Windows 7

---

Monitor system performance

wanted to always squeeze more speed out of my PC. I would buy more RAM, faster processors, and (most recently) SSD drives to speed up my PC. Nowadays buy the best that my budget will allow, but no longer delve into obscure places such as tweaking swap file sizes and visual effects found on the performance options to optimize my computers like I used to. Why? Because Windows 8 is fast, and remains fast, even after months of normal use.

At the first hint of Windows 8 beginning to slow down or even crashing, you should know exactly which tools, logs, and events to investigate to find out what's going on and hopefully get the system working again. Many have been part of the Windows operating system for years, but some great enhancements and new additional tools are also available. This objective covers many of these tools and shows you how to monitor, optimize, and configure your system for performance.

Configuring Task Manager

Task Manager has been, for many years, one of the most useful Windows techie tools that you can use to investigate and monitor performance-related issues. Windows 8 has overhauled Task Manager significantly, and you should be impressed with the enhanced functionality. Microsoft announced that it was incorporating the following capabilities into Task Manager during the engineering phase of building Windows 8:

• Clearer relationship between apps and processes
• Easy-to-read performance metrics per process
• Expanded PC performance information, similar to Resource Monitor default view
• App performance history
• List of Startup programs, with option to disable

To open Task Manager, follow these steps and view the results for your system:

1. Search the Start screen for task and open Task Manager (or press Windows+X and choose Task Manager).
2. Click More Details or Fewer Details to expand or contract the view.
3. Explore the Task Manager tabs: Processes, Performance, App history, Start-up, Users, Details, and Services.

The End Task option at the lower right of the Task Manager screen is useful to stop an app that might not be responding. You can also stop a running app or running process by right-clicking the item and then selecting End Task.

The Performance tab is particularly informative and shows detailed results for CPU, memory, disk activity, and Ethernet and Wi-Fi networking. If you highlight one of the items on the left side, such as the CPU, you can see even more information. The CPU information displays useful information on whether the computer supports virtualization, the number of cores/processors, and even the speed and family of processor that's installed.

Tip:
For another example of the wealth of information gleaned from the performance tab within Task Manager, click the Ethernet or Wi-Fi area and notice the currently allocated IPv4 and IPv6 addresses.

Task Manager now can modify which apps automatically run when Windows 8 starts. If your PC remains unresponsive after you have logged on, you might find that the computer is busy executing the startup conditions of several installed programs that are configured to run in the background. You could safely disable many of these apps to free up resources and speed up your computer. Previously, this utility was contained within the msconfig.exe tool.

Tip:
Msconfig.exe is still present within Windows 8; however, the redundant Start-Up tab now informs you to open the Task Manager to configure startup items.

Many applications won't be offended if the automatic startup status is set to disable, and changing the setting with Task Manager can significantly speed up computer responsiveness, especially during the period immediately after you log on.

Another useful addition to the Task Manager is the App History tab, which also shows a heat map-a graphically appealing way in which the items with the largest values are highlighted. This can be clearly seen, where the Store app has used the most network bandwidth and the Windows Phone app has consumed the most CPU time.

The Details tab includes comprehensive information relating to running and suspended processes on the computer. When you are troubleshooting a system and find an unfamiliar process or one that's exhibiting strange behavior, the details section of Task Manager can be extremely useful. Right-clicking a running process allows you to select one of many useful tools, such as to end the task, open the file location of the process, and even search online for additional details of the process.

For information from the Windows engineering team regarding the Windows 8 Task Manager, see http://blogs.msdn.com/b/b8/archive/2011/10/13/the-windows-8-taskmanager.aspx.

Monitoring system resources

In addition to the Task Manager, Windows 8 provides users with several other tools in relation to monitoring system resources. You should review each one and understand how each tool varies slightly in their level of detail and usefulness.

Resource Monitor, introduced with Windows 7, is retained in Windows 8. It can be accessed directly from within the Task Manager, or from within the Performance Monitor console.

Tip:
You can run the Resource Monitor directly from the Start menu or Run command. The executable is resmon.exe.

Although the Resource Monitor hasn't noticeably changed from Windows 7, it still offers a very granular and detailed method of viewing how the system resources on your computer are performing in real time. With all the enhancements made to the Task Manager in Windows 8, whether the Resource Monitor tool is used in practice will be interesting to see.

