Wednesday, November 14, 2007

Windows Vista's Constant HD Activity Craziness

Any user that has used Windows XP and updating to Vista will notice one thing: In Vista, your hard drive thinks it's a bewitched lawnmower – it's always active. Even after all startup programs are loaded, the HD is still active: Vista's Constant HD Activity Craziness.

Beside the typical babble of "Microsoft is now reading all your files and sent them to Redmond to gain the world domination!" the funny thing is that I was not able to find a resource on the web that describes what Vista is doing all the time. Therefore I decided to write this little article and listing all processes that cause a lot of HD activity, what they are doing and how they can be configured.

Introduction

Especially the typical XP user switching to Vista will notice that the HD is much more used in Vista than it was in XP. But why are these users (like me) noticing this anyway? Because in XP HD activity usually meant: "I'm busy. Go away.". In Vista this is not necessarily true. Even if HD led is gleaming all the time, you can mostly use Vista as if there would be no HD activity – thanks to several changes Microsoft has done in Vista.

For example, several programs and services will now use an IO (Input/output) Priority of "Background". This simply means, if there is no work to do for the HD, these programs will get the full speed of it (e.g. 15 MB/sec). As soon as a program with "Normal" priority is started, e.g. you double-click the iTunes icon, this program is getting full access (15 MB/sec) and the "Background" program is delayed (0 MB/sec). This will start iTunes as fast as you would expect it although there is another program in the background that is using the HD heavily.

So, the first thing to notice is that a constantly flushing HD LED is not such a performance killer as it was in XP. Secondly, all these services I'm listing are basically good configured out of the box and worth the stress they put on your HD. Except for some configurations, you do not need to disable any reconfigure any of them.

Below I have noted the features of Windows that know I know so far that cause a lot of HD activity. For each feature, I also noted the process name that appears in "Resource Monitor" so you know what is currently executing. For a description how to start Resource Monitor, please look at the bottom of this article.


SuperFetch

Displayed in Resource Monitor as: svchost.exe (LocalSystemNetworkRestricted)

To understand what SuperFetch does, you first need to understand what is happening when you load a file (regardless if it's a program or a document like a PDF).

Any file you are dealing with needs to be put into memory before your CPU can use it. This means that the different chunks of the file need to be retrieved from your HD and loaded into memory.

Think of a file as a song on a platter and the HD is the record player for this platter. To retrieve the file, the pickup of the record player needs to be moved forwarded until the song (file) begins and then read it until it's over.

In an ideal world, all files are organized as the songs on a platter: Song 1, Song 2, Song 3. However, in real life it's more like Song 1 Part A, Song 2 Part B, Song 1 Part C, Song 2 Part A, Song 1 Part B etc. You see, the pickup needs to move a lot until it has collected the complete Song 1. This moving around the entire platter simply takes time.

If an HD can read a file in one "move" this is called sequential I/O (Input/Output) and it's very fast – you can expect 50 MB per second or more. However, if the HD needs several "moves" until it has found the entire song (Random I/O), it will drop to 3 MB per Second or even less.

And this is one of the scenarios where SuperFetch kicks in: SuperFetch will first try to optimize this moving so files (songs) can be retrieved faster. Given the example from above (Song 1 Part A, Song 2 Part B, Song 1 Part C, Song 2 Part A, Song 1 Part B) a "stupid" load would first retrieve Song 1 Part A, then Song 1 Part B, then Song 1 Part C.

SuperFetch would in this case retrieve Song 1 Part A, then Song 1 Part C, then Song 1 Part B (as C comes before B on the platter) and later on reorder them in memory. With this optimization the data is more sequential retrieved and thus faster. Of course, in this simple example you would not notice any performance gain but think of a song with 50, 200 or even 500 fragments.

The second optimizations sounds a little bit like Voodoo: SuperFetch will try to read data from the HD BEFORE it's actually needed.

A good example of this is that you launch, each time you start Windows, Firefox and Outlook. Because SuperFetch will learn this the start of either Firefox or Outlook is very fast simply because there is no HD activity anymore: the data is in the memory already.

