How to investigate a slow startup process on Windows XP computers on a medium business domain
May 15, 2009 8:11 AM   Subscribe

Is there software or some automated method to audit the entire startup process of a Windows XP computer to find why startup is slow?

We run a Windows domain here at work with around 300 computers. Recently the startup process on basically every computer has slowed down significantly. We have enabled verbose messages and we see that "Applying computer settings" and "Running startup scripts" are taking a particularly long time.

I know there is software that can audit the startup process after a user logs in, but we are looking for something that can automatically audit the entire startup process from the time that Windows begins booting so we can see exactly what is happening that is causing the slowdown or what is taking so long to finish running. Is there anything out there that can do this effectively? If not, what is the best way to diagnose this issue manually? Just turning off policies and startup scripts one-by-one through trial-and-error?

Thanks!
posted by joshrholloway to Computers & Internet (11 answers total) 6 users marked this as a favorite
 
Have you tried Bootvis?
It is a discontinued (I think) Microsoft utility for XP computers, but it can still be downloaded -- I have had some success with it in the past, at least on my home desktops. I don't know how suited to business domains it is.
posted by jake at 8:18 AM on May 15, 2009


You can enable more verbose versions of those messages in Group Policy by going to:

Computer Configuration > Administrative Templates > System > Verbose vs normal status messages (enable this)

Here's the description of what it does:
Directs the system to display highly detailed status messages.

If you enable this setting, the system displays status messages that reflect each step in the process of starting, shutting down, logging on, or logging off the system.

This setting is designed for sophisticated users that require this information.

Note: This setting is ignored if the "Remove Boot / Shutdown / Logon / Logoff status messages" setting is enabled.
So instead of seeing "Applying computer settings" you'll see the individual steps of that and can probably just watch it to see which one is hanging.
posted by odinsdream at 8:33 AM on May 15, 2009


You can boot step by step- loads each item at your control. You'd at least get an idea of what takes the longest and could then possibly disable secondary apps with the selective startup option.
posted by Eicats at 8:53 AM on May 15, 2009


odinsdream, we do have verbose messages enabled in GP. That does not break down "Applying computer settings" and "Running startup scripts" into individual messages, and I can't find any evidence that it's supposed to have this behavior for sure, although it seems logical.

Also, Eicats, we're not really concerned with how long it takes applications to start up once someone logs in. That could be very different for each computer. At this point we are looking at the period before a user logs in, while Windows is starting and applying group policies and running scripts and whatnot.
posted by joshrholloway at 9:09 AM on May 15, 2009


Eliminate a common culprit by checking to see if the machines are attempting to connect to network resources which no longer exist or have been moved.

Also, Process Monitor can log a boot, but can't capture any network events until login.
posted by shinybeast at 9:23 AM on May 15, 2009


I recommend bootvis as well. It is a graphing utility that can break down the time certain events take at login.

Having spent a considerable amount of time investigating boot/login time issues with Windows XP I can make the following recommendations:

1. Since SP2, higher amounts of RAM are necessary in domain environments. We found that any workstations under 1-1.5gb of RAM were unbearably slow on boot/login. Going above that amount has diminishing rates of returns.

2. Second, antivirus software will usually be the main culprit. You don't mention what you're using but if you recently updated a network-based antivirus solution (specifically the engine) then it is a good possibility that that is the problem.

3. Third, make sure you're only using essential services. Here's a fairly good article on what is required for a domain environment.

4. Last (certainly not least), are you sure it is the workstations? Have you made any changes either on the network on domain controllers? DNS lookup issues can certainly impact login times. Make sure that all your DC's reference themselves in their DNS settings.

I would grab one slow machine and try the following: Add more RAM, disable antivirus, and ensure only essential services. See what impact that has (if any) and then revert each of those changes one at a time to narrow down the culprit.

If none of them have any impact then you're probably looking at an issue that has nothing to do with the workstations.
posted by purephase at 10:05 AM on May 15, 2009


it's not really what you're looking for, but there's a "hidden" Startup folder that operates just like the one in the Start menu (launches anything in it at boot time)

Roll up your sleeves though, but do be confident, it's in the registry:

1) Start->run, type "regedit" hit enter (or "OK")
2) Close any open folder so you see just the top 5. The 2nd and 3rd of these should be:
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
3) we're going to the same place in both of them:
Software->Microsoft->Windows->CurrentVersion->Run
RunOnce may also contain lines of interest but.. less often will it

4) The "data" values for each of these are the commands that will be run. Anything that you don't know what it's for just pop the file name (the thing before ".exe" and after the last "\" portion into google, and usually you'll find a few results that explain what it is and what it's for, often these warnings may sound scary too, just keep a cool head)

5) delete any you don't want, or that googling DOES reveal as malware. (Some malware will use randomly generated exe file names too, remove anything suspect)

Do be careful. When in doubt save the things your deleting in a text file so you can recreate them should it turn out to be a problem. Note that, IMO, all of the "Google Startup" and "Apple service" bs can usually be removed with no problem, and they'll find there way in there again just as easily as you removed them.

I also like to keep the list in Control Panel->Administrative Tools->Services that have "automatic" startup type similarly pared down (same approach really, google the suspect, disable the fishy), I'd detail how to do that, but I think I've dispensed enough bad advice to the uninitiated for today. If you're feeling up to it, let me know and I'll carry on
posted by qbxk at 11:59 AM on May 15, 2009


You could get a very detailed list of every type of startup entry with StartupList. It pulls data from pretty much everywhere that runs things automatically.
posted by odinsdream at 12:06 PM on May 15, 2009


Another way to evaluate running processes and registry entries is to use Hijack This!. There are several sites that will analyze the logs that it generates and tell you what it suspects is malware/spyware. I believe that it will also offer to remove offending entries as well.
posted by kookywon at 2:13 PM on May 15, 2009


Do you have a complex AD structure and many GPO objects? We found by simpifying the GPO's the "Applying computer settings" took a lot less time.

But its a frequent problem, googling "applying computer settings" slow shows how many people have this problem, and it seems the issues go from DNS/DHCP issues, SYSVOL issues etc.

Check this out, but I'd look at your GPO's, your DC's, DNS and DHCP.

Good luck, its a tough one to troubleshoot.
posted by Admira at 3:41 PM on May 15, 2009


look up "autoruns". It's what you're looking for.
posted by I-baLL at 9:11 PM on May 15, 2009


« Older How do I keep track of things ...   |  I sleep with an eyemask, have ... Newer »
This thread is closed to new comments.