Consider the following trace in xperfview:

This should be familiar to you, it’s the DPC storm / storport doorbell that looks like this:

So how does this trace look in WPA from the Windows 8 ADK (RP edition)?

A little different, but the Dude isn’t closed minded here, so lets give it a whirl:

Observe.  With that LSI_SAS selected, we see the time frame on the top middle where the CPU was doing work in that module.  and See the stack?  Which view is more in-depth?  WPA is the frickin future man.  I was a doubting Thomas 100%.  But WPA takes xperfview to a whole ‘nother level of magic.

And the Dude believes!

Hats off to Michael Milirud and the Windows Performance Toolkit team.  Seriously folks.  Job well done.

Another example, why does WINLOGON INIT take so long?

How cool is that?  We can see CCMEXEC took 8 seconds, its simple to just scroll down the list and see exactly why WINLOGON INIT took so long, and triage it.

I LOVE IT!

I’m going to build some broken scenarios in my lab and do some more examples of how-tos…

For some, VDI is about density. How many guests can we stuff into a host with performance and user experience still at acceptable levels? This script is the clarion call for those, a herald in dark times of performance degradation. It is, the script a couple PFEs wrote…

It makes an image lean but supportable. Fast, quick, usable (of course TEST TEST TEST for your applications and needs).

In a post to follow I will deconstruct the script and HTA to open a discussion on the settings.  Post here:  http://blogs.technet.com/b/jeff_stokes/archive/2012/10/18/deconstructing-the-pfe-vdi-optimization-script.aspx

It comes with both an HTA for on the fly configuration and a straight VBS script for inclusion in deployment or image configuration. And it logs in trace32 format.

Industry feedback is welcome.

This script was created by Carl Luberti, Tanner Slayton, and Jeff Stokes. We are Premier Field Engineers at Microsoft.

The Script and HTA are below.

Thank you.

EDIT:  10/24/2013 - Jeff Stokes and Carl Luberti - "Removed Offline File Service disable section at advise of MCS, it is found that the only proper way to disable OFS is to disable via GPO, so apply GPO http://gpsearch.azurewebsites.net/default.aspx?policyid=2061&ref=1 to your VDI OU instead.

SCRIPT:

This Sample Code is provided for the purpose of illustration only and is not intended to be used in a production environment.  THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.  We grant You a nonexclusive, royalty-free right to use and modify the Sample Code and to reproduce and distribute the object code form of the Sample Code, provided that You agree: (i) to not use Our name, logo, or trademarks to market Your software product in which the Sample Code is embedded; (ii) to include a valid copyright notice on Your software product in which the Sample Code is embedded; and (iii) to indemnify, hold harmless, and defend Us and Our suppliers from and against any claims or lawsuits, including attorneys’ fees, that arise or result from the use or distribution of the Sample Code.

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm.

' // ========================================================================
' // Original generated with VDIOptimizer - http://www.autoitscript.com/tools
' // (c)2010 Jonathan Bennett
' //
' // Current version updated by Jeff Stokes (MSFT)
' // Last Modified: 10/18/2012
' // ========================================================================

' // ==============
' // General Advice
' // ==============
'
' Before finalizing the image perform the following tasks:
' - Ensure no unwanted startup files by using autoruns.exe from SysInternals
' - Run the Disk Cleanup tool as administrator and delete all temporary files and system restore points (can be automated with this script)
' - Run disk defrag and consolidate free space: defrag c: /v /x
' - Reboot the machine 6 times and wait 120 seconds after logging on before performing the next reboot (boot prefetch training)
' - Run disk defrag and optimize boot files (Windows 7 only): defrag c: /v /b
' - If using a dynamic virtual disk, use the vendor's utilities to perform a "shrink" operation

' // *************
' // *  CAUTION  *
' // *************
'
' THIS SCRIPT MAKES CONSIDERABLE CHANGES TO THE DEFAULT CONFIGURATION OF WINDOWS 7.
'
' Please review this script THOROUGHLY before applying to your virtual machine, and disable changes below as necessary to suit your current
' environment.
'
' This script is provided AS-IS - usage of this source assumes that you are at the very least familiar with the vbscript language being used and the
' tools used to create and debug this file.
'
' In other words, if you break it, you get to keep the pieces.