Or, you might start a game during lunch. As you do it regularly, SuperFetch can learn over time that the data of this game is needed every day at 12:04 (four minutes until your boss has left the office:-). SuperFetch will in this case pre-load the data from the HD to the memory so when you start the program, Vista does not read it from the HD but has the data ready-to-use in memory.

You can also monitor this in task manager: Directly after you have started Windows, you have plenty of free memory and only some data inside the cache.

If you wait 1-4 minutes, the cache will be filled:

And before you ask: No, this memory is not gone and you do not need any stupid memory manager. If you start an application that requires memory, the cache will be cleared (in less than a second) and ready to be used by any application that requires it.

SuperFetch has some more strategies and if you are interested, watch this video:

http://channel9.msdn.com/showpost.aspx?postid=242429

If you wish to stop SuperFetch from doing this, simply disable the service "SuperFetch" (see the bottom of this article how to disable a service).


System Protection

Displayed in Resource Monitor as: System (with PID 4) accessing C:\System Volume Information

System Restore is a combination of two completely different techniques: Restore Points and Previous Version. By default, it runs on every system startup once a day and then on midnight.

Restore Points might be known from Windows XP already and helps to recover if Windows won't boot any more. It simply takes a backup of important system files and configuration information (Registry) and stores them. If Windows is unable to boot, you can use the DVD and repair your Windows. For example, if you install a new driver (which will trigger the creation of a restore point automatically) and this driver is crashing upon start, Windows will simply restore the Restore Point and can be started again.

Beside this restore, you can also use System Protection to go back to a Restore Point in Windows itself. This is mostly used if you system is acting "strange", but still boots and you don't know what this has caused.

The creation of a Restore Point is very fast, for example on my system it only takes round about 20 seconds.

After the creation of the Restore Point, previous versions will start which is a technique to create backup copies of your files. Every time it runs it will check if a given file has been changed since the last backup and if so, create a backup copy. You can access a previous version of a file by simply right-clicking it and opening the "Previous Versions" tab. If you have deleted a file, you can also right-click the folder where it was stored and select "Previous Versions". Windows will then display all previous versions it has saved from this folder and you can simply view the contents by clicking "Open".

The big difference between Previous Versions and a "normal" backup tool is that previous versions are using a technique called "Shadow Copies". When previous versions are instructed to start, it will first ask Windows to create a shadow copy of the entire drive. Windows will stop all write requests to the HD for some seconds and then create a virtual copy of your HD. The creation of the shadow copy only takes some seconds more and after that, previous versions will start to work with the shadow copy of your HD.

Although this sounds a little bit like magic creating a copy of a 100 GB HD in some seconds, you need to remember that this is only a virtual copy. This means, Windows will not create a 100 GB file called DISK.IMG. What shadow copy does is that it will, as soon as a file is changed, copy this file and include it in its virtual copy. If a file is not changed or deleted, shadow copy will simply use the file as it is on your HD. That's the reason why it will stop all requests for some seconds to copy the files that are currently accessed or changed. Explaining more detailed how shadow copies work would take too long, so if you interested see the technical documentation on http://msdn2.microsoft.com/en-us/library/aa384961.aspx or view the following video on Channel 9: http://channel9.msdn.com/Showpost.aspx?postid=286303

With the virtual copy of your HD shadow copies has created, previous versions will simply check each and every file if it has changed since it was last backed up. If so, a backup copy is saved. This will also be true for directories but only changes will be saved. For example, if you have added a new file to the folder "Desktop", previous versions will not save the entire contents of the folder with 30 or more files but only the one file that was added. Inside the display of the folder (using the previous versions folder tab and clicking on Open) you will of course see the entire contents of the folder.

The HD stress comes from the fact that previous versions need to access every single item on your HD so it needs to check every file and every folder for changes. Depending on how many files you have, this can take up to 30 minutes until previous versions is finished. When you start Vista, most of the HD activity you see will be from previous versions.

