TrackMyHack504
If it's not still here on the first page, this is a link to the post explaining my current situation (wouldn't fit here): http://trackmyhack504.blogspot.com/2013/01/my-current-situation.html?m=0 System info basics are in some of the first few posts I made. And I apoligize, since most of this blog is posted via android I'm guessing there will plenty of typos (thumb typing is slow going).
Sunday, February 9, 2014
Creating a Windows PE Boot disk
http://http://www.windowspcguy.net/?cat=11www.vistapcguy.net/?p=71
http://www.vistapcguy.net/?p=71
http://www.windowspcguy.net/?cat=38
WINDOWS PC GUY
LOOKING THROUGH THE GLASS
HOMEABOUT
Creating a Windows PE Boot disk
Posted by kyle on August 14th, 2007 filed in Vista Deployment, Vista Tips 'n TricksI have a USB stick (just upgraded to a 4Gb version) that I carry with me – it is a Windows PE boot disk with a Windows Vista Image on it (amongst other useful bits and pieces). Why? so that I can quickly and easily demonstrate the deployability of Windows Vista – yes I know.. I need to get out more!I realised the other day that I had not actually gone through the steps to create a Windows PE USB boot disk – so here it is! (the same idea goes for creating a bootable image full stop – ie creating a bootable DVD, PXE boot file, etc) Before you begin you need the ingredients: Windows Automated Install Toolkit (WAIK) A USB stick (depending on what else you want on it will depend on the size that you need – minimum of 512Mb – if you want a Windows Vista image on it then go for a minimum of 2Gb)Steps:Install the WAIK (it is delivered as an .IMG file from the download site – either burn this to a CD or mount it using a tool such as VirtualClone CD)In the Start menu – navigate to All Programs/Microsoft Windows AIK and run the Windows PE Tools command prompt as an AdministratorAt the command prompt – create a temp directory – such as MD c:\temp then run set temp=c:\temp and set tmp=c:\temprun copype x86 c:\PEBuild (this copies the PE Source to a new directory that we will use for constructing our image- if you needed the AMD64 source then replace x86 with amd64)At the command prompt (notice you are now in the c:\PEBuild directory) run imagex /mountrw winpe.wim 1 mount (this mounts the WinPE image file in the mount directory ready for us to add into)So that we have the imagex and deployment tools available in our PE Boot disk, run xcopy "c:\Program Files\Windows AIK\Tools\x86\*.*" mount\ /sAt this point you could add other files into the image (such as Ghost tools, PMenu, etc) by copying them into the mount directory – you can also use the peimg command at this point to install other support tools such as scripting and HTA support – run peimg /list mount to see the full list and then peimg /install to install new supportOnce you are ready to seal the image up then runpeimg /prep mount - this will ensure that the WinPE image is optimised – you will need to agree to seal itAfter sealing the image you then need to unmount it –imagex /unmount mount /commitTo place the newly created custom WinPE image into the correct folder that we can then call on to create the boot disk – run copy /y winpe.wim iso\sources\boot.wimTo create a bootable ISO file that can then be used to boot into WinPE, change back to c:\Program Files\Windows AIK\Tools\PETools and then run the following command oscdimg.exe -n -b"c:\Program Files\Windows AIK\Tools\PETools\x86\boot\etfsboot.com" c:\PEbuild\iso c:\PEBuild\PE.isoSo – you now have an ISO file that you could burn to a CD or DVD but the idea of doing all this was to get a bootable USB device.. so here is the final step.. grab the USB disk – and then use the following diskpart commands (be warned – check the disk that you are going to be using is disk 1 or if not then use the correct one for your circumstance – the clean command is a clean of the disk IT WILL DESTROY THE DATA ON THE DISK THAT YOU SELECT CHECK BEFORE PROCEDING!):diskpart select disk 1 clean create partition primary size= select partition 1 active format fs=NTFS assign exitAfter completing the disk clean and creating the format – then copy the contents of c:\PEBuild\ISO directory to the USB Stick.If you are wanting to be able to do local deployments – then the final step is to add in the WIM file that you want to use (Vista, XP, 2003 etc).You are now ready to boot off your USB stick and capture or install WIM files!
56 Responses to "Creating a Windows PE Boot disk"
Alonzo smith Says: August 17th, 2007 at 2:06 pmHello,I am try to place a WinXP image "OS.wim" on a USB key. I create the USB key per the instruction, with not added plug-ins. I was not able to get dispark to see disk 1 my USB key.kyle Says: August 20th, 2007 at 4:45 pmHi AlonozoThe example of disk 1 being your USB key was just that – an example.. it maybe disk 1, 2, 3, etc.Use the select disk command to select the disk – so select disk 1, select disk 2, etc.To ensure you have the right disk – try using detail disk (after selecting) – this will then show you the details for the disk – if it not the right one then select a different one – not an exact science granted – but it does work.CheersKyleLeigh Simcox Says: August 23rd, 2007 at 6:45 amHi,I have exactly the same problem. I followed all the instructions and it worked great until I got to the diskpart bit. I plug my flash drive in, which is already NTFS formatted, and then fire up diskpart. I use the list disk command and it only lists my hard disk, which is disk 0. I tried select disk all the way up to 6 but it finds nothing.Kind regardsLeighJonathan Says: August 31st, 2007 at 10:55 amKyleI have created a bootable pe usb key, with the standard diskpart commands, then xcopied the iso folder to the usb drive. This boots fine. What I now want to do is deploy my LiteTouch image(s) created in BDD (WAIK). What do i need to do to go from standard usb boot to bootable vista deployment from usb.ThanksJonathanDavid Says: September 14th, 2007 at 10:15 amKyle,This is the most fabulous way to get WinPE onto USB. Thanks!!I could never figure out how to get the sequence quite right.Is there a way to generalize this to get any iso that would be CD-bootable to be USB bootable?I confess that I don't know enough about what is happening with oscdimg command to know whether it is only going to help with WinPE ISOs.ThanksdbDavid Says: September 14th, 2007 at 10:18 amJust one follow-up…If you want to use the whole USB drive, just leave off size=dbtom Says: September 16th, 2007 at 8:43 amWell I think I see what Alonozo is saying. I have a cruzer 2gb usb key, and it does not show up in diskpart as a selectable drive. The only drive that shows up is the harddrive. I am using xp, so maybe it's a vista thing.tom Says: September 16th, 2007 at 3:10 pmI'm gonna check it out tomorrow when I have access to a vista box, but I think the reason Alonozo and I are having problems is because we're using xp… well at least I am.I was finally able to get this USB key by doing the following. Not 100% sure that every step is needed.1- downloaded the HP usb drive format utility2- formatted usb drive 2 make it bootable3- used convert command to convert drive to ntfs(at this point it still wouldn't boot)4- used bootsect /nt52 on the USB drive(still not booting)5- renamed bootmgr to ntldr6- BAMN, boots.Now in windows PE, it does see the usb drive in diskpart as a disk. fyi.Scott Says: September 24th, 2007 at 5:22 amUpon CD bootup, only a c-prompt window is opened. I see the background, but nothing else is available to select. If I close the c-prompt window, my pc reboots. What might be the issue?I followed every step, except this command line (xcopy "c:\Program Files\Windows AIK\Tools\x86\*.*" mount\ /s) generated an error (invalid parameters), I assume though that what was needed were the contents of the x86 folder copied to the root directory of PEbuild, which I did.Scott Says: September 26th, 2007 at 1:59 pmNevermind…I discovered that's how is should be. I thought there was going to be a GUI.Chuck Says: October 8th, 2007 at 11:35 amI have teh same problem. Most of my thumb drives show up as removable media and cannot be selected as a disk. Proably because they are cheap. I dont know. Only 1 of my thumb drives shows up as a disk but its only a 128mb. Any suggestions on useing it with removable media thumb drives?Vista booting and running from a USB Disk « Musings in Code Says: October 10th, 2007 at 1:44 am[...] http://www.vistapcguy.net/?p=71 [...]Phil Says: October 25th, 2007 at 4:27 amYou can only make a usb device bootable from a machine running Vista. Diskpart in Vista is the only client OS that will see the USB device as a separate diskdavid dunger Says: October 29th, 2007 at 2:56 pmWe have the same issue, when i put in my 2Gb usb stick into any xp or windows 2003 server I am unable to see the disk # as the usb stick is not visible in diskpart as a disk. it is only visible as a volume. The USB stick is formated as fat or fat32 and can be seen and written to in both xp. windows 2003 and at command prompts, also in disk manager as disk #2. I would suppsoe that it would be seen by diskpart as disk #2.The problem is that we can't do a select disk on a disk that doesn't appear in diskpart.any help would be great.DaveKen Says: October 30th, 2007 at 1:05 pmOne quick note on diskpart. You can do a list disk to see the disks available This will show you the size of the disk as well, so it should be easier to determine which is your usb key. Then use select disk # which is the disk number of your usb key.Great article by the way. Very helpfull.I am not using the usb key way of doing this, but rather the pxe way. But creating the boot.wim is the same.ThanksKen.Ryan Says: November 26th, 2007 at 2:22 pmHey Kyle,I am stuck right where Alonozo was.Diskpart sees the USB drive as a Volume, but not as a disk. I tried to using a lot of the switches, and then doing a rescan, but it still doesn't recognize the USB key as a disk. I went to Disk Management GUI to look at the USB key. Disk Management does show the USB Drive as "Disk 1″ with drive letter "F", but Diskpart shows is as "Volume 4″ "ltr F".Do you know a trick to get this USB drive to be recognized as a disk, or can this step of the setup be done another way?The USB drive I am using is a Micro Cruzer mini 4 GB.Thanks in advance!RyanPeter Says: December 3rd, 2007 at 7:01 amI think the important bit here is the distinction between USB PEN\KEY and USB hard drives. As far as I know USB PENs are not seen by DiskPart. HP has a tool that will make a PEN drive bootable:HPUSBF.EXE is for formatting USB Devices from dos.HPUSBFW.EXE is for formatting USB Devices from Windows.Search for either on Google and you should be able to find them.Kirk Davis Says: December 3rd, 2007 at 12:14 pmThanks for a great walk-through; I have my own custom .WIM file, I take it I can just copy this to the USB drive that hosts the WinPE image? Do you have any reccomendations for creating a menu front end, or automating \ scripting the install of the WIM image?mename Says: December 14th, 2007 at 8:37 amdiskpart is unable to locate my usb stick as a disk, however it pops up fine under volumes.. also the computer I want to boot with the usb stick recognizes the stick just fine during bootup..Is there another way to add the MBR on the stick proper?Danny Zee Says: March 3rd, 2008 at 8:15 pmCan you use the usb WinPE as a rootkit discovery tool? The method posted on Microsfts site states a live cd.Danny Zee Says: March 3rd, 2008 at 8:16 pmSimple steps you can take to detect some of today's ghostware:Run "dir /s /b /ah" and "dir /s /b /a-h" inside the potentially infected OS and save the results.Boot into a clean CD, run "dir /s /b /ah" and "dir /s /b /a-h" on the same drive, and save the results.Run a clean version of WinDiff from the CD on the two sets of results to detect file-hiding ghostware (i.e., invisible inside, but visible from outside). See Hacker Defender ghostware files revealed (highlighted) for an example.Note: there will be some false positives. Also, this does not detect stealth software that hides in BIOS, Video card EEPROM, disk bad sectors, Alternate Data Streams, etc.Carlos Says: April 9th, 2008 at 1:05 