SteveOH

5:23p ET November 18, 2008 (MarketWatch)

This is an update to correct the number of mortgages the FDIC plan aims to modify.

WASHINGTON (MarketWatch) — Democratic lawmakers told Treasury Secretary Henry Paulson on Tuesday that he must reverse course and spend some of the $700 billion in bailout funds to keep individual homeowners from losing their homes.

“Some of this TARP money has to be used for mortgage foreclosure prevention,” House Financial Services Committee chairman Barney Frank told Paulson at an oversight hearing on the Troubled Asset Relief Program on Tuesday.

“When the program was passed, very explicit language was included to provide for … mortgage foreclosure diminution as one of the purposes. There’s very specific language in there,” Frank said.

Paulson reiterated his opposition to using any of the money to buy mortgage-backed securities or individual mortgages, although that was his original plan in September when he asked Congress for an unprecedented amount of money to keep global credit markets going.

Paulson also opposed a proposal introduced Friday by Federal Deposit Insurance Corp. Chairwoman Sheila Bair, who is seeking to use $24.4 billion of the $700 billion authorized by Congress to modify loans and avert 1.5 million foreclosures.

Other Democratic lawmakers also expressed opposition to Paulson’s approach of investing money in banks and other financial institutions to bolster their capital and allow more lending.

Rep. Maxine Waters, D-Calif., expressed support for Bair’s mortgage foreclosure prevention approach. “The purchase of toxic assets was at the centerpiece of this program, because everybody agreed at that time that the sub-prime meltdown was at the epicenter of the dislocation that we were experiencing in our economy,” Waters said.

Rep. Carolyn Maloney, D-N.Y., said she was concerned that the TARP money was being used to fund bank transactions rather than getting credit into communities. “We’re basically funding mergers and acquisitions, not lending,” Maloney said.

Another Democratic lawmaker, Rep. Nydia Velazquez, D-N.Y., said she was concerned that Paulson’s capital injection approach wasn’t doing much for Main Street America. “They’re still waiting to hear an answer as to how this is benefiting them,” Velazquez said.

Paulson said he is sticking with his plan to use the first half of the allocated government capital, $350 billion, to buy significant minority stakes in large, mid-sized and small financial institutions. Paulson said he changed the approach as market realities changed with it.

“Although we are not planning to initiate another capital program beyond those already announced, an emphasis on capital seems to us to be the better strategy going forward,” Paulson told lawmakers. “Congress passed legislation to deal with financial instability, and that is what we are doing.”

He said the best way to turn around the weak housing market was to “increase access to lower cost mortgage lending.”

He argued that the government takeover of Fannie Mae and Freddie Mac was an important step in that direction.

Overall, Paulson and Federal Reserve Chairman Ben Bernanke defended on Tuesday their stewardship of the $700 billion financial market rescue plan. “A lot of it still hasn’t gone out to the banks. I think we’ve turned the corner in terms of stabilizing the markets and banks, but we will see restoration to lending” Paulson said.

Paulson said that there was “no playbook” for the Bush administration to follow and so strategy had to be adjusted. He said the financial markets would be worse off if Congress had not approved the package.

Bernanke said he saw some improvements in credit markets, but said overall conditions remain “far from normal.”

Bair said the FDIC would adopt a Temporary Liquidity Guarantee Program rule on Friday that would seek to unlock inter-bank credit markets and “restore rationality to the credit markets.”

Bair’s proposal would guarantee new, unsecured debt issued by banks, thrifts and bank holding companies issued between Oct. 14 and June 30. According to her proposal, debt issued cannot exceed 125% of senior unsecured debt that was outstanding as of Sept. 30 and scheduled to mature before June 30. The program provides insurance coverage for deposits typically used by corporations for payroll expenses.

Sep 18 03:37 AM US/Eastern

The Internet got smarter this week with the release of a semantic map that teaches computers the meanings behind words — and gives the machines a vocabulary far larger than that of a typical US college graduate.

