Provide Feedback on this Broadcast

Microsoft Support WebCast

Monitoring and Tuning System Performance in Microsoft Windows XP

August 15, 2003

Note This document is based on the original spoken WebCast transcript. It has been edited for clarity.

Dan Suehr: Hello and welcome. As Otto said, today's topic is Monitoring and Tuning System Performance in Microsoft® Windows® XP. I want to start off by just sort of setting some expectations. This is geared to an intermediate audience, and we're not going to talk about enterprise-level performance tuning. We're talking about Windows XP performance on the desktop. So this is not really intended for to advanced IT professionals. So if you're on the WebCast and you're looking for that kind of information, you might want to look for a different WebCast, because this is just about desktop performance tuning.

I'll cover our agenda for today (slide 2). We're going to have an introduction, talking about performance optimization in Microsoft Windows XP. We'll talk a little bit about monitoring performance with Task Manager, and a little bit about the performance console as well. We'll talk about tuning performance, visual effects, managing processor scheduling, memory usage, virtual memory, using defrag and Disk Cleanup, and some techniques for troubleshooting performance: MSConfig, Chkdsk, and Task Manager.

We've done our best to tune for performance. Microsoft Windows XP is optimized for the Pentium 4 processor (slide 3). We have optimizations in there for the Windows XP TCP/IP stack, for faster Internet downloads. Applications can take advantage of the features in the Pentium 4 processor SSE2 instruction set for more efficient use of system memory, less processing time for the operating system, and faster applications. It also has optimizations for DirectX® 8.0 3-D rendering that use the Pentium 4 SSE2 instruction set for smoother 3-D graphics.

If you're looking for higher performance than our standard Windows XP 32-bit operating system, we also have a 64-bit edition of the Windows XP operating system available (slide 4). That's designed to be run on technical workstations, for customers who are running high-performance applications, such as mechanical design and analysis software, 3-D animation, video editing and composition, and scientific and high-end computing applications.

In addition to being tuned for those, it also supports additional memory, so you can use up to 16 gigabytes (GB) of RAM as opposed to 4 GB of RAM in the 32-bit edition, and you can have a page file of up to 8 terabytes. The version 2003 of the 64-bit operating system adds optimizations for the Intel Itanium 2 processor, and its Explicitly Parallel Instruction Computing architecture.

Despite some of our best efforts to tune performance for you and optimize our operating systems, it's a matter of fact that slowdowns do happen. Probably all of us who have been working with computers for any amount of time have experienced that — you're sitting there and your hard drive just chugs away, your system stops responding, or an application just hangs there, and nothing happens. What we want to do today is reassure you that even novice customers who don't have a lot of experience in IT can diagnose and resolve their own problems, and we have a set of tools built right into the operating system to help you with that.

Some of the tools that we're going to talk about today are Task Manager, Performance Monitor, the Disk Cleanup Wizard, Disk Defragmenter, wizards to adjust performance options, Chkdsk, and the System Configuration Utility.

Breakdowns in performance are often referred to as bottlenecks, and they are some of the most common problems in operating systems. The basics behind a bottleneck are that you're trying to do too much with too few resources.

A great tool for diagnosing bottlenecks is the Task Manager (slide 5). The Task Manager is the file Taskmgr.exe, as you can see on the slide. There's also a quick way to bring it up, and that's by pressing CTRL+SHIFT+ESC at the same time. Not only can you diagnose problems with Task Manager, but you can also fix some basic problems with it as well. Task Manager provides a real-time view of resource usage. If you look at the Processes tab (slide 6), it not only shows you what applications are running, but also what processes are running behind those applications.

There are columns over on the right-hand side that are labeled CPU and Mem Usage. CPU is the percentage of CPU time that that individual process is using at the current time, and memory usage shows the amount of memory that is being used by the process at any given time.

We don't have a screen shot of it, but the next tab over is the Performance tab. That can give you a lot of useful information as well. It shows you the overall amount of CPU usage and it gives you very detailed information about memory usage. It tells you how much physical memory you have installed in the PC, the amount that's available through the cache, and the amount that's currently being used.

There is an entry that's of special interest and that is the peak entry under the Commit Charge. What this shows you is the maximum amount of memory that is being called upon by the operating system, so the peak value, and if this frequently exceeds the amount of physical RAM that you have in the PC, the system is going to have to use what's called virtual memory or a page file. That is disk storage space that is used to mimic physical memory.

The disadvantage of using a virtual memory system is that access to a hard drive is far slower than access to physical memory, so it slows down your performance quite a bit. If you see this peak entry under Commit Charge frequently exceeding the amount of physical RAM that you have in the computer, consider adding additional RAM to the system. Insufficient memory is one of the major problems that we see, on a regular basis, with our customers, and it causes a substantial number of the bottlenecks that we encounter. It's amazing what adding some RAM to your system can do. It can really speed up your processing time.

Back to that Processes tab that we were talking about. If you click in the gray titled area where Mem Usage and CPU and User Name are listed, you can sort this list by any one of those entries. If you sort it by memory usage, it'll show you which process is using the most memory.

If you have an application that is using a substantial amount of memory, you may want to consider closing that application if you're experiencing performance degradation.

You can also sort the list by processor time. This lets you see which processes are using the most processor time. Processor bottlenecks, though, are fairly infrequent, not something that we see a lot. You do see this sometimes when customers are using CPU-intensive software, like CAD applications or applications that convert or edit digital media. Some games and some poorly written software can excessively use processor time as well. When you're going to close applications, though, it's always preferable to use the interface on the Applications tab.

If you go back to the Applications tab (slide 5), you would select the application from the list of applications that are running, and then click the End Task button. There are two entries in the Status column that you'll see on a fairly regular basis, and those are Running and Not Responding. It's important to point out that Not Responding does not necessarily mean that there's a problem with the application. It can mean that it's just in the process of doing a calculation that will not allow it to have time to communicate with the Task Manager.

