Windows Setup Guide: Performance
One of the major interests of people reading these types of guides are of tweaks they can apply to enhance the performance of their operating system. Like most Windows modification guides this one will also provide tips and insight into improving the performance of Windows, although the rest of the guide goes into detail on other topics. It should be noted that some items listed in the Interface section of the guide could also boost performance a great deal, such as disabling themes. So, if you're interested in performance I would also recommend that part of the guide.
Table of Contents
1. System Restore
A feature that was new to Windows XP (as well as Windows Millenium, but I won't go into that) is the system restore feature. This feature was implemented to protect your Windows install from damaging it with program/driver installations or from flukey hardware. This feature adds an element of stability that has never been seen before in Windows. Anyone who has worked with a good deal of Windows 95 (or version 3) computers will recognize the benefit of this feature, because in the past your option was only to reinstall when you encountered a problem.
The way the system works is that it places critical system components in a secured directory on your computer. It makes the copies of these components every day automatically, when you manually specify it to make a backup, on a schedule that you specify with the backup utility included with XP, or before a critical change to the system such as when you install a driver update or install a program that could alter the system. The files that it elects to backup are specified in an XML file called filelist.xml in your %systemroot%\system32\Restore folder (where %systemroot% is a system variable that normally equates to c:\windows). The default files it chooses to backup are registry hives, system files such as DLLs stores in your system32 folder, etc.. This feature is not made to backup your documents or other files, although by correctly editing the XML file you could in theory make it do that if you wanted to (although the backup utility is better made for that). The files that it backs up are stored in the system volume information\_restore folder. This directory by default is invisible unless you alter view settings. And on an NTFS partition this directory will limit access to only the system, but you can take ownership of the directory if you have simple file sharing disabled.
If at any point you need to reset to a restore point that either was manually or automatically created you can use the system restore utility from within Windows. This program can be found in your start menu under accessories and then under system tools, or in the directory %SystemRoot%\System32\restore (where %systemroort is a variable that normally equates to c:\windows) under the file name of rstrui.exe. From this program you can create restore points, but you can also restore to a restore point. If you elect to restore to one it will replace your system files and have you reboot. If you elect to create a restore point it will ask for a name and quickly create one. If for some reason you can't boot into Windows then you will need to use the last good configuration setting from the F8 menu on Windows (when you turn your computer on press F8 before / during the beginning of the Windows XP loading screen and it will let you choose this). In my experience a good number of system problems prevent me from every being able to system restore, thus making this feature useless. But, I do know people that have had a very good experience with this feature.
The maximum space this feature consumes is specified in the system restore dialog tab under system properties (right click my computer and go to properties, or simultaneously press your Windows key and your pause/break key at the same time). By default system restore will use up to 12% of your hard-drive, but under the settings you can change that anywhere from 2% to 12%. The system files it backs up are farily small relative to the size of today's hard-drives and will range somewhere between 20-50MB for each restore point. But, these will eventually meet the maximum value of space you specified and the restore points are only removed when you manually do it.
From the system restore tab the feature can also be disabled. If you do not wish to waste valuable hard-drive space, or waste precious memory to the system restore process, and if you don't mind reinstalling when a problem occurs then feel free to disable this service. Once you disable the service the system restore service (see the services section in part 9) will halt (meaning you don't have to disable the service), all of the restore points will be deleted (actually, the entire _restore directory in system volume information will be destroyed), and you will lose the ability to reset to a restore point.
Return to top.
2. File Indexing
A feature that is not new to Windows XP is the file indexing service. This feature was originally implemented in Windows 2000 and is a weak version of what Microsoft promises us for the next release of Windows (codenamed Longhorn). But, the concept of this feature has long been with Windows and was installed with Office as a document tracking application that ran upon startup that they named find fast. Basically the purpose of this feature is to keep a quick reference index of all document type files on your drive so that it can speed up file searches, and it allows you to perform fairly sophisticated searches of information contained within those documents.
On heavily searched systems this feature could be a great benefit. But, for the majority of people that perhaps run a search of their system a few times a week, and normally not for documents, the benefit is greatly outweighed by the memory consumption and CPU time. And if you name your files good things and place them in directories using an intelligent organizational method then you shouldn't need this. In fact, if you have this feature turned up to maximum then your computer may become next to unusuable unless you're using some pretty fancy equipment. So unless you find yourself searching a few dozen times every hour within documents then I would suggest disabling this feature.