Using the Windows Experience Index

Windows 8 continues to offer users the ability to measure the computer's "overall" performance. The Windows Experience Index (WEI) allows users to see the relative subsystem scores of five key aspects of the computer hardware:

• Processor
• Memory (RAM)
• Graphics
• Gaming graphics
• Hard disk

The WEI calculates an overall score determined by the lowest score of the five individual scores that are indexed on a range from 1.0 to 9.9.

Tip:
Windows RT RT doesn't display the WEI Assessment rating.

If the computer was recently upgraded or a new driver has been installed, you should be able to rerun the WEI assessment from the assessment screen. Running the assessment won't produce any performance gain, but it might result in a change to the base score.

Performance Monitor

Ever since the early days of Windows, the Performance Monitor tool has allowed IT professionals to monitor-at a very low level-the activity of their computers, either in real-time monitoring or by building collector sets that are designed to store a configuration and be rerun at defined times. The tool allows the monitoring of one or several of the hundreds of available performance counters. Examples of performance counters that can be monitored include the following:

• CPU Busy Time
• Hard disk read speed
• Hard disk read time
• Hard disk write time
• Memory idle space

To open Performance Monitor, follow these steps:

1. Search on the Start screen for perfmon and then select perfmon.exe to open the Performance MMC.
2. Click the Performance Monitor subtree to display the console.

The default real-time performance graph displays a red colored line that represents the % Processor time, with the actual values shown in a table at the bottom of the window. You can add or delete additional counters to be monitored by using the green plus and red X buttons on the console's tool bar.

By default, counters are selected from the local computer; however, you also can add a counter from another computer on your local network by selecting the remote computer.

Because Performance Monitor results are shown in real time, the PC might suffer slight overhead from the data collection process. Also, the configuration is lost when the console is closed. To create and preserve a predefined monitoring configuration, you can create your own custom Data Collector Set or use one of the many built-in system-defined sets.

The Data Collector Set is a wizard that requires a name, which counters are to be monitored (and on which computer), and the storage location where to save the collected data log file. To create a custom Data Collector Set, right-click the User Defined node, select New, and then select Data Collector Set.

To begin collecting data from either the custom Data Collector Set or a built-in system set, right-click the desired Data Collector Set from the subtree in the left pane and select Start. The collection begins, and you should see the Collector Set icon change to indicate that the process is running.

After you run the collector for the desired amount of time (the minimum is 60 seconds), you can stop the collection and then navigate to the reports section, where you can see a report with the same name as your collector set and a corresponding date to the time that the data was collected.

Note:
Reports are categorized into User Defined and System reports in the tree pane.

Open the report by selecting it in the subtree. The report should open in the central pane of the MMC, and you should be able to drill into the data or view the performance graph if you created a user defined set without using a template.

Performance counters and bottlenecks

If you're investigating a performance issue on a computer, the following counters and their respective values and behavior could be useful in your diagnosis and suggested remediation.

Performance Counter 	Bottleneck
%Processor Time		Measures how busy the processor is. Apart from bursts 
                        of activity, constant operation at greater than 80 
                        percent is a sign of an overworked or underpowered processor.
                        Consider upgrading the processor to a faster unit or adding
                        additional processors/cores.

Page faults/sec		If memory isn't available when the processor calls for it,
                        page faults can occur. If the page/sec is great than 20, 
                        add more memory to the system.

Page/sec		Increase the memory available if the value is above 1.5.

%Avg. Disk Queue 	Some queuing is acceptable, but if the average value is 2
Length                  or higher, consider installing a faster disk drive such
                        as an SSD.

Interrupts/sec		Interrupts relate to the requests that the processor is 
                        responding to. A figure less than 1000/sec is acceptable;
                        otherwise, investigate potential hardware failure or 
                        driver issues.

Action Center

The Action Center was initially called the Security Center in Windows XP SP2, and in each Windows release since it has been expanded and improved. Now the Action Center provides a centralized comprehensive location to track and troubleshoot problems, which your Windows 8 computer might encounter.

Specific Windows 8 Action Center additions include support for new features, including the following:

• Windows SmartScreen
• Microsoft account and Trust this PC
• File History
• Drive Status
• Startup apps
• Storage Spaces
• Advanced recovery tools

In addition to being the centralized location for the various tools and settings, the primary aim of the Action Center is to trigger alert notifications when something goes wrong with Windows 8 for the user to act on.

Even if a user disables a setting or fails to complete a task that could make the system less safe, the Action Center flags the issue as still being a concern. For example, Windows 8 prompts users to trust their PC with a Microsoft account. This allows users to benefit fully from added functionality, such as password and website synchronization, that a trusted Microsoft account can provide. Another unresolved Action Center issue could be if a virus or malware alert occurred or the user ignored an available driver update.

