70-240 in 15 minutes a week: Monitoring and Optimizing System Performance and Reliability

by ServerWatch Staff

This week's article covers Monitoring and Optimizing System Performance and Reliability. This includes a look at scheduling tasks, monitoring performance, synchronizing offline files, system backup, system restoration, and more.

by Dan DiNicolo

Welcome to article number five in my 70-240 in 15 minutes a week series. This week's article covers Monitoring and Optimizing System Performance and Reliability. This includes a look at scheduling tasks, monitoring performance, synchronizing offline files, system backup, system restoration, and more. This article still falls within the Windows 2000 Professional section of the exam. Note that next week's article will combine two topics, since one of the topics is a little less involved. Doing so will also help move us into the Windows 2000 Server exam material a little sooner, which will benefit those talking the core exams individually - while giving those preparing for 240 another week to study before the big exam!

The material that this article will cover includes:

- Task Scheduler
- Synchronizing Offline Files
- Optimizing and Troubleshooting Performance
- Data Backup and Recovery
- System Startup Options
- Recovery Console

Task Scheduler

While Windows NT 4 relied on the AT command for the purpose of scheduling tasks, Windows 2000 actually includes the Task Scheduler utility. This tool allows you to schedule a program, script, or backup to run, according to the schedule you provide. Accessible via Control Panel (Scheduled Tasks) or the Accessories menu, you can schedule tasks to run once, daily, weekly, monthly, when the PC starts, or when a user logs on. A few important notes about the Task Scheduler:

- You can schedule a task to run with elevated privileges. That is, you can specify that a task run using the Administrator account, even though the locally logged on user does not have the rights to perform a task. 
- If you change the password of the user whom the task is scheduled to run as, the task will fail. The password associated with a task does not change when the user changes their password. (For this reason, you might consider creating a service account whose password never expires).
- In the advanced properties of a scheduled task, you can set things such that a scheduled task will never run when a machine is running off battery power, or that the task should run when the system is idle.
- Note that the Task Service can be stopped or restarted - a possible course of action if a task fails and the username / password is not the issue. 

Synchronizing Offline Files

While we've already discussed the offline caching of files, this section involves a look at the synchronization settings relating to offline files and how they can be configured and controlled. Synchronization Manager allows you to control how and when offline files are synchronized. You can find the utility via the Synchronize option on the Tools menu in Windows Explorer. Options include synchronizing offline files, folders, and web pages at logon/logoff, when the system is idle, or at a scheduled time. You may, for example, choose only to synchronize a certain folder, instead of all offline items. You can also control whether synchronization occurs based on the type of connection. For example, you may want to synchronize when connected via the LAN, but not when connected via a dial-up connection. 

The Synchronization process also handles file conflicts. For example, let's say that you synchronize a directory and then disconnect your system from the network (a laptop). If you change a file while offline, Windows 2000 will automatically replace the network version with your newer version once you reconnect and synchronize, assuming the network version hadn't changed. If another user had also changed it while you were offline, Synchronization Manager would ask how you would like to proceed. It allows you to view both copies of the file, and decide on an appropriate course of action. You could keep both files (renaming one), overwrite the network copy with yours, or overwrite your copy with the new network copy. 

Optimizing and Troubleshooting Performance

Optimizing the performance of the Windows 2000 Professional desktop is a rather simple affair. The main configuration option is the Performance Options section on the Advanced tab of the System Properties. As shown below, 2 main options exist:

Usually we want to optimize performance for applications on Windows 2000 Professional (default) and for background services on Server (default).

However, another area to consider when configuring for performance is the system's virtual memory, or page file settings. In Windows 2000, the page file size is automatically set to 1.5 times the amount of RAM present in the system by default, but this can be changed. The page file exists physically as the file pagefile.sys in your %systemroot% partition (the partition containing your WINNT directory). To improve page file performance consider moving it to a partition other than the system or boot partition, split evenly across multiple physical disks (except the system or boot partitions), or on its own fast under-utilized drive. Also consider setting the initial and maximum paging file sizes to the same value to avoid the performance costs associated with dynamically resizing the page file on the fly.

As far as application performance and responsiveness is concerned, applications can still be configured to run at different priorities. This can be controlled by either starting an application from the command line (using the start command with the /low, /belownormal, /normal, /abovenormal, /high, or /realtime switches), or by changing an application's priority using Task Manager, as shown below. Only an administrator can start set a program to run using the realtime priority.

Task Manager still allows familiar features, including the ability to start or stop applications or processes, as well as get quick statistics with respect to memory and processor usage. The program now also includes the ability to view the difference between user mode and kernel mode resource usage with the Show Kernel Times option on the View menu. Kernel mode resource usage will appear in red.