amI know this artical is about USB but could you helpwith this problem. I've created a boot CD from the resulting file .iso and it sort of works. It boots into the winPE cd loads the file and the screen changes to vista background then CMD prompt opens and displaysX:\Windows\System32>Winpeinit and thats it, it never gets past this screen. I checked network traffic and it is sending out DHCP discover packets, If I run NIC boot rom it will connect to a WDS and download winpe from it so the network connection would seem to be OK, whats gone wrong.tim clark Says: April 11th, 2008 at 6:09 amSo it looks like we have the reoccurring them here of diskpart not seeing the usb device as a disk or not seeing it at allI think the issue is that xp / w2k3 dont have the right version of diskpart.exeI think from the sceen shots i see we need v6I googled to the cows come but cat find itdoes anyone know1) if there is a win2k3/xp diskpart v62) a 3rd party app that make usb device boot able with vista/win svr 2008 boot imageBarry Says: April 16th, 2008 at 3:24 amHey Kyle, worked a charm, but only in Vista.XP, as in all the other ppl's cases, diskpart wouldn't see the thumbdrive as a disk.But, also, I couldn't leave the /s switch on the copy command to get the tools to the Windows dir. It kept erroring. Took it out and hey presto it's working fine.That first part, about creating the bootable partition etc on the usbkey is fantastically handy. I think it just helped me with some other stuff! Love your work!!twindude Says: April 30th, 2008 at 6:22 pmi have the PE disk working but wondering how to add apps to it now? or maybe kick off a shell… like a windows looking sheell i use to use BartPE but booting form a USB is almost impossible.. so i going to use WinPE .. I have it booting to a command prompt and I can look under program files and see my app dirs but the exe will not run. so i'm thinkin that i have to have files in the system32 dir and all… any help would be greatLars Says: June 19th, 2008 at 10:19 pmI'm a little late to this, but I noticed a bunch of people having issues with diskpart. I personally used a GParted LiveCD (http://gparted.sourceforge.net) for that step. If you think about it in disk formatting/partition terms, all diskpart is doing is wiping out everything on the USB drive, creating a primary partition, marking it as active (aka boot), then formatting the partition. You can do the same exact thing in GParted as long as it detects your USB drive as another disk. Give it a shot & see if it works for you too, worked great for both of my USB drives (one HDD & one Flash).Just my two cents Barry Says: July 5th, 2008 at 7:15 amOh, and one thing to watch too…don't format a 4gig USB stick if you're in a hurry…this takes a while eh?? *sigh*!!kyle Says: July 6th, 2008 at 3:03 am@Barryvery true.. well.. depending on your disk's speed of course.The other alternative is to use the switch /q for a quick format.Other useful switches (Barry I figure you know these but for anyone else)/fs:ntfs (to force the format to NTFS)/c to enable compression/v:label to label the volume.CheerskyleSteven Zimmer Says: September 9th, 2008 at 3:23 amHi!I just did a windows update on my vista home premium and when I rebooted could not get back into windows as the password I use has become invalid. I cannot get into safe mode command prompt cannot repair the settings nor go back to an earlier valid version (all through F8). In other words, I am completely blocked for the moment. Have you ever seen this happen before? Is there anyway around this other than extracting the data from the hard drive and starting all over again?Thanks for any words of adviceRegardsStevenAlex Says: October 3rd, 2008 at 11:03 amHi, do anyone know how to create a winpe bootable with start menu and window explore so i can do some formating when i boot from my USB ?Jon Says: December 22nd, 2008 at 5:34 amGot stuck at 5… run xcopy "c:\Program Files\Windows AIK\Tools\x86\*.*" mount\ /sAny ideas? NewbieChris Says: January 11th, 2009 at 3:37 am@AlexWindows PE doesn't have a standard windows shell, the command prompt is what you're getting. You can however do most of what you want to from there. There are command line utilities to do everything you've listed.Not what you wanted I'm sure, but I hope it's some help.ChrisPaul Says: January 13th, 2009 at 6:01 amHad to restore a failed Dell system via Factory.wim (from D partition), this article saved me a ton of time. Cheers!Claude Says: January 25th, 2009 at 10:47 pmI have a Toshiba A300. I would like to restore an old Ghost image of this computer but when I boot with the emergency boot disk from Norton/Symantec it says it can't find any network or the D: drive which came with the Notebook. When I try to build a new emergency boot disk from this disk it says it hasn't got the drivers for my notebook. Any ideas how I can get to restore my old ghost image to my notebook?Claude Says: January 25th, 2009 at 10:49 pmSorry I forgot I an running Vista Business Ultimate on the notebookDrBob Says: March 5th, 2009 at 3:06 pmI have created a bootable CD that formats the drive and loads in my Wim. It works great when I use it in an internal cd drive on the computer. If I remove the internal drive and replace it with an external drive (so the drive letters stay the same) the CD does not work. It starts to load the WinPE shell correctly but causes the PC to reboot before the format begins.Why does the CD work correctly from an internal CDROM but doesn't work when using an external CDROM?Thanks!Paul L. Says: March 17th, 2009 at 11:22 amTHANKS, I was following Microsoft's 5105B Course instructions and they do not work for making a bootable CD.Your instructions worked perfectly!Thanks!!!Windows 7 PE Bootable DVD/CD - Windows 7 ForumsSays: May 21st, 2009 at 12:19 am[...] [...]leew Says: May 31st, 2009 at 8:19 pmFor those getting stuck on Step 6 – the xcopy command yields an error – "Invalid number of parameters" – This is most likely because you copy and paste the command from the web page. The web page uses smart quotes and the command prompt doesn't change them – the net effect is that you don't actually have the command in quotes so the it looks like there are an extra two parameters. To resolve:paste the line and delete the quotes and retype them (the LOOK the same, but they are different), or manually type the entire line.Popeye Says: June 26th, 2009 at 6:32 amI was hoping for a GUI too. Can't we have a PE boot disk with a Windows shell? I want to be able to access Windows restore points, Winrescue restore points and maybe run an antivirus scan after booting with the CD. Winrescue XP had the facility for making such a CD, but Winrescue Vista doesn't.Creating Bootable Vista / Windows 7 USB Flash Drive « Adrian Francis Weblog Says: June 27th, 2009 at 1:31 am[...] drive for a Vista and/or Windows 7 installation. I cobbled together the following from VistaPCGuy and another source I don't remember right [...]jlexen Says: July 12th, 2009 at 2:02 pmthe clean command doesn't work. It gives this:The selected disk is neccessary to the operation of your computer, and may not be cleaned.(and yes, the programmers DID spell necessary wrong XD….)kyle Says: July 15th, 2009 at 12:03 pm@jlexcen – lucky for you – that it didn't work. The message means that you have the wrong drive selected – in fact I am looking at that and suggest you have your system drive selected.Make sure youhave your USB drive selected and the command will work.Will Says: August 19th, 2009 at 11:18 amFor all of you having issue with diskpart not seeing the thumbdrives. Only the Vista and Server 2003 diskpart.exe can see it. If you look at the walk-throughs that you see on the web of people doing it its always in vista.Creating Bootable Vista / Windows 7 USB Flash Drive « pablosu.com Says: September 23rd, 2009 at 1:33 pm[...] drive for a Vista and/or Windows 7 installation. I cobbled together the following from VistaPCGuy and another source I don't remember right [...]Tyler Says: October 16th, 2009 at 1
Links for pe bootloader
http://www.microsoft.com/en-us/download/details.aspx?id=5188
http://theitbros.com/sitemap/
http://www.nirsoft.net/articles/windows_7_kernel_architecture_changes.html
Windows 7 Kernel Architecture Changes - api-ms-win-core files
Windows 7 introduces a new set of dll files containing exported functions of many well-known WIN32 APIs. All these filenames begins with 'api-ms-win-core' prefix, followed by the functions category name.
For example, api-ms-win-core-localregistry-l1-1-0.dll contains the exported names for all Registry functions, api-ms-win-core-file-l1-1-0.dll contains the exported names for all file-related functions, api-ms-win-core-localization-l1-1-0.dll contains the exported names for all localization functions, and so on.
If you look deeply into these files, you'll see that all these files are very small, and the functions in them doen't do anything, and simply returns a 'TRUE' value. Just for example, here's the assembly language content of RegDeleteValueW function in api-ms-win-core-localregistry-l1-1-0.dll:
084010CE 33C0 xor eax, eax
084010D0 40 inc eax
084010D1 C20800 ret 0008
By looking in dependency walker utility, we can see that advapi32.dll, kernel32.dll, and other system dll files, are now statically linked to these empty api-ms-win-core files.
Moreover, if we look in the assembly language output of many API functions, we can see that they simply call their corresponding function in one of these api-ms-win-core Dlls. Just for example, RegDeleteValueW in advapi32.dll, simply contains a jump to the RegDeleteValueW in API-MS-Win-Core-LocalRegistry-L1-1-0.dll:
ADVAPI32!RegDeleteValueW:
77C6F301 8BFF mov edi, edi
77C6F303 55 push ebp
77C6F304 8BEC mov ebp, esp
77C6F306 5D pop ebp
77C6F307 EB05 jmp 77C6F30E
.
.
.
77C6F30E FF25B414C677 Jmp dword ptr [77C614B4] <-- [77C614B4] Points the import entry
of API-MS-Win-Core-LocalRegistry-L1-1-0.RegDeleteValueW
So if RegDeleteValueW in ADVAPI32 and other functions simply jumps to empty functions, how is it possible that these functions still works properly ?
The answer is pretty simple: When Windows loads the dll files, all the import entries of these api-ms-win-core Dlls are replaced with a call to a real function in Windows kernel.
So here's our RegDeleteValueW example again: when loading a program into WinDbg, we can see that the jmp call now points to kernel32!RegDeleteValueW function. That's because during the loading of advapi32.dll, Windows automatically replace the import entry of API-MS-Win-Core-LocalRegistry-L1-1-0.RegDeleteValueW to the function address of RegDeleteValueW in kernel32.
75e5f301 8bff mov edi,edi
75e5f303 55 push ebp
75e5f304 8bec mov ebp,esp
75e5f306 5d pop ebp
75e5f307 eb05 jmp ADVAPI32!RegDeleteValueW+0xd (75e5f30e)
.
.
.
75e5f30e ff25b414e575 jmp dword ptr [ADVAPI32+0x14b4 (75e514b4)] ds:0023:75e514b4=
{kernel32!RegDeleteValueW (758bd5af)}
Another new dll: kernelbase.dll
In addition to the new API-MS-Win-Core dll files, there is also another new dll: kernelbase.dll
In previous versions of Windows, most of the kernel32 functions called to their corresponding functions in ntdll.dll.
In Windows 7, most of the kernel functions call to their corresponding functions in kernelbase.dll, and the kernelbase dll is the one that makes the calls to ntdll.dll
Effects on existing applications - compatibility issues.
Most of the existing applications should not be affected by this kernel change, because all standard API calls still works the same as in previous versions of Windows.
However, there are some diagnostic/debugging applications that rely on the calls chain inside the Windows kernel. These kind of applications may not work properly in Windows 7.
My own utilities, RegFromApp and ProcessActivityView failed to work under Windows 7 because of these changes, and that what led me to discover the kernel changes of Windows 7. These utilities problems already fixed and now they works properly in Windows 7.
API-MS-Win-Core List
Finally, here's the list of all core dll files added to Windows 7 and the functions list that each one of them contain. I used my own DLL Export Viewer utility to generate the list.