Known this, you maybe want to disable previous version but keep the Restore Points in case there is a driver problem. To make it short: You can't - you can only enable or disable both.

As previous versions took a very long time to create, you might also think about excluding several files where you do not need a backup copy. Previous versions already exclude several folder and files that belong to Windows automatically. There is also a registry key to define files or folders that should be excluded. But (and that's a huge BUT) this won't make the creation of previous versions any faster: "In addition, excluding files from shadow copies may slow down shadow copy creation." http://msdn2.microsoft.com/en-us/library/aa819132.aspx

Please keep in mind that you will need an extra of your data on an external HD or DVD anyway. Previous versions do not replace your normal backup! If you HD dies because of a hardware failure previous versions won't help anything since their backup copies have died together with your HD. Always backup to external media!

"System Protection" (aka. Restore Points and Previous Versions) is really worth the extra stress on your HD! If you ever delete a file by accident that was important and you do not have it on your normal backup (e.g. the typical "I will do the backup tomorrow!") it can save your life. In fact, the draft of this document was deleted and only previous versions were able to recover it.

Even if you don't plan to use previous versions, leave system protection enabled because of restore points. If you have ever stared on the almighty "Blue Screen Of Dead" directly when starting Windows, you really know what PANIC means.

However, if you know what you are doing you can of course disable System Restore:

Go to Control Panel, "System and Maintenance", "System" and click on this header.

Inside the appearing window select "System protection" on the left side.


Defrag

Displayed in Resource Monitor as: DfrgNtfs.exe

Out of the box, Windows is configured to run a defragmentation of your HD every week. Fortunately, defrag (DfrgNtfs.exe) is smart enough to not execute if your HD is not fragmented a lot. Unfortunately, as Vista puts a lot of stress on the HD, it usually take only some months until defrag thinks the HD need to be "cured" and thus will be running.

To configure this automatic defragmentation, go to Control Panel, "System and Maintenance", "Administrative Tools" and click on "Defragment your hard drive":

Inside the appearing windows you can change the schedule. Either set it to run only once a month or simply disable it and later on run it manually.

Keep however in mind the typical user is more likely to forget the defragmentation so having it run automatically is the better decision.


Indexing (Desktop Search)

Displayed in Resource Monitor as: SearchIndexer.exe (several instances)

Indexing is one of the huge improvements in Vista and based on Windows Desktop Search you might already know. Indexing is used to allow you to search for a term and get the result from the index instantly. However, to find a document Indexing must first read it and save it to the index, a process also known as "crawling" or "indexing".

And this is where the trouble starts: The basic idea should is that Indexing does only put a lot of pressure on your HD directly after you have installed Vista until it has indexed all your documents. Once this has happened, Indexing should only crawls documents it does not have so far or which were updated.

However, as it looks like Indexing will at least "scan" all your documents on every startup of your PC. This can cause a lot of HD activity.

In case you have a lot of documents and you search for them regularly, I would recommend not changing the Indexing settings. However, if you have only some locations you wish to search for you can change the settings, having less files Indexing will touch and thus less HD activity.

As a recommendation from my side: Always index the Start menu. It's one of my top time saves to simply enter the name of a program into the input box of the Start menu and don't need to remember in which folder it is exactly.

To configure Indexing, go to Control Panel, "System and Maintenance", "Indexing Options" and click on "Change how Windows searches":

The settings of Indexing are normally fine out of the box as it will only index the documents inside your user folder among some other folder. However, if you only want the feature of Vista to search inside your Start Menu, you may simply exclude all other locations and thus reduce the amount of data Indexing will need to check.

To do so, just open the "Change how Windows searches" and click on the "Modify" button. Inside the appearing window select "Show all locations" and accept the UAC prompt.Inside the appearing window simply deselect the "Users" folder which normally contains most the data you use. If may also add another folder that contains the real important files, e.g. "C:\Data".

On my system, disabling "Users" caused the index to shrink from 22.747 files to round about 301. However, keep in mind: what is not indexed is not found when you search for it!