A familiar tool still exists in Windows 2000 for monitoring performance, although it now carries a new name. The Performance tool is actually a combination of two different MMC snap-ins: System Monitor, and Performance Logs and Alerts. Combined, they essentially form Performance Monitor from NT 4. 

Performance Monitor Logs and Alerts allows you to configure both logs (which collect information on performance counters you specify) and alerts (which allow you to specify a course of action once the thresholds you define are reached). A log records data over a period of time, and is usually used for analysis purposes, such as tracking resource usage trends and creating baseline measurements. You can later import this logged data into a spreadsheet or the System Monitor program for analysis. Two types of logs exist: Counter logs and Trace logs. A Counter log measures object performance counters at defined intervals. A Trace log is mostly used for debugging or error tracking, and records data only when certain errors (such as a page fault) occur. Note that running logs appear with a green icon, and that stopped logs appear in red. Alerts can also be configured according to when a certain threshold is reached. For example, you could set an alert to be triggered when processor utilization exceeds 80 percent. Further to this, you can control what happens when the alert is triggered, as outlined below:

The System Monitor element of the Performance tool allows you to track performance counters for different system objects such as memory, CPU, network, and many others. System Monitor can display in graph, histogram (a moving bar chart), and report formats. Of course, it is not practical to know all the counters, but there are a few that are more important than others. These are listed below according to the type of object. 

Disk Counters

Before we look at the counters, remember that disk counters cannot be gathered until you run the Diskperf -y command. Each of the counters listed below have corresponding counters on the LogicalDisk object. The difference is that LogicalDisk is for a volume, while PhysicalDisk is for an entire hard disk.

PhysicalDisk: Current Disk Queue Length - measures the number of requests waiting for disk access. A value higher than 2 suggests a bottleneck.
PhysicalDisk: Disk Bytes / Transfer - Average number of bytes transferred between memory and disk during reads and writes. Values around 4K can suggest a high level of paging.
PhysicalDisk: %Disk Time - Percentage of time that a disk is busy handing read or write operations. Higher values suggest a disk bottleneck.

Processor Counters

Processor: % Processor Time - Percentage of time that the Processor is busy handling threads. Acceptable values will depend upon the specifications of the system, but a value above 80% suggests a bottleneck.
Processor: Interrupts/sec - Average number of times per second that a device interrupts the CPU. This must be compared versus baseline measurements to determine a problem. A very high value usually suggests malfunctioning hardware.
System: Processor Queue Length - Number of threads waiting for access to the CPU. In a single processor system, a value of 2 or higher suggests a bottleneck.

Network Counters

NetworkInterface: Total Bytes/sec - Measures the total amount of inbound and outbound traffic passed though the network interface. Acceptable values are determined by the maximum of the media (like Ethernet) in use. When value approaches the card maximum, it may be time to upgrade to a faster or multiple adapters.
NetworkInterface: Output Queue Length - Number of packets that are queued waiting for access to the media. Values higher than 2 suggest a bottleneck.

Memory Counters

Memory: Available Bytes - Number of byte of memory available at any given point in time. A value of less than 4K suggests the need for additional memory.
Memory: Pages/sec - The number of times per second that data is transferred between RAM and the paging file. If this value is much higher than the baseline measurement, it suggests the need for additional RAM.
Memory: Page Faults/sec - How often a needed memory page is not found in RAM and must be swapped in from the page file. Again, high values above those observed in the baseline suggest the need for more RAM.

Data Backup and Recovery

Data backup and recovery in Windows 2000 is accomplished via the Backup program, ntbackup.exe. The new program includes the ability to backup up to different types of media (tape drive, CDR, zip drive, etc), as well as the ability to have backups span media (multiple zip drives, etc). Perhaps the greatest benefit is the ability to schedule a backup - something that was sorely missing (unless you wrote a batch file and scheduled it with the AT command) in NT 4 - in Windows 2000 this is done via integration with the Task Scheduler. Backup and restore operations can be carried out by explicitly choosing files and folders if you're familiar with the process, or by a wizard if you are not.

In order to backup files and folders, you must have appropriate rights and / or permissions. Users may back up their own files, as well as those to which the have the NTFS Read permission. Users may only restore their own files or ones to which the have the NTFS Write permission. Administrators and members of the Backup Operators group have the right to backup and restore files (as do Server Operators on a server), including those to which they have no access.

There are 5 different types of backups you should know about. Note that some backups set or clear a 'marker'. The marker is the archive attribute on the file or folder being backed up. The 5 types of backups are looked at below:

Normal: Backs up all selected files and folders, and clears all markers.
Differential: Backs up all selected files and folders that have changed since the last Normal backup, and does not clear markers. 
Incremental: Backs up all selected files and folders that have changed since the most recent Incremental or Normal backup. It does clear markers.
Copy: Copies all selected files and folders, and does not clear markers.
Daily: Backs up all selected files and folders that have changed on that day, and does not clear markers.