DLL File Function Names
api-ms-win-core-console-l1-1-0.dll
AllocConsole GetConsoleCP GetConsoleMode
GetConsoleOutputCP GetNumberOfConsoleInputEvents PeekConsoleInputA
ReadConsoleA ReadConsoleInputA ReadConsoleInputW
ReadConsoleW SetConsoleCtrlHandler SetConsoleMode
WriteConsoleA WriteConsoleW
api-ms-win-core-datetime-l1-1-0.dll
GetDateFormatA GetDateFormatW GetTimeFormatA
GetTimeFormatW
api-ms-win-core-debug-l1-1-0.dll
DebugBreak IsDebuggerPresent OutputDebugStringA
OutputDebugStringW
api-ms-win-core-delayload-l1-1-0.dll
DelayLoadFailureHook
api-ms-win-core-errorhandling-l1-1-0.dll
GetErrorMode GetLastError RaiseException
SetErrorMode SetLastError SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-fibers-l1-1-0.dll
FlsAlloc FlsFree FlsGetValue
FlsSetValue
api-ms-win-core-file-l1-1-0.dll
CompareFileTime CreateDirectoryA CreateDirectoryW
CreateFileA CreateFileW DefineDosDeviceW
DeleteFileA DeleteFileW DeleteVolumeMountPointW
FileTimeToLocalFileTime FileTimeToSystemTime FindClose
FindCloseChangeNotification FindFirstChangeNotificationA FindFirstChangeNotificationW
FindFirstFileA FindFirstFileExA FindFirstFileExW
FindFirstFileW FindFirstVolumeW FindNextChangeNotification
FindNextFileA FindNextFileW FindNextVolumeW
FindVolumeClose FlushFileBuffers GetDiskFreeSpaceA
GetDiskFreeSpaceExA GetDiskFreeSpaceExW GetDiskFreeSpaceW
GetDriveTypeA GetDriveTypeW GetFileAttributesA
GetFileAttributesExA GetFileAttributesExW GetFileAttributesW
GetFileInformationByHandle GetFileSize GetFileSizeEx
GetFileTime GetFileType GetFinalPathNameByHandleA
GetFinalPathNameByHandleW GetFullPathNameA GetFullPathNameW
GetLogicalDrives GetLogicalDriveStringsW GetLongPathNameA
GetLongPathNameW GetShortPathNameW GetTempFileNameW
GetVolumeInformationByHandleW GetVolumeInformationW GetVolumePathNameW
LocalFileTimeToFileTime LockFile LockFileEx
QueryDosDeviceW ReadFile ReadFileEx
ReadFileScatter RemoveDirectoryA RemoveDirectoryW
SetEndOfFile SetFileAttributesA SetFileAttributesW
SetFileInformationByHandle SetFilePointer SetFilePointerEx
SetFileTime SetFileValidData UnlockFile
UnlockFileEx WriteFile WriteFileEx
WriteFileGather
api-ms-win-core-handle-l1-1-0.dll
CloseHandle DuplicateHandle GetHandleInformation
SetHandleInformation
api-ms-win-core-heap-l1-1-0.dll
GetProcessHeap GetProcessHeaps HeapAlloc
HeapCompact HeapCreate HeapDestroy
HeapFree HeapLock HeapQueryInformation
HeapReAlloc HeapSetInformation HeapSize
HeapSummary HeapUnlock HeapValidate
HeapWalk
api-ms-win-core-interlocked-l1-1-0.dll
InitializeSListHead InterlockedCompareExchange InterlockedCompareExchange64
InterlockedDecrement InterlockedExchange InterlockedExchangeAdd
InterlockedFlushSList InterlockedIncrement InterlockedPopEntrySList
InterlockedPushEntrySList InterlockedPushListSList QueryDepthSList
api-ms-win-core-io-l1-1-0.dll
CancelIoEx CreateIoCompletionPort DeviceIoControl
GetOverlappedResult GetQueuedCompletionStatus GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
api-ms-win-core-libraryloader-l1-1-0.dll
DisableThreadLibraryCalls FindResourceExW FindStringOrdinal
FreeLibrary FreeLibraryAndExitThread FreeResource
GetModuleFileNameA GetModuleFileNameW GetModuleHandleA
GetModuleHandleExA GetModuleHandleExW GetModuleHandleW
GetProcAddress LoadLibraryExA LoadLibraryExW
LoadResource LoadStringA LoadStringW
LockResource SizeofResource
api-ms-win-core-localization-l1-1-0.dll
ConvertDefaultLocale FindNLSString FindNLSStringEx
GetACP GetCalendarInfoEx GetCalendarInfoW
GetCPFileNameFromRegistry GetCPInfo GetCPInfoExW
GetFileMUIInfo GetFileMUIPath GetLocaleInfoEx
GetLocaleInfoW GetNLSVersion GetNLSVersionEx
GetOEMCP GetProcessPreferredUILanguages GetSystemDefaultLangID
GetSystemDefaultLCID GetSystemPreferredUILanguages GetThreadLocale
GetThreadPreferredUILanguages GetThreadUILanguage GetUILanguageInfo
GetUserDefaultLangID GetUserDefaultLCID GetUserPreferredUILanguages
IsNLSDefinedString IsValidCodePage IsValidLanguageGroup
IsValidLocale IsValidLocaleName LCMapStringEx
LCMapStringW LocaleNameToLCID NlsCheckPolicy
NlsEventDataDescCreate NlsGetCacheUpdateCount NlsUpdateLocale
NlsUpdateSystemLocale NlsWriteEtwEvent ResolveLocaleName
SetCalendarInfoW SetLocaleInfoW SetThreadLocale
VerLanguageNameA VerLanguageNameW
api-ms-win-core-localregistry-l1-1-0.dll
RegCloseKey RegCreateKeyExA RegCreateKeyExW
RegDeleteKeyExA RegDeleteKeyExW RegDeleteTreeA
RegDeleteTreeW RegDeleteValueA RegDeleteValueW
RegDisablePredefinedCacheEx RegEnumKeyExA RegEnumKeyExW
RegEnumValueA RegEnumValueW RegFlushKey
RegGetKeySecurity RegGetValueA RegGetValueW
RegLoadKeyA RegLoadKeyW RegLoadMUIStringA
RegLoadMUIStringW RegNotifyChangeKeyValue RegOpenCurrentUser
RegOpenKeyExA RegOpenKeyExW RegOpenUserClassesRoot
RegQueryInfoKeyA RegQueryInfoKeyW RegQueryValueExA
RegQueryValueExW RegRestoreKeyA RegRestoreKeyW
RegSaveKeyExA RegSaveKeyExW RegSetKeySecurity
RegSetValueExA RegSetValueExW RegUnLoadKeyA
RegUnLoadKeyW
api-ms-win-core-memory-l1-1-0.dll
CreateFileMappingW FlushViewOfFile MapViewOfFile
MapViewOfFileEx OpenFileMappingW ReadProcessMemory
UnmapViewOfFile VirtualAlloc VirtualAllocEx
VirtualFree VirtualFreeEx VirtualProtect
VirtualProtectEx VirtualQuery VirtualQueryEx
WriteProcessMemory
api-ms-win-core-misc-l1-1-0.dll
EnumSystemLocalesA FatalAppExitA FatalAppExitW
FormatMessageA FormatMessageW GlobalAlloc
GlobalFree IsProcessInJob IsWow64Process
LCMapStringA LocalAlloc LocalFree
LocalLock LocalReAlloc LocalUnlock
lstrcmp lstrcmpA lstrcmpi
lstrcmpiA lstrcmpiW lstrcmpW
lstrcpyn lstrcpynA lstrcpynW
lstrlen lstrlenA lstrlenW
NeedCurrentDirectoryForExePathA NeedCurrentDirectoryForExePathW PulseEvent
SetHandleCount Sleep Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
api-ms-win-core-namedpipe-l1-1-0.dll
ConnectNamedPipe CreateNamedPipeW CreatePipe
DisconnectNamedPipe GetNamedPipeAttribute GetNamedPipeClientComputerNameW
ImpersonateNamedPipeClient PeekNamedPipe SetNamedPipeHandleState
TransactNamedPipe WaitNamedPipeW
api-ms-win-core-processenvironment-l1-1-0.dll
ExpandEnvironmentStringsA ExpandEnvironmentStringsW FreeEnvironmentStringsA
FreeEnvironmentStringsW GetCommandLineA GetCommandLineW
GetCurrentDirectoryA GetCurrentDirectoryW GetEnvironmentStrings
GetEnvironmentStringsA GetEnvironmentStringsW GetEnvironmentVariableA
GetEnvironmentVariableW GetStdHandle SearchPathW
SetCurrentDirectoryA SetCurrentDirectoryW SetEnvironmentStringsW
SetEnvironmentVariableA SetEnvironmentVariableW SetStdHandle
SetStdHandleEx
api-ms-win-core-processthreads-l1-1-0.dll
CreateProcessA CreateProcessAsUserW CreateProcessW
CreateRemoteThread CreateRemoteThreadEx CreateThread
DeleteProcThreadAttributeList ExitProcess ExitThread
FlushProcessWriteBuffers GetCurrentProcess GetCurrentProcessId
GetCurrentThread GetCurrentThreadId GetExitCodeProcess
GetExitCodeThread GetPriorityClass GetProcessId
GetProcessIdOfThread GetProcessTimes GetProcessVersion
GetStartupInfoW GetThreadId GetThreadPriority
GetThreadPriorityBoost InitializeProcThreadAttributeList OpenProcessToken
OpenThread OpenThreadToken ProcessIdToSessionId
QueryProcessAffinityUpdateMode QueueUserAPC ResumeThread
SetPriorityClass SetProcessAffinityUpdateMode SetProcessShutdownParameters
SetThreadPriority SetThreadPriorityBoost SetThreadStackGuarantee
SetThreadToken SuspendThread SwitchToThread
TerminateProcess TerminateThread TlsAlloc
TlsFree TlsGetValue TlsSetValue
UpdateProcThreadAttribute
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter QueryPerformanceFrequency
api-ms-win-core-rtlsupport-l1-1-0.dll
RtlCaptureContext RtlCaptureStackBackTrace RtlFillMemory
RtlUnwind
api-ms-win-core-string-l1-1-0.dll
CompareStringEx CompareStringOrdinal CompareStringW
FoldStringW GetStringTypeExW GetStringTypeW
MultiByteToWideChar WideCharToMultiByte
api-ms-win-core-synch-l1-1-0.dll
AcquireSRWLockExclusive AcquireSRWLockShared
CancelWaitableTimer CreateEventA
CreateEventExA CreateEventExW
CreateEventW CreateMutexA
CreateMutexExA CreateMutexExW
CreateMutexW CreateSemaphoreExW
CreateWaitableTimerExW DeleteCriticalSection
EnterCriticalSection InitializeCriticalSection
InitializeCriticalSectionAndSpinCount InitializeCriticalSectionEx
InitializeSRWLock LeaveCriticalSection
OpenEventA OpenEventW
OpenMutexW OpenProcess
OpenSemaphoreW OpenWaitableTimerW
ReleaseMutex ReleaseSemaphore
ReleaseSRWLockExclusive ReleaseSRWLockShared
ResetEvent SetCriticalSectionSpinCount
SetEvent SetWaitableTimer
SetWaitableTimerEx SleepEx
TryAcquireSRWLockExclusive TryAcquireSRWLockShared
TryEnterCriticalSection WaitForMultipleObjectsEx
WaitForSingleObject WaitForSingleObjectEx
api-ms-win-core-sysinfo-l1-1-0.dll
GetComputerNameExA GetComputerNameExW GetDynamicTimeZoneInformation
GetLocalTime GetLogicalProcessorInformation GetLogicalProcessorInformationEx
GetSystemDirectoryA GetSystemDirectoryW GetSystemInfo
GetSystemTime GetSystemTimeAdjustment GetSystemTimeAsFileTime
GetSystemWindowsDirectoryA GetSystemWindowsDirectoryW GetTickCount
GetTickCount64 GetTimeZoneInformation GetTimeZoneInformationForYear
GetVersion GetVersionExA GetVersionExW
GetWindowsDirectoryA GetWindowsDirectoryW GlobalMemoryStatusEx
SetLocalTime SystemTimeToFileTime SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
api-ms-win-core-threadpool-l1-1-0.dll
CallbackMayRunLong CancelThreadpoolIo
ChangeTimerQueueTimer CloseThreadpool
CloseThreadpoolCleanupGroup CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo CloseThreadpoolTimer
CloseThreadpoolWait CloseThreadpoolWork
CreateThreadpool CreateThreadpoolCleanupGroup
CreateThreadpoolIo CreateThreadpoolTimer
CreateThreadpoolWait CreateThreadpoolWork
CreateTimerQueue CreateTimerQueueTimer
DeleteTimerQueueEx DeleteTimerQueueTimer
DisassociateCurrentThreadFromCallback FreeLibraryWhenCallbackReturns
IsThreadpoolTimerSet LeaveCriticalSectionWhenCallbackReturns
QueryThreadpoolStackInformation RegisterWaitForSingleObjectEx
ReleaseMutexWhenCallbackReturns ReleaseSemaphoreWhenCallbackReturns
SetEventWhenCallbackReturns SetThreadpoolStackInformation
SetThreadpoolThreadMaximum SetThreadpoolThreadMinimum
SetThreadpoolTimer SetThreadpoolWait
StartThreadpoolIo SubmitThreadpoolWork
TrySubmitThreadpoolCallback UnregisterWaitEx
WaitForThreadpoolIoCallbacks WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks WaitForThreadpoolWorkCallbacks
api-ms-win-core-util-l1-1-0.dll
Beep DecodePointer DecodeSystemPointer
EncodePointer EncodeSystemPointer
api-ms-win-core-xstate-l1-1-0.dll
RtlCopyExtendedContext RtlGetEnabledExtendedFeatures RtlGetExtendedContextLength
RtlGetExtendedFeaturesMask RtlInitializeExtendedContext RtlLocateExtendedFeature
RtlLocateLegacyContext RtlSetExtendedFeaturesMask
api-ms-win-security-base-l1-1-0.dll
AccessCheck AccessCheckAndAuditAlarmW
AccessCheckByType AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW AddAccessAllowedAce
AddAccessAllowedAceEx AddAccessAllowedObjectAce
AddAccessDeniedAce AddAccessDeniedAceEx
AddAccessDeniedObjectAce AddAce
AddAuditAccessAce AddAuditAccessAceEx
AddAuditAccessObjectAce AddMandatoryAce
AdjustTokenGroups AdjustTokenPrivileges
AllocateAndInitializeSid AllocateLocallyUniqueId
