Operating systems performance – startup and post-startup in particular – four-core i7, 8 GB or more memory

Windows 10

… My work laptop, which is Windows 10 Enterprise and on an enormous AD domain, is beyond slow, I mean molasses slow. 4 core i7, 16GB ram and it takes a full 15 minutes after boot for the drive light to stop and not be pegged at 100% drive utilization. After that it's the normal O365 crashes and slowness, then the OS is at least useable …

I had many notebooks with a similar specification pass through my hands since around 2013:
– typically with 8 GB memory. That's half as much as yours, but for the purpose of examing startup and post-startup routines, it's more than enough.

I have seen slowness, to varying degrees, with a variety of configurations, nothing as bad as what you describe. For things to crash, there must be something wrong.

Sevendogsbsd if you have priveleges to unbind from, then rebind to Active Directory: try it; you might notice a huge improvement without the domain context.

A great deal depends on how policies etc. are planned and implemented. I can't expect you to share details of group policies in your area, but can you share any additional information about your Windows environment? What anti-malware is in use; anything else that might have a deeply negative impact on hard disk drive activity?

FreeBSD

The 8570p that I currently use has 16 GB memory, I get massively reduced startup and post-startup times with an old 32 GB Kingston DataTraveler G4 as a cache device.
 
I think "Work Laptop" is a key here. I'm reading that as "work provided laptop that I use to do work with".
Since it's running Windows, I'm assuming that it's pretty locked down by corporate IT with the user not allowed to do much of anything.
Lot's of policies in place, lots of startup items going on, lot's of monitoring software. It would be interesting to see what the startup stuff looked like (applications, services, etc). Is it actually listening for and showing all those machines on the domain? That would be painful; that is the problem with Windows, by default they want to say "Here I am" and start to share things. By default, they should say nothing. That way any machine that is truly meant to be shared needs to have things explicitly turned on. Cleaner, less crap on the network, less problems for other machines.
 
Older laptops that still have a harddisk, those 2.5 inch disks are often only 5400 RPM and terribly slow. Replace it with a SATA SSD and the laptop will feel like new again.
 
Replace it with a SATA SSD and the laptop will feel like new again.
That is true; I did that on an older Lenovo when Win 7 went EOL so SSD and Win10 and it works good enough.
But putting SSD and either FreeBSD or Linux makes it even faster.
 
Sorry, but if a laptop is that incredibly slow on a huge AD domain, something is wrong with the domain servers. Maybe they're not set up correctly. There's also the possibility of firewall rules being set up so that it's awkward for authentication-related traffic to go between the laptop and the domain servers. Maybe the NT profiles got too big for gpupdate to handle. And yes, as grahamperrin pointed out, anti-malware can throw an unexpected wrench into things.

16G is a lot of memory. If you remove a Windows computer from the domain it will indeed boot faster.
Not really... AD authentication happens post-boot. The login screen will take forever to present itself if the computer is on a domain that has problems, though.
 
I use 500GB Hitachi TravelStar HDD @ 7200RPM on most of my Thinkpads. That or Scorpio Black 250GB HDD @ 7200, but the Hitachi has better specs.
 
… My work laptop is spinning rust so I understand it boots slowly, but boot is not the slowness on it - even after booting, the drive activity stays at 100% for at least 10 minutes. There is some enterprise/AD/McAfee madness going on there that just drags it down to being nearly unusable for a few minutes. I guess not entirely Windows fault. …

From an end user perspective, it's never good to have waiting periods so long.

However, your systems administratators might have made justifiably difficult decisions about, for example, whether to disallow asynchronous running of some scripts (or sets of scripts); and so on. Some areas are grey/contentious with no easy answer.

Sevendogsbsd is anything WPKG-related visibly installed? Check the Apps & features pane of Settings.

Whilst disk activity is visible for fifteen minutes, during which time the computer is practically unusable, this might be not the hundred percent that's perceived.

A constant hundred percent for C: in the Performance tab of Task Manager might be somewhat less constant at the storage level. One of the Windows 10 machines that I use is virtualised (in VirtualBox on FreeBSD-CURRENT), it's enlightening to compare:
  • the Windows guest view of things
  • a gstat -p view of the the two physical devices (one mobile hard disk drive, one 16 GB Kingston DataTraveler G4 (OpenZFS cache device)) that form a pool with a sole purpose of handling the virtual hard disk drive.
… interesting to see what the startup stuff looked like …

Sevendogsbsd Autoruns will be ideal. You can download the 'run' file from Sysinternals Live (at the foot of the page) and run the executable without admin privileges.

