations, and even a few servers have smart power management hardware that lets the operating system actually turn off the hardware when the system is shut down. While not all machines can take advantage of this, it's nice to have the "Shut Down" command do just that instead of requiring an extra trip to the power button.

The HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\PowerdownAfterShutdown value enables this feature; add it as a REG_SZ and set its value to 1, and your computer actually turns itself off when you tell NT to shut down, if your hardware supports this feature. If it doesn't, no harm will come to it, but the feature won't work. Reset PowerdownAfterShutdown back to to restore normal operation.

10.4.6 Force Hung Tasks to End When Logging Off

When you log off of or shut down a Windows 2000 or NT machine, the system scheduler attempts to stop any running tasks. In addition to shutting down any drivers or services started by the system, the OS must shut down the 16-bit Windows subsystem and any applications you've started yourself. Most well-behaved Win32 applications will honor a system shutdown request, but it's unfortunately common to see hung tasks in the VDM prevent the entire system from shutting down.

Windows' normal response to this problem is to display a dialog that asks whether you want to cancel the shutdown or logoff, wait for the recalcitrant task to stop by itself, or kill off the task. You can automate this process by specifying that you always want the system to go ahead and kill tasks that don't listen to shutdown requests; this finally makes it possible for you to tell your machine to reboot and go get a diet Coke while it does, secure in the knowledge that it won't be still waiting for you to end a task when you return.

To force this shutdown, add a REG_SZ value named AutoEndTasks to HKEY_USER\<SID>\Control Panel\Desktop. Set it to 1 to forcibly kill unresponsive tasks. You may also want to add the same value to HKU\.DEFAULT so that new accounts inherit it; you can also add it to a policy template.

10.4.7 Set a Time Limit for Shutting Down Tasks

You now know how to force an automatic end to tasks that won't stop when they get a shutdown request, but did you know you can also tell Windows 2000 and NT how long to wait before deciding an application isn't answering? If you add a REG_SZ value named WaitToKillAppTimeout to HKEY_USER\<SID>\Control Panel\Desktop, you can specify the interval (in milliseconds again) that the system waits before deciding that an application is ignoring the shutdown request. The default is a generous 20 seconds; if, like me, you're impatient you can whittle this down to 10 seconds or even less. If the user process doesn't answer the shutdown request and terminate within this time period, and AutoEndTasks is defined, the scheduler kills the task.

10.4.8 Speed Up System Shutdowns

When you boot an Windows 2000 or NT machine, part of the boot phase involves starting up all the system's drivers and services. Conversely, part of the shutdown process requires that all these services be shut down so they can write out any data they've got cached. This is particularly important when you consider that Exchange Server, SQL Server, and several other BackOffice server products depend on the system's services.

However, waiting for system shutdown can take a long time, depending on the service load you have running. Part of the problem is the generous default timeout value: Windows 2000 and NT shutdowns give each service up to 20 seconds to shut down before the system kills it. If you have many services running, this time can add up.

The HKLM\SYSTEM\CurrentControlSet\Control\WaitToKillServiceTimeout value specifies how long the system should wait before killing a service; the value is a REG_SZ expressed in microseconds (1000 microseconds make one second). You can adjust this value as low, or high, as you'd like.

Note that WaitToKillAppTimeout and WaitToKillServiceTimeout are two different values. The former controls the timeout period for system tasks, while the latter applies only to system services.

It's critical to leave services enough time to clean up after themselves and write out any cached data they may be maintaining internally. If you don't, you may lose all or part of the data maintained by the service; since the DHCP, DNS, WINS, Exchange, and SQL servers are all services, this poses a real risk to your data. You probably shouldn't adjust this value on machines that run any of these services.

10.4.9 Automatically Try to Detect Slow Network Connections

Face it: not all network connections are as fast as you'd like. In fact, if your network includes sites that are linked by a WAN, you may find they're much, slower than you'd like. In a domain environment, both Windows 2000 and NT normally attempt to fetch a user's profile from the domain controller. In a typical enterprise network, not every WAN-connected site has its own domain controller--meaning that logon requests from Huntsville may have to go to a domain controller in Chicago. With more than a few users, you'll quickly wish there was a way to encourage your system to use cached user profiles whenever possible.

Good news: you can do exactly that. The first step is to set a time limit for deciding whether a connection is "slow" or not. The system makes this decision by pinging the domain controller and waiting for a response. If the response takes longer than a threshold you specify, the link is considered "slow." You can set this threshold by adding a REG_DWORD value named HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SlowLinkTimeOut and setting it to the number of milliseconds (remember, 1000 milliseconds make one second) to wait for a ping response. The default value of 2000 means that Windows waits 2 seconds for a response; if you're really desperate, you may adjust this value all the way up to 120,000 milliseconds (or 2 minutes).