So if you're running an application and it's accessing data in a large database, and it's sorting through that database, pulling out records, it's not uncommon for you to see that the application says Not Responding, when in fact what it's doing is just processing. So you don't want to react to something that's not responding and just say, "I better cancel that task." Give it some time, if it's a large process.

Even if you were to end all of the applications that are listed in this list, it's still very likely that there are applications that are running in the background. The list of applications that show up on the Applications tab are just the applications that have a task bar button associated with them. So anything that runs at startup probably is not going to be listed in this list; things like antivirus software, system monitoring software, anything that doesn't get a task bar button, basically, is not going to be listed on this list.

You can terminate those applications directly from the Task Manager as well, and you do that on the Processes tab (slide 6). But you want to be very careful about this; this can be dangerous, so you don't want to just go through this list and end processes unless you are very sure of what those processes are. Many of the processes that are listed here are critical to Windows itself, so they should not be terminated.

It's also important to recognize that unlike on the Applications tab, if you were to end an application here on the Processes tab, you would not be prompted to save your work. So there is a risk of losing data if you end the process rather than ending the application.

We always suggest that you first try to close any application through the user interface itself. If that's not possible, try to close it using the Applications tab in Task Manager. As a last resort, if you really know what process is associated with a particular application, then you can use the Processes tab and end the application. To do this, all you would do is select the process associated with an application. You see one for Notepad, so if Notepad were the problem application, we could select NOTEPAD.EXE and then click the End Process button.

The default view of the Processes tab is that you get the name, that is what is under Image Name, of the process itself, the User Name under which the application is running, the memory usage and the CPU percentage. It is possible to add additional columns for additional criteria related to that process. To do that you would use the Select Columns option on the View menu. What that will provide you with is a list of additional criteria that you can select by selecting the check boxes.

Another common source of performance problems is an excessive number of programs that run automatically at startup. This tends to slow down startup itself, the whole boot process. Applications that run in the background also tend to use an excessive amount of memory that is then not available to the applications you're using.

It is important for some applications to be able to start automatically. Things like antivirus software should start automatically at system startup. However, many of the applications that start automatically are just wasting system resources. This is something that we see quite often in PCs that have been preconfigured with software by retailers. They tend to load a lot of extra bells and whistles onto a system, and applications that you're not even really aware of, but they're running in the background. So what we'd like to tell you is that if you experience performance degradation, you should probably consider uninstalling some of those apps if you don't actually use that software.

There is a utility that you can use to see which applications run at startup, and that's called the System Configuration Utility (slide 7). On the System Configuration Utility there is a tab for Startup. To run the System Configuration Utility you can just click Start, click Run, type msconfig, and press ENTER.

On the Startup tab there is a list of all the applications that run at startup. You can clear the selection for an individual application to prevent it from running at the next startup.

Another strategy is to clear the selections one at a time and then restart your system to see if disabling that selection causes any problems or resolves any problems for you. Another strategy is to disable all of them, and then add them back one at a time until you identify which application is using excessive system resources. What you could do is restart with one application at a time, and then go back and look at Task Manager and examine how system resources are being used by that individual application.

In general, we do not recommend that you use the System Configuration Utility as a permanent solution to managing startup of applications. Applications start up automatically for a number of different reasons, and you can use the System Configuration Utility, but if you do that, it might confuse you later when you need to troubleshoot other things. So what we really recommend is that you look for other ways to disable those applications from starting up at startup.

A lot of those applications will have an Options entry in their menu, and often you can find a check box that will allow you to prevent the application from running at startup. You can also check the Startup folder, and that's by clicking the Start button, pointing to All Programs, and then pointing to the Startup folder. And a number of applications may be listed in there and have shortcuts. To prevent them from running at startup, you simply delete this shortcut from the Startup folder.

If you're not using the applications that run at startup, that are using the excessive resources, then we recommend that you uninstall those applications. We also recommend that you uninstall applications that don't give you the option to reconfigure their startup behavior. Because there are some applications that don't have any way to do that. They don't have a shortcut in the Startup folder. They don't have an option that will allow you to prevent them from running at startup.

Another key component of working with system performance is regular maintenance. To keep performance optimized, regular maintenance is advised. Some of the things that you can do to keep the performance of your system at its peak are to check the disk for errors, defragment your hard disk drive, and perform Disk Cleanup to get rid of unneeded files.

Let's start by talking about checking disks for errors (slide 8). Some of the symptoms of disk errors include an inability to open and save files, as well as blue screens, and data corruption. To diagnose and recover from disk corruption, you use the utility known as Check Disk. The best way to get to the Check Disk utility is to open My Computer, and then you view the properties of the disk that you want to work with by right-clicking it and choosing Properties from the context-sensitive menu.

Then you select the Tools tab. And for Check Disk there is an Error-checking section, and you click the Check Now button. There are two options that are going to be presented to you any time that you run Check Disk, and you can see them there on the slide that's presented at this time: Automatically fix file system errors and Scan for and attempt recovery of bad sectors.

In most cases you're going to select both of these before you run the Check Disk utility. And you'll be prompted with a message that tells you that this is going to require you to reboot the system. And then Check Disk actually runs while the system is booting up. So while you have the black screen with the white lettering, before you even see Windows starting, it's going to run, and be aware that that's going to mean an increase in the amount of time it takes to boot that time. Don't be alarmed by that extra time.

Another concept that's important to understand is defragmentation. Fragmentation occurs over time when data gets written to non-contiguous clusters of hard drive space. The more fragmented a hard drive becomes, the more times it takes to retrieve data from the disk, and this results in slower performance as well. There is a utility that's built into Windows that you can use to defragment your disk, and that's the Disk Defragmenter (slide 9).

To use the Disk Defragmenter you, again, open My Computer. You right-click the disk that you want to defragment, and then choose Properties from the context-sensitive menu. On the Tools tab there is a section for Defragmentation, and you click Defragment Now. The tool will check and advise you as to whether the disk needs to be defragmented or not. It will show you the amount of fragmentation that currently exists and give you a recommendation as to whether you should defragment now or not. You can override that if you want to defragment anyway, but it's not really necessary. The tool gives you a good analysis of whether you need to defragment or not.

