|RSS | MY PROFILE | PRIVACY|
Back By Popular Demand!
A number of readers asked me to resurrect the Quotes of the Week section that Stu Sjouwerman (the
previous editor this newsletter) used to include in each issue, so back by popular demand are some non-
technical things for you to think about each week. You'll find these quotes in their usual place at the
end of the Editor's Corner.
If you reboot a Windows system on your network and log on to it, how long does it take until your desktop settles to the point that you can actually begin doing your work? For domain-joined Windows 7 computers in enterprise environments, I've actually heard about times ranging from under 30 seconds to more than 30 minutes!
Wait, did you just say 30 minutes? Yes, I've heard stories of where it takes a couple of minutes until the logon screen appears after rebooting the computer. Then once the user types their credentials and presses Enter, it takes another couple of minutes until the full desktop appears with all its taskbar and notification icons. But then the system's disk drive churns so heavily for the next 10 or 20 minutes that the computer is barely usable to the user.
What could be causing this kind of frustrating behavior? And what can you do to minimize startup time, logon time, and time to reach a stable, usable desktop?
But before we go any further with our tortoise-or-hare discussion, let's look at what Abstruse Goose has to say about how a race between these two animals would probably really turn out if it ever happened. WARNING--MATURE CONTENT:
Don't Power Off
First, you can eliminate much of the startup delay by simply never powering your computer off. Put it to sleep instead. Here's some info on the different Windows 7 power-saving states and how to make use of them: http://www.wservernews.com/go/1327221222406
Preventing Forced Reboots
Unfortunately certain software updates from Microsoft may require that your Windows system be rebooted in order for such patches to be properly installed, and if you don't reboot the system yourself after such updates are applied then by default Windows will reboot the system for you after waiting a certain amount of time for you to respond (usually 10 minutes). In a domain environment, the administrator can configure the "No auto-restart with logged on users for scheduled automatic updates installations" policy to prevent such forced auto-restarts from happening as this TechNet page explains: http://www.wservernews.com/go/1327221260140
If the system is in a workgroup (such as a home computer) you can use either Gpedit.msc or Regedit.exe to prevent such forced restarts as this thread from the Microsoft Answers forum indicates:
End Your Day Gracefully
If your environment is such that desktop computers are forced to reboot when needed after patches are applied, then you should encourage users to save their work and shut down running applications at the end of each workday. This is for two reasons: First, if they don't save their work, Windows may forcibly terminate the running applications causing the unsaved work to be lost. And second, if running applications are forcibly terminated then this may increase the time for the desktop environment to stabilize once the user logs on again to their computer.
If your environment is such that dozens or more Group Policy Objects need to be processed each time your computer boots up and you log on to it, then this may cause it to boot more slowly and take longer for your desktop to appear after logging on. You can run the command gpresult /r to find out what GPOs were enforced on the computer for the specified user at logon. Here is the syntax of the command:
Other related causes of slow logons can include using startup/login scripts instead of Group Policy Preferences, excessive use of WMI filtering of GPOs, needing to contact a domain controller across a WAN link, and so on.
Fast Logon Optimization
It's also possible that your administrator may have configured Group Policy on your organization's network so that Fast Logon Optimization is disabled. Doing this forces Group Policy to be applied synchronously, which means machine policy is applied when the computer starts and the user is not allowed to log on until processing of machine policy is finished. In addition, after the user enters their credentials at the logon screen the user's desktop does not appear until user policy finishes processing. The result of disabling Fast Logon Optimization will be a noticeable delay in both startup and logon, but it has the advantage from a security point of view that all policies are always applied to the system (instead of sometimes requiring several reboots to apply all policies). For more information about Fast Logon Optimization, see this TechNet article: http://www.wservernews.com/go/1327221394515
and this article that I wrote awhile back for WindowsNetworking.com:
If your hard drive is thrashing for a number of minutes after logging on, just try launching the applications you need to do your work. It could be that much of the disk activity is due to the Windows Search service indexing files on your computer, and as soon as you begin working this service will recognize that the system is no longer idle and will back off from its indexing activity and the thrashing of your hard drive should die down.
Other Sources of Logon Frustration
If the antivirus software on your computer is configured to scan the system at startup then this may lengthen your boot time if the software needs to download updated malware definitions from the AV server managing your system. Your best bet is to contact the vendor of your antivirus software concerning this issue.
If your system is a kiosk computer and you're using software that deletes all local user profiles on the machine when the user logs off, then each time someone logs on to the system a new local user profile will be created and this will make the logon process take longer than usual since every logon will be a "first logon" on the system. Your best bet is to contact the vendor of your kiosk software concerning this issue.
If your %temp% folder is full of zillions of files then this can sometimes cause delays in launching certain applications, which makes it feel like it takes longer for your system to become usable after logging on.
If you are using Windows Live Mesh to sync your computer to another computer, then this might churn your drive for a period of time whenever you log on to your computer.