Once started the service monitors configured catalogs. The catalogs are basically the indexes it keeps. For a particular area of your computer to be indexed it requires a catalog to be attributed to it. This is done through the computer management MMC (start menu, run, compmgmt.msc, okay). Under services and applications there should be an item for indexing service. From here you can start and stop it, which it is required to stop the service before modifying any catalog, as well as create new catalogs, do a manual scan of items in the catalog and tune the performance of the service (right click, under all tasks). To tune the performance you can select between a few presets or customize the service and tell it how much performance you are willing to sacrifice for it.
For those of you that are interested this feature one way or the other, it is executed through the system services (start menu, run, services.msc, okay). Under the name of indexing service this feature is stopped and started, as well as configured for the state of it at startup. If you do not wish to use this feature then you will want to set this to manual. If you do wish to use it then set it to automatic. So unless you know you need or want this then I suggest setting the service to manual, which it should be by default .
Return to top.
3. Swap File (Virtual Memory)
Computers use memory to store things permanently (hard-drives mostly) and to store things temporarily as they are manipulated (RAM). Hard-drives retain data for extended periods of time (until they mechanically fail) and RAM stores things as long as current is applied to them (as long as your computer is on). Besides those differences RAM is a lot faster than a hard-drive by magnitudes of thousands. Whenever a program is executed that program's data is placed in RAM so it can be manipulated quickly, and data used by that application is typically placed in memory too. However, a typical computer (especially traditionally) does not have enough RAM to retain all this data, especially larger programs like video games or graphical manipulation programs. To get around this problem all current operating system use a technology called memory swapping. Once a program begins to consume a good percentage of RAM, especially taking into account how much RAM is used by other programs, Windows will begin to "page out" memory to the swap file. This is a file, by default,in the root of your system drive (normal C:) that is called pagefile.sys. It is a file on the hard-drive that emulates RAM, and from the perspective of applications it is RAM. So a program that runs out of physical memory (RAM) will be forced to write data to the hard-drive. This is much slower of course, but it allows you to not see "out of memory" errors that existed before swap files.
A common misconception about memory swappingis that it is believed to be used more often then it actually is. The fact is that Windows very intelligently manages the swap file. For each program started Windows will set aside a segmented amount of space in the swap file for it. This amount can be seen from the task manager under the column of VM Size. However, just because a particular amount of space is allocated for VM usage does not mean it is being used. This space is only used in the most dire of circumstances (when you are nearly out of physical RAM), and this point portions of less frequently used programs are moved into virtual memory. The amount of swap space needed can be calculated by how much total RAM is used / required when you have all of your most memory consuming applications open. Then if you doubled that amount it would give you a pretty safe amount for the VM swap size. It should be noted that Windows requires a swap file even though it gives you the ability to disable it. Even with all the RAM in the world, without virtual memory you will receive some strange errors for programs that are virtual memory aware and expect to be able to control their own virtual memory usage (games are especially picky in this respect).
In Windows XP this feature is configured through system properties (right click my computer, properties, under the advanced tab, under performance-settings, under the advanced tab, under virtual memory-settings). On the virtual memory page you can choose how much hard-drive space is allocated to the swap file for each hard-drive partition. Most tweak guides recommend you set aside double to triple the amount of physical memory (RAM) you have to virtual memory. I personally do not agree with this methodology and generally I recommend setting aside a maximum of 768MB of RAM on current computer configurations. If you have 128-256MB of RAM than it may be useful to set aside 1024MB (a GB) of space since you have so little RAM. Any more than that and it is a waste of hard-drive space though. Most tweak guides suggest setting the minimum and the maximum to the same size, and this I agree with. Normally Windows grows and shrinks the swap file as it detects the need to do so. So by setting the max and min to the same it ensures that the swap file remains the same size, which means it ends up fragmenting your hard-drive less.
It should be noted that Windows incorrectly uses the term virtual memory (VM) and that virtual memory refers to the entire memory subsystem and that memory swapping is the correct term.