It can take a considerable amount of time to run the defragmentation tool; so don't be alarmed if it takes a while for the defragmentation process to take place, especially if you're working with an especially large partition.

We also recommend that you keep your hard disk drive fairly clean, so that means clearing up disk space. We're living in an era when we have more and more hard drive space available to us, but there doesn't seem to be any limit to the amount of hard drive space that we can use up. So the more hard drive space is made available, to me at least, the more data I tend to store on my PC. So although we're living in a time when we have much larger hard disks than we ever have before, it's still important to clean up your hard drive from time to time.

Some of the things you need to do are to clear out temporary files, uninstall applications that aren't being used, uninstall Windows applications that aren't needed, and delete data that you no longer need — or move it to an alternate storage medium, like floppy disk or a CD. If you see performance degradation and you take some of these steps, you can see some increase in your system speed. To do this you use the Disk Cleanup wizard (slide 10).

The Disk Cleanup wizard can be run by calling Cleanmgr.exe, or you can run it from the Start menu, click Start, All Programs, Accessories, System Tools, Disk Cleanup. It's a very intuitive wizard that assists you with getting rid of downloaded program files, temporary Internet files, offline Web pages, Microsoft Office temporary files, Office Setup files, files that are in your Recycle Bin, offline files, and so on.

There's also a More Options tab (slide 11) on the Disk Cleanup wizard that allows you to get in and uninstall Windows components that you might not be using any longer, installed applications. It gives you a way to get into Add or Remove Programs and remove some of the applications that you're not using. Also, there is a quick way to get into what's called the System Restore points.

Windows XP has a great feature built into it, in that it backs itself up from time to time, so that if you install an application and then begin to experience problems, you can use System Restore to go back to a previous point. But that comes with a cost, and that's the space that it takes to store these images that are used to get you back to a prior system condition. So if you're running short on hard drive space, one of the things that you might want to do, if you're sure that your system is running stably, is delete some of the System Restore points.

I'll talk a little bit about performance tuning (slide 12), and the way to get to performance tuning settings is through the Control Panel. Double-click System, and then on the Advanced tab you'll see Performance, and then a Settings button. You click the Settings button and the window that you see in front of you will appear.

The section for Processor scheduling allows you to choose what the primary purpose of this machine is. Is the primary purpose to run applications? If that's the case, then you would leave it at the default, Programs. If this machine is acting more as a server and you want it to run background services, you would click the Background services option.

There's also a section there for Memory usage, whether the machine is being used primarily to run programs again or whether that memory should be optimized to run the system cache. Again, this would be used if it were more of a file server or a print server.

You can also get in and change the virtual memory that we talked about before, the section of your hard disk drive that acts as if it were additional memory on your system. To do that you click the Change button.

When you click the Change button, that takes you to a different screen for setting virtual memory and for changing your page file (slide 13). There are some recommendations about working with a page file.

We recommend that you do not run your page file on your system disk, so the disk where Windows is actually installed. If it's possible to move that page file to a different hard disk drive or even just a different partition, you're going to see an increase in performance. We also recommend that you spread that page file over as many different disk partitions as you can. That can also give you some increased performance.

Here you can set the size of your page file, and that really depends on the amount of physical memory that you have installed on the system. You can even set it so that there is no page file on a particular partition. It is important to remember that even if you have so much memory on your system that you think that you're never going to exceed the capacity of physical memory, you still need to have at least a small page file present. Many applications need a page file, even if there is enough physical memory in the system to handle all of the calls for memory usage.

You will see at the bottom that it also has the minimum allowed page file, it gives you a recommendation for how large your page file should be, and shows what you have currently allocated.

If we go back to the Performance Options (slide 14), we had been looking at the Advanced tab. There's a separate tab for Visual Effects. One of the things in Windows that uses up a lot of resources are the visual effects, so if you are running low on system memory and you need to get some increased performance, and you can't use any of the recommendations that we've made about uninstalling applications that run at startup or adding additional memory, one of the things that you can do to boost performance is to disable some of the visual effects in Windows.

So you have some general settings, you can select Let Windows choose what's best for my computer, and that's the default setting. But you can also adjust for best appearance and adjust for best performance. If you're an advanced user, you can choose Custom, and then you can pick and choose, from this list that you see, which options you want to use.

The last thing that we're going to talk about today is the Performance Monitor (slide 15), and we're just going to touch on that briefly. Performance Monitor is a utility that you can use to get additional and more detailed information about system performance. What Task Manager gives you is a picture of what's going on right now with your system. Performance Monitor allows you to get a picture of what your system is looking like over time. So if you need to get an idea of what's going on over a period of time, then you can use Performance Monitor.

You can either use Performance Monitor to look at things in real time, or you can have it store everything in logs that can be analyzed after the fact. The Performance Monitor is really a bit beyond the scope of this presentation. We do have some links at the end of the presentation for Knowledge Base articles that talk about how to use the Performance Monitor.

Some of the additional resources (slide 16) that are available to you include Microsoft Knowledge Base article 314848, "How to Defragment Your Disk Drive Volumes in Windows XP"; article number 248345, "How to Create a Log Using System Monitor in Windows 2000"; article number 305610, "HOW TO: Manage System Monitor Counters in Windows XP," so if you're interested in information on how to use that Performance Monitor, that's a good article for you to take a look at; and article number 819946, "A Program Stops Performing a Task or Explorer.exe Uses 100 Percent of the CPU When You Right-Click an Item in Windows Explorer."

Also, a highly recommended book from Microsoft Press®, Microsoft Windows XP Inside Out, Deluxe Edition by Ed Bott, Carl Siechert, and Craig Stinson, published in 2002. We especially recommend, for what we've been covering in this presentation, that you review Chapter 7, "Tuning Up System Performance," and Chapter 25, "Performing Routine Maintenance."

Thank you for joining us for today's WebCast. For information about upcoming Support WebCasts and access to archived content, you can follow the link on your screen now (slide 17). Your feedback is appreciated. Please send any comments or suggestions to supweb@microsoft.com. We're now ready to open up the floor to questions.