Then of course there are things like Roaming User Profiles (RUP) that can cause logon delays, but that's a whole separate issue since RUP is used only in certain kinds of environments like TS/RDS hot-desking scenarios. For a good discussion of RUP optimizations new in Windows 7, see Chapter 15 of the Windows 7 Resource Kit from Microsoft Press: http://www.wservernews.com/go/1327221492390
Tools for Troubleshooting Slow Logons/Startup
There are a few tools you can use to try and pin down exactly what's causing your system to experience slow startup/logon. One good one is the Windows Performance Toolkit (XPERF) and this blog post by Jeff Stokes, a field engineer at Microsoft, demonstrates how to use XPERF for troubleshooting such issues:
Here's a follow up post from Jeff's blog:
And if you're having problems with shutdowns (as opposed to startups or logons) this article from Windows IT Pro shows youhow to use XPERF to troubleshoot the issue:
You can also try using Process Monitor, a Windows Sysinternals tool, for troubleshooting slow logons/startup. This blog post by a Microsoft MVP explains step-by-step how to do this:
And this thread from the Kaspersky Lab Forum tells you how to correctly use Process Monitor when you also have antivirus software running on your machine:
You can also use a combination of two Sysinternals tools, Process Monitor and PsExec, to troubleshoot certain kinds of slow logon issues. See this story from Mark Russinovich's blog explaining how:
Here are a couple of more helpful blog posts on using various combinations of tools to troubleshoot slow logon issues:
You'll find links to the above mentioned tools in the Admin Toolbox section of this newsletter.
Top Three Tips for Improving Startup and Logon Times
Think of it this way: if IT can shave even a couple of minutes off the time-from-boot-to-usable-desktop for every user in your organization, how much money can your business save over a year by doing this?
The Best Option
When all else fails, type your credentials at the logon screen, press Enter, and go have a coffee while you wait for your desktop to stabilize. Skip the donut though--if you're an IT pro like me then you're probably overweight enough as it is...
P.S. If you have any more suggestions on how to resolve problems associated with logging onto Windows systems taking too long, please send them to my mailbag at firstname.lastname@example.org
Tip of the Week
You might want to pass this tip on to your end users if you're concerned at all about safeguarding your company's network against malware infection. One common attack vector is to trick users into opening links they think are for familiar or well-known web sites but which actually redirect the user's browser to a site hosting malware. An easy way of doing this is to obfuscate the link using a popular URL shortening service like TinyURL, Bit.Ly, and many others. For example http://bit.ly/uKClxK is a shortened URL and yes, it's safe to click, go ahead...
Anyways, I generally avoid opening shortened URLs especially in Twitter streams where they are frequently found. So is there any way to determine the URL to which a shortened URL will redirect your browser before opening the shortened URL? Of course! There are a number of different sites that can help you expand shortened URLs and here are two you can try out:
If you know of any better URL expanders than these two sites, please let me know at email@example.com.
Recommended for Learning
This week I have some security-related books to recommend:
The Tangled Web: A Guide To Securing Modern Web Applications from No Starch Press is helpful reading for enterprises concerning about browser security. Since most enterprises use web-based applications for intranet/extranet business processes, it's a good idea to understand in detail how web browsing works and the security consequences of things like cookies, plug-ins, framing, inheritance and various content recognition mechanisms used in web browsing. Rather than focus on describing all the different kinds of web vulnerabilities around, the book focuses on the underlying mechanisms behind web applications to give you better understanding of how vulnerabilities arise. http://www.wservernews.com/go/1327222042843
CISA Certified Information Systems Auditor All-in-One Exam Guide, 2nd Edition is a certification guide from McGraw-Hill that can usefully serve both for exam preparation and as a reference for the working professional. Auditing is all about process and adhering to standard practices, and this book covers the basic concepts and procedures in a simple and clear way. I?d also recommend the book as good reading for any IT manager who has responsibilities over a datacenter or large company?s network and data infrastructure. Something as simple as making sure you visit an off-site storage facility to see what
safeguards they?ve implemented can be make or break when the crunch comes during a disaster. http://www.wservernews.com/go/1327222071046
CCNP Security VPN 642-647 Official Cert Guide from Cisco Press is the book you?ll need in order to master Cisco?s exam 642-647 on VPN security as you work towards your CCNP certification. Like all Official Cert Guides from Cisco, it?s chock full of accurate information, detailed descriptions, and self-assessment aids. I?ve had some experience working with Cisco products so I read several chapters and learned some things that should help me in the future. The chapter on deploying and managing the Cisco VPN Client was especially interesting as it dug down into some advanced profile settings I hadn?t known about. This one is definitely a must-have for every network administrator?s (and wannabe administrator?s) bookshelf. http://www.wservernews.com/go/1327222084828
Save this Newsletter!