' Constants
Const ForReading = 1
Const Disable_Aero = False
Const Disable_BranchCache = False
Const Disable_EFS = False
Const Disable_iSCSI = False
Const Disable_MachPass = False
Const Disable_Search = False

' Common objects
Set oShell = WScript.CreateObject ("WScript.Shell")
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oEnv = oShell.Environment("User")

' Command Line Arguments for Some Settings
Set colNamedArguments = WScript.Arguments.Named

If colNamedArguments.Exists("Aero") Then
     strAero = colNamedArguments.Item("Aero")
Else
     strAero = Disable_Aero
End If

If colNamedArguments.Exists("BranchCache") Then
     strBranchCache = colNamedArguments.Item("BranchCache")
Else
     strBranchCache = Disable_BranchCache
End If

If colNamedArguments.Exists("EFS") Then
     strEFS = colNamedArguments.Item("EFS")
Else
     strEFS = Disable_EFS
End If

If colNamedArguments.Exists("iSCSI") Then
     striSCSI = colNamedArguments.Item("iSCSI")
Else
     striSCSI = Disable_iSCSI
End If

If colNamedArguments.Exists("MachPass") Then
     strMachPass = colNamedArguments.Item("MachPass")
Else
     strMachPass = Disable_MachPass
End If

If colNamedArguments.Exists("Search") Then
    strSearch = colNamedArguments.Item("Search")
Else
    strSearch = Disable_Search
End If

' First things first - enable RDP Connections!!!
RunWait "WMIC rdtoggle where AllowTSConnections=0 call SetAllowTSConnections 1,1"
RunWait "netsh advfirewall firewall set rule group=" & Chr(34) & "remote desktop" & Chr(34) & " new enable=Yes"

' // ==================
' // Configure Services
' // ==================

' Disable Adaptive Brightness Service
RunWait "sc config SensrSvc start= disabled"

' Disable Application Layer Gateway Service
RunWait "sc config ALG start= disabled"

' Disable Background Intelligent Transfer Service
RunWait "sc config BITS start= disabled"

' Disable Background Layout Service
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout\EnableLayout", 0, "REG_DWORD"

' Disable Bitlocker Drive Encryption Service
RunWait "sc config BDESVC start= disabled"

' Disable Block Level Backup Engine Service
RunWait "sc config wbengine start= disabled"

' Disable Bluetooth Support Service
RunWait "sc config bthserv start= disabled"

If strBranchCache = True Then
' Disable BranchCache Service
RunWait "sc config PeerDistSvc start= disabled"
End If

' Disable Computer Browser Service
RunWait "sc config Browser start= disabled"

' Disable Diagnostic Policy Service
RunWait "sc config DPS start= disabled"

' Disable Disk Defragmenter Service
RunWait "schtasks /change /tn ""microsoft\windows\defrag\ScheduledDefrag"" /disable"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction\Enable", "N", "REG_SZ"
RunWait "sc config defragsvc start= disabled"

' Disable Distributed Link Tracking Service
RunWait "sc stop TrkWks"
RunWait "sc config TrkWks start= disabled"

If strEFS = True Then
' Disable Encrypting File System Service
RunWait "sc config EFS start= disabled"
End If

' Disable Function Discovery Resource Publication Service
RunWait "sc config fdPHost start= disabled"

' Disable HomeGroup Listener Service
RunWait "sc config HomeGroupListener start= disabled"

' Disable HomeGroup Provider Service
RunWait "sc config HomeGroupProvider start= disabled"

If striSCSI = True Then
' Disable Microsoft iSCSI Provider Service
RunWait "sc config msiscsi start= disabled"
End If

' Disable Microsoft Software Shadow Copy Provider Service
RunWait "sc config swprv start= disabled"

' Disable Parental Controls Service
RunWait "sc config WPCSvc start= disabled"

' Disable Secure Socket Tunneling Protocol Service
RunWait "sc config SstpSvc start= disabled"

' Disable Shell Hardware Detection Service
RunWait "sc config ShellHWDetection start= disabled"

' Disable SNMP Trap Service
RunWait "sc config SNMPTRAP start= disabled"

' Disable Superfetch Service
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\EnablePrefetcher", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\EnableSuperfetch", &H00000000, "REG_DWORD"
RunWait "sc stop SysMain"
RunWait "sc config SysMain start= disabled"

' Disable SSDP Discovery Service
RunWait "sc stop SSDPSRV"
RunWait "sc config SSDPSRV start= disabled"