Otto Cate: Thank you very much for the presentation, Dan. Before we jump into the Q&A, I'd like to share a couple of quick program notes with our listeners. If any of the details on the PowerPoint® slides were difficult to view on your browser today, or you'd like to simply have a copy of the slides, they should be available for download from the Web site. You can take a look at those offline.

The Q&A portion of the Support WebCast is intended to encourage further discussion of the topic that we addressed today, and one-on-one product support issues are really outside the scope of what we're able to address. So if you find that you need some more complex technical assistance that could take a little bit of time, feel free to contact a support professional either by phone or on the Web. So let's jump into these questions.

I don't understand the "not responding" status. How does an application communicate with Task Manager in those instances?

Dan: The application just reports its status, either running or not responding, to Task Manager. It has to use part of its communication protocols to communicate that to Task Manager. If the application is completely bound up in some process that has to do with what the application itself is doing, then application doesn't have enough resources to communicate to Task Manager that it is, in fact, running. So it shows up as Not Responding for a time in Task Manager.

Charles Erwin: This is Charles Erwin, and I'm helping out on the Q&A. I also do support and documentation for Microsoft. One of the most common examples, where you normally would see this not responding, is when you send documents to the printer from different applications. For the first few seconds, when you do that, it typically locks up the application as it's trying to scroll the document. Basically, just like Dan said, the application is fully occupied, thinking about some other task, and it really doesn't want to be bothered with saying what it's doing.

Otto: On the Processes tab in Windows Task Manager, there are some columns like I/O reads and I/O writes. We're wondering if those high numbers can tell me that something is going wrong, or are high numbers their normal behavior? Would that be able to help me troubleshoot a hard disk?

Don Luttmer: I think to answer that question you would first have to ask yourself what the process is that's doing the input/output writes. Some processes are just naturally a lot larger than other processes. If you have a process that's doing large input/output writes and reads and writes, and you know that should be a small process — for example, Messenger, a very small program that shouldn't be doing large writes — if it is, yes, that could be indicative of a problem.

If you have a database program that's doing large queries, then no, large input and output writes would not be indicative of a problem.

Dan: Other applications that would just naturally show high input/output reads would be things like if you're editing digital media as well. So, yes, it doesn't necessarily mean that there is a problem.

Otto: Regarding MSConfig, can we run this from the command window, or would it have to be through Start, Run? If we can go through, for instance, the command window, what might be indicated if it just doesn't launch?

Charles: Typically MSConfig is only used through the Run dialog, and not through the command window. It is a Windows desktop function. If you're not able to find it by clicking Start, clicking Run, typing msconfig, and pressing ENTER — I've never heard of that happening. So my concern would be that the application was deleted for some reason or was moved. I would certainly consider clicking Start, clicking Search, and searching for the file MSConfig, to verify that it is on the computer.

Dan: It's important to remember, also, that this presentation is geared toward Windows XP and that there are other versions of Windows that feature MSConfig, but there are other versions of Windows that do not. Windows 2000, for example, does not even have the MSConfig utility, so it could be that you're using a different version of the operating system.

Charles: I happened to notice that that caller came back in and said he did find it by clicking Start and clicking Run, so we put him on track.

Otto: This question might be application specific, but I'll ask it just in case we have some general pointers: We've recently bought a system that has a virus scanner that checks for updates daily. However, about every five minutes it fails. It appears to be running through Task Scheduler. We disabled the task and then, of course, it was enabled the next day on reboot. Do you have any general ideas on that?

Charles: I'll take that. First of all, what's happening is that the antivirus program, very correctly, is checking for updates to the signature file every day. New information comes out, and it wants that update. When it fails it places itself into kind its own little loop that it rechecks every five minutes or so. Now that's not a process that's running from startup; it's actually launched from the antivirus program.

I would bet that you can go into that antivirus program, and there will be a setting for how often you want to have it check for updates. You may even be able to turn it off and do the update manually, although I wouldn't consider leaving it off automatic. But that's actually a process that's launched from the antivirus program that's running in the background.

Don: Just to add to what Charles said there, a lot of the time when we see failures from antivirus programs downloading updates, it's because the system isn't actually connected. If you are not connected to the Internet, and the antivirus program is running and doesn't sense that you are not connected, it will just fail and error out.

Otto: We have a couple of questions on defrag: Is the defragmenter an integrated version of Disk Keeper Light? I'm not sure exactly what application that is. It almost sounds like it may be a third-party application.

Dan: I don't know about Disk Keeper Light, but it is licensed as part of Microsoft Windows.

Otto: When I try to run defrag under XP Home, whether I choose either analyze or defragment, it gets to about 10 percent and then errors out with "The connection to the defragmentation engine has been lost. Please restart defrag." Is that something you have seen before?

Charles: Yes. Typically what's happening is there is a process running in the background that is grabbing hold of the hard drive while the disk defragmenter wants to use it. This causes the defragmenter to, of course, want to stop its process and restart. An easy way to get around this is to run the defragmenter from Safe Mode.

You can always shut off what's running in the background using some of the details Dan described in the presentation, or you can reboot the computer into Safe Mode and run the defragmenter. Because it's in Safe Mode, nothing should be running in the background that's going to cause it to come to a stop.

If you want to get into the Safe Mode, there are a couple of different means. The most common is when you are booting the computer, prior to seeing the Windows XP logo, you can press the F8 key. That will bring up the Startup menu. You choose number 3, Safe Mode, and allow it to boot into Safe Mode. If you can't seem to hit the keystroke correctly, and that is a common issue, you can use the MSConfig utility, which we talked about. Again, it's Start, Run, MSConfig. The tab you could click is the Boot.ini tab. You would check /SAFEBOOT, and it will boot into Safe Mode.

Don: Just to add to what Charles said there, Windows XP does have security features built into it. If you use the MSConfig option, please be sure that you note or remember your administrator password, or you will not be able to get into Safe Mode.