Return to top.
4. System File Protection
A feature of Windows that could potentially use up resources is called system file protection. The concept of this feature is that it monitors system files to see if they've been changed by an unreliable source. If they are then Windows automatically replaces them. This typically ensures that your computer is not destablized by a program installing an incompatible system file. I would generally recommend leaving this feature alone. I only bring it up because several tweak guides bring it up and suggest you disable it, but I highly disgree with them. If you want more information on this topic research it on Google.
Return to top
5. Local Policies
For the vast majority of users this is not an issue. But, network administrator should keep in mind that you should be careful with local policies on an Active Directory server. A password lockout policy that is set too low on a large scale network could bring the network to its knees if a worm begins an attack. And likewise you should keep this concept in mind when you consider the other settings.
Return to top.
6. Disk Management
This topic was previously very important in years passed. However, the need for this topic has been greatly lessened with new technologies such as command queuing, DMA, journaling file systems, etc. If you do not recognize those terms then don't be worried. The general idea of this section is that you need to manage your disk drives to keep them performing well. This involves two things; checking/repairing data corruption and organizing your data through defragmentation.
The concept of repairing your disk is fairly simple. Sometimes your hard-drive forgets where information is, writes improper data or forgets to write required data to the drive. These are usually caused by power failures, and luckily they are extremely rare to cause any type of loss that involves data disappearing. A good comparison to the types of problems encountered here is if a card from a card catalog in a library having the incorrect address for a book. This would make it very difficult for you to find the book, and in fact you would end up just looking for a different book if it wasn't within a few books of where you were told it was. With a computer it is very similar, if the index to a file is lost or corrupted then it either has to remove that index entry or it has to find it. The difference is that with a computer that the books are not physical, so if the index to that book is lost then that data location can be reused. On Windows XP the name for the index is the Master File Table (MFT), but could be called the File Allocation Table (FAT) if you are using a legacy file system. On a side note, this concept applies to deleted items. When an item is typically deleted the entry to that file is removed, but the data to that file stays until another program decides to write data to that location.
The process to fix disk errors is through chkdsk on Windows XP. The graphical frontend for this program can be found from the properties option for a disk drive when you right click them and select properties within My Computer. It is under the tools tab under error checking. This allows you to let your computer automatically diagnose common problems and fix them. For locked drives, meaning drives that have file handles in use, meaning drives that have programs accessing data on that particular drive cannot be scanned for errors until all file handles are closed. This means if you are running Windows from your C drive then you cannot scan your C drive for errors while Windows is running. Or if you have a program open from drive D then you cannot scan drive D until you close that program. This may seem like it makes the feature useless, but luckily there is a way around it. If you select to scan a locked drive it will ask if you wish to run chkdsk on the next boot of Windows. If you select yes then the next time Windows starts-up it will check the drive for errors. Generally speaking Windows XP should not have problems since it uses a journaling file system. This means that before Windows writes a change to a drive it makes a note of the change that it is about to make. Then after it makes the change it writes in the log that it finished the change. The benefit of this is that if you lose power in the middle of a change then Windows will be able to know what change was interrupted and can resume it, without corrupting the file. However, running chkdsk manually every few weeks or after a strange crash is a good idea.
The next concept of defragmentation relates to the speed of data. Data stored on your hard-drive is not all contiguous. Meaning that files can be split into sections and the index has to point to all the sections in order for your computer to be able assemble them when you access them. Going back to the library analogy this is like a book that has multiple chapters that are placed in different parts of the library and the card for that book in the card catalog specifies where you can find each part of the book in the library. As you can imagine this slows down the ability of your computer to access files, but is a required methodology for how many files are being written to your drive. The difference between your computer's data and the books in the library is that the library books are static in size, but the data on your computer varies. For example, everytime you save a Word document you most likely added or removed data from it, which means you just created a gap between it and the next file on your drive if you removed data or added a section of that data to the next available area if you added to it, which may not be right after the heart of the file. To be realistic your computer needs to use all available space, so if you removed data from a file, the next data written to your computer would use that space. Over time this jumbles up the data a great deal, and this is called fragmentation. To fix this problem you need to defragment your computer.