AreAllAccessesGranted AreAnyAccessesGranted
CheckTokenMembership ConvertToAutoInheritPrivateObjectSecurity
CopySid CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx CreatePrivateObjectSecurityWithMultipleInheritance
CreateRestrictedToken CreateWellKnownSid
DeleteAce DestroyPrivateObjectSecurity
DuplicateToken DuplicateTokenEx
EqualDomainSid EqualPrefixSid
EqualSid FindFirstFreeAce
FreeSid GetAce
GetAclInformation GetFileSecurityW
GetKernelObjectSecurity GetLengthSid
GetPrivateObjectSecurity GetSecurityDescriptorControl
GetSecurityDescriptorDacl GetSecurityDescriptorGroup
GetSecurityDescriptorLength GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl GetSecurityDescriptorSacl
GetSidIdentifierAuthority GetSidLengthRequired
GetSidSubAuthority GetSidSubAuthorityCount
GetTokenInformation GetWindowsAccountDomainSid
ImpersonateAnonymousToken ImpersonateLoggedOnUser
ImpersonateSelf InitializeAcl
InitializeSecurityDescriptor InitializeSid
IsTokenRestricted IsValidAcl
IsValidRelativeSecurityDescriptor IsValidSecurityDescriptor
IsValidSid IsWellKnownSid
MakeAbsoluteSD MakeAbsoluteSD2
MakeSelfRelativeSD MapGenericMask
ObjectCloseAuditAlarmW ObjectDeleteAuditAlarmW
ObjectOpenAuditAlarmW ObjectPrivilegeAuditAlarmW
PrivilegeCheck PrivilegedServiceAuditAlarmW
QuerySecurityAccessMask RevertToSelf
SetAclInformation SetFileSecurityW
SetKernelObjectSecurity SetPrivateObjectSecurity
SetPrivateObjectSecurityEx SetSecurityAccessMask
SetSecurityDescriptorControl SetSecurityDescriptorDacl
SetSecurityDescriptorGroup SetSecurityDescriptorOwner
SetSecurityDescriptorRMControl SetSecurityDescriptorSacl
SetTokenInformation
api-ms-win-security-lsalookup-l1-1-0.dll
LookupAccountNameLocalA LookupAccountNameLocalW LookupAccountSidLocalA
LookupAccountSidLocalW LsaLookupClose LsaLookupFreeMemory
LsaLookupGetDomainInfo LsaLookupManageSidNameMapping LsaLookupOpenLocalPolicy
LsaLookupTranslateNames LsaLookupTranslateSids
api-ms-win-security-sddl-l1-1-0.dll
ConvertSecurityDescriptorToStringSecurityDescriptorW ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW ConvertStringSidToSidW
api-ms-win-service-core-l1-1-0.dll
RegisterServiceCtrlHandlerExW SetServiceStatus StartServiceCtrlDispatcherW
api-ms-win-service-management-l1-1-0.dll
CloseServiceHandle ControlServiceExW CreateServiceW
DeleteService OpenSCManagerW OpenServiceW
StartServiceW
api-ms-win-service-management-l2-1-0.dll
ChangeServiceConfig2W ChangeServiceConfigW NotifyServiceStatusChangeW
QueryServiceConfig2W QueryServiceConfigW QueryServiceObjectSecurity
QueryServiceStatusEx SetServiceObjectSecurity
api-ms-win-service-winsvc-l1-1-0.dll
Disk types explained: raid sata ide ata
http://technet.microsoft.com/library/Cc966414#_Alignment_and_Storage_Alignment
Appendix A: The System Components
This appendix defines and briefly describes system components that are relevant to this paper.
Bus Bandwidth
There are two factors that govern bus bandwidth: The bus typeThe number of buses in the server
Bus Types
Typically, there are three types of buses commonly used in the industry: PCI, PCI-X (for eXtended) and PCI-E (for Express).PCI (Peripheral Component Interconnect): A computer bus that transfers data between the motherboard and peripheral devices in a computer. PCI bus is clocked at 33.33 MHz with synchronous 32-bit transfers and peak at 133 MB/sec.PCI-X (Peripheral Component Interconnect – Extended): The protocol for PCI-X has a faster clock rate than PCI, clocking up to 133 MHz with 32- or 64-bit transfers peaking at 1066 MB/sec.PCI-E (Peripheral Component Interconnect – Express): This serial bus form factor uses the same PCI concepts but with different pin layout resulting in smaller slot lengths. It supports one or more serial signaling lane each transmitting up to 250 MB/sec.
Number of Buses on Server
For the total bus bandwidth, the number of slots filled is not necessarily the same as the number of buses in the server. This depends on the make and model of the server box. For more information, consult the specifications for the server.
Disk | RAID | SAN Interfaces
Interfaces
IDE ATA ( Integrated Drive Electronics Advanced Technology Attachment): IDE is a disk drive technology has an integrated controller, and is based on parallel data processing. Data travels asynchronously from the drive to the data bus.SATA (Serial Advanced Technology Attachment): SATA is a physical storage interface with serial data processing. Data travels synchronously on a clock edge. Transfer rates on SATA start at 150 MBps.The main design advantage over IDE is the fact that SATA II supports command queuing known as Tagged Command Queuing (TCQ). Command queuing is good becHardware vs. Software RAID:There are two ways RAID is implemented: through hardware, and through software. The hardware implementation refers to the traditional method implemented with a collection of disk drives working together for fault tolerance through striping or mirroring of data, as described previously in this paper. The software version refers to RAID implementation provided by the operating system.Software RAID is usually the cheaper of the two solutions. However, there are a few drawbacks to using software RAID. The most significant drawback is that, because the RAID engine runs in kernel mode, it shares CPU time quanta with other kernel mode components and overlying applications. In contrast, the hardware RAID solution does not face this problem because the RAID firmware executes on a separate dedicated chip. This also allows for asymmetric multiprocessing between the system processor and the RAID controller.
Disk Controller Caching
Caches temporarily held data that has been recently read, or sometimes pre-fetched data that is likely to be accessed in the near future. This is a way to improve the time it takes to read from or write to the disk.There are two types of cache stores:Cache on the diskCache stored on the disk controllersDisk controller on serverDisk controller on the disk system such as a SANIn this section, the focus is on cache stored on disk controllers.Cache SizeAlthough disk performance is commonly attributed to the disk seek time and rotational speed, the amount of cache also plays a role. However, the performance attributed to cache size is only valid as long as the cache is not full. If the cache is full, there is a significant drop in performance. Ideally, the cache size is large enough so that it never fills for the particular I/O workload.Disk controller caches on servers ranges in size up to hundreds of MBs. The disk controller on a SAN disk system can have up to tens of GBs.Battery BackupSome higher-end disk controllers offer battery backup protection for the cache memory. Because cache is volatile, an unexpected power failure might result in loss of data that was written to cache but not yet written to disk. The battery backup unit provides temporary power to the cache store so that when the system recovers, the data in the cache is flushed to disk before the system attempts to access the data. For specific timing, see the disk controller manual.
SAN – Storage Area Network
SAN is a centralized network of storage devices. The SAN technology transfers raw disk blocks directly onto the network. A centralized storage network allows for server power and utilization to focus on the business application and I/O processing to be offloaded. Other advantages of SAN architecture include the following:Consolidation of resources and better scalability with growing business needsCost-effective management and operational efficiency, with possible cost savingsIncreased availability of data resourcesStorage Virtualization allows a network of heterogeneous devices connected together to seem homogeneous to any server connecting to the SAN network.A good advanced feature in SAN networks is remote disk mirroring and backups. Remote disk mirroring is storage extension solution that holds a copy of the business critical data at a geographically remote data center.
NAS – Network Attached Storage
A NAS device is a dedicated server to provide file sharing. The NAS can exist anywhere in the network. The major difference between NAS and SAN is that NAS accesses the data by file name and byte offsets, whereas SAN accesses data by raw data blocks. The consolidation advantages with NAS are very similar to the ones noted previously for SAN. However, some NAS systems cannot guarantee the write ordering and write-through required by for SQL Server 2005. The systems that are Windows Hardware Quality Lab (WHQL) certified meet this requirement. For more information, see the KB article Description of support for network database files in SQL Server.
Disk Drives
Capacity
Capacity refers to the storage size of the disk drive. It is important to note that the marketed disk capacity differs from the true disk capacity. Hard disk manufacturers often use metric prefixes such as giga or kilo. This is mostly from historical reasons when 2^10 (1024) bytes was called a kilobyte because it was a close enough value. This way of labeling remained as disk drive capacities grew to gigabyte and terabyte sizes. Therefore, a user will find the size reported by the OS is less than the one advertised by the manufacturer.
Rotational Speed
The rotational speed is the speed at which the disk spins. The higher the rotational speed, the more data the drive can read/write in a fixed time. At high rotational speeds, the drives produce heat as a byproduct. This can negatively impact the performance of the disk, so good ventilation in a drive is something to keep in mind. Most home computer hard drives now run at 7200 rpm. Some servers have rotational speeds at 15,000 rpm or faster.
Seek Time
Seek time refers to the time it takes for the head of the drive to find the correct place. The seek time is one of the largest factors in performance of the drive. However, the absolute seek time is dependent on the distance of the head's destination from its place of origin at the time of the read/write instruction. Often, the "average" seek time is referred to. A typical seek time for a hard disk is usually in the single-digit milliseconds.
Cache Size
Cache size is sometimes referred to as internal buffer size. The disk cache size is the size of volatile memory integrated on the disk drive which holds any recently requested, written, or pre-fetched data. Disk cache size ranges from 2 MB to 16 MB.
Interface
Of all the factors in buying hard disks, the interface might be the key factor in hard disk performance. While the time taken to access the data is important, the bulk of the time is spent on data transfer instead of moving the heads around. The different types of interfaces include SATA, IDE, SCSI, FC, and iSCSI. For more information, see the Interfaces section earlier in this paper.Top Of Page
Appendix B: SQL Server 2005 Disk Usage
This appendix lists the major disk usages for SQL Server 2005. This might not be an exhaustive list for some specialized systems.