Otto: We have a follow-up on that virus scanner question. It appears that they are actually never connected to the Internet, so that certainly could be reason for failure. They have, I guess, turned it off within the virus scanner itself, but it still seems to be hanging onto it. So I would assume that the best bet, in this case, would be to contact the manufacturer of that virus scanner and see if there are any further details that they could provide.

Charles: That's certainly the best bet, or even go to the virus scanner's Web site. They usually have a support and a FAQ page where it will give the most commonly answered questions. If it's a problem that needs to be revolved right away, you can certainly go into the MSConfig utility, go to the Startup group, and clear the selection where the virus scanner loads. That's only a temporary measure, though. You really want to adjust it in the virus scanner properties.

Otto: We recently updated with all of the latest Microsoft updates, and we've noticed some performance degradation whenever we do any type of operation that's related to Explorer. The Explorer.exe process takes an awful long time to launch, either the Windows Explorer or Internet Explorer. This question might be a bit general, but do we have some basic pointers on what we might be able to do in that case?

Charles: I would certainly consider doing some standard performance troubleshooting like you heard today. It's quite possible that when you updated you had applications that did not deal with the new software very well. A lot of times applications are written specifically for certain versions of Windows files. They're not really supposed to be written that way, but they are. When we update those files in a typical Windows update situation, whatever was hooked into them now becomes a problem.

I would certainly consider looking at the Performance Monitor, using MSConfig and maybe clearing the selections for everything in the Startup group and rebooting, seeing if we get a performance improvement. Also, it's always a good idea to run an antivirus check on your system to make sure something hasn't happened also with it.

And another common problem that's going on right now is a lot of people have small, third-party software that has been bundled and installed on their system. They call it adware or spyware; they are advertising programs. And there are a lot of third-party tools available for personal use that can scan, detect, and remove such items. They can often cause system performance problems.

Otto: There's a question here on defrag: Is there a way to defragment a PC remotely without having to go out and purchase a third-party application?

Dan: You can run the defragmentation tool if you use Remote Assistance. You can connect to a computer that is not the local computer, and then run the defragmenter from that computer. I'm not sure if that answers the person's question or not. You don't have to be logged in locally to run defragmentation. If you're running Windows XP, then it's there.

Otto: I run a Disk Cleanup Wizard quite frequently, and it seems like the size of my Windows directory has grown to 3.5 GB. Is that a normal size, or do we possibly have an issue there? I've looked on several other systems and they're in about the 2.5-GB range, or possibly higher, after several months of use.

Don: That could be a completely normal result, or it could be something wrong with the system. Every time you install a program, whatever program it is, it will put files in the Windows directory. Developers of third-party programs will put files, specifically DLL files, into the Windows directory, because that increases the performance of their applications.

So, yes, it is possible that it is just a natural occurrence that your Windows directory has grown that large. However, like Charles suggested earlier to another caller, run a virus scan on the system just to make sure that it isn't a problem. And also I would, other than DLL files, just do a search through that directory and see if there is an inordinate number of files with the same type of extension.

Otto: This question seems semi-related: The Documents and Settings area has grown to a very large size. It's on my C drive, which is currently running out of space. Is there a utility I could use to move the Documents and Settings to another disk and still basically have the system properly find everything that it needs — any user settings?

Dan: No. User settings need to be stored on your system drive. There is no way to move those to another drive. What might be happening is you have a large number of people using the same computer, and so you have a large number of different profiles on that computer. So one thing you might consider doing is splitting up those users and having them use two different computers, so you don't get too many user profiles on one system or the other. Or you might want to have those people use a common account.

Don: There is a lot of information, of course, that is stored in those folders. Some of the information in this Documents and Settings area include things like your temporary Internet files. If a user spends a lot of time on the Internet, they'll have a large number of temporary Internet files, so using the Disk Cleanup wizard will take a lot of those files out of there, decreasing the size of that folder.

Charles: This is Charles, and one last thing: Remember that when you're using Disk Cleanup, you should log in as each individual user. It doesn't actually allow you to clean up the temporary files from all the users all at once, so you have to log in as each one. Often you have an unused account that is taking up lots of space.

Otto: Ninety-nine percent of our fragments seem to be in System Volume Information\_Restore\Catalog — thousands of fragments. We clean this up and then it happens again. Any ideas?

Charles: The first thing is you probably don't have to clean up fragmented files in the System Volume Information. Of course, that's where we're storing our restore points for Windows XP. Cleaning up fragmented files improves disk access when you are pulling the files up and saving the files. System Restore files, typically you're never going to use them, and if you do use them, it's only going to be once, and you're probably not going to be that worried about access, because you're going to be fixing a problem.

So if your fragmented files are pretty much stored in one particular section, in the System Volume Information, which is constantly making new files and deleting files, it probably is not a big deal if you leave it fragmented. Also, I will say that as the drive gets full, and you're down to your last 100 MB or 50 MB of space, fragmentation happens a lot faster. So it might be that if you just freed up more hard disk space, that's going to improve as well.

Otto: The fragments from System Volume Information\Catalog.wci seem to affect our backups, as objects are busy, and then our front desk people think that the backups failed, and then we get calls that the backups take longer. Is that something we can turn off before the backups?

Charles: First of all, unfortunately, if you've turned off System Restore it clears out your restore points, so there really is no way to disable it without losing all of the safeguards. What I would consider is, because you know that restore points are stored in a particular folder, typically backup programs can be told to ignore a particular section for the backup. I would certainly consider that to be the more prudent option — to just configure the backup programs to not back up restore points. To some degree, backing up a restore point is being redundant anyhow.

Dan: You might even want to consider, as you configure new machines, separating the System partition from the place where you store your data, so that you store your data on a completely separate partition from your operating system files. Then you can just back up the partition that has your data, rather than backing up your system information. Because the System Restore point is there to perform that function for you.

Otto: The daily service pack updates each create a $something file in the Windows directory. After the patch has been applied for a while, is it safe to remove those $ directories? If so, do we just delete them, or do we have to use the utility?

