I get asked pretty often in my day job to help people troubleshoot / analyze / attack slow boot and slow logon issues they face in their Windows client or Windows terminal services environments, whether they be physical machines or VDI instances. I wanted to share a few of the very quick and easy plans of attack that I take when the client endpoints are Windows 7 SP1 or servers are 2008 R2 SP1.
1. Install the latest enterprise hotfix rollup for Windows 7 SP1 or Windows 2008 R2 SP1 on all of your endpoints involved in the boot or logon process – that includes DCs, file servers, infrastructure servers, virtualization hosts, etc:
An enterprise hotfix rollup is available for Windows 7 SP1 and Windows Server 2008 R2 SP1
Windows 7 SP1-based or Windows Server 2008 R2 SP1-based SMBv2 client computer freezes when the computer is under a heavy load
2. Make some changes to the base configuration of the Windows 7 client endpoints:
‘ Configure Windows Management Instrumentation Service: winmgmt /standalonehost sc config winmgmt group= "COM Infrastructure" ’ Set DisabledComponents to 0x21 for IPv4 preference: reg add HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD /d 0x21 /f ’ Configure Network List Service to Auto sc config netprofm start= auto ’ Configure SMS Agent Host Service to Auto (Delayed): sc config CcmExec start= delayed-auto ’ Enable verbose status messages in Winlogon: reg add "hklm\software\microsoft\windows\currentversion\policies\system" /t REG_DWORD /v verbosestatus /d 1 /f
Above and beyond that, the reduction of logon scripts and the numbers of group policies applied should be attempted, migrating to GP Preferences where and whenever possible. Also, reducing dependence on IE Maintenance policies and migrating those settings out into GP Policies or GP Preferences (especially since IE10 no longer parses IE Maintenance policies) will also provide a speed boost.
After that, you need to start looking at migrating unnecessary services to delayed-auto, reducing the load of monitoring and maintenance applications (honestly, most applications that are designed to “profile” the system to improve performance actually do exactly the opposite!), and review your antivirus and security software configuration to make sure it’s configured adequately for performance (and if it can’t be, consider looking at alternatives that can do the job but are lighter).
For analysis, you can use the Windows Performance Toolkit to take boot traces in one and two machine at a time scenarios, and you can also use Windows Assessment Services (WAS) to do more at-scale analysis. I will have a quick post on very basic set up and configuration of WAS coming shortly.