Cognition Technologies began licensing the map Tuesday to software creators interested in having programs “understand” words based on tenses and sentence context — in much the same way as the human brain does.

“We have taught the computer virtually all the meanings of words and phrases in the English language,” Cognition chief executive Scott Jarus told AFP.

“This is clearly a building block for Web 3.0, or what is known as the Semantic Web. It has taken 30 years; it is a labor of love,” Jarus said.

The semantic map is reportedly the world’s largest, and gives computers a vocabulary more than 10 times as extensive as that of a typical US college graduate.

The coming third generation of life online is predicted to feature intuitive artificial intelligence applications that work swiftly across broadband Internet connections.

When applied to Internet searches, semantic technology delivers results oriented to what people seem to be seeking instead of simply matching words used to online content.

For example, a semantic online search for “melancholy songs with birds” would know to link sadness in lyrics with various species of birds.

Cognition’s semantic map is already used in a LexisNexis Concordance “e-discovery” software to sift through documents amassed during evidence phases of trials.

“We help them find the needle in a haystack,” Jarus said.

“It used to be boxes and boxes of paper and now 80 percent of it is digital. Lawyers can search for a smoking gun within that discovery material.”

Cognition’s Caselaw program uses the technology to mine more than a half-century of US federal court decisions for legal precedents, according to the company.

The semantic map is also employed in a widely-used medical database.

Cognition says it has also “semantically enabled” globally popular online encyclopedia Wikipedia.

A Web 3.0 target is to develop artificial intelligence “agents” that mine mountains of information on the Internet for material that suit the interests of the people they serve.

“It would be a software application constantly looking for things you might be interested in while accurately understanding the concepts of what you are looking for,” Jarus said.

He described it as “artificial intelligence agents working for you on a push basis instead of a pull basis.”

Cognition has a handful of rivals, with each firm taking its own approach to semantic technology.

In July US software giant Microsoft bought San Francisco-based Powerset, a three-year-old start-up which specializes in interpreting the intent of people’s Internet searches instead of matching specific words they use.

Microsoft said it plans to use Powerset technology to enhance its free Live Search service, which has been mired in third place behind Google and Yahoo in the lucrative Internet search-related advertising arena.

Powerset’s semantic search merges linguistics with engineering in a software platform to figure out what people are seeking based on questions or phrases.

Standard search engines respond to individual words in the search query.

Microsoft senior vice president of search, portal and advertising Satya Nadella said at the time that a third of today’s online searches don’t get people the answers they seek on the first try.

“Search engines don’t understand today that ‘shrub’ and ‘tree’ are similar concepts,” Nadella wrote in a blog posting.

“We don’t understand that ‘cancer’ sometimes refers to a disease and sometimes refers to a horoscope and when a query or a webpage refers to which.”

Financial terms of the deal were not disclosed but unconfirmed reports were that Microsoft may have paid as much as 100 million dollars for Powerset.

http://www.breitbart.com/article.php?id=080918073717.xvg33wf1&show_article=1

This application is available to the general public, free of charge, and simply requires a registration to continue use after 30 days.  HOWEVER, I don’t like the idea of Microsoft tracking the use of their products, and therefore, will make mine available to everyone so that you do not have to register.

Registration Code: 4V0HNGSJ4ZTGBD

I was contacted by a Public Relations individual from uCertify who requested me to review their product.  This was quite some time ago, and since I had never used their product before, decided to test their test preparation software out in addition to others.  This short review will not mention other applications, suites or books for the preparation for this exam, only the uCertify application.

The first thing you’ll notice when you download the program, is that they offer a few things.  First, there’s 100% money back guarantee that you’ll pass the test on the first try.  That’s enticing and speaks volumes on their product.  Unfortunately, the money back guarantee is on the ~$70 you spent on the program, and not the $150+ on the exam, but alas, something is better than nothing.  At the very least, you can use that money and try again on the exam (or buy a different prep book).