Charles: Truth be told, I believe it is safe to remove those, but also I believe they include uninstall information. So while I do think you can remove them, they're probably not taking up a ton of space compared to other things. And because they do contain uninstall information, it's very prudent to keep them.

Otto: This question might be outside the scope, but perhaps we can point this user to some information: Our locally defined printer on Windows XP seems to keep losing its default status. Is that something you guys have seen before?

Don: I would have to say that, no, I have not seen that particular issue before. There are a couple of things that I would look to for that. We're going to start to sound like a broken record here in a moment, but I would say certainly do a virus scan, although I know of no viruses that have that particular behavior. I would also — for whatever manufacturer wrote the driver, whatever kind of printer it is, you have a printer driver installed — contact that vendor to see if there is an issue. This may be a known issue for that particular printer, and if it is a known issue for that particular printer, most manufacturers would have an update for it.

Otto: We have a follow-up on remote defragmentation, and the question is: From an administration point of view, to defragment 1,000+ computers, can it be done remotely or through any other Microsoft management tools? Currently I'm aware of only some third-party products that give you this administration capability, and it can be scheduled weekly or monthly to all computers in a domain.

I found a KB article. It's 231176, "Running Windows Disk Defragmenter Requires Administrative Privileges." It does mention in the bottom part that the version of Disk Defragmenter is not intended to be used as a tool for administrators to maintain network workstations. Is there anything else you could add to that, or would this probably be the best pointer?

Don: I think that's an excellent article. I would also add that because this person is an administrator of a very large network, another way that you could do this is you could write a system policy. How to write that system policy is well beyond the scope of this WebCast. I would recommend, if you're doing something like that, that you reference the Windows XP Resource Kit. Not only the Windows XP Resource Kit, but whatever your domain is, if it's a Windows 2000 domain, I would reference those books as well, on how to write those policies.

Otto: What are a few of the most important indicators in the System Monitor? I'm not sure if they're referring to the Performance Monitor or Task Manager. Perhaps that user can clarify what applications you're actually looking at there.

Next question. I assume this user is looking to increase overall application performance, and they're wondering: Can we update from Windows XP Pro to the 64-bit version, just as a straightforward upgrade?

Don: The quick answer to that question is no. The 64-bit version is specifically written for computers with a 64-bit processor.

Otto: In Task Manager, you can't always tell what program is running simply by the program name. Is there some kind of resource that lists program names to help us understand what application is running? It seems general. There are millions of applications, but do you guys have any general pointers?

Dan: There aren't really any good resources, because those names are defined by the individual vendors themselves. So the developers who write the software determine what the name of their process is going to be. There might be some KB articles out there that talk about some of the Microsoft Windows-related services, and what the names of those processes are in there, but when you're talking about third-party applications, I don't know of any resources that are comprehensive that list what names different companies use for their processes.

Don: When I'm talking to customers and they tell me something is listed in Task Manager or is listed in the startup group items in MSConfig, and they are not sure what that is, I'll often just go out on the Internet, choose one of the search engines, type that application name in, and look at the hits that come back. And from that you can usually determine what program that file is associated with. This is by no means an exhaustive list, and it's going to take some digging and some research to figure it out, but that's the way that I handle it.

Otto: What is the impact, I assume they're taking about performance impact, of GPO processing on XP desktops? And what would the recommended interval be for applying policies?

Don: I would have to say, because they are asking about Group Policy objects, that they are talking about, again, large domains. This is beyond the scope of this WebCast.

Otto: I have a machine here that has a minimum requirement of 64 MB of RAM. To increment the performance, I adjust visual effects to best performance. In effect, I turn off all of them. Is that a recommended situation for a minimum config?

Dan: Sure. It sounds like a great idea. If you're not able to update the system and put additional resources into it, yes, it's advisable. There is no difficulty or problem that's presented by disabling those visual effects. The operating system still works the same way; it just does not look quite as pretty.

Charles: This is Charles. In Windows XP, we included a lot of features to make the viewing easier, like the clear type font, faded browser windows, and menu bars. Unfortunately, that all takes a lot more processing space. And by turning that off you can often increase your performance quite a bit, on a minimum-level system like that.

Otto: If Checkdisk runs and is unable to complete because of errors, does that mean that we might have a bad hard drive, assuming that the failure is not caused by other applications that are running?

Don: Yes. That's exactly what that means. If I were receiving Checkdisk messages, saying that it couldn't finish because of errors on the disk, the first thing that I would do is back up all my data on that disk, because failure is probably imminent. And then look toward replacing that disk.

Dan: The good news is that hard drive space is at historic lows.

Otto: Is there a way to schedule defragmentation?

Don: Absolutely. Built into the Windows XP operating system we have the Task Scheduler. You can set disk defragmenter, or a lot of other utilities as well, to run in the Task Scheduler. To learn how to do that, I would simply go into Windows Help, and there are very comprehensive instructions in Windows Help on how to set up tasks in the Task Scheduler.

Otto: My understanding is that compression of files can slow down hard drive performance. Is this true? If so, can you recommend any guidelines for using the compression for old files that feature this in Disk Cleanup?

Dan: Compression can slow down hard disk performance if you're accessing those files on a regular basis. It takes the system resources to decompress and then compress those files again. If you are, in fact, compressing old files — and that's what that setting is used for, it's used to determine which files aren't frequently used, and then compresses those — then you probably will not see deterioration in performance. But if some situation changes and those files that you hadn't used for a long time become files that you use again, then you will see some degradation in performance, and you might want to consider uncompressing those files permanently.

Otto: We have a follow-up to one of the questions that we addressed on processes. It looks like they were trying to install firewalls, and it's difficult to figure out which processes should be allowed to run. They're looking for a list of Microsoft processes that should be permitted. Do we have a comprehensive list?

