Performance Tuning Windows 2003/2008

Add a comment April 29th, 2010

Disable Nonessential Services

Disable Windows Server 2003 services that are not required for a dedicated Web server. To do this, follow these steps:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Computer Management.
  2. Under Computer Management (Local), expand Services and Applications, and then click Services.In the Status column, each service that is running is labeled “Started.” The following services are not required on a dedicated Web server:
  • Alerter
  • ClipBook
  • Computer Browser
  • DHCP Client
  • DHCP Server
  • Fax Service
  • File Replication
  • INfrared Monitor
  • Internet Connection Sharing
  • Messenger
  • NetMeeting Remote Desktop Sharing
  • Network DDE
  • Network DDE DSDM
  • NWLink NetBIOS
  • NWLink IPX/SPX
  • Print Spooler
  • TCP/IP NetBIOS Helper Service
  • Telephony
  • Telnet
  • Uninterruptible Power Supply
  1. Note the services that depend on each service that you want to disable. To do this, follow these steps:
    1. Double-click the service that you want to disable.
    2. Click the Dependencies tab.
    3. In the This service depends on the following system components list, note the services that this service depends on.
    4. In the The following system components depend on this service list, note the services that cannot start without this service.
    5. Click OK.

One at a time, disable each service that you have selected. To do this, follow these steps:

Right-click the service that you want to disable, and then click Properties.

  1. In the Startup type list, click Disabled.
  2. If you want to stop the service immediately, click Stop. If the Stop Other Services dialog box appears, note the other dependent services that will also stop, and then click Yes.
  3. Click OK.

Repeat step 4 to disable the other nonessential services.


  • Test the Web server for correct operation after you disable each service to make sure that you did not disable a service you want to continue to use.
  • If the Internet Information Services (IIS) server is a member of a Windows Server 2003 domain, you must have the TCP/IP helper service on your system to correctly apply Group Policy to the computer.
  • When you disable the DHCP client, the DHCP client stops dynamic DNS registration. This disables DNS dynamic update protocol and requires manual DNS records to be added for this client in the DNS server.

Optimize Data Throughput for Network Applications

Run the IIS 6.0 process pageable code in working memory. To do this, follow these steps:

  1. In Windows Explorer, right-click My Network Places, and then click Properties.
  2. Right-click the Local Area Connection that you want to optimize, and then click Properties.
  3. In the This connection uses the following items list, click (but do not clear its check box) File and Printer Sharing for Microsoft Networks, and then click Properties.
  4. Click Maximum data throughput for network applications, click OK, and then click Close.

Optimize Performance for Background Services

The IIS 6.0 process (Inetinfo.exe) runs as a background service. To increase performance for background services, follow these steps:

  1. Click Start, click Control Panel, and then click System.
  2. Click the Advanced tab, and then click Settings under Performance.
  3. 3.      Click the Advanced tab, click Background services, and then click OK two times. 

Optimize Paging File

  1. Click Start
  2. Click Control Panel
  3. Double Click System
  4. Select the Advanced Tab
  5. Under Performance, click Settings
  6. Select the Advanced Tab
  7. Under Virtual Memory
  8. Click Change
  9. Select No paging file on C:\
  10. Click Set
  11. Select a Drive Other Than C:\
  12. Click Custom Size
  13. Initial Size (MB): Type amount of memory in server in MBs: Example: 12GBs x 1024MBs = 12288
  14. Maximum Size (MB): MultiplyInitial Size x 1.5 = 18432
  15. Click Set
  16. Click OK, OK, Reboot

Install Microsoft Certificate Revocation List

  1. Download the CRLs and add them to the server manually (I haven’t tested this, but it may work):
  1. Open a command prompt and Change Directory to file location.
  2. Type: certutil -addstore CA CodeSignPCA.crl  and press enter.
  3. Type: certutil -addstore CA CodeSignPCA2.crl and press enter.

You can also run the following VBS script to disable it in the registry:
const HKEY_USERS = &H80000003
strComputer = "."
Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\default:StdRegProv")
strKeyPath = ""
objReg.EnumKey HKEY_USERS, strKeyPath, arrSubKeys
strKeyPath = "\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing"
For Each subkey In arrSubKeys
objReg.SetDWORDValue HKEY_USERS, subkey & strKeyPath, "State", 146944

Disable Lookback:

 To set the DisableLoopbackCheck registry key, follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Apply the following registry change to the file server. To do so, follow these steps:
    1. Start Registry Editor (Regedt32.exe).
    2. Locate and click the following key in the registry:


  1. On the Edit menu, click Add Value, and then add the following registry value:

Value name: DisableStrictNameChecking
Data type: REG_DWORD
Radix: Decimal
Value: 1

  1. Locate following registry key:


  1. Right-click Lsa, point to New, and then click DWORD Value.
  2. Type DisableLoopbackCheck, and then press ENTER.
  3. Right-click DisableLoopbackCheck, and then click Modify.
  4. In the Value data box, type 1, and then click OK.
  5. Quit Registry Editor, and then restart your computer.

Move System Temp Files off the C Drive:

  1. Right Click My Computer
  2. Click Properties
  3. Click Advanced
  4. Click Environment Variaibles
  5. Under System Variables (It’s the second window, be careful not to look in the user variables which is the first window).
  6. Locate the TEMP and TMP variables
  7. Change TEMP from C:\WINDOWS\TEMP to D:\TEMP
  8. Change TMP from C:\WINDOWS\TEMP to D:\TEMP
  9. Click OK, OK
  1. No comments yet.Be the first ?
  1. No trackbacks yet.
Comments feed