' Disable Tablet PC Input Service
RunWait "sc config TabletInputService start= disabled"

' Disable Telephony Service
RunWait "sc config TapiSrv start= disabled"

' Disable TPM Base Services Service
RunWait "sc config TBS start= disabled"

' Disable UPnP Device Host Service
RunWait "sc config upnphost start= disabled"

' Disable Windows Backup Service
RunWait "sc config SDRSVC start= disabled"

' Disable Windows CardSpace Service
RunWait "sc config idsvc start= disabled"

' Disable Windows Color System Service
RunWait "sc config WcsPlugInService start= disabled"

' Disable Windows Connect Now - Config Registrar Service
RunWait "sc config wcncsvc start= disabled"

' Disable Windows Defender Service
RunWait "schtasks /change /tn ""microsoft\windows Defender\MPIdleTask"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows Defender\MP Scheduled Scan"" /disable"
RunWait "sc stop WinDefend"
RunWait "sc config WinDefend start= disabled"

' Disable Windows Error Reporting Service
RunWait "sc config WerSvc start= disabled"

' Disable Windows Media Center Receiver Service
RunWait "sc config ehRecvr start= disabled"

' Disable Windows Media Center Scheduler Service
RunWait "sc config ehSched start= disabled"

' Disable Windows Media Player Network Sharing Service
RunWait "sc config WMPNetworkSvc start= disabled"

' Break out Windows Management Instrumentation Service
RunWait "winmgmt /standalonehost"
RunWait "sc config winmgmt group= COM Infrastructure"

'Disable Windows Search Service
If strSearch = True Then
    RunWait "sc stop WSearch"
    RunWait "sc config WSearch start= disabled"
End If

' Disable Wireless Zero Configuration Service
RunWait "sc config WZCSVC start= disabled"

' Disable WLAN AutoConfig Service
RunWait "sc config Wlansvc start= disabled"

' Disable WWAN AutoConfig Service
RunWait "sc config WwanSvc start= disabled"

' // ================
' // MACHINE SETTINGS
' // ================

' Do you want users to have the ability to use Aero themes for their desktop when connecting?
' If so, leave these two services enabled.  Disabling these services will disable Aero and DWM, and
' thus disable the use of any Aero themes:
If strAero = True Then
    ' Disable Desktop Window Manager Session Manager Service
    RunWait "sc config UxSms start= disabled"
    ' Disable Themes Service
    RunWait "sc config Themes start= disabled"
End If

' Disable Hard disk timeouts
RunWait "POWERCFG /SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 0012ee47-9041-4b5d-9b77-535fba8b1442 6738e2c4-e8a5-4a42-b16a-e040e769756e 0"
RunWait "POWERCFG /SETDCVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 0012ee47-9041-4b5d-9b77-535fba8b1442 6738e2c4-e8a5-4a42-b16a-e040e769756e 0"

' Disable TCP/IP / Large Send Offload
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableTaskOffload", &H00000001, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BNNS\Parameters\EnableOffload", &H00000000, "REG_DWORD"

' Disable hibernate
RunWait "powercfg -h off"

' Disable System Restore
Set objWMIService = GetObject("winmgmts:\\.\root\default")
Set objItem = objWMIService.Get("SystemRestore")
objItem.Disable("")
RunWait "schtasks /change /tn ""microsoft\windows\SystemRestore\SR"" /disable"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore\DisableSR", &H00000001, "REG_DWORD"

' Disable NTFS Last Access Timestamps
RunWait "FSUTIL behavior set disablelastaccess 1"

If strMachPass = True Then
    ' Disable Machine Account Password Changes
    oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange", &H00000001, "REG_DWORD"
End If

' Disable memory dumps
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\LogEvent", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\SendAlert", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot", &H00000001, "REG_DWORD"

' Disable default system screensaver
oShell.RegWrite "HKEY_USERS\.DEFAULT\Control Panel\Desktop\ScreenSaveActive", 0, "REG_DWORD"

' Increase service startup timeouts
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServicesPipeTimeout", &H0002bf20, "REG_DWORD"

' Increase Disk I/O Timeout to 200 seconds.
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk\TimeOutValue", &H000000C8, "REG_DWORD"