And in case you are interested: If you really don't need this indexing feature at all, you can simply disable the service "WSearch" but I really don't recommend this since a lot of applications depend on indexing to be working correctly.


Conclusion

When talking about "Vista's Constant HD Activity Craziness" you really need to know what is causing most of this activity and if it's worth the trouble. Except for the Index service that maybe needs to be reconfigured, all other services are really worth the stress they put on your HD.


Appendix A – How to enable/disable a service

Go to Control Panel, "System and Maintenance", "Administrative Tools" and click on this header.

In the newly opened window, select the first item "Computer Management". After an UAC prompt, "Computer Management" is started.

From the navigation view on the side, select "Services and Applications" and then "Services". Now all the services on your computer are displayed in the panel on the right.


Appendix B– Resource Monitor

The best way to monitor what is currently stressing your HD is to use the "Resource Monitor". To start it, simply right-click the taskbar, select "Task Manager", select the "Performance" tab and click on "Resource Monitor" on the bottom.

After the UAC prompt, the Resource Monitor will start. Inside, click on "Disk" and you see all applications in real time that access your HD.


12 comments:

  1. A superb article.. cleared all the issues and problems I had re the heavy hard disk utilisation by Vista. Definitely worth reading.

    ReplyDelete
  2. linked to gottabemobile.com for wide exposure such excellent article deserves.

    ReplyDelete
  3. Thank you for writing an excellent article!

    Now if you are using a notebook computer on a battery, do you really want all this background stuff running? One of the largest hogs of battery is the disk, which under Vista never powers down.

    (sign) I'd disable all of it, except that restore points are very valuable. Thank you Microsoft for not thinking of the mobile user. If Vista could only recognize it is on battery power and quiet everything except restore points, we would have a great system!

    ReplyDelete
  4. Ahh finally some peace and quiet from my drives.

    Thanks for the great article...

    ReplyDelete
  5. This is a great resource, however my system shadow on vista is causing Blue Screen of Death. It begins to run everytime I load up windows, i may use the machine for say 10 minutes then the BSOD will appear 0x0000C1F5. I have disabled system shadow starting up in the system configurator (Because I can't switch it off the standard way because this also causes BSOD). When i go into safe mode evrything works fine and It doesn't BSOD however the minute I try to do a system restore I get a BSOD, and its the same with s system repair off the DVD. Obviously something in my System Restore has become corrupt somewhere, does anyone know how to fix this? I am guessing a reinstall of vista will be required. I have defragged my HD and done an antivirus check to no avail, I have even uninstalled windows updates to see if these were the cause.

    Any help would be appreciated. Thanks in advanced.

    ReplyDelete
  6. sfwrtr: For me, Windows Vista definitely stops indexing when I unplug my laptop, and it starts indexing when I plug it in again. I think there's a setting for this -- check the power advanced options and the indexing advanced options.

    ReplyDelete
  7. Excellent article, many thanks for putting this togther - just copied all of my data from my old XP box to my new Vista machine and the disks have been going crazy ever since! Searchindexer.exe most - so now I know what it is....

    Next question: Where in Redmond do I send the bill for some new hard-disks when these ones have worn out too quickly? I think some raiding on my disks is needed.

    ReplyDelete
  8. I don't know, maybe billg@ms.com or steveb@ms.com :)?

    ReplyDelete
  9. Nice article!
    I do NOT use te indexing service, and i disabled it. Searching for file is a BIT longer but, i have a quite HD in my machine (Lenovo T60 laptop).
    And restore point! It is not a safe way. I disabled it too. I make an image (total) once every 2 weeks (Acronis TrueImage)

    ReplyDelete
  10. great article. what about every 15 seconds or so the system process (according to process monitor) writes to ntuser.dat. How can this be disabled or changes to every minute?

    ReplyDelete
  11. ntuser.dat is the HKEY_CURRENT_USER part of the registry. Since usually a lot of changes happen there, Windows flushes (writing the contents of it) this file often.

    ReplyDelete