Charles: Dan is going to see if he can find an article. We might put it in the transcript. {Editor's note: The presenters were unable to find an article on this topic.} I will tell you the MSConfig utility has a neat little feature. When you click Start, click Run, type MSConfig, and press ENTER, if you bring up the Services tab for services that run on startup, there is a selection for Hide All Microsoft Services. What happens is the only thing left there are the non-Microsoft services, often your antivirus programs or your firewall or things like that. That's one way to see what needs to run and what is a third-party application.

Otto: Next question here regarding temp files: I'm seeing a lot of temp files popping up over pretty much all the XP folders, and I've noticed it on a number of machines. I haven't really been able to pinpoint anything causing this, other than maybe some BB apps. Is it generally recommended to clear out *.tmp files if the Disk Cleanup Wizard catches all of them? Or should it catch all of them?

Charles: Typically the Disk Cleanup Wizard will catch them. As to why they're being created, often programs that work with documents, such as Office programs, when you open up a document, will actually create a temp file, and you're working in the temp file. That way multiple people can open the same document. If for some reason the application shuts down through non-standard means, those temp files would be left alone.

If you have a system that crashes, any processes that might have temp files open does not have a chance to purge those. So, often, a lot of temp files being created is a sign that your system may not be not shutting down properly, or that programs are not exiting properly. They certainly should be. If they're in standard places, the Disk Cleanup should deal with them. You can always go through and delete them yourself. Of course, that might be where you are storing files when the system crashes, so be careful.

Otto: Do you recommend setting the Internet Explorer cache to minimum when you're using a broadband connection?

Don: The answer to that question would depend on the amount of hard drive space that you have free. Personally, no, I would not ever set that to minimum or turn it off. Just a little history on those temporary Internet files: The temporary Internet files are files that are stored on your computer so that every time you load a Web page, it does not have to go out and download those files again.

Even over a broadband connection — broadband, of course, is never as quick as access from a local hard drive. So, yes, setting it to low would be better than setting it to low on a dial-up connection, but you're still going to see a great performance increase if you don't set that to low.

Charles: This is Charles again. Don is right. When it reaches the capacity that you set, if you set it to minimum, the computer starts having to delete Internet files before it writes new ones. So now you're performing two read/writes instead of just one, whenever you're going out to a Web site. So you will notice a performance lag when you're just viewing and surfing the Web.

Otto: We have a follow-up on the processes question. They're wondering about Messenger: Sometimes it seems that Messenger is used to pass messages and sometimes it's just used for chat, which I don't use. Do I need to enable that process?

Don: This is the customer who was talking about firewalls, correct? Rather than dealing with Messenger at a process level, I would deal with Messenger more at a port level. There are different ports that are used to transfer just regular chat messages, and the ports that transfer the files are different ports. For information on that, I would take a look at the Windows XP Resource Kits and also go to support.microsoft.com and search the Knowledge Base. It will tell you which ports are used for which, and then you can turn off the ports on your firewall that are related to file transfer.

Charles: We might want to be careful, too, because there is Windows Messenger, which is built into the product, and then there is also a service called the Messenger Service. I'm not sure, but it sounds like we might be confusing the Messenger Service of Windows, which allows administrators to send messages to a remote desktop, with the Windows Messenger chat service. Those are two different things that just happen to have the same name.

Otto: When I move large files from drive to drive on my system, processing grinds to a halt. In essence, the computer goes to single tasking in the move itself, and we're wondering how we can move large files without getting an I/O log. Would adding a UPS change Windows caching for greater throughput?

Dan: No. A UPS is just for backup, in case you have a power failure, so that wouldn't help. What you might want to do is use some sort of an external tape backup as a way to do it, to transfer your data, rather than transferring. So it might be that you're going from one channel, a hard drive on a channel, to another hard drive on the same channel. If you have the ability to open up the box, you might want to try putting that hard drive on a different SCSI channel or a different IDE channel, so that you're getting the benefit of writing across channels rather than from one channel to a different drive on the same channel.

Charles: That is something I haven't thought about. The hard drives can use different channels. Another thing is if you're storing the original file on the same partition that your operating system is stored on, then that drive is going to be very occupied with transfers and usually can't make calls to launch and run other applications. If you have the original files stored on a second partition or a second drive, then you should get a performance boost when you transfer it, because you won't be tying up the partitioned drive that runs the operating system.

Otto: I just purchased a new copy of Windows XP Pro and installed it on the machine that I reformatted. And I went up to Windows Update site and found that there were 57 updates, patches, and security patches, and it took quite a long time to download and install all those patches. Is there something like a CD or offline method that we could use, or is it all just through the Web, through Windows Update?

Charles: After you've purchased your copy of XP, the majority of that is going to be through Windows Update. I will tell you that with Service Pack 1 for Windows XP we did do something called the media refresh, meaning that you could go out and buy a copy of Windows XP that has Service Pack 1 on it, and those SP1 files and downloads were already incorporated into it. That should hopefully have saved you from a lot of downloads.

Now it's very possible to go out right now and actually buy a version of Windows XP called the "gold version," which is the original one. You can still find it in stores. You will then have to download all of the service pack. So when you're out looking to purchase Windows XP, do look for a copy of Windows XP that says Service Pack 1 is included. As far as I know, we are not shipping a CD that has just the service packs installed.

I will tell you that from the Windows Update site you can go to the catalog update link and download the patches separately, and store them on a disk for your own use. For example, if you have a neighbor who has a high-speed connection, go to their house and, especially for the service pack, download the service pack, bring it back to your computer, and do the install.

Follow-up information: To download updates separately and install them on a computer that is offline (not on the Internet):

On the computer that needs the updates, go to the Windows Update site, either buy clicking the link in the Start menu or from within Internet Explorer by clicking on Tools and then clicking Windows Update.