' Disable Other Scheduled Tasks
RunWait "schtasks /change /tn ""microsoft\windows\Application Experience\AitAgent"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Application Experience\ProgramDataUpdater"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Autochk\Proxy"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Customer Experience Improvement Program\Consolidator"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Customer Experience Improvement Program\KernelCeipTask"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Customer Experience Improvement Program\UsbCeip"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Diagnosis\Scheduled"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Maintenance\WinSAT"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\MobilePC\HotStart"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Power Efficiency Diagnostic\AnalyzeSystem"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\RAC\RacTask"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Ras\MobilityManager"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Registry\RegIdleBackup"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\SideShow\AutoWake"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\SideShow\GadgetManager"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\SideShow\SessionAgent"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\SideShow\SystemDataProviders"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\WDI\ResolutionHost"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Windows Filtering Platform\BfeOnServiceStartTypeChange"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Windows Media Sharing\UpdateLibrary"" /disable"
RunWait "schtasks /change /tn ""microsoft\windows\Windows Backup\ConfigNotification"" /disable"

' Configure Event Logs to 1028KB (Minimum size under Vista/7) and set retention to "overwrite"
Set oEventLogs = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!//./root/cimv2").InstancesOf("Win32_NTEventLogFile")
For Each e in oEventLogs
    e.MaxFileSize = 1052672
    e.OverWritePolicy = "WhenNeeded"
    e.OverWriteOutdated = 0
    e.Put_
    e.ClearEventLog()
Next

oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application\Retention", 0, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security\Retention", 0, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\Retention", 0, "REG_DWORD"

' Set PopUp Error Mode to "Neither"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows\ErrorMode", 2, "REG_DWORD"

' Disable bootlog and boot animation
RunWait "bcdedit /set {default} bootlog no"
RunWait "bcdedit /set {default} quietboot yes"

' Disable UAC secure desktop prompt
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop", &H00000000, "REG_DWORD"

' Disable New Network dialog
RunWait "reg add HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff"

' Disable AutoUpdate of drivers from WU
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\searchorderConfig", 0, "REG_DWORD"

' Turn off Windows Gadget Platform, Media Center, Tablet PC Components, Windows DVD Maker, and Windows SideShow
RunWait "dism /online /Disable-Feature /FeatureName:WindowsGadgetPlatform /NoRestart"
RunWait "dism /online /Disable-Feature /FeatureName:MediaCenter /NoRestart"
RunWait "dism /online /Disable-Feature /FeatureName:TabletPCOC /NoRestart"
RunWait "dism /online /Disable-Feature /FeatureName:OpticalMediaDisc /NoRestart"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Sideshow\Disabled", 1, "REG_DWORD"

' Disable IE First Run Wizard and RSS Feeds
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize", 1, "REG_DWORD"

' Disable the ability to clear the paging file during shutdown
oShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management\ClearPageFileAtShutdown", 0, "REG_DWORD"

' Perform a disk cleanup
' Automate by creating the reg checks corresponding to "cleanmgr /sageset:100" so we can use "sagerun:100"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Downloaded Program Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Internet Cache Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Memory Dump Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Offline Pages Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Old ChkDsk Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Previous Installations\StateFlags0100", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Recycle Bin\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Setup Log Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\System error memory dump files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\System error minidump files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Setup Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Thumbnail Cache\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Upgrade Discarded Files\StateFlags0100", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Windows Error Reporting Archive Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Windows Error Reporting Queue Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Windows Error Reporting System Archive Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Windows Error Reporting System Queue Files\StateFlags0100", &H00000002, "REG_DWORD"
oShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Windows Upgrade Log Files\StateFlags0100", &H00000002, "REG_DWORD"
RunWait "cleanmgr.exe /sagerun:100"

' // =============
' // USER SETTINGS
' // =============

' Reduce menu show delay
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\MenuShowDelay", "0", "REG_SZ"

' Disable cursor blink
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\CursorBlinkRate", "-1", "REG_SZ"
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\DisableCursorBlink", &H00000001, "REG_DWORD"

' Force off-screen composition in IE
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Force Offscreen Composition", &H00000001, "REG_DWORD"

' Disable screensavers
oShell.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive", "0", "REG_SZ"
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive", "0", "REG_SZ"
oShell.RegWrite "HKEY_USERS\.DEFAULT\Control Panel\Desktop\ScreenSaveActive", "0", "REG_SZ"

