Tuesday, May 6, 2014

[GEEK SCHOOL] Windows Admin 7: Understanding the Advanced System Properties Panel

clip_image001


The System Properties panel is one of those things that has been in Windows forever, yet most people don’t understand how it all works. Today’s Geek School lesson explains it.


This panel contains the settings for some important features in Windows, including virtual memory page file, system protection, data execution protection, processor scheduling, environment variables, and startup options for dual-boot configurations.


Most of the settings aren’t things that you’ll need to change often, and in most cases, you should probably just leave them at the defaults, but it is useful to understand why something is set a particular way, and whether or not you need to mess with it.


Accessing the Advanced System Settings Panel


Getting to the System panel is really easy on Windows 8, because you can right-click on the Start button or the start corner and pick System from the menu.


clip_image002


If you are using Windows 7 instead, you can browse through Control Panel to the System page, or you can right-click on Computer and select Properties. Either one will get you to the same place, the System Panel.


From there, you’ll want to click the Advanced System Settings link on the left-hand side.


clip_image004


It might seem a little odd, but Windows opens straight to the middle tab of the System Properties dialog, largely because the first two tabs aren’t that interesting.


The Advanced Tab


clip_image005


There are a lot of different things to be found on the Advanced tab, including performance, user profiles, startup, and environment variables. The average user doesn’t need to tweak things in here, but there are some good configuration changes that you might need under certain circumstances.


Clicking the Settings button in the Performance section gives you a bunch of options – the Visual Effects section will let you tweak all of the extra animations and things that make Windows look better. We’d recommend leaving that up to Windows unless you have a good reason to change it. (Personally we’ve always disabled the annoying minimize animation but left the others alone).


clip_image006


The Advanced tab gives you another option that requires a little explaining. The Processor Scheduling feature allows you to choose between Programs or Background services. The quick explanation is that when you are running a desktop system, you should always leave this set to Programs for best performance.


Quantums and Threads


The longer, geekier explanation is that this setting controls the Win32PrioritySeparation value in the Registry, which then controls whether Windows uses variable Quantums or not.


Windows applications and processes are internally broken up into Threads, which are the actual units of work that are running on the processor. Windows manages these threads to make sure that every application thread has a chance to run on the processor for a particular amount of time before Windows switches to another thread. This is the foundation of how Windows allows multiple applications to run at a time.


A Quantum is the length of time that Windows allows a thread to run before another thread with the same priority is allowed to run. The quantum value can be affected by a number of values, including whether variable or fixed quantums are allowed, which is what this setting controls.


Programs


When you set Processor Scheduling to Programs, Windows enables variable quantums, and gives higher priority and longer quantums to threads attached to the foreground window. This is a good thing for desktop users, since the foreground application gets the majority of the resources from the CPU, and switching between other threads quickly makes the UI more responsive for things that update in the background.


Background services


When you change the radio button to this value, Windows uses a fixed (and longer) quantum length to try and make sure that all processes get a nearly equal amount of time (if they are the same priority, at least). This is much better for servers or workstations running as a server, because system services will get equal time if they are set to the same priority and everything else is equal.


Note: this is an overly simplistic explanation of how this all works and there are many other factors involved, but this is the basic idea.


Virtual Memory


clip_image007


It was really popular a number of years ago to either disable the page file entirely, or make the page file really gigantic, or somewhere in between. And then there were all the people that split the page file up on multiple disks, or insisted you had to remove it from the system drive.


Everybody had a theory and their own calculation on what would give you the fastest performance. We’re not going to go back in time and debate all of those people, because we’re not living in the days of 64 MB of RAM and Windows XP anymore.


The fact is that with a modern PC that contains multiple gigabytes of RAM and modern versions of Windows (meaning at least Windows 7 but really Windows 8.1), you don’t need to mess with the page file at all.


Fun Fact: Since Vista, Windows changed the underlying memory management system to set priorities for each page of RAM rather than just using first-in, first-out like XP did. So when Windows decides to move something from RAM over to the page file, it will generally be moving something that you really didn’t need in active memory anyway.


Don’t Disable the Page File


Disabling the page file will generally work if you do have enough RAM, but it will also mean that any application that expects the page file to be there is going to just crash rather than slow down. It’s not worth the trouble for the tiny performance gain you’re unlikely to get. Windows 7 and 8.1 do a good job of only paging when really necessary.


Trimming Down the Page File Size


If you are running on a smaller SSD as your boot drive and need to save some space, you can tweak the size of the page file down a little by unchecking the “Automatically manage paging file size for all drives” and changing the options to a custom size. We’d recommend not making the size too small though – at least 1 GB is probably a good bet. An even safer bet is to just let Windows deal with it. If you are using Windows 8.1, you’ll find that it is a lot more intelligent about dealing with the page file.