Once you are at the Windows Update site:

  1. Click the Scan for Updates button at the center of the screen and scan the computer for needed updates.
  2. When the scan is complete, you will see the number of Critical Updates recommended for this computer. Click Critical Updates and Service Pack link on the left and the full list will be presented.
  3. Go down the list and write down each reference number at the beginning of each update.
  4. Take this list to the computer that you want to download the updates to. Presumably it has a high-speed connection and CD burning capability that is built into all versions of Windows XP.
  5. From that computer, browse to the Windows Update site.
  6. Click the link at the left, Personalize Windows Update.
  7. In the center of the screen, a check box will appear, labeled Display the link to the Windows Update Catalog.
  8. Select this check box and click the Save Settings box at the top right.
  9. A link for Windows Update Catalog will appear at the left. Click that link.
  10. Click the link titled Find updates for Microsoft Windows Operating Systems.
  11. Scroll down the list of operating systems and choose the right one for your version of Windows XP.

You will find many choices. If you are running a 64-bit version of Windows XP, you will know it. The 64-bit version requires special hardware. Most likely you are either running Windows XP RTM (original version) or Windows XP Service Pack 1 (SP1). In your list of needed updates to download, if Service Pack 1 is on that list, then you need to choose XP RTM. If Service Pack 1 is not on the list, it was included in your copy, and then you should choose XP SP1.

  1. After you choose the correct operating system, make sure the language is correct, and then click the Search button to the right of the screen.
  2. At the top of the screen will be a link saying Critical Updates and Service Packs and the number of possible downloads. Click this link.
  3. For your specific needs, run down this list and click the Add button for each item needed for your computer. There will be some items that you do not need, so pay attention to the list you made from the computer in need of updates.
  4. After you have selected all needed items, click the link at the top of the screen, labeled Go to Download Basket.
  5. You will need to store these downloads on this computer. Click the Browse button and choose the download location. (I recommend your Desktop. A software folder will be placed there, and the downloads are placed inside that folder.)
  6. Click the Download Now button, and when you accept the EULA (End-User License Agreement), the download will begin.
  7. When the download is finished, close the Windows Update window and prepare to copy these downloads to the needed computer.
  8. When installing downloads from the catalog site, always install the service packs first. The service pack for Windows XP has an executable file called xpsp1a.exe.

That'll save you a lot of download space. Unfortunately, other than that, you basically have to connect and just be patient. The easiest way to deal with it is by using a feature that Windows XP has built into it. It's our first operating system to use something called Automatic Update. Automatic Update runs in the background and will do the file transfer, a little bit at a time, over a long period. What you do to set that is you right-click My Computer, left-click Properties, and then you click the Automatic Update tab.

The first check box will enable automatic update, and then you have a bulleted choice about how you want it to handle it: whether it will prompt you to download, or if it will download automatically and prompt you to install, or whether you'll have it automatically downloaded and installed. If you do that, you can leave your computer on the Internet, even if you have a dial-up connection, and if you're not using it, this will download updates in the background, and then you'll just find that you have to click the Install button, and they will already be downloaded.

Otto: I have a fairly high-end desktop workstation that I used to run Windows XP Pro on, and I changed it to Windows Server™ 2003 when that version came out. I still use it as a desktop. It seems to operate much quicker in this case. They're wondering if there is a version of XP Pro that incorporates a lot of those performance enhancements. I would assume the only other option would be 64-bit, but of course, you would require a 64-bit processor there.

Don: Most of the enhancements that were built into Windows Server 2003 that are not in Windows XP Pro are specifically designed for server performance and server applications. So the short answer to that question is no. There isn't really anything that would turn Windows XP Pro into Windows Server 2003, other than just upgrading it.

Otto: We have a follow-up on that Messenger service and Messenger question. How do we know which Messenger we're looking at? Simply by looking at the file names? Is one called Messenger and one is called MS MGS?

Dan: Ms.mgs is a product that you use for chat, whereas the service is called Messenger.

Otto: We have a general question here regarding antivirus. Someone is wondering: Is there a particular antivirus program recommended for Windows XP Pro?

Charles: Of course, we don't actually recommend any particular antivirus program. It is certainly important to get a good one that updates frequently and that has an active participation. Recently Microsoft has started something called the Virus Information Alliance. We have joined forces with some of the top antivirus companies. Among them are Computer Associates, Network Associates, Sybari, Symantec, and Trend Micro. We're pooling all of our resources to deal with threats that come out and make sure that we have the proper response.

Otto: The last question that we have in the queue here looks like it's outside the scope, because it's a little bit more of an IT pro kind of question, but perhaps there are some general resources we could point them to. Some users are reporting that Windows XP OS locks up during the policy refresh process indicated in the application logs, and they were wondering if there are any specific Perfmon counters that could be used during policy refreshes, that kind of thing.

Dan: That would be something that you'd want to look at the resource kit for, or even possibly TechNet, to get further information about looking at how to troubleshoot those policies.

Otto: With that, it appears that we have answered all the questions that were submitted to the queue today. I certainly want to thank you all for joining us and hope that all this information was useful. I want to thank these guys in the studio for coming out and giving us a great presentation, and working through the Q&A as well.

It does look like a couple more questions snuck in under the wire. We have just a couple of minutes to get to these here.

Windows Messenger has two check boxes in the Add/Remove Windows Components dialog. One of them is unavailable. It cannot be cleared. Is that something that you've seen before?

Charles: Typically if the selection can't be cleared, it is because it's an underlying service, and it's not a program to be removed and installed. There are a number of functions that use the Messenger service and that are especially used on corporate networks. I hope that answers that.

Otto: The next question is probably going to be better addressed by the third-party company here, but it seems like this user is having some conflicts between Outlook® and ZoneAlarm, using up a lot of system resources and that kind of thing. Do you have any pointers on that, or would it be best to contact that company?

Don: Certainly the best thing to do is to contact that company. I will, however, say that it's very important to note that ZoneAlarm is a firewall service, and not an antivirus program. I just want the user to note that and make sure that they have some sort of other virus protection on there. You could even use a product that's made by the same manufacturer as ZoneAlarm.

Otto: It looks like we have run out of time, so I'm going to wrap up the session. I wanted to thank you all again for coming out and giving us a listen.

Your feedback (supweb@microsoft.com) is certainly valuable to us.

We hope that everyone has the opportunity to tune in again soon. Thank you, and have a great day.


Last Reviewed: Wednesday, December 3, 2003