Defragmentation is not automatic on Windows and you have to do it yourself. Generally this will speed up disk access times and will make your computer a bit snappier to respond if it is highly fragmented. However, if you don't alter files sizes and install and uninstall programs all the time then this will have little effect. Depending on your computer usage you should do this between every week and every few months, but I would say average about every month if you don't know where your computer usage fits. To defragment your drive go to the properties option for a disk drive when you right click them and select properties within My Computer. It is under the tools tab under defragmentation. The process is very simple and can even be done on a locked drive. The concept here is that files that are locked can't be moved around, but you have little choice in this situation and not to mention that locked files are most likely not fragmented anyhow since they're usually in use).
Return to top.
7. Dr. Watson Debugger
Windows comes equipped with the ability to send all program crashes to a debugger. This is useful for tracking down unstable programs, and to let programmers diagnose the reason the program is crashing. In fact not only is there the ability to redirect crashes, but also a debugger is included with Windows. However, the usefulness of a debugger is reduced to that of an annoyance for most users.
The name of this debugger is Dr. Watson. It doesn't include any fancy debugging features that are included with programming suites such as Visual Studio, but it does log crash events and related information. By default crash logging is enabled within Dr. Watson and this means that when a crash occurs Dr. Watson will start and take down a few notes on what happened. Do not get too hopeful though. The information included within the crash logs are fairly cryptic, and basically just lists the program that crashed, what programs were open at the time and the memory stack information. So this information is fairly useless unless you're a program developer.
For the majority of users you will want to disable this feature as it affects the performance of your computer when a crash occurs. And most of us don't like program crashes, and I'm willing to bet that if you're going to have crashes that you want them to come and go as quickly as possible. While the impact is only small when set to the default mini dump setting it is still more slowdown than you should have to deal with. For this reason I suggest turning off Dr. Watson. To do this start Dr. Watson by going to your start menu, selecting Run, typing in drwtsn32 and pressing okay. A dialog should appear with several options. The first step is to disable saving of crashes. So in the number of instructions box and in the number of errors to save enter 0. Then under options untick all check boxes. Then finally press the clear button if any items are listed under application errors. This will terminate all logging features, however when a crash occurs drwtsn32 will still be started (and terminated after it realizes it has nothing to do). To totally disable the redirection of crashes to the debugger import this registry file. If you would like to renable drwtsn32 logging then import this registry file. It should be noted that if you have a 3rd party debugger installed that it will place itself in this registry key (don't worry about this if you don't know what I'm talking about).
Return to top.
8. System Services
In Windows there are several places where programs can be set to startup when your computer boots. One of these places, and also the most important one, is the system services. These can be found in the Services MMC (start menu, run, services.msc, okay). The purpose of a system service is to provide shared functionality, such as Internet connectivity that any Internet enabled program can use. The benefit of these services, as opposed to other startup locations, is that they have the ability to run even before you have logged into Windows. In *nix the name for these are Daemons, but they provide the same functionality.
All Windows NT based operating systems (NT4, 2000, XP) have system services, but Windows 9x based operating systems (95, 98, Me) do not since they don't have the ability to really log into them. On Windows NT systems the system services contains some very important startup items, and for this reason you need to be careful. By disabling a system service you could be removing a critical system function. However, many services provide features that you won't want to use and take up RAM/CPU time, or will leave your computer more vulnerable to cracks. For this reason it is a good idea to shut down these services. For a complete list of services, their functions and what I recommend you do with them see my services tool.
Each service has three startup modes. The first is automatic. This means that when your operating system first loads it will run that particular service, or at least try. This means that the functionality of that service is available when your OS is booted. The second is manual. This mode means that the service is not started on boot but starts when required. So, if program requires that service it will start it and then use. Sometimes after the program is done with it the service will be stopped, thus freeing the resources it was using. Sometimes services are always considered needed and by setting them to manual they will be started on startup because some other service or another program wanted it running even though it may not require it. The third is disabled. This means that the service can't be started even if a program requires functionality from it, and it can't be enabled by the operator unless very set to manual or automatic. There is no benefit of disabled over manual if the service isn't requested to start by another process, so normally you should set it to manual unless you know it's not needed or you don't want it.