Just a reminder that each of these newsletters focuses on a specific theme. For example, the last few issues have dealt with logon delays, deployment best practices and hardware troubleshooting. The reason we do this is because we want you to save these newsletters for future reference. That way, whenever you're faced with some Windows administration task or problem, you can refer back to one of your saved newsletters and find helpful tips, best practices, links to tools and other resources that can assist you. So be sure to save these newsletters so you can refer back to them later when you need
Quotes of the Week
"All we have to decide is what to do with the time that is given to us." --Gandalf the Grey
"When the road before you splits in two, take the third path." --old Telaxian proverb
"Every time I see an adult on a bicycle, I no longer despair for the future of the human race." --H.G. Wells
Be sure to forward this newsletter to a friend or colleague who might find the tips and tools in it helpful for performing their job. And if you have feedback concerning anything in this newsletter, feel free to send it to my mailbag at firstname.lastname@example.org
Cheers, Mitch Tulloch
Tired of your Active Directory management tools? Centralize and simplify all Windows and AD management without scripting.
rDirectory's Community Edition is a pre-configured, easy to use, web-based directory and search engine that downloads in just minutes - and it's absolutely free!
Accident or Malicious? Learn whether suspicious activity on Windows Servers is a result of unintentional actions?or malicious insider. View Demo.
Free Service: Email Exposure Check. Find out which addresses of your organization are exposed on the Internet and are a phish-attack target:
Get the Windows Performance Analyzer (XPERF) by following these helpful instructions:
Process Monitor is an advanced monitoring tool from Windows Sysinternals you can use for troubleshooting startup/logon/shutdown:
PsExec is a light-weight telnet-replacement from Windows Sysinternals that lets you execute processes on other systems: http://www.wservernews.com/go/1327222295859
Microsoft Management Summit 2012
January 27 is the last day for Early Bird Registration for MMS 2012 that lets you save up to US $275 off the standard registration price. MMS is where skilled IT professionals can meet to increase their technical expertise through hands-on training, breakout sessions and interacting with industry leaders in desktop and device management, datacenter, and cloud technologies. MMS 2012 will be in Las Vegas from April 16-20, 2012.
Upcoming Microsoft Events and Webcasts
Browse the Cisco Corporate Events Calendar to find Cisco at events, trade shows and conferences around the world: http://www.wservernews.com/go/1327222572015
Special Offers on Cloud Computing Courses
Check out the news concerning special offers on cloud computing courses on the TechNet Cloud Portal: http://www.wservernews.com/go/1327222648265
Cloud Computing Trends in Europe
The Cloud Infographic presents some results from a survey conducted by Interxion: http://www.wservernews.com/go/1327222675343
Top 12 Cloud Trends Of 2012
Alistair Croll of Information Week provides some insights into what the next year may bring:
Virtualizing storage for scale, resiliency, and efficiency
Rajeev Nagar of Microsoft explains Storage Spaces, a new feature in Windows 8 that lets you create storage pools of different sized physical disks.
Top 40 Best of W7H In 2011
A collection of hot tips from Windows7Hacker that can help you get the most out of Windows 7: http://www.wservernews.com/go/1327222789875
Self-service, security and storage tools for the private cloud
To manage a private cloud, you?ll need third-party tools that can help create self-service portals, maintain security and control storage.This expert tip provides a list of recommended products to get the job done. http://www.wservernews.com/go/1327222843031
Products of the Year 2011
Server virtualization adoption continued to grow throughout 2011, creating new opportunities for vendors to expand upon the benefits and functionality of server virtualization platforms. As a result, the marketplace for additional tools and services is becoming crowded. Check out this guide to see which products stood apart from the pack and provided exceptional benefits forIT shops of all sizes last year.
VDI won't displace PCs in 2012 or any other year. It has been, and will remain just one of many options for IT pros to deliver applications to remote desktops. In fact, 2012 will be a year where IT shops will be consumed with the task of delivering applications to iPads, smartphones and other mobile devices. IT pros will likely use various forms of desktop virtualization -- including cloud-hosted virtual desktops and server-hosted VDI -- to deliver enterprise applications. Learn more in this exclusive article.
How Windows Server 8 can help with compliance
Windows Server 8 is going to be here before we know it. Have you stepped back to think about how this operating system can help your business with compliance and overall information risk management? Discover why one expert is certain it will help in this regard by reading this popular tip.
Welcome to the Future: Samsung just announced a transparent touch-screen which is completely see-through and fits any window up to 46 inches.
A prototype of a digital carpet that changes patterns as someone walks over it. This is pretty cool!
If you like Lego, you must attend BrickCon someday:
The Greatest Awesome Gamer In Thailand:
And for those who like to keep track, here is Microsoft By The Numbers:
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft?s Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. For more information see www.mtit.com.
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. She is also a Content Expert for Jones International University where she co-developed the four-course Information Security Management specialization of the Masters of Business Administration program.