The result here, with all Microsoft and Windows entries hidden:

1624402081701.png
 
Thanks for the tips, much appreciated. Sadly I have zero control over any settings or software on my laptop as it is government issued and controlled. I do open task manager and check usage in terms of CPU, disk and memory. I’ll check again in the morning to confirm %.
 
… zero control over any settings …

I wonder, would an administrator perform a one-off click to allow file system compression? For C:

I'll let you know the outcome of this:

1624424850251.png


For the virtual hard disk above, stored on what's currently da0 (ZFS cache currently at da1), I usually prefer zstd-12 or zstd-15. More on this later.

… government issued …

So, I don't expect a share of any screenshot, or other detail that might be inappropriate :cool:
 
Sevendogsbsd said:
... it is government issued and controlled

AFAIK most government issued hardware comes with serious disk encryption, just to make sure no data leaks out when it's EOL. You can add that to the policies, AD and virus stuff. No wonder it'll take a while.
 
It's hard to tell what the issue exactly - I watched task manager this morning and the memory always stays around 30% but that is normal; CPU and disk activity go from 30-40% to over 90% for a few minutes after I reach the desktop. The processes at the top of the tree are Mcafee and a couple system processes. Nothing I can do about it so I just plan ahead and start my laptop before I start my coffee 🤓 I do have to start the laptop every Sunday night and let it run for a few hours so the McAfee scan can run, or Monday the machine is even more useless because the scan process loads the system down tremendously.
 
This is why I keep work and personal devices as separate as I can. It's easier to troubleshoot the work device that way, and if they discover that they're the ones that borked my work computer, no harm done, I get a newer device, better permissions, bosses can actually be told about equipment issues, and I still get paid. :p
 
  • Like
Reactions: mer
This is why I keep work and personal devices as separate as I can.
This is a key point, especially when working from home. Crossing the streams or mixing realms (using home device to do work on beyond web email) can open one up to "things". git clone work repo and do work locally could give employer reason/legal right to actually wipe your device when you leave. Also means they don't accidentally wipe your personal device.
 
I cannot connect a personal device to the government network because of endpoint security.
Good thing; that prevents you from getting any malware from the government on your personal devices :)
But the fact that it takes long is a benefit to to you:
coffee(true)
startBoot(workPC)
if (coffee() == done) then
morecoffee(true)
endif
while (booting != done) loop
morecoffee(true)
endloop
startWork()
 
… the outcome of this: …

It seemed that after requiring administrator credentials (to begin file system compression), Windows 10 20H2 did not attempt to compress most of what's compressible by an administrator.

Also, the check remained visible in the check box:

☑ Compress this drive to save space

– but was not apparent after closing then reopening the Properties window. It was this disappearance that led to discovery of failure to compress.

I'm now signed in to Windows as an administrator, repeating the compression routine, the underlying devices (currently at da1 and da2) are more obviously busy.

1624499621726.png




End result of compression: used space reduced from 69.1 to 59.8 GB.

Now optimising, which might be a waste of time in this context, but it does no harm. Then I'll review performance with and without the ZFS cache device.

24-06-2021 09-19-13.png
 
That kind of stuff, you gotta make your employer's IT support work with it. If such difficulties come from enough people, and enough time gets wasted, taking away from other priority work, they just might decide, "Hey, this is not working right, we gotta make changes". Plenty of horror stories on the Internet about how IT support was done so bad, other projects suffered, like caucus voting machines in US back in 2016. Everything was bungled to such an extent that blaming Russians became a convenient excuse, and nobody ever got to the bottom of that. I have no intent to start a flame war on these forums, though. My point is about the unfortunately commonplace bungling of IT support, and importance of thinking things through.
 
… I'll review performance with and without the ZFS cache device. …

I haven't used the guest often enough to draw any conclusion but now, looking at properties for C:, it's set to not compress, so something (I can't recall what, sorry) must have driven me to experiment with the option disabled.

Slightly more memorable: I probably chose to change the virtual controller, for reliability.

SATA, AHCI:
1638639642921.png
 
Back
Top