The first important performance service is the Indexing Service. Due to the complexity of this service I have written a section for it. Please see section 2 of the performance guide if you haven't already.
The next important service you should modify is the Help and Support service. This is used in displaying the Windows help system available on the start menu and is also used by the remote assistance feature. The simple truth of this service is that by default it is set to start automatically with Windows, which means it idles in the background waiting for you to search help and this is very wasteful. To fix this problem set this service to manual. This way it will not consume memory until such time that you use it as it will autostart when you access help.
The Computer Browser service is used in create NetBIOS share lists for Windows file sharing. Simply this means if you have multiple computers that they know of eachother thanks to this servie (or WINS servers if you're on a business network). If you only own one computer and do not use Windows File Sharing (you may know it as the computers you access through network neighborhood) then this service can safely be disabled.
Another fairly useless service is the Error Reporting Service. This service is used whenever an application crashes and allows you to report the crash to Microsoft. Personally I doubt that Microsoft uses the information they receive to fix problems, but rather to use for statistical analysis of what programs are the most commonly used. In any event you don't need this service and it can be disabled unless you really like it. You should also disable this feature first from system properties so it doesn't expect this service to be used. This can be accessed from system properties (right click my computer, properties) and then from the error reporting menu.
For the majority of users the features provided by the IPSEC services service are useless. This service provides security communication abilities for programs like VPNs and most home users have no need for this functionality to be enabled by default. I would suggest setting this to manual to save on memory, and in that way if it is needed it will start when requested.
The next service is called the Portable Media Serial Number service and is a Digital Rights Management (DRM) features that keeps you from sharing multimedia files with people that did not purchase them. The concept is that this service keeps track of serial numbers for devices that are copyright friendly, and a program can interface with this service to verify that an attached multimedia device will not let you illegally share the files. I would suggest setting this service to manual since I don't believe it is used by any other programs except Windows Media Player.
A feature called System Restore (see topic 1) is enabled through a service called the System Restore Service. This feature should be turned off by the means described in topic 1. If the service is running even after disabling through those means then you should set this service to disabled.
Yet another service of interest is called the Task Scheduler. But, you should be warned that this could possibly impact you. This service provides the ability to schedule the execution of programs. This means there's a chance that either you or a program that you have installed uses this service to perform scheduled tasks. If you don't use it though then it's constantly idling in the background wasting memory and some CPU cycles to check if it's supposed to do something. For this reason I would suggest that you disable it unless you have important scheduled tasks. It should be noted that the Microsoft Backup used in Windows XP uses this service to perform scheduled backups. You can see if you have scheduled tasks by using the scheduled tasks option in the control panel.
You can also optionally disable the Themes service. This service provides the theming interface to Windows XP, which by default makes Windows XP blue. But, this consumes system resources and on older machines this is wasteful. It should be noted that even if you disable the theme options it does not remove the system layer that provides the theming ability. But, if you disable this service then the memory is never consumed, even at system startup.
Another service that could clear up some memory on a home user computer is the Messenger service. This is an especially annoying service since a few nasty spammers have taken upon themselves to make a quick buck. The purpose of this service is so network administrators on corporate networks can send you text notifications through a popup message and so the alerter service can send out text notifications. These messages are for things such as, "the file server is going down for a reboot and will be back in a few minutes." So, this service isn't really meant for the home user but in Windows this was enabled even for the home users for some reason. I would like to point out that this service is in no way connected to Windows Messenger, the chat program. And, I would recommend disabling this service unless you know you need it because it will save you some memory.
Another unneeded memory consumer is the Remote Registry service. Once again this service was designed for corporate networks so that network administrators could remotely control your computer. This service gives direct control to your registry from a remote control if they know your username and password. Your registry is the central repository for all system information; including installed programs, your system services, email settings, etc.. This service can be disabled for a boot in available memory. And if you want to better understand the registry then please read the registry chapter of my components guide.
The SSDP Discovery Service provides Universal Plug and Play to Windows. UP&P is much like ordinary plug and play, but instead of detecting devices connected to your computer directly it detects devices through the network. A good example of this is the Microsoft family of routers. When you connect your computer to a Microsoft router your computer will detect the router through a series of probes and then the router will be automatically installed on your computer. Unless you need this functionality you should disable this service for additional free memory. For this reason I would strongly recommend disabling this service unless you require it.