Second, they offer 2 flavors of their software: a full and free (demo) version.   The demo version has a few questions, enough to give you an idea of what’s going on, but not enough for you to do anything with (ie. pass the test, study from, etc).

Lastly, I like the fact that they give you directions on how to download and install the application.  That’s very thoughtful for users who may not be highly technical but want to be, and are therefore attempting to get certified in a particular technology (this is becoming more and more common, even though the certification is supposed to be taken after experience has been attained in the work place, to validate your skills).

So let’s run the application.

As a software developer myself, I have to say that I like the initial interface a lot.  Everything is very well place and easy to navigate.  The demo version only has a Diagnostic Test (15 questions), Create a Custom Test and Create a Fixed Time Test available to you in the main navigation section.  The “Enhance your understanding” section on the right hand side has all of the items available, which are basically extras to give you an ‘edge’.  It’s mostly general information, some tips, and other resources you can find on the internet.  You don’t need this section, but it’s nice to have everything in one place anyway.

uCertify has their advertisements all over the place “Buy the full version”, which makes me laugh.  That’s what they’re supposed to do, and they do a pretty good job in keeping it in your face as you go through the demo.

Diagnostic Test:

I ran it with 10 total questions, 10 minute duration and a passing score of 730.  I also selected the “Always show last answer option as ‘None of the above’” which I believe to be crucial in getting you to think critically.  Why?  Because everyone will default themselves to “the answer must not be here” if they can’t figure it out or come up with an answer based on incorrect assumptions.  Since it’s there all the time, and you won’t know when it’s a valid option, you’ll definitely think twice before choosing it.  In my courses, I always have this option available to students.

Well, the first thing I noticed while taking the Diagnostic Quiz is that my settings didn’t stick.  I noticed at the bottom that I was on question 10 of 15 (I said a max of 10) and that the “Always show ‘none of the above’” wasn’t being shown on all questions.  Maybe this is reduced functionality for the demo, but it would have been nice to see that stated.

I found the questions a bit vague.  They’re not meant to confuse you, but require a good understanding of the underlying topic for you to know what they’re referring to.  The application does assist you with some background information and explanation, but I don’t believe it to be enough for a full understanding of the topics, but again, they are quite helpful.

The results page is fairly straight forward.  A little hard to read, maybe alternating row colors would have been nicer on the eyes.  Anyway, it tells you what you did right and wrong.  Clicking on the question will take you to the page of that question, with the answer you gave and why you were right or wrong, along with those ‘Facts’ that help you solidify your understanding.

I really like the Readiness report, which gives you a summary on how you’ve done on all the exams (there are 5 practice tests, a final test, and a diagnostic test – 423 questions in total).  They also provide an adaptive test, but that functionality is not available, so I cannot comment on it.

All in all, I believe this to be a good product.  It’s obvious the uCertify is trying to get you to pass the test, as they provide you with several ways of doing so.  If I were going to use this product, I would read a book prior to build a decent foundation, and then polish my skills and knowledge off with this application and its exams.  If you did that, you would have taken 7 tests in the uCertify application, and an additional 1 or 2 in the Microsoft book, for a total of 8 or 9.  You would iterate through the content and examinations enough to know what you have to study and understand better, and know where your strengths are.

If you used the approach above, it would cost you about $100 (Microsoft Self-Paced Certification Books – really the only books available for MCTS-ASP.NET) and $60 for the uCertify application.  That’s $160 in prep (and maybe 1 – 3 months) and then the cost of the exam, which is about $200 or so (don’t quote me on that).  When you buy the Microsoft books, you get a voucher for a discount on the actual exam, so that helps. I believe it to be worth it.

The feedback from the exams is that you need to really memorize the book’s content and have lots of coding experience (more project experience than just slapping code together).  In that respect, an application such as this one will really help you with that, as they ask you real-world type questions.  The link below is to a site of a gentlemen who gives his experience from taking the exam: here

Rating of the Application:

Visual Appeal: 8
Question Difficulty: 8
Extra Content to Help (ie. Tips): 10
Number of Questions / Exams: 9
Reporting: 9
Exam Preparedness: 8.5
Overall: 8.75

I would say this system will help anyone pass the exam, as long as they have the knowledge.  I would / will use this system in the future.