Users need to be made aware that a red-flag warning in the Action Center indicates important messages for the user and that the system is potentially vulnerable and needs action. It would be wise to visualize the Action Center similarly to the warning lights that appear on a motor vehicle dashboard. To see which items are to be resolved within the Action Center, the user should click the flag icon in the system tray.

Reliability Monitor

Computers can take a lot of abuse. They are nearly constantly connected to the Internet, apps are installed and uninstalled frequently, regular maintenance is forgotten (although Windows 8 takes care of most maintenance tasks automatically), and often the slowing down of the computer is gradual as you allow them to "clog up" over time.

One of the best ways to establish whether your system, network, disk, or Internet speed is becoming slower is to refer to a benchmark that you might have recorded previously. This could be created by using the Performance Monitor console referred to previously or another benchmarking tool. Windows 8 includes an app called Reliability Monitor, which is contained within the Action Center, and keeps a record of each time your computer crashes or when software or a driver fails and presents the history in a graphical representation that provides a visual confirmation of the problems and aids in diagnosis.

Showing results either weekly or daily on a graph, Reliability Monitor provides you with an overall stability index on a scale from 1 to 10. This index is based on hardware and software problems that have had a detrimental effect on the computer, such as the following recorded events:

• Application failures (severe)
• Windows failures (severe)
• Miscellaneous failures (severe)
• Warnings
• Informational events (not necessarily issues)

You can see from the graph that prolonged use of your computer without a failure actually causes the stability index to increase as your PC becomes more reliable. After you establish a stable benchmark for the system, creating a restore point or backing up the system can be useful at this time. You can also save the status of the reliability history by clicking the save option.

To open and view Reliability Monitor, follow these steps:

1. Search on the Start menu for reliability and select View Reliability History in the settings search results.
2. The tool collects the data and then dispalys a record of the reliability history of your computer. You view the history in days or weeks and you can scroll the history backward in time.
3. Highlight a day, week, or event, and you should be able to see the detail of each problem.
4. Under the Action option, select View Technical Details. This opens a new window-part of the Action Center-displaying the problem details.
5. The information gained from the technical details should enable a technician to diagnose and remediate the problem. Click OK to close the problem details.

The tool is extremely useful for helpdesk technicians when troubleshooting an unreliable computer. By viewing the problem details relating to an event, a technician should be able diagnose and resolve the problem because the details of each issue is recorded in one easy-to-use, consolidated tool.

Optimizing networking performance

With the continued growth of cloud computing and the demand for "always on" online services, the speed and reliability at which computers access these resources will be under ever greater scrutiny. Internet outages that hinder connecting to cloud-based services such as SkyDrive or productivity suites such as Office 365 can leave users frustrated during a time when general expectation is that these services are just as reliable as their locally installed legacy counterparts.

In this decade, 100 percent uptime and accessibility to connected services is required by every user and, thankfully, in most cases this is indeed achievable. Issues relating to networking typically falls into three clear categories: working, broken, or intermittent.

Most network equipment such as routers, switches, and access points are hardware-based appliances that require some initial configuration and then only a power supply to operate "forever," typically without a hitch. For the Wi-Fi router, performing a backup of the configuration is essential (ideally to both the cloud and a local backup, because you might not have access to the cloud backup if the router has failed). Remember, these devices commonly last five to ten years and, during that time, you'll probably lose or misplace the initial correspondence from your ISP regarding setup. Nowadays, most of the configuration and setup is automatic or, in some cases, the initial URL/admin passwords are stenciled to the underside of the device. (Don't forget to change them, especially if the unit is located in a publically accessible place.)

Key pointers for achieving the reliability and optimal networking that a modern computer expects include the following:

• Keep the drivers of the network card or Wi-Fi card up to date.
• Flash the router or modem with the most recent ROM available.
• If applicable, use good quality Ethernet cabling and route it away from energy sources, such as power transformers.
• Consider updating your Wi-Fi router each decade.

Troubleshooting your network

To explain networking and the protocols and addresses used to transport data around your network. Many of the networking protocols, including TCP/IP, were invented more than 40 years ago and are still in operation today. However, thankfully much protocol processing is hidden beneath the user interface away from users, as it should be-after all, this is Windows 8, not UNIX.

Note:
Several core services within Windows, including the TCP/IP networking support, have been completely rewritten by Microsoft in recent years and now offer increased performance and reliability while retaining backward compatibility to earlier Windows versions.