The purpose of the Terminal Services service originates with the Windows server line and allows you to connect to Windows operating systems running as terminal servers to host your desktop. This is a similar concept to that of an X Server for *nix or a Citrix server or a mainframe, allowing you to use your computer as a dumb terminal. With Windows XP the functionality of this service was extended beyond the server line, allowing you to remotely control your computer across the Internet using Remote Desktop. When this service is enabled, when Remote Desktop is enabled, and when you have allowed users or groups through the allow logon through terminal services a user will be able to log into your computer as if they were sitting in front of it. This system consumes an amount of memory that can be saved if you do not need the abilities provided by it.
The Secondary Logon service can also be set to manual to save memory. This service is meant to allow administrators to run programs using elevated security privileges under a user account. If you are running as an administrator or an owner then you don't need this service always running and if you set it to manual then it will start when needed.
The Wireless Zero Configuration service can also be set to disabled to save memory, unless you are using wireless devices with your computer. This is used by wireless network cards and other wireless devices to centralize the control of them. If you don't have wireless devices though then this isn't needed and it's just wasting your memory.
Return to top.
9. Startup Files
For details on this topic I would suggest reading the malware guide on removal. It contains all the common startup locations and how to remove malware from them. This topic can easily be applied to any typical program that you do not want to have startup with Windows.
Return to top.
10. IE Script Debugging
Several Microsoft products such as Microsoft Office 2000/XP/2003 or Visual Studio install the Machine Debug Manager (MDM) as a service onto your computer. This service is a waste of memory for the majority of people since few of us debug applications. It also has the nasty habit of slowing down applications when they become unstable as this service gathers information from that program. Worse yet, this service is automatically enabled when Internet Explorer is started so that it can monitor for invalid scripts.
To disable it open an Internet Explorer window and from the tools dropdown menu select Options. The window that popups up can also be found in your control panel under Internet Options. From this window select the advanced tab. The window should look a lot like what you see in the screenshot to the left. Find the option under browsing for "Disable script debugging" and tick that check box. Then close all Internet Explorer windows you have open.
If you have not already then I would suggest reading section 8 on performance related system services. Because it will explain how you can disable the machine debug manager service if it is installed on your computer.
Return to top.
Computer hard-drives work much like how the old card catalogs worked in libraries. There's an index of files, which is called generically the file allocation table (FAT) or specifically the Master File Table (MFT) in Windows XP's NT File System (NTFS). This index is basically a listing of all the files on the computer.
But, instead of an index entry pointing to an individual file it points to a section of a file. This can be conceptualized by the library metaphor. If you had a constantly changing library with insertions and removals taking place, then you may run out of space between two sections. And instead of moving all of the files to make space, you rip the book into pieces and make note of where you placed them. This saves space and time because you don't need to search for a large area to store the entire book.
This is how it works on a hard-drive. But, the problem is then that over time the files are scattered across the hard-drive and then it takes time to survey the drive for the various pieces to a file. The state of how scattered the files are on a hard-drive is the state of fragmentation. This is usually expressed as a percentage, but it could also state it as specific numbers. You can use a process known as defragmention (or more simply as to defragment) to reorganize the files into a more sane fashion so the computer can read them more quickly. This means that your computers scatters the files on the hard-drive when it needs to work quickly and that you tell the computer to reorganize the files during down time, such as when you're sleeping and not when you're playing a game.
In Windows XP there's a defragmenter built into the operating system. You can access this as a component of the computer management console (Start, Run, compmgmt.msc, OK), from the disk management console (Start, Run, diskmgmt.msc, OK) or from the properties context menus of My Computer. The easiest way to use it is by right clicking a drive in My Computer and selecting Properties from the dropdown menu. Then on the Tools tab use the "Defragment Now" button to start the disk management console. Then select the drive you wish to defragment and use the defragment button and wait for it to finish.
Defragmentation will speed up disk access to some degree but don't expect miracles out of it. It used to be much more important, but with the increase of hard-drives and the use of queuing technologies (such as native command queuing) this has reduced the need for defragmenting since the drive intelligently queues the files in order.
Return to top.