OS/Base Software
Any server box requires hard disk space to store the operating system, SQL Server, and any other tool binaries and library files. The space required for a full SQL Server installation depends on the SKU, computer type (32-bit vs. 64-bit), add-on server tools, etc.
Tempdb Database
Tempdb files are the data and log files associated with the tempdb database. By default, the temporary data and log files are tempdb.mdf and templog.ldf, respectively. There is only one tempdb database per instance of SQL Server. The tempdb database is used to hold temporary user objects such as tables, stored procedures, variables, and cursors. It also holds work tables, versions of the tables for snapshot isolation, and temporary sorted rowsets when rebuilding indexes with SORT_IN_TEMPDB. The total size of tempdb can have an effect on the performance of your system. For more information about tempdb, see SQL Server Books Online.
Model Database
The model database is used as a template database on which all other user-created databases are modeled. By default, the model database has 3 MB and 1 MB for its data file size and log file size, respectively, for most editions of SQL Server 2005. The size of the model database might increase if the user adds tables, stored procedures, or functions, or other objects to the model database. It can also be increased manually by using the ALTER DATABASE commands. For more information about the model database, see SQL Server Books Online.
Master Database
The master database holds all the system level information for a SQL Server system. This includes system configurations, accounts information, and user database information. Initial configuration for master database is approximately 6 MB and 1.25MB for the data and log files, respectively. These files grow as the database system becomes more complicated and contains more databases.
User Data Files
User data files store actual data for a user-created database. The data files are created by copying the model database.
User Log Files
User log files store logging information for the specific database to which the log file belongs. By default, the log files at creation by default are copies of the model database.
Backup Files
Backup files are created during backup. The location of the backup files is user-determined at backup time. The size of the backup depends on the size of the database, the type of backup (full, full differential, differential, log, file, filegroup, etc.), and the amount of DML since the last backup (for differential backups). The size of a full backup (the largest type of backup) is at most the size of the database itself, because any space not allocated in the database does not get backed up.
Others (not covered)
Other files or data that consume hard disk space in a SQL Server system might be Full-text Search catalogs, OLAP cubes, and others.Top Of Page
Download
PhysDBStor.doc 353 KBMicrosoft
ause it allows for servicing of out-of-order I/O requests. TCQ is an intelligent mechanism built into the host adapter that reorders requests to minimize the movements of the disk head assembly. The disk can take into account rotation and seek distances and serve the commands in a more efficient order, and then return the data to the operating system in the requested order. Requests are serviced according to their tagged modes:Ordered: I/O commands are executed in the same order as the requested order.Head of Queue: This tagged command gets serviced immediately after the current I/O commandSimple: Allows hard disk to control the ordering for optimized I/O activity.Other advantages include its thin cable design and smaller form factor and length. These all help to allow for better airflow and heat dissipation. Also, the SATA cables can extend a longer distance (one meter) without data corruption compared to the 40 cm. limit of IDE.SCSI (Small Computer System Interface): SCSI is a parallel interface used for attaching peripherals such as hard disks. In general, SCSI provides a faster data transmission rate of up to 320 MB/sec. There is another version of SCSI called Serial Attached SCSI (SAS). SAS combines the benefits of SCSI with SATA's physical advantages listed above.FC DAS (Fiber Channel Direct-Attached Storage): Fiber channel is a physical layer protocol enabling serial duplex interfacing to allow communications between high performance storage systems and performing up to 2 GBps. Fiber channels in DAS topology are directly attached to a server and are not openly accessible to other servers. FC DAS is not commonly used.FC SAN (Fiber Channel Storage Area Network): Dedicated network that allows access between storage devices and servers on that network using the fiber channel technology (described above).iSCSI (Internet Small Computer System Interface): An IP (Internet Protocol)-based storage network protocol used for linking data storage to servers. The iSCSI protocol transmits SCSI packets as IP packets. Because it is using IP, iSCSI is routable and can leverage any existing TCP/IP network. There are two terminologies to take note of in the iSCSI industry:iSCSI Target: refers to the actual physical disks.iSCSI Initiators: refers to the client that performs the I/O request to that particular iSCSI Target.There are hardware and software versions of both iSCSI Initiator and iSCSI Target. The Microsoft iSCSI Software Initiator Package includes both the iSCSI Initiator service and the iSCSI Initiator software driver.
RAID
RAID stands for Redundant Array of Inexpensive (or Independent) Disks. It is a collection of disk drives working together to optimize fault tolerance and performance. There are various RAID levels, but only the RAID levels significant to SQL Server are described here.RAID0 (simple striping): Simplest configuration of disks that stripe the data. RAID0 does not provide any redundancy or fault tolerance. Data striping refers to sequentially writing data in a round-robin style up to a certain stripe size, a multiple of a disk sector (usually 512 bytes). Data striping yields good performance because multiple disks are concurrently servicing the I/O requests. The positive points for RAID0 are the cost, performance, and storage efficiency. The negative impact of no redundancy can outweigh its positive points.RAID1 (simple mirroring): This configuration creates an exact copy or mirror of all the data on two or more disks. This RAID level gives good redundancy and fault tolerance, but poor storage efficiency. To fully take advantage RAID1 redundancy, it is recommended to use independent disk controllers (referred to as duplexing or splitting). Duplexing or splitting removes single-point failures and allows multiple redundant paths.RAID5 (striping with parity): RAID5 uses block-level striping where parity is distributed among the disks. RAID5 is the most popular RAID level used in the industry. This RAID level gives fault tolerance and storage efficiency. However, RAID5 gives a larger negative impact for all write operations, especially sequential writes.RAID10 (stripe of mirrors): RAID10 is essentially many sets of RAID1 or mirrored drives in a RAID0 configuration. This configuration combines the best attributes of striping and mirroring: high performance and good fault tolerance. For these reasons, we recommend using this RAID level. However, the high performance and reliability level is the trade-off for storage capacity.Note that in all levels of RAID configuration, the storage efficiency
In Windows Vista as well as Windows Server 2008, partition alignment is usually performed by default. The default for disks larger than 4 GB is 1 MB; the setting is configurable and is found in the registry at the following location:HKLM\SYSTEM\CurrentControlSet\Services\VDS\Alignment
Diskpart & "diskpar " correct alignment
http://technet.microsoft.com/en-us/library/dd758814(v=sql.100).aspx
Using Diskpart.exe to Perform Partition Alignment, Assign Drive Letters, and Assign File Allocation Unit Size
The good news is that partition alignment is simple to perform; the bad news is that partition alignment must be done at partition creation time, prior to partitions being formatted. This is great if you have a new SAN, but it might be painful to convert large amounts of existing data on misaligned partitions.Caution: Realigning partitions using any tool is a destructive operation, because it wipes out existing data.Here is a template for using diskpart.exe to perform partition alignment, assign a drive letter, and format a partition.Command Line SyntaxDiskpart list disk select disk <DiskNumber> create partition primary align=<Offset_in_KB> assign letter=<DriveLetter> format fs=ntfs unit=64K label="<label>" nowait Here is an example in which the F: drive is created on disk 3, aligned with an offset of 1,024 KB, and formatted with a file allocation unit (cluster) size of 64 KB.Command Line SyntaxC:\>diskpart Microsoft DiskPart version 6.0.6001 Copyright (C) 1999-2007 Microsoft Corporation. On computer: ASPIRINGGEEK DISKPART> list disk Disk ### Status Size Free Dyn GPT -------- ---------- ------- ------- --- --- Disk 0 Online 186 GB 0 B Disk 1 Online 100 GB 0 B Disk 2 Online 120 GB 0 B Disk 3 Online 150 GB 150 GB DISKPART> select disk 3 Disk 3 is now the selected disk. DISKPART> create partition primary align=1024 DiskPart succeeded in creating the specified partition. DISKPART> assign letter=F DiskPart successfully assigned the drive letter or mount point. DISKPART> format fs=ntfs unit=64K label="MyFastDisk" nowait Note that nowait initiates asynchronous formatting, so that the formatting of multiple partitions can begin one after another, allowing the operations to proceed in parallel. The format option is not available in Windows Server 2003.Diskpart can be executed directly from the command line or scripted. The /s switch specifies an input script file.
Command-Line Partition Alignment Tools: Diskpart.exe and Diskpar.exe
Disk partition alignment is not available from the Disk Management snap-in (diskmgmt.msc).Windows provides two tools to implement disk partition alignment: diskpart.exe and diskpar.exe.The Windows 2000 Resource Kit introduced the command-line utility diskpar.exe. Its successor, diskpart.exe, was introduced in Windows Server 2003. Note the presence or absence of a "t" in their names. The /align option debuted in Windows Server 2003 Service Pack 1 (SP1). Both utilities are powerful and should be exercised with caution.Diskpar.exe reliably reports partition alignment in terms of bytes. However, results are valid only for MBR basic disks, and this tool is no longer supported by Microsoft.Diskpart.exe reports alignment for basic disks in terms of kilobytes. As noted, the Windows Server 2003 (and earlier) default alignment is 32,256 bytes, exactly 31.5 KB; unfortunately DiskPart rounds this up to 32 KB. Though DiskPart is the tool of choice to implement partition alignment, the value it reports for partition offset is not sufficiently granular. Therefore, use thewmic command to report partition offsets of basic disks; usedmdiag –v for Windows dynamic disks.
Valid Starting Partition Offsets
Because versions of Windows earlier than and including Windows Server 2003 comply with the 63 hidden sectors reported by disk hardware, and because the most common sector size 512-byte sectors, the default (and suboptimal) starting partition offset is 32,256 bytes, exactly 31.5 KB.Explicitly defining the starting offset from 31.5 KB to exactly 32 KB might seem like a legitimate approach. In fact, as mentioned earlier, 64 KB is typically the minimum (and a common) valid starting partition offset for SQL Server because of the correlations described later.When choosing a valid partition starting offset, refer first to your storage vendor best practices. Make certain their recommendations correlate with the stripe unit size and file allocation unit size configured for SQL Server. In the absence of definitive vendor information, choose the Windows Server 2008 default.Windows Server 2008 partition alignment defaults to 1024 KB (that is, 1,048,576 bytes). This value provides a durable solution. It correlates well (as described later) with common stripe unit sizes such as 64 KB, 128 KB, and 256 KB as well as the less frequently used values of 512 KB and 1024 KB. Also, the value virtually guarantees hidden structures allocated by storage hardware are skipped.
Basic Disk Partition Offsets: wmic.exe
Windows can be interrogated for disk-related information via Windows Management Instrumentation (WMI). A straightforward method for obtaining partition starting offsets of Windows basic disks is this Wmic.exe command.Command Line Syntaxwmic partition get BlockSize, StartingOffset, Name, Index The value for Index is the same as disk number in the Disk Management Microsoft Management Console (MMC) snap-in (Diskmgmt.msc); wmic volume can also be used to map disk indexes and drive letters.
Dynamic Disk Partition Offsets: dmddiag.exe -v
The command-line utility Dmdiag.exe is used to determine the partition offsets of Windows dynamic volumes.Important: Neither the output of the wmic command listed earlier nor any other tool designed only for basic disks reliably reports starting partition offsets of Windows dynamic disks.The tool is available in the support tools folder of Windows Server 2003. In Windows Server 2008, the tool has been renamed diskdiag.exe.To determine the starting partition offset of dynamic disks, execute the following command.