' Don't show window contents when dragging
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\DragFullWindows", "0", "REG_SZ"

' Don't show window minimize/maximize animations
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics\MinAnimate", "0", "REG_SZ"

' Disable font smoothing
oShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\FontSmoothing", "0", "REG_SZ"

' Disable most other visual effects
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\VisualFXSetting", &H00000003, "REG_DWORD"
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\TaskbarAnimations", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewWatermark", &H00000000, "REG_DWORD"
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow", &H00000000, "REG_DWORD"
RegBinWrite "HKEY_CURRENT_USER\Control Panel\Desktop", "UserPreferencesMask", "90,12,01,80"

' Disable Action Center
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAHealth", &H00000001, "REG_DWORD"

' Disable IE Persistent Cache
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Persistent", 0, "REG_DWORD"
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Feeds\SyncStatus", 0, "REG_DWORD"

' Done
WScript.Quit

' // ================
' // HELPER FUNCTIONS
' // ================

Function Run(sFile)
    Run = oShell.Run(sFile, 1, False)
End Function

Function RunWait(sFile)
    RunWait = oShell.Run(sFile, 1, True)
End Function

Function RunWaitHidden(sFile)
    RunWaitHidden = oShell.Run(sFile, 0, True)
End Function

Function IsServer()
    IsServer = False
    On Error Resume Next
    For Each objOS in GetObject("winmgmts:").InstancesOf ("Win32_OperatingSystem")
        If objOS.ProductType = 1 Then IsServer = False
        If objOS.ProductType = 2 Or ObjOS.ProductType = 3 Then IsServer = True
    Next
End Function

Sub RegBinWrite (key, value, data)
    key = "[" & key & "]"

    If value <> "@" then
        value = chr(34) & value & chr(34)
    End if

    valString = value & "=" & "hex:" & data

    tempFile = GetTempDir() & "\regbinaryimport.reg"
    Set txtStream = oFSO.CreateTextFile(tempFile,true)
    txtStream.WriteLine("Windows Registry Editor Version 5.00")
    txtStream.WriteLine(key)
    txtStream.WriteLine(valString)
    txtStream.Close

    oShell.Run "regedit.exe /s """ & tempFile & """", 1, true

    oFSO.DeleteFile tempFile
End Sub

Function GetTEMPDir()
    GetTEMPDir = oEnv("TEMP")
    If InStr(GetTEMPDir, "%") Then
        GetTEMPDir = oShell.ExpandEnvironmentStrings(GetTEMPDir)
    End If
End Function

This Sample Code is provided for the purpose of illustration only and is not intended to be used in a production environment.  THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.  We grant You a nonexclusive, royalty-free right to use and modify the Sample Code and to reproduce and distribute the object code form of the Sample Code, provided that You agree: (i) to not use Our name, logo, or trademarks to market Your software product in which the Sample Code is embedded; (ii) to include a valid copyright notice on Your software product in which the Sample Code is embedded; and (iii) to indemnify, hold harmless, and defend Us and Our suppliers from and against any claims or lawsuits, including attorneys’ fees, that arise or result from the use or distribution of the Sample Code.

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm.

HTA:

<!--
' // ========================================================================
' // Current version updated by Carl Luberti (MSFT)
' // Last Modified: 10/01/2012
' // ========================================================================
-->

<html>
    <head>
        <title>PFE - VDI Customization</title>

        <HTA:APPLICATION
        APPLICATIONNAME="VDICustomization"
        ID="VDICustomization"
        VERSION="1.0"
        ShowInTaskBar="Yes"
        SingleInstance="Yes"
        WindowState="Normal"/>
    </head>

    <script language="VBScript">
        Sub Window_onLoad
            window.resizeTo 1130,830
        End Sub

        Sub OnClickButtonExecute()
            modifyVDI()
        End Sub

        Sub OnClickButtonCancel()
            Self.Close
        End Sub

        Sub modifyVDI
           dim cmdLine : cmdLine = trim(replace(VDICustomization.commandline,chr(34),""))
           dim path
           Set objShell = createobject("Shell.Application")
           dim options : options = ""
           dim x, cmd, str
           path = Left(document.location.pathname, InStrRev(document.location.pathname,"\"))
           If chkAero.Checked Then options = options & " /Aero:True"
           If chkBranchCache.Checked Then options = options & " /BranchCache:True"
           If chkEFS.Checked Then options = options & " /EFS:True"
           If chkiSCSI.Checked Then options = options & " /iSCSI:True"
           If chkMachPass.Checked Then options = options & " /MachPass:True"
           If chkSearch.Checked Then options = options & " /Search:True"
           cmd = path & "vdi_config_arguments.vbs " & options
           msgbox cmd
           objShell.ShellExecute "cscript.exe ", Chr(34) & cmd & Chr(34) & " uac", "", "runas", 1
        end sub