Because Windows 8 has been designed to support this generation of cloud users, it comes with excellent networking support, proven reliability, and troubleshooting tools that should be given respect, because they work really well.

At the first sign of trouble with your network, such as the exclamation mark over the system tray networking icon, you should right-click the networking icon and select Troubleshoot Problems.

The Network Diagnostics wizard attempts to diagnose the problem thoroughly and, in most cases, will fix the problem. The first point of reference in troubleshooting in Windows 8 should be the built-in, wizard-driven troubleshooting tools.

Suppose that a problem develops with the network adaptor and the TCP/IP stack needs to be reset. Without the wizard diagnosing and fixing this problem, you would probably need to consult the helpdesk via the telephone (because the network is unavailable, you can't search the Internet for a remedy, nor can the helpdesk be able to remote assist to your PC). After several minutes and possible several misspelled ipconfig /release or similar commands in the command prompt, the helpdesk technician will diagnose that the TCP/IP stack needs to be reset. To fix this, the technician will tell you to open an elevated command prompt and type netsh int ip reset c:\resetlog.txt to use the netsh.exe utility to reset the registry keys for the TCP/IP and DCHP parameters. (Alternatively, they might ask you to reboot your PC, which also resets the TCP/IP stack, but that could inconvenience you.)

With the Windows 8 Network Diagnostics wizard, the system diagnoses and attempts the reset fix without you needing to call the helpdesk or rebooting your machine.

Where a network becomes slow or very unresponsive for no apparent reason, most users automatically assume that the problem is with their PC and start making changes. My advice is to do nothing immediately, or perhaps try to reboot your PC. Most Internet problems result from a temporary failure of one of the millions of components that make up "the Internet" and not you or your computer. If the problem becomes intermittent or a regular occurrence, the problem is more likely to be internal, such as one of the following:

• A failing component
• A broken or loose cable
• Virus/malware infection
• A corrupt driver
• Interference (power source) or obstacle
• Security settings not configured properly
• Wi-Fi antenna issues, such as misalignment

Potentially, the issue could be outside your direct influence, such as one of the following:

• Increased volume of Internet-enabled users in your local neighborhood/home/office
• Changes to the service provision or contention ratio from your ISP
• Congestion/traffic overload on the external network

Configuring event subscriptions

If you need to dig a little deeper into the system to find answers to problems, you should probably look at the Event Viewer console. You've seen from the various tools mentioned already that the source of the reporting is generated and stored by Windows 8 recording events in the Event Logs. Event Viewer was significantly overhauled in Windows Vista and provides easier access to hundreds of system and custom logs.

The key task of a log is to record important events that have occurred on the computer. You can use Event Viewer to view logs from the local computer or from a remote networked computer. An administrator can also create an event subscription, which allows the collection of specific events from other computers on the network.

The type of events that Windows 8 stores include events generated by processes, services applications, and hardware devices. Windows 8 uses two main types of logs:

• Windows logs These logs record system events related to applications, security, setup, and system components. The Windows logs folder contains the following logs: Application, Security, Setup, System, and Forwarded Events.
• Applications and services logs These logs are generated by specific applications or services to record specific events.

Note:
The System log is the primary Windows 8 operational log. Typically, this is the first log that you view when you are diagnosing system problems.

A log entry can be afforded a specific warning or severity level, as follows:

Level 		Meaning
Information 	An informational event

Audit 		Success An event related to the successful execution of an
                audit-related action

Audit 		Failure An event related to the failed execution of an
                audit-related action

Warning 	An event that warns that problems are occurring on the computer

Error 		An error, such as the failure of a service or application

Critical 	An event that warns of a significant loss of functionality or data

Following an incident or action, the system typically records an event log. To view the Event Logs, open Event Viewer by searching the Start screen for event and open View Event Logs (or press Windows+X and choose Event Viewer). The Event Viewer MMC snap-in appears.

Even with the new Event Viewer and the enhanced ability to create filters, custom views, and even connections to remote computers, the sheer volume of event-related information can be overwhelming. If you plan to use Event Viewer regularly, you should use the custom view capability or create alerts and triggers for specific events. Both approaches allow you to refine the results and create exception-based results.