Data Execution Prevention (DEP)


clip_image008


This tab allows you to tweak DEP so that it works for all programs instead of just being enabled for Windows itself. What is DEP, you ask?


Data Execution Prevention is a feature that is available on 64-bit versions of Windows and provides the ability to mark a page of memory as data, triggering a hardware feature in your system processor that will prevent that memory from being executed at any point. This prevents certain types of buffer overflow attacks, where an attacker puts executable code into a place in memory that should contain regular data like a string value, and then tricks the application into running that code.


The interesting thing about this dialog and this setting is not that it can be changed, but rather that dozens of tech blogs over the years have written about it and claimed that it allows you to turn off DEP on your system, which is not just false, but actually sorta backwards. Here are the dialog options and what they mean:



  • Turn on DEP for essential Windows programs and services only – this setting enables DEP by default for Windows processes, 64-bit applications, and any 32-bit application that is compiled in a way that turns on DEP.

  • Turn on DEP for all programs and services except those I select – this setting turns on DEP for every process unless you select a process in the box below to disable it for.


Note: There is actually a way to disable DEP entirely using BCD, but that’s something you should never do. These days, the majority of good applications are going to be DEP enabled, so you don’t need to worry about it.


If you want to check your system and see what is DEP-enabled, you can open up Task Manager, go to the Details tab, right-click the column headers, and use the Select Columns feature to add the Data Execution Prevention column. On our test system, every process that we used had DEP enabled, including the 32-bit version of Chrome that was running.


clip_image009


User Profiles


clip_image010


The User Profiles feature isn’t terribly useful in a home user environment, but you could use it to copy user profile settings over to another user profile. It’s more useful for setting up roaming profiles in a Windows domain environment.


Startup and Recovery


clip_image011


The Startup and Recovery settings has two really useful features for a dual-booting environment – you can choose the default operating system, and change the time that the menu displays.


You can also configure whether or not Windows automatically restarts after a blue screen of death, and whether it writes out a memory dump file. You can generally leave those settings alone, although when you are troubleshooting intermittent blue screens, it can be useful to disable the reboot so you can have time to write down the error message.


Environment Variables


clip_image012


Environment variables are common settings that are available to applications across the system, whether that is something like the location of the temp directory, or the system path, which holds the list of directories that Windows will look through if you try to run an executable without the full path, like “notepad.exe”.


You can see any of these environment variables on the command prompt by typing something like the following, replacing path with the name of the environment variable.



echo %path%



clip_image013


The most useful setting in there is probably the path, but you can create other environment variables and use them in batch scripts if you need to.


System Protection Tab


clip_image015


System Protection is the feature that powers System Restore – Windows will automatically take snapshots of important system files and allow you to undo those changes.


The Configure button opens the properties panel where you can choose the amount of space that is used to store these snapshots or disable it entirely. If you are running on a small SSD, you might want the slider a little to the left to save yourself some space. Our advice would be to generally leave the settings alone otherwise.


You can use the Create button to make a new restore point manually, or you can use System Restore to undo changes that you didn’t want.


If you are running Windows 8.x, you can use the Refresh and Reset features to restore your computer back to defaults instead.


Remote Tab


clip_image016


The Remote tab is really simple – you can choose whether or not Remote Assistance will be enabled, and if you are using Windows Pro, whether Remote Desktop is enabled. If you aren’t using either feature, you should disable Remote Assistance and leave Remote Desktop disabled, which it is by default.


Remote Assistance is a great feature that allows you to control somebody else’s computer similar to services like TeamViewer, but it isn’t quite as easy to use. For more, read our guide on using Remote Assistance.


Computer Name Tab


clip_image017


If you never do any networking, you probably won’t care about changing the computer name, but if you do, and you failed to setup an interesting and useful name during setup, you can change it here.


This is also where you would change the computer name if you got a computer from somebody else, because it invariably will contain their name as the computer name. The same dialog will allow you to change the Workgroup name, although that is generally set to WORKGROUP on everybody’s PC, and with Windows 7 or 8, you should probably just use homegroups for networking.


Tip: If you want to change the registered owner, you can do that in the registry.


Hardware Tab


clip_image018


This tab is fairly simple: it gives you a button to launch Device Manager, which is really just because that tab has always been there and they didn’t want to remove it.


The other option is Device Installation Settings, which will let you choose whether or not Windows should automatically download drivers from Windows Update, and whether to download the high-quality icons found in the Devices section of Control Panel. We’d recommend setting it to Yes.


















No comments:

Post a Comment