    </script>

    <body bgcolor="white">
        <center><font color='blue' size='6'>Welcome to the PFE - VDI Customization HTA</center></font><br>
        <center><font color='purple' size='4'><Bold> THIS SCRIPT MAKES CONSIDERABLE CHANGES TO THE DEFAULT CONFIGURATION OF WINDOWS 7 </Bold></font></center><br>
        <center>Please review this script THOROUGHLY before applying to your virtual machine, and disable changes below as necessary to suit your current environment.</center><br>
        <center><font color='red'><Bold>This script is provided AS-IS - usage of this source assumes that you are at the very least familiar with the vbscript and HTML languages being used and the tools used to create and debug these files.</Bold></font></center><br>
        <center>In other words, if you break it, you get to keep the pieces.</center><br><br>

        <font color='blue'><Bold>Additional options that can be disabled - these changes are recommended, but not required.</Bold><br>
        Check any additional option that you wish to be applied, and click the "Execute" button below:</font>
        < br>
        <input type="checkbox" name="chkAero" id="vdiconfig">Disable Aero capabilities<br>
        <input type="checkbox" name="chkBranchCache" id="vdiconfig">Disable BranchCache support<br>
        <input type="checkbox" name="chkEFS" id="vdiconfig">Disable EFS support<br>
        <input type="checkbox" name="chkiSCSI" id="vdiconfig">Disable iSCSI support<br>
        <input type="checkbox" name="chkMachPass" id="vdiconfig">Disable Machine Password Changes<br>
        <input type="checkbox" name="chkSearch" id="vdiconfig">Disable Windows Search support<br>

        <p><font size='4'>Before finalizing the image perform the following tasks:</font><br>
        <font color='red'>
          - Ensure no unwanted startup files by using autoruns.exe from SysInternals<br>
          - Run the Disk Cleanup tool as administrator and delete all temporary files and system restore points (can be automated with this script)<br>
          - Run disk defrag and consolidate free space: defrag c: /v /x<br>
          - Reboot the machine 6 times and wait 120 seconds after logging on before performing the next reboot (boot prefetch training)<br>
          - Run disk defrag and optimize boot files (Windows 7 only): defrag c: /v /b<br>
          - If using a dynamic virtual disk, use the vendor's utilities to perform a "shrink" operation<br>
        </font></p>
        < br>
        <center>
        <input type="button" name="Execute" id="Execute" value="Execute" onclick="OnClickButtonExecute">
        <input type="button" name="Cancel" id="Cancel" value="Cancel" onclick="OnClickButtonCancel">
        </center>
    </body>
< /html>

Assume the following:  You have a Windows 7 host that you want to collect a trace from.  The user complains of audio issues, stuttering, latency, etc…or video frame rate is low.  Something annoying.

Like my previous post, lets cover a few basic rules here as we get started:

1.  If host = Windows 7 AND bitness = amd64 THEN Set DisablePagingExecutive to 1 and reboot:

http://technet.microsoft.com/en-us/library/cc959492.aspx

2.  Make sure the user account we want to trace is local administrator, even temporarily.

After we have that, install the Windows 8 ADK on the target machine, or copy the Windows Performance Toolkit from a machine it has already been installed on onto our target machine.

(We can install by running ADK Setup and deselecting EVERYTHING except Windows Performance Toolkit, by the way.)

So, its there, somewhere.

1.  Run WPRUI elevated/as administrator

2.  Click More Options on the bottom left, revealing the window that looks like this:

3.  For audio and video glitches that are easy to reproduce, check the scenario you are reproducing in the scenario analysis area.  Change Logging Mode to File based and hit start.

4.  Click “Start” and the reproduce the issue.  The window will look like this while you do so:

5.  When it reproduces, click Save and save the file off, review in xperfview or Windows Performance Analyzer to determine the cause of the glitches, probably DPCs from usbaudio drivers, but what do I know….