Typically, administrators want to collect data from a computer or a group of computers that alerts them to a specific event or type of event occurring. Event subscriptions enable you to configure subscriptions of events that are then collected and displayed on a single Event Viewer console. Windows 8 supports two types of event subscriptions:

• Collector initiated
  Subscriptions receive events from the source computer. Each computer must be configured manually to participate.
• Source computer initiated
  In this model, each source computer sends events to the collector. The configuration details can be distributed by Group Policy, allowing this type of subscription to be suitable on large networks.

To create subscriptions, you need to ensure that all computers in the scope of the subscription can communicate with each other and that Windows Remote Management (on the source computers) and Windows Event Collector service (on the collector computer) are running.

To configure the necessary services to run, follow these steps:

1. On the collector computer, open an elevated command prompt and type the following command: wecutil qc.
2. On each source computer, follow these steps:
   • At an elevated command prompt, enable the Windows remote management by typing the following command: winrm quickconfig.
   • Add the computer account for the collector to the local Administrators group in the Local Users and Groups snap-in of the Computer Management console. (This gives the collector sufficient privileges to collect the events.)

You need to be an administrator or member of the Event Reader group to configure event subscriptions.

With the necessary configuration in place, you can now create an event subscription by following these steps to configure a collector-initiated subscription:

1. Log onto the computer that will act as the collector.
2. Search the Start screen for event and open View Event Logs (or press Windows+X and choose Event Viewer).
3. When the Event Viewer MMC snap-in appears, click the Subscriptions node and select Create Subscription.
4. Provide a name for your subscription.
5. Choose Collector Initiated, click Select Computers, and specify the name of one or more computers on your network from which you want to collect events.

   Note: If you are using Group Policy on your network, you should create and deploy your subscription settings by using a GPO. To enable this method, choose a Source Computer Initiated subscription in Step 5 and then configure the source computers to forward events to your collector computer.

6. Click Select Events. The Query Filter dialog box appears, allowing you to select which events you want to collect.
7. Click Advanced to choose delivery settings and to choose HTTP or HTTPS.
8. Click OK to create the subscription.

A useful guide to "Setting up a Source Initiated Subscription" can be found on the Microsoft Developer Network at http://msdn.microsoft.com/en-us/library/bb870973(VS.85).aspx.

Tip:
Event subscriptions are communicated via HTTP or HTTP S across the network using TCP port 5985 for HTTP or TCP port 5986 if HTTPS.

Optimizing the desktop environment

Some of the tools included with Windows to help improve performance are summarized here. These tools are found the Performance Information and Tools screen.

Tool 		Description
Adjust visual	Visual effects can sometimes slow down other tasks on your PC.
effects		You can turn these effects on and off and view more options.

Adjust indexing You can fine-tune indexing and searching to focus on the files and 
options		folders that you most commonly use.

Adjust power	Power settings on your PC can significantly affect its performance.
settings	You can change settings to balance your PC the way you want to
                between	higher performance and longer battery life.

Open Disk 	Freeing up space on your hard disk can increase performance,
Cleanup		especially if the disk is quite full.

Advanced 	This option displays additional system tools,
tools		such as System Information, Task Manager, and Event Logs.

Configuring Indexing Options

Windows 8 maintains an index of all the files, folders, and documents on your computer. This speeds up searches and helps maintain quick access to files in libraries. To manually manage this index and get a significant amount of control over it, search for Index at the Start screen, where you will find it in the Settings search results. The Indexing Options window, which lists all the currently indexed locations on your computer. You can use the Modify button to add or remove locations from the index and the Advanced button to manage the index itself.

Clicking Modify displays a list of all available locations that can be indexed. The bottom list displays all the currently selected locations; if you click Show All Locations, this list expands to display all system and hidden locations that are also indexed by default.

Note:
Various methods are available-some are official and some aren't-for adding network storage to your index and to libraries. A non-indexing workaround for libraries is the MKLINK command, which won't be detailed here because it's not official (although it does work). Some people suggest making a network drive available offline on your computer, although this will copy the network files over to your PC, taking up huge volumes of space.

Clicking the Advanced button gives you fine control over the indexing options themselves. The resulting window has two tabs across the top:

• Index Settings allow you to fine-tune the index and includes options for adding or excluding encrypted files, using natural language search with the index, moving the index completely to a different folder or hard disk, and even completely dumping the index and starting again, perhaps if it has become corrupt.
• File Types allow you to manually include or exclude any of the hundreds of file types Windows 8 knows or that are associated with software on your computer. If, for example, your company uses custom software that has its own file extension and file format, Windows 8 won't know to add it to the index. You can manually add those files to the index on this tab, and choose whether you want to index just the file properties or also its contents.