Remembering the backup types is easy. Using a Differential backup strategy means that backups take a little longer, but restores tend to be quicker. An Incremental backup strategy generally means faster backups and a lengthier restore period.

Windows 2000 also allows you to backup all of the critical system files by choosing to backup something called System State. System State is just another option to choose within the backup program, as shown checked below:

System State can only be backed up for the local machine, since the Backup program does not allow for remote System State backups. System State includes the registry, system startup files, and COM+ objects on any system. On a system running Certificate Services, it also includes the Certificate Services database, and on a domain controller, it includes the Active Directory database, as well as the Sysvol folder. 

One last thing you should be aware of with the Backup program is that this is where you now create an Emergency Repair Disk (ERD). These are no longer created with the Rdisk.exe command as in NT 4. Note that the ERD is not bootable. It is also worth noting that the ERD does not contain a copy of the local registry. This is stored in the local repair directory, and can be updated as part of the ERD creation process. To begin the emergency repair process, start the Windows 2000 installation process, and choose R to repair a damaged or corrupt system. The two repair options include Fast Repair and Manual Repair, as outlined below.

Fast Repair: this option requires no user interaction. Any errors relating to the startup environment, registry, or system files are fixed automatically. This option restores the registry from the repair directory. If the registry stored here is an old version, newer changes may be lost. 

Manual Repair: This option requires user intervention, and allows you to choose to repair the startup environment, system files, or the boot volume. Note that this option does not allow you to repair the registry. 

System Startup Options

Some of the familiar startup options from NT 4, along with a whole range of other options that you may be familiar with from Windows 9x are now available in Windows 2000. Pressing F8 when prompted during the boot process accesses the advanced startup menu. Many of the options are useful is a system is not capable of booting correctly due to driver and service issues. The list below outlines the choices you will be presented with and their associated uses.

Safe Mode: Boots Windows 2000 using the minimum required system files and device drivers.
Safe Mode with Networking: As above, but including networking support.
Safe Mode with Command Prompt: Same as Safe Mode, except that it boots to the command prompt instead of the GUI.
Enable Boot Logging: Starts all drivers and services, and logs details to a file called Ntbtlog.txt in the %systemroot% directory (this file is also created when any of the safe mode options are chosen - it can be an important source of troubleshooting information).
Enable VGA Mode: Boots Windows 2000 normally, but with a VGA display driver.
Last Known Good Configuration: Boots Windows 2000 using the last known good registry configuration, which would have been created at the last successful logon. This option should be used prior to attempting an emergency repair using the ERD.
Directory Services Restore Mode: For domain controllers only, this option is used to restore the Active Directory and/or the Sysvol folder.
Debugging Mode: Boots the system normally, but sends debugging information to another system connected via a serial cable.

The Recovery Console

Windows 2000 provides the ability to access an advanced troubleshooting environment referred to as the Recovery Console. This tool, which is not installed by default, can be installed by running the winnt32 /cmdcons command. This option provides a command-line interface, similar to DOS, but with a more limited command set available. The recovery console will allow you to start and stop services, fix the master boot record, replace files, and so forth. However, there are certain things it will not allow you to do, such as edit a file. If you needed to do this, you would have to copy the file to a floppy, and edit it on another system. If you have not installed the Recovery Console in advance and need to use it, can still be accessed by booting the system using the Windows 2000 CD, choosing the option to repair Windows 2000, and then starting the Recovery Console. 

If already installed, you can access the Recovery Console by rebooting and choosing the Recovery Console option from the boot loader menu. After it starts, you must log on with the local administrator account name and password. Remember that the recovery console provides access only to a limited set of commands, such as fixmbr (to fix the master boot record), format, disable (service or device driver) and so forth. For a complete list of supported commands, look here.

Well, that again does it for another week. Next week we'll explore two topics, both troubleshooting the desktop environment as well as implementing and troubleshooting security. I would again like to thank all of you who have been following the series, and writing me with your questions and comments. One side note for those studying. I hope you'll consider posting your study-related questions to my message board instead of emailing them to me directly. The reason is simple - if you have a question, somebody else likely does as well, and the answer will likely benefit many people. As for your general questions and comments, please continue to email them to me directly - I appreciate your feedback. Please don't forget to visit my website - there will be a whole slew of new free study exams released in the next few weeks, on top of many new features recommended by you! Until next week, best of luck with your studies.


This article was originally published on Thursday Mar 22nd 2001
Mobile Site | Full Site