“But way Dude!  What if this isn’t easy to reproduce?” you may ask….

Step….

6.  If this is not easy to reproduce, get setup to collect a trace as above, but don’t use WPRUI.

Instead, elevate a command prompt, go to the root of a drive, I’ll use C: for the example, and do the following after you have DisablePagingExecutive set and WPT installed…make a trace directory and cd to it.

xperf -on dispatcher+latency+drivers -stackwalk readythread+threadcreate+cswitch+profile -f C:\trace\xperftrace.etl -minbuffers 1024 -maxbuffers 1024 -maxfile 512 -filemode circular

Then let it run in the background while you dork around trying to reproduce the issue.  Once it hits, simply do the following:

Xperf -d C:\trace\results.etl

Now you can open results.etl in xperfview.exe or Windows Performance Analyzer and look for DPCs and so forth that might be causing the issue….

Enjoy!

Applies to Exchange 2003, concepts apply to 2007 as well. 

I've bumped into a few cases recently where the customer had unexpected transaction log file growth that caused the server to dismount a storage group due to lack of disk space.  In this post I'll attempted to explain why this occurs, how to troubleshoot it, etc.

The short of it is transaction log file growth usually occurs because of a repeating transaction.  It can be a looping message, a mis-behaving client, or a corrupt message.  Looping messages I've seen done by users setting up special things on their Outlook clients.  Consider the following example:

A user leaves for the weekend.  They are expecting an important email, so they put in a forward rule to forward all email to their mobile phone's email address.  They either  1)mis-type that address, or 2)their phone's email box doesn't accept messages above a certain size.  In the event of 1), every message sent to the user is going to hit the mail servers of the phone provider and bounce with an invalid address.  This NDR will come back and hit the mailbox of the user, where the forward rule will forward the NDR to the phone, which will bounce and come back to the inbox, where it will forward the NDR to the phone......  In the event of 2), any message above the size limit will trigger the loop above (unless the ISP's mail server knows not to append the offending email as an attachment to the NDR).

This is a real world example I've personally run into.  Users can and will do all kinds of bizarre things that under the light of day seem obtuse, but in the heat of the moment make sense.

So how do you track this down?

The normal troubleshooting path I take for this type of problem is:

1.  Run Exmon.  Tell me if a single user is taking something silly like 50% of the servers resources.  If you're spooling out transaction logs like it's nobody's business and Exmon shows a user at 50%+ and they are in the same Storage Group as the spooling transaction logs, then chances are you've found your man.  If Exmon doesn't point anything out of the ordinary, then proceed to step 2:

2.  Go to your Exchange System Manager, drill down to the Storage Group that you're seeing the transaction log growth on.  Expand each database and visit the logins area.  Add columns for MSG Ops, Folder Ops, Total Ops, and sort by high/low and see if you have one user towering above the rest.  Do this for each database.  If you've got a single user standing out, again, this is very likely your culprit.  Log into their mailbox, see if there is something stuck in the Outbox, or check their active client for any client-side rule that may be at fault.  Worse comes to worse, disable the user's mail.

3.  User Scott Oseychik's guide on Transaction Log analysis to figure out what the offending message might be:

http://blogs.msdn.com/scottos/archive/2007/07/12/rough-and-tough-guide-to-identifying-patterns-in-ese-transaction-log-files.aspx

This is an excellent guide and needs no further clarification.

4.  If this doesn't work out for you at this point, call into support, it could be a problem with a mobile device syncing or an OWA session trying to process a corrupt message (I've seen both scenarios).  Only a series of store dumps collected with adplus will tell us that.

I hope this helps in your troubleshooting efforts.

So one of the questions that comes to mind every now and then in technical circles (and outside as well) is "Why doesn't it take so long for my machine to boot?".  Just what's going on in there while these friendly, soothing graphics come up on the screen, and I wait and wait for a prompt to login?

Great question.  I recently purchased a solid state drive for my laptop and after imaging it with Windows 7 and loading it all up with drivers and whatnot, I had the same question.  So I went off an looked to find out what the 'deal' was.

So I went to the Windows Performance Analysis website and downloaded and installed the Windows 7 SDK, which includes the Windows Performance Toolkit (mainly, for this exercise, xbootmgr.exe and xperfview.exe. 