Disk Partition Alignment Best Practices for SQL Server
SQL Server 2008174 out of 185 rated this helpful - Rate this topicWriters: Jimmy May, Denny LeeContributors: Mike Ruthruff, Robert Smith, Bruce Worthington, Jeff Goldner, Mark Licata, Deborah Jones, Michael Thomassy, Michael Epprecht, Frank McBath, Joseph Sack, Matt Landers, Jason McKittrick, Linchi Shea, Juergen Thomas, Emily Wilson, John Otto, Brent DowlingTechnical Reviewers: Mike Ruthruff, Robert Smith, Bruce Worthington, Emily Wilson, Lindsey Allen, Stuart Ozer, Thomas Kejser, Kun Cheng, Nicholas Dritsas, Paul Mestemaker, Alexei Khalyako, Mike Anderson, Bong KangPublished: May 2009Applies to: SQL Server 2008Summary: Disk partition alignment is a powerful tool for improving SQL Server performance. Configuring optimal disk performance is often viewed as much art as science. A best practice that is essential yet often overlooked is disk partition alignment. Windows Server 2008 attempts to align new partitions out-of-the-box, yet disk partition alignment remains a relevant technology for partitions created on prior versions of Windows.This paper documents performance for aligned and nonaligned storage and why nonaligned partitions can negatively impact I/O performance; it explains disk partition alignment for storage configured on Windows Server 2003, including analysis, diagnosis, and remediation; and it describes how Windows Server 2008 attempts to remedy challenges related to partition alignment for new partitions yet does not correct the configuration of preexisting partitions.The following topics are also included: background information, implementation, vendor considerations, two essential correlations, valid starting partition offsets, and the simple protocol to align partitions, define file allocation unit size, and assign drive letters. It includes results from tests that show how partition alignment can affect performance for SQL Server 2008.You can also download a Microsoft Word version of this article.
Introduction
Configuring optimal disk performance is often viewed as much art as science. Yet an understanding of disk performance best practices can result in significant improvements. Some of the many factors that affect disk I/O performance include the number, size, and speed of disks; file allocation unit size; configuration of host bus adapters (HBAs) and fabric switches; network bandwidth; cache on disks, controllers, and storage area networks (SANs); whether disks are dedicated, shared, or virtualized; RAID levels; bus speed; number of paths from disk I/O subsystem to servers; driver versions for all components; factors related to RAID stripes sizes; and workload.A best practice that is essential yet often overlooked is disk partition alignment.The Windows Server® 2008 operating system attempts to align new partitions out of the box, yet disk partition alignment remains a relevant technology for partitions created on prior versions of the Windows® operating system.Noncompliance with storage configuration best practices for the Microsoft® SQL Server® database software is a common root cause of support cases. The reason is often shown to be misalignment between Windows, storage, disk controllers, and cache segment lines.Failure to perform partition alignment may result in significant performance degradation. Disk partition alignment is a requirement for partitions from which high performance is demanded and that were created on RAID disk devices on versions of Windows prior to Windows Server 2008. As we will explain, new partitions on Windows Server 2008 are created at a starting offset which (with high probability) aligns with underlying RAID stripe units.For systems from which high performance is required, it is essential to experiment with representative workloads and determine the validity of disk partition alignment for your environment.Unless performed at the time of partition creation, the default alignment offset will result in unaligned partitions on versions of Windows up to and including Windows Server 2003. These versions of Windows create disk partitions by default to boundaries based on the Cylinder/Head/Sector (CHS) addressing scheme used by previous generation disk controllers. Preexisting partitions attached to Windows Server 2008 maintain the original, flawed alignment under which they were created.This paper documents performance for aligned and nonaligned storage and why nonaligned partitions can negatively impact I/O performance; it explains disk partition alignment for storage configured on Windows Server 2003, including analysis, diagnosis, and remediation; and it describes how Windows Server 2008 attempts to remedy challenges related to partition alignment for new partitions yet does not correct the configuration of preexisting partitions.The following topics are also included:Background informationImplementationVendor considerationsTwo essential correlationsValid starting partition offsetsThe paper also covers the simple protocol to align partitions, define file allocation unit size, and assign drive letters.
Scope
The information presented here applies to Windows basic and dynamic disks with master boot record (MBR) partitions.Details related to GUID partition table (GPT) disks are not addressed. However, disk partition alignment is a best practice, and it is required for optimal performance for each of these hard drive configurations:MBR basicMBR dynamicGPT basicGPT dynamicPerformance characteristics of dynamic disks and GPT disks will be addressed in subsequent publications on the SQL Server Customer Advisory Team Web site (www.sqlcat.com).
Background Information
You may hear the terms partition alignment, disk alignment, volume alignment, and sector alignment used synonymously. This paper uses the term partition alignment.Many customers are unaware of partition alignment. Even experienced disk administrators may be unfamiliar with it. Explanations are often initially met with disbelief.Engineers familiar with the topic may underestimate its importance. For example, some customers think it is useful only for Microsoft Exchange Server. In fact, partition alignment is important for all servers from which high performance is expected—especially SQL Server.This section presents essential terms and history.
Terms
Discussion of disk I/O includes terms that are often used ambiguously and interchangeably—sometimes reflecting accepted definitions, sometimes not. A common framework for communication is important. Hard drives contain many components; the important ones for this discussion are labeled in Figure 2 in the "Appendix". Figures 3 and 4 in the same section provide graphical documentation.Hard drives house platters, one or more thin, circular disks, on the surfaces of which are the electronic media that store information.Each side of each platter has thousands of tracks. The set of tracks with the same diameter from all platter surfaces comprises a cylinder. (For modern drives, the cylinder concept is no longer relevant, and tracks are no longer arranged in concentric circles, yet it is useful to understand the origin of the terms.) Each platter surface has a dedicated read/write head. Tracks are divided into sectors. A sector is the minimum chunk of data that can be read or written to a hard drive. Historically, sector size has been fixed at 512 bytes. Newer drives may offer 1 KB, 2 KB, or 4 KB sectors.Many engineers will recognize file allocation unit by another name: cluster. Cluster size is determined when the partition is formatted by the operating system (or the user). For example, if the sectors of a hard drive are 512 bytes, a 4 KB cluster has 8 sectors, and a 64 KB cluster has 128 sectors.Stripe size is the size of one entire stripe spread across all the disks in a RAID-0, RAID-10, RAID-5, or RAID-6 disk group. Stripe unit size is the size of each element of the stripe, as stored on each member of the disk group. Stripe size is a product of the stripe unit size and the number of disks in a RAID group. Stripe unit size is the attribute of a RAID disk group that can be configured by administrators. A stripe unit is the collection of bits on each disk exactly equal to the stripe unit size.
Description
Understanding the nuances of partition alignment is not necessary to follow the simple protocol required for optimal alignment. For more information about how to execute partition alignment, see the "Implementation" section later in this paper.The following is a simplified characterization of partition misalignment: Disk array hardware reports 63 reserved (hidden) sectors, and Windows obediently implements this information, reserving these sectors at the beginning of the first partition of a disk. The master boot record (MBR) resides within these hidden sectors. The compliance by Windows with 63 hidden sectors reported by disk hardware results in misalignment with stripe units, disk controllers, and cache segment lines. In all versions of Windows earlier than and including Windows XP and Windows Server 2003, these reserved sectors do not coincide with fundamental physical boundaries. The result is that single clusters of user data are written across multiple stripe units of the RAID. Every nth operation is affected (n depends on file allocation unit (cluster) size and stripe unit size). Fundamental physical boundaries in disk controllers and other hardware are also violated.Across a striped array, a single I/O coming into the array controller turns into multiple I/Os if the request crosses one or more stripe unit boundaries. The cumulative effect can contribute to substantial performance degradation. For more information about the effect in experimental and production environments, see the "Performance Impact" section later in this paper.In all cases, similar principals are at work: Due to misalignment, clusters of data are written across physical boundaries, requiring unintended, unnecessary I/Os that result in performance degradation.In the absence of an explicit vendor recommendation, use a partition offset that complies with the correlation discussed in the section "Essential Correlations: Partition Offset, File Allocation Unit Size, and Stripe Unit Size". 64 KB is a common, valid starting partition offset because it correlates well with fundamental physical boundaries in disks, controllers, and cache. Other valid starting partition offsets exist. The Windows Server 2008 default is 1024 KB. For more information, see the "Valid Starting Partition Offsets" section later in this paper.
Partition Alignment in Windows Operating Systems
The way partition alignment works depends on the version of Windows being used and the version in which the partition alignment was created. The following sections describe how partition alignment works in Windows Server 2008, the Windows Vista® operating system, and Windows Server 2003 and earlier.
Windows Server 2008 and Windows Vista: New Partitions
In Windows Vista as well as Windows Server 2008, partition alignment is usually performed by default. The default for disks larger than 4 GB is 1 MB; the setting is configurable and is found in the registry at the following location:HKLM\SYSTEM\CurrentControlSet\Services\VDS\AlignmentHowever, if OEM setups are delivered (for example, with recovery partitions), even fresh installations of Windows Server 2008 having partitions with undesirable partition starting offsets have been observed.Whatever the operating system, confirm that new partitions are properly aligned.
Windows Server 2008: Pre-existing Partitions
New partitions on Windows Server 2008 are likely to be aligned. Yet partitions created on earlier versions of Windows and become associated with Windows Server 2008 maintain the properties under which they were created. That is, in the absence of partition alignment being explicitly performed, these partitions are not aligned.
Windows Server 2003 and Earlier
Partitions created on versions of Windows up to and including Windows Server 2003 by default are not aligned. Partition alignment must be explicitly performed.
System Drives
System drives in versions of Windows prior to Windows Server 2008 cannot be aligned. Fortunately, workloads associated with system partitions of dedicated SQL Server computers are typically not as sensitive to partition misalignment as disks dedicated to I/O intensive uses, for example, SQL Server database files from which high-performance is demanded. As described in the "Appendix", modern disks are proprietary "black boxes" and disk partition alignment does not enhance performance for individual disks; however, cache line misalignment may still apply. Make certain that performance thresholds, particularly disk latency, are not exceeded for all disks, including those on which the operating system and SQL Server data and log files reside.System drives on fresh installations of Windows Server 2008 should be aligned by default.
Virtual Drives
Virtual drives and the host drives on which they reside must be aligned for optimal performance. The guidelines described here apply to the respective guest & host operating systems.
Description
Understanding the nuances of partition alignment is not necessary to follow the simple protocol required for optimal alignment. For more information about how to execute partition alignment, see the "Implementation" section later in this paper.
Performance Impact
In the detailed experiment below, alignment reduced both disk latency and query duration by approximately 30 percent. The performance of six aligned disks was comparable to or better than eight nonaligned disks.This work was done on a DELL PowerEdge 2950 with two dual core 3.00 GHz Intel Xeon processors, a PERC 5/E controller, and 8 GB of physical RAM. Six or eight disks, SAS DAS, 73 GB 15K RPM, were configured in RAID 10 with a cluster size of 64 KB and a stripe unit size of 64 KB. Windows Server 2003 and SQL Server 2005 were installed. A query was executed that the customer used to benchmark performance. Prior to ea
SIDS the full users lists
http://winsrv.blogspot.com/
http://technet.microsoft.com/en-us/library/cc773320(v=ws.10).aspx
http://social.technet.microsoft.com/wiki/contents/articles/1410.windows-how-to-run-with-alternate-credentials-and-open-elevated-command-prompts.aspx
http://technet.microsoft.com/en-us/library/cc756898(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc780850(v=WS.10).aspx
Windows: How to Run with Alternate Credentials and Open Elevated Command Prompts
Launching Tools Using Alternate Credentials from a Command Prompt Window
One of the easiest ways to launch tools using alternate credentials is to first launch a Command Prompt with the credentials you want to use. Once the Command Prompt is launched using the alternate credentials, all subsequent commands and tools run from that Command Prompt start using the elevated credentials you provided.
If you are starting from the Desktop in Windows Vista, Windows 7, or Windows Server 2008 and Windows Server 2008 R2, you can do the following:
Click Start (also shown as the circular Windows logo in the Start menu).
Type Command Prompt and right-click Command Prompt when it appears in the Start menu. From the resulting context menu, click Run as administrator.
As another example, assume that you are logged on as a typical domain user to a workstation in the domain, but you needed to run several tools using a more privileged account. You could do the following:
Open a Command Prompt window. Click Start, click Run, type cmd and press ENTER.