The other required change is to add a REG_DWORD named SlowLinkDetectEnabled to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. This value controls whether or not the system pays attention to SlowLinkTimeOut. When SlowLinkDetectEnabled is 0, Windows doesn't attempt to detect a slow link. When it's 1, the system waits for the amount of time specified in SlowLinkTimeOut; if that amount of time passes, the user may select a locally cached profile instead of continuing to wait. By default, Windows 2000 does attempt to detect slow connections.

10.4.10 Don't Automatically Create 8.3 Names on NTFS Volumes

For backwards compatibility with DOS, Windows for Workgroups, and other operating systems that don't understand long filenames, NTFS automatically creates standard 8.3 filenames and stores them along with the NTFS long name. For example, this chapter's full name is Chapter 10 draft.doc, but its 8.3 name is CHAPTE~1.DOC. If you don't care whether older operating systems and software can read your filenames, you can turn off the process that automatically creates short names for long-named files and increase your file performance. If you depend on DOS or Win3.x programs on your computers, this probably isn't a good idea, as they depend on 8.3 names; however, if you're running only 32-bit applications you should be in good shape.

To accomplish this, add a new REG_DWORD value named NtfsDisable8dot3NameCreation to HKLM\System\CurrentControlSet\Control\FileSystem and give it a value of 1. After you reboot, the system no longer creates 8.3 names for new files (but it won't delete the old ones).

You may be surprised to find that many alleged 32-bit applications rely on 8.3 filenames to work properly. Don't apply this tweak until you've made a full backup of all NTFS volumes on your machine, and be prepared to use that backup to restore from if things don't work properly.

10.4.11 Disable the Printer Browse Thread

When you create a new printer share, the print spooler service starts a new thread whose job is to broadcast announcements of the share's presence. Print servers and clients can receive these announcements and automatically add the new printer to their lists of known resources. To ensure that print servers have consistent resource lists, each print server also broadcasts its list of known shares. This enables other servers to be sure that their resource lists are complete. The combination of these two broadcasts can cause unneeded broadcast traffic, since once a printer's established and the servers have all seen it, there's little need to keep retransmitting the data.

You may disable the printer browse thread on each machine that shares a printer with the network; you may also wish to disable the thread on any centralized print servers on your network. Once you do, remember that when you add new printers they won't show up in browse lists until you reenable the browse thread on all machines where you've disabled it.

To stop the browse thread, add a new REG_DWORD value named DisableServerThread to HKLM\SYSTEM\CurrentControlSet\Control\Print. Give it a value of 1 to disable the thread or to reenable it, then restart the computer to make the change effective. Since printer browsers share information, it may take as long as one hour for all the print servers on your network to make themselves known again by broadcasting.

The following two tips appear courtesy of the NT*Pro user group newsletter.

10.4.12 Forcibly Recover a Crashed PDC

If your domain's PDC crashes or becomes unavailable before you have the chance to promote a BDC, the key that controls the server's role won't be changed to reflect that the PDC isn't a PDC anymore. When you recover and reboot the PDC, it thinks it's still a PDC, but when it discovers the newly promoted PDC on the network the original PDC petulantly stops its netlogon service. The recommended way to fix this is to edit the default or "<No Name>" value of HKLM\Security\Policy\PolSrvRo. Its value will be 0x03000000 for a PDC and 0x02000000 for a BDC. To turn the PDC into a BDC, change the value to 0x02000000, then reboot.

To accomplish this fix, you'll have to allow the Administrators group Full Control permissions on HKLM\Security\Policy\PolSrvRo. Make sure to restore the permissions to their original state after making the change.

10.4.13 Hiding Servers from Network Computers

There may be times when you want to keep human browsers from seeing a particular server on your network. You may hide the server from Network Neighborhood and other browsing tools while still allowing users who know what share they want to access it. To hide a Windows 2000 Server (or workstation, for that matter), you have to add a new value to HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters. Name the new value hidden and give it a type of REG_BINARY and value of 1 (to hide it) or (to make it visible). For NT, use the value name HIDDEN and make it a REG_DWORD type. The values 1 and still apply. You have to restart the computer to make it stop broadcasting its presence; in addition, it can take an hour or two for the newly hidden machine to drop out of sight on other machines on your network.