(So xbootmgr will tell the kernel to start tracing at boot and tell Windows to restart so it can get on with the trace.  So be prepared for the system to reboot you when you type this in and hit enter!)

Anway, after download and installation, I did the following from an elevated command prompt:

xbootmgr -trace boot -traceflags BASE+CSWITCH+DISK_IO_INIT

I did this in a directory where I had room for a couple hundred meg etl trace and it was nice and tidy so I didn't have to hunt for anything.

My system rebooted and as soon as I was presented with a command prompt, I logged in.  After the shell came up, I had a window on my screen that basically counted down post boot tracing, for 120 seconds.  When I see this I just let it do its thing.

After 120 seconds, it wraps all this data into an etl file named boot_BASE+SWITCH+DISK_IO_INIT.etl in the directory where I ran the command prompt.

After the system is done collecting its data and waiting on the prefetcher info and whatnot, I then go in and do the fun bit, open the ETL file with xperfview.

I immediately am drawn to the wide gap where nothing happens in my services list, from the 22 to 38 second mark.  Turns out this is the ambient light sensor for my keyboards backlight.  It takes the driver a bit of time to figure out the ambient light where I'm at to make a judgement call on if a backlit keyboard is needed.  In Windows 7 there is a handy feature for services called "Automatic (Delayed Start)".  I put the service into that state and rebooted and I saved 16 seconds on my boot time.  A decent gain I think.

Now, this is a very, very rudimentary explanation of how to review an ETL file, something simple to look for, a beginners example.  I highly recommend going further with ETL / WPT, as it is a very insightful glimpse into Windows system performance.  To dig further, I've collected some links from a list that is floating around internally...

Performance toolkit (XPERF) log & analysis

The required steps to collect xperf logs on XP / Vista are as follows:

1) Download & Install the toolkit on a Vista/2008/Windows 7 machine.
   The latest version of the Windows Performance Toolkit is part of the Windows 7 SDK (which is a huge download). The following blog has the steps to download the ‘bare minimum’ to get the WPT toolkit.

    http://blogs.msdn.com/jimmymay/archive/2009/11/24/xperf-install-windows-performance-toolkit-wpt-with-242mb-download-not-2-5gb-windows-7-sdk-part-2.aspx

2) Copy the contents of the “C:\Program Files\Microsoft Windows Performance Toolkit”  to a folder on Windows XP (or a USB memory stick).

3) Turn off the  “No Execute” or ‘Execute Disable” security option for CPU in the BIOS (or if you cannot find the appropriate BIOS setting, add the following switch to the boot.ini file:  noexecute=alwaysoff)

4) Either run xbootmgr from the command line, or use the XPerfUI utility which you can download from our codeplex website: http://xperfui.codeplex.com/

5) Copy the resulting .etl file to the Vista machine to use the xperfview GUI to open & analyze it. If a userenv log is generated under %windir%\debug\usermode, it can also be copied to correlate processes & times.

MSDN documentation link for the Windows Performance Toolkit:

http://msdn.microsoft.com/en-us/library/cc305187.aspx

Windows On/Off Transitions Solutions Guide  (Diagrams)

http://www.microsoft.com/whdc/system/pnppwr/powermgmt/OnOffTrans.mspx

On/Off Transition Performance Analysis of Windows Vista (Vulnerabilities)

http://www.microsoft.com/whdc/system/sysperf/On-Off_Transition.mspx 

Xperf UI – GUI wrapper for the Xperf command line tool
http://xperfui.codeplex.com/

Also a good blog for more information

http://blogs.msdn.com/pigscanfly/pages/xperf-articles.aspx

Two Minute Drill: Introduction to XPerf

http://blogs.technet.com/askperf/archive/2008/06/27/an-intro-to-xperf.aspx

More notes on xperf:

To show if there are any active loggers

Xperf –loggers     

To stop any active loggers

Xperf –stop

To view help on available flags

Xperf –providers  i

Xperf –help providers

To trace any process ad hoc including cpu, disk and registry

Xperf –on diageasy+registry

<let the activity happen>

Then stop and merge the wmi / etl data into the log file

Xperf –d mytrace1.etl

To view the traces; (only works on Vista  or Svr 2008 or later)

Xperf <logname.etl>

Or

Use xperfview as the GUI

Special thanks to Fatih Colgar and Roger Southgate for comprising the "Performance Toolkit (XPERF) Log & Analysis" links and walk through.