In the Command Prompt window you just opened, type runas /user:<domain\username> cmd and press ENTER to open another Command Prompt using alternate credentials. Substitute the actual domain and username of the account you want to use for <domain\username>. For example, assume that the administrator account name is cgreen in the domain cpandl.com, the command would look like this runas /user:cpandl\cgreen.
Note: Instead of opening two different Command Prompt windows, you could run the following command from the Run dialog box cmd /k runas /user:<domain\username> cmd. For example, to open a Command Prompt as cgreen from the domain cpandl.com, you could run the following command: cmd /k runas /user:cpandl\cgreen cmd. The snap-ins only exist when the specific role, administrative tool, or Remote Server Administration Tools (RSAT) have first been installed. If you try to run snap-in that is not installed, you will see a "cannot find" error message appear.
From here a new Command Prompt window opens with the credentials of the user account provided and you are prompted to type the password for the account. Once you enter the password for the account, you can run commands and launch additional tools from that Command Prompt window that will run using the credentials that you used to launch the window. For example, to run the Registry Editor, you could type regedit and press ENTER. To make use of the Command Prompt window to open graphical tools and snap-ins, you must know the name of the tools or their respective snap-ins.
The following list provides the tool's full name followed by the name to type from the Command Prompt to launch the tool:
Active Directory Federation Services – adfs.msc
Active Directory Rights Management Services – adrms.msc
Active Directory Sites and Services – dssite.msc
Active Directory Users and Computers – dsa.msc
Add Hardware – hdwwiz.cpl
ADSI Edit – adsiedit.msc
Authorization Manager – azman.msc
Certificates [Current User] – certmgr.msc
Certificate Templates - certtmpl.msc
Certification Authority - certsrv.msc
Component Services – comexp.msc
Computer Management – compmgmt.msc
Control Panel Network Connections – ncpa.cpl
Date and Time – timedate.cpl
Device Manager – devmgmt.msc
DFS Management – dfsmgmt.msc
DHCP – dhcpmgmt.msc
Disk Management – diskmgmt.msc
Display Settings – desk.cpl
DNS Manager – dnsmgmt.msc
Enterprise PKI – pkiview.msc
Event Viewer – eventvwr.msc
Failover Cluster Management – CluAdmin.msc
File Server Resource Manager – fsrm.msc
Hyper-V Manager – virtmgmt.msc
Indexing Service – ciadv.msc
Internet Information Services (IIS) 6.0 Manager – iis6.msc
Internet Information Services (IIS) Manager – iis.msc
Internet Properties – inetcpl.cpl
Local Group Policy Editor – gpedit.msc
Local Security Policy – secpol.msc
Local Users and Groups – lusrmgr.msc
Microsoft Fax Service Manager – fxadmin.msc
Mouse Properties – main.cpl
NAP Client Configuration – napclcfg.msc
Network Policy Server – nps.msc
Network Properties - ncpa.cpl
Power Options – powercfg.cpl
Print Management – printmanagement.msc
Programs and Features - appwiz.cpl
Reliability and Performance Monitor – perfmon.msc
Remote Desktops – tsmmc.msc
Removable Storage – ntmsmgr.msc
Removable Storage Operator Requests – ntmsoprq.msc
Resultant Set of Policy – rsop.msc
Routing and Remote Access Management – rrasmgmt.msc
Server Manager – servermanager.msc
Services – services.msc
Share and Storage Management – storagemgmt.msc
Shared Folders – fsmgmt.msc
Sound – mmsys.cpl
Storage Explorer – storexpl.msc
System Properties – sysdm.cpl
Task Scheduler – taskschd.msc
Telephony – tapimgmt.msc
Terminal Services Configuration - tsconfig.msc
Terminal Services Manager - tsadmin.msc
Trusted Platform Module (TPM) Management – tpm.msc
TS Gateway Manager - tsgateway.msc
TS RemoteApp Manager – remoteprograms.msc
UDDI Services Console – uddi.msc
Windows Deployment Services – wdsmgmt.msc
Windows Firewall – firewall.cpl
Windows Firewall – ws.msc
Windows Server Backup – wbadmin.msc
Windows System Resource Manager – wsrm.msc
WINS – winsmgmt.msc
WMI Control – wmimgmt.msc
alternate credentials, Console, elevated command prompt, en-US, gui, has comment, Kurt Hudson, mmc snap-in names, names, Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
Windows: How to Run with Alternate Credentials and Open Elevated Command Prompts
Launching Tools Using Alternate Credentials from a Command Prompt Window
One of the easiest ways to launch tools using alternate credentials is to first launch a Command Prompt with the credentials you want to use. Once the Command Prompt is launched using the alternate credentials, all subsequent commands and tools run from that Command Prompt start using the elevated credentials you provided.
If you are starting from the Desktop in Windows Vista, Windows 7, or Windows Server 2008 and Windows Server 2008 R2, you can do the following:
Click Start (also shown as the circular Windows logo in the Start menu).
Type Command Prompt and right-click Command Prompt when it appears in the Start menu. From the resulting context menu, click Run as administrator.
As another example, assume that you are logged on as a typical domain user to a workstation in the domain, but you needed to run several tools using a more privileged account. You could do the following:
Open a Command Prompt window. Click Start, click Run, type cmd and press ENTER.
In the Command Prompt window you just opened, type runas /user:<domain\username> cmd and press ENTER to open another Command Prompt using alternate credentials. Substitute the actual domain and username of the account you want to use for <domain\username>. For example, assume that the administrator account name is cgreen in the domain cpandl.com, the command would look like this runas /user:cpandl\cgreen.
Note: Instead of opening two different Command Prompt windows, you could run the following command from the Run dialog box cmd /k runas /user:<domain\username> cmd. For example, to open a Command Prompt as cgreen from the domain cpandl.com, you could run the following command: cmd /k runas /user:cpandl\cgreen cmd. The snap-ins only exist when the specific role, administrative tool, or Remote Server Administration Tools (RSAT) have first been installed. If you try to run snap-in that is not installed, you will see a "cannot find" error message appear.
From here a new Command Prompt window opens with the credentials of the user account provided and you are prompted to type the password for the account. Once you enter the password for the account, you can run commands and launch additional tools from that Command Prompt window that will run using the credentials that you used to launch the window. For example, to run the Registry Editor, you could type regedit and press ENTER. To make use of the Command Prompt window to open graphical tools and snap-ins, you must know the name of the tools or their respective snap-ins.
The following list provides the tool's full name followed by the name to type from the Command Prompt to launch the tool:
Active Directory Federation Services – adfs.msc
Active Directory Rights Management Services – adrms.msc
Active Directory Sites and Services – dssite.msc
Active Directory Users and Computers – dsa.msc
Add Hardware – hdwwiz.cpl
ADSI Edit – adsiedit.msc
Authorization Manager – azman.msc
Certificates [Current User] – certmgr.msc
Certificate Templates - certtmpl.msc
Certification Authority - certsrv.msc
Component Services – comexp.msc
Computer Management – compmgmt.msc
Control Panel Network Connections – ncpa.cpl
Date and Time – timedate.cpl
Device Manager – devmgmt.msc
DFS Management – dfsmgmt.msc
DHCP – dhcpmgmt.msc
Disk Management – diskmgmt.msc
Display Settings – desk.cpl
DNS Manager – dnsmgmt.msc
Enterprise PKI – pkiview.msc
Event Viewer – eventvwr.msc
Failover Cluster Management – CluAdmin.msc
File Server Resource Manager – fsrm.msc
Hyper-V Manager – virtmgmt.msc
Indexing Service – ciadv.msc
Internet Information Services (IIS) 6.0 Manager – iis6.msc
Internet Information Services (IIS) Manager – iis.msc
Internet Properties – inetcpl.cpl
Local Group Policy Editor – gpedit.msc
Local Security Policy – secpol.msc
Local Users and Groups – lusrmgr.msc
Microsoft Fax Service Manager – fxadmin.msc
Mouse Properties – main.cpl
NAP Client Configuration – napclcfg.msc
Network Policy Server – nps.msc
Network Properties - ncpa.cpl
Power Options – powercfg.cpl
Print Management – printmanagement.msc
Programs and Features - appwiz.cpl
Reliability and Performance Monitor – perfmon.msc
Remote Desktops – tsmmc.msc
Removable Storage – ntmsmgr.msc
Removable Storage Operator Requests – ntmsoprq.msc
Resultant Set of Policy – rsop.msc
Routing and Remote Access Management – rrasmgmt.msc
Server Manager – servermanager.msc
Services – services.msc
Share and Storage Management – storagemgmt.msc
Shared Folders – fsmgmt.msc
Sound – mmsys.cpl
Storage Explorer – storexpl.msc
System Properties – sysdm.cpl
Task Scheduler – taskschd.msc
Telephony – tapimgmt.msc
Terminal Services Configuration - tsconfig.msc
Terminal Services Manager - tsadmin.msc
Trusted Platform Module (TPM) Management – tpm.msc
TS Gateway Manager - tsgateway.msc
TS RemoteApp Manager – remoteprograms.msc
UDDI Services Console – uddi.msc
Windows Deployment Services – wdsmgmt.msc
Windows Firewall – firewall.cpl
Windows Firewall – ws.msc
Windows Server Backup – wbadmin.msc
Windows System Resource Manager – wsrm.msc
WINS – winsmgmt.msc
WMI Control – wmimgmt.msc
alternate credentials, Console, elevated command prompt, en-US, gui, has comment, Kurt Hudson, mmc snap-in names, names, Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
MS security updates
<http://i.microsoft.com/global/en-us/download/PublishingImages/Download_Symbol.png>
Security Patch
Security Update for Windows 7 for x64-based Systems (KB2779030)
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it.
---------- Forwarded message ----------
From: tubie toadtail
Date: Tuesday, November 19, 2013
Subject: ms security updates
To: Rubyroadmail@gmail.com
Cc: Marychavez@inbox.com
http://technet.microsoft.com/security/bulletin
http://www.microsoft.com/downloads/details.aspx?FamilyId=a57b7cc2-cb05-4cf3-83c5-e0181d6ec184
http://technet.microsoft.com/security/bulletin
http://technet.microsoft.com/en-us/library/cc779816
http://www.interoperabilitybridges.com/
http://update.microsoft.com/microsoftupdate/
http://support.microsoft.com/gp/cu_sc_virsec_master
http://technet.microsoft.com/security/advisory
http://blogs.technet.com/b/security/archive/2013/11/07/maslow-and-malware-developing-a-hierarchy-of-needs-for-cybersecurity.aspx
http://go.microsoft.com/fwlink/p/?LinkId=168949
http://www.microsoft.com/security/default.aspx
http://www.microsoft.com/en-us/download/details.aspx?id=5842
http://www.microsoft.com/security/default.aspx
http://www.microsoft.com/en-us/download/details.aspx?id=20858
http://technet.microsoft.com/en-us/security/advisoryarchive
http://search.microsoft.com/en-us/DownloadResults.aspx?rf=sp&FORM=DLC&sortby=-availabledate&q=updates%20service%20packs&ftapplicableproducts=Windows
http://technet.microsoft.com/en-US/security/dn530791
Registry HKLM COMPLETE LIST
http://technet.microsoft.com/en-us/library/cc959046.aspx
TechNetProductsIT ResourcesDownloadsTrainingSupport
United States (English) Sign in
Home Library Wiki Learn Gallery Downloads Support Forums Blogs
Export (0) Print
TechNet Library
TechNet Archive
Windows 2000 Server
Windows 2000 Server
Resource Kits
Distributed Systems Guide
Windows 2000 Registry Reference
Data Types in the Windows 2000 Registry
Introductory Topics
About the Windows 2000 Registry
Data Types in the Windows 2000 Registry
Backing up and Restoring the Windows 2000 Registry
Viewing and Editing the Registry
About the Technical Reference to the Registry
Components of an entry description
Alphabetical List of Registry Content
HKEY_LOCAL_MACHINE
SYSTEM
MountedDevices
Select
LastKnownGood
Current
Failed
Default
Hardware
DESCRIPTION
System
DEVICEMAP
SERIALCOMM
\Device\Serial#
Software
Policies
Microsoft
Windows NT
Windows NT
Printers
SupportLink
DiskQuota
Enforce
ApplyToRemovableMedia
LogEventOverThreshold
Enable
ThresholdUnits
Windows
System
GroupPolicyMinTransferRate
SlowLinkProfileDefault
Installer
AllowLockdownBrowse
NetCache
NoMakeAvailableOffline
PurgeAtLogoff
ExcludeExtensions
Network Connections
NC_ShowSharedAccessUI
Task Scheduler5.0
Property Pages
Program Groups
ConvertedToLinks
Microsoft
Windows NT
CurrentVersion
Winlogon
DisableCAD
Driver Signing
Policy
DrWatson
LogFilePath
MaximumCrashes
Instructions
AppendToLogFile
DumpAllThreads
CrashDumpFile
NumberOfCrashes
SoundNotification
CreateCrashDump
DumpSymbols
VisualNotification
WaveFile
MSMQ
Parameters
MaxSysQueue
RemoveDuplicateCleanup
LogMgrBuffers
StoreInSeqLogPath
CryptKeyExpirationTime
IdleAckDelay
MinRRThreads
LogDataCreated
DSCliSearchAdsForServersIntervalSecs
StoreMqLogPath
Workgroup
QmPbKeyCacheSize
MaxMessageSize
MachineCache
LongLiveTime
LkgMQISServer
SiteId
MasterId
QMId
MQS
StaticMQISServer
EnterpriseId
MachineQuota
Address
CurrentMQISServer
MQISServer
CNs
SiteName
MachineJournalQuota
Setup
AlwaysWithoutDS
CleanupInterval
CertificationAuthorities
StorePersistentPath
UserCacheSize
StoreLogPath
MaxRRThreads
LogMgrTimerInterval
RemoteQMMachine
StoreReliablePath
CryptSendKeyCacheSize
DSListRefresh
LogMgrChkptInterval
ServersCache
DeferredInit
StoreJournalPath
LogMgrProbeInterval
CertInfoCacheSize
AckTimeout
SysQueuePriority
UserCacheExpirationTime
SeqResend10Time
SeqResend46Time
ClusterName
BscAckFrequency
mqisdb
MsmqIpPort
MsmqIpxPort
QMThreadNo
StoreXactLogPath
SeqResend79Time
DcCacheExpirationTime
RpcCancelTimeout
MessageID
LogMgrFlushInterval
CryptReceiveKeyCacheSize
StoreAckTimeout
mqisConnectionNumber
SeqResend13Time
DSSecurityCache
MsmqIpxPingPort
DcCacheSize
LogMgrFileSize
MsmqIpPingPort
MaxUnackedPacket
WriteMsgTimeout
LastPrivateQueueId
UsePing
RMFlushInterval
OCMsetup
ShortcutDirectory
InstalledComponents
NonServiceInstalled
ShortcutCount
Directory
PswdSync
NotifyChange
Domains
pod-name
Port Number
Hosts
Logging
Update Retry Interval
Propagate Method
LoginPrompt
Max Retries
PropDenyGroup
PropAllowGroup
LoginAccount
PasswordCmd
Max Retries
Update Retry Interval
Logging
Windows NT
CurrentVersion
PDH
GRE_Initialize
Network
UMAddOns
SMAddOns
Shared Parameters
World Full Access Shared Parameters
Winlogon
KeepRasConnection
CachePrimaryDomain
Userinit
VmApplet
LegalNoticeCaption
ShutdownWithoutLogon
System
AutoAdminLogon
DefaultDomainName
DCacheUpdate
ShowLogonOptions
SlowLinkProfileDefault
SFCDllCacheDir
DCacheMinInterval
PowerdownAfterShutdown
DefaultUserName
AutoRestartShell
Shell
ReportBootOk
LegalNoticeText
DebugServerCommand
allocatecdroms
DontDisplayLastUserName
Welcome
ProfileDlgTimeOut
SlowLinkDetectEnabled
TaskMan
allocatefloppies
DeleteRoamingCache
RunLogonScriptSync
PasswordExpiryWarning
CachedLogonsCount
RasForce
SlowLinkTimeOut
LogonPrompt
FontDPI
LogPixels
FontSubstitutes
Font-name
WOW
boot
Perflib
CollectUnicodeProcessNames
EventLogLevel
ExtCounterTestLevel
AeDebug
UserDebuggerHotKey
Auto
Debugger
Type 1 Installer
Type 1 Fonts
Windows
AppInit_DLLs
TransmissionRetryTimeout
DeviceNotSelectedTimeout
swapdisk
Fonts
font-name
Font Drivers
Providers
LanMan Print Services
Servers
SyncOpenPrinter
server-name
Providers
RetryPopup
NetPopup
EventLog
NetPopupToComputer
BeepEnabled
Printers
printer-name
UntilTime
Separator File
Location
PrinterDriverData
StartTime
Priority
Datatype
Name
Share Name
Description
Default Priority
SpoolDirectory
Print Processor
Printer Driver
DefaultSpoolDirectory
Printers
Forms
server-name
Servers
Windows
CurrentVersion
RunOnce
Explorer
User Shell Folders
Common Favorites
DrWatson
MSMQ
Command Processor
DelayedExpansion
OS/2 Subsystem for NT
1.0
config.sys
PswdSync
Driver Signing
Microsoft
SAM
SAM
HARDWARE
SOFTWARE
SECURITY
HKEY_CURRENT_USER
UNICODE Program Groups
Console
FontFamily
FontSize
ScreenBufferSize
FaceName
CursorSize
PopupColors
FullScreen
FontWeight
HistoryBufferSize
NumberOfHistoryBuffers
InsertMode
ScreenColors
WindowSize
QuickEdit
LoadConIme
WindowPosition
ColorTable#
console-window-name
Control Panel
International
sNativeDigits
sPositiveSign
sList
sDate
sTime
sThousand
iCurrency
sLanguage
iLZero
iDate
sLongDate
sShortDate
sDecimal
iTLZero
iCountry
sCurrency
sCountry
s1159
s2359
iCurrDigits
iNegCurr
iTime
iMeasure
Locale
iDigits
Mouse
SnapToDefaultButton
DoubleClickHeight
MouseSpeed
SwapMouseButtons
DoubleClickWidth
MouseThreshold2
MouseThreshold1
DoubleClickSpeed
Desktop
CursorBlinkRate
ScreenSaverIsSecure
WindowMetrics
IconTitleWrap
IconFont
StatusFont
IconSpacing
BorderWidth
CaptionFont
MinVertGap
CaptionHeight
MenuFont
Size
ScrollWidth
CaptionWidth
ScrollHeight
MinHorzGap
MenuWidth
SmCaptionHeight
MinWidth
MenuHeight
MinArrange
MinAnimate
Shell Icon BPP
MessageFont
IconVerticalSpacing
ShellIconSize
SmCaptionWidth
SmCaptionFont
Wallpaper
HungAppTimeout
CoolSwitchRows
DragFullWindows
TileWallpaper
WheelScrollLines
WindowMetrics
DragWidth
CoolSwitchColumns
GridGranularity
ScreenSaveActive
SCRNSAVE.EXE
AutoEndTasks
WaitToKillAppTimeout
CoolSwitch
FontSmoothing
DragHeight
ScreenSaveTimeOut
LowPowerActive
Pattern
WallpaperStyle
MenuShowDelay
LowPowerTimeOut
ActiveWndTrkTimeout
ForegroundFlashCount
UserPreferencesMask
CaretWidth
ForegroundLockTimeout
Patterns
Pattern
PowerCfg
Appearance
CustomColors
Schemes
Current
Colors
element-name
Current
Color Schemes
Keyboard
KeyboardSpeed
InitialKeyboardIndicators
KeyboardDelay
Accessibility
Accessibility-option
Custom Colors
Color
Screen Saver.Screensaver-name
element-name
Keyboard Layout
Attributes
Substitutes
Keyboard layout code
Preload
layout-number
Toggle
Hotkey
Software
Microsoft
Command Processor
EnableExtensions
CompletionChar
DefaultColor
PathCompletionChar
DelayedExpansion
Ntbackup
Backup Engine
Use fast file restore
Perfmon
ReportEventsToEventLog
Windows NT
CurrentVersion
Extensions
TrueType
PrinterPorts
TaskManager
Program Manager
Restrictions
NoRun
ShowCommonGroups
EditLevel
Settings
AutoArrange
Windows
fPromptOnError
fPrintError
Windows
CurrentVersion
Explorer
User Shell Folders
Desktop
NetHood
Favorites
Startup
AppData
Programs
SendTo
Start Menu
PrintHood
Personal
Recent
Advanced
Shutdown Setting
Tips
Shell Folders
DesktopProcess
Policies
Explorer
NoViewContextMenu
Intellimenus
NoTrayContextMenu
NoRecentDocsNetHood
DisallowCpl
NoChangeKeyboardNavigationIndicators
NoFind
NoDriveAutoRun
NoNetHood
NoSetTaskbar
NoStartMenuSubFolders
NoClose
NoDesktop
NoDrives
NoRun
NoCommonGroups
NoSetFolders
ActiveDesktop
NoEditingComponents
AdminComponent
Add
System
HideLegacyLogonScripts
Uninstall
NoWindowsSetupPage
Windows NT
CurrentVersion
Devices
Windows
NetMessage
load
run
Programs
Device
Documents
DosPrint
NullPort
Winlogon
ReportDC
RunLogonScriptSync
Program Manager
Restrictions
NoSaveSettings
NoFileMenu
NoClose
Restrictions
UNICODE Groups
Settings
display.drv
MinOnRun
SaveSettings
Network
User Manager for Domains
Persistent Connections
SaveConnections
Server Manager
Event Viewer
SaveSettings
User Manager
TrueType
TTonly
TTEnable
Ntbackup
Windows Help
Command Processor
File Manager
Policies
Microsoft
Control Panel
International
Calendars
TwoDigitYearMax
MMC
RestrictToPermittedSnapins
Internet Explorer
Restrictions
NoFavorites
Windows
Group Policy Editor
Directory UI
EnableFilter
Installer
DisableRollback
Network Connections
NC_AllowAdvancedTCPIPConfig
NC_Statistics
NC_RenameConnection
Task Scheduler5.0
Allow Browse
Environment
TMP
TEMP
Printers
Network
Drive letter
ProviderType
ConnectionType
RemotePath
UserName
ProviderName
HKEY_LOCAL_MACHINE
96 out of 145 rated this helpful - Rate this topic
HKLM
Description
The HKEY_LOCAL_MACHINE subtree contains information about the local computer system, including hardware and operating system data, such as bus type, system memory, device drivers, and startup control parameters.
Top Of Page
Did you find this helpful? Yes No
© 2013 Microsoft
Manage Your Profile
Newsletter |Contact Us |Privacy Statement |Terms of Use |Trademarks
; HIVE BOOT SECTION
[HKEY_LOCAL_MACHINE\System\Events]
"SYSTEM/BatteryAPIsReady"="Battery Interface APIs"
; END HIVE BOOT SECTION
; These registry entries load the battery driver. The IClass value must match
; the BATTERY_DRIVER_CLASS definition in battery.h -- this is how the system
; knows which device is the battery driver. Note that we are using
; DEVFLAGS_NAKEDENTRIES with this driver. This tells the device manager
; to instantiate the device with the prefix named in the registry but to look
; for DLL entry points without the prefix. For example, it will look for Init
; instead of BAT_Init. This allows the prefix to be changed in the registry (if
; desired) without editing the driver code.
[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\Battery]
"Prefix"="BAT"
"Dll"="battdrvr.dll"
"Flags"=dword:8 ; DEVFLAGS_NAKEDENTRIES
"Order"=dword:0
"IClass"="{DD176277-CD34-4980-91EE-67DBEF3D8913}"
Subscribe to:
Posts (Atom)