Take a look for yourself: http://www.ucertify.com/exams/Microsoft/70-536-VB.html

You can receive a 10% discount on any certification course you wish to attend using the code STEVEH.  Thank you to Roger and uCertify for their generosity.

By ROBERT McMILLAN, IDG News Service\San Francisco Bureau, IDG

Published: July 24, 2008

Hackers have released software that exploits a recently disclosed flaw in the Domain Name System (DNS) software used to route messages between computers on the Internet.

The attack code was released Wednesday by developers of the Metasploit hacking toolkit.

Internet security experts warn that this code may give criminals a way to launch virtually undetectable phishing attacks against Internet users whose service providers have not installed the latest DNS server patches.

Attackers could also use the code to silently redirect users to fake software update servers in order to install malicious software on their computers, said Zulfikar Ramizan, a technical director with security vendor Symantec. “What makes this whole thing really scary is that from an end-user perspective they may not notice anything,” he said.

The bug was first disclosed by IOActive researcher Dan Kaminsky earlier this month, but technical details of the flaw were leaked onto the Internet earlier this week, making the Metasploit code possible. Kaminsky had worked for several months with major providers of DNS software such as Microsoft, Cisco and the Internet Systems Consortium (ISC) to develop a fix for the problem. The corporate users and Internet service providers who are the major users of DNS servers have had since July 8 to patch the flaw, but many have not yet installed the fix on all DNS servers.

The attack is a variation on what’s known as a cache poisoning attack. It has to do with the way DNS clients and servers obtain information from other DNS servers on the Internet. When the DNS software does not know the numerical IP (Internet Protocol) address of a computer, it asks another DNS server for this information. With cache poisoning, the attacker tricks the DNS software into believing that legitimate domains, such as idg.com, map to malicious IP addresses.

In Kaminsky’s attack a cache poisoning attempt also includes what is known as “Additional Resource Record” data. By adding this data, the attack becomes much more powerful, security experts say.

An attacker could launch such an attack against an ISP’s (Internet Service Provider) domain name servers and then redirect them to malicious servers. By poisoning the domain name record for www.citibank.com, for example, the attackers could redirect the ISP’s users to a malicious phishing server every time they tried to visit the banking site with their Web browser.

On Monday, security company Matasano accidentally posted details of the flaw on its Web site. Matasano quickly removed the post and apologized for its mistake, but it was too late. Details of the flaw soon spread around the Internet.

Although a software fix is now available for most users of DNS software, it can take time for these updates to work their way through the testing process and actually get installed on the network.

“Most people have not patched yet,” said ISC President Paul Vixie in an e-mail interview earlier this week. “That’s a gigantic problem for the world.”

Metasploit’s code looks “very real,” and uses techniques that were not previously documented said Amit Klein, chief technology officer with Trusteer.

It will probably be used in attacks, he predicted. “Now that the exploit is out there, combined with the fact that not all DNS servers were upgraded… attackers should be able to poison the cache of some ISPs,” he wrote in an e-mail interview. “The thing is we may never know about such attacks, if the attackers… work carefully and cover their tracks properly.”

Copyright 2008 IDG News Service. All Rights Reserved.

Now, there are plenty of places to find resources on this issue, because it’s quite common to have to do so.  My issue, was a little different, in that there were multiple layers of security (authentication and authorization) for me to access the files that were needed.  Here’s what the setup looked like:

Web Server -> WorkGroup -> Firewall -> Domain -> File Server -> Network Share -> SAN

As you can see, there are several issues are hand.  Not only do the accounts have to exist to allow for this communication (and an Administrator account is the only way to go), all sorts of permissions have to be valid for this to function (ie. Local Permissions within each OS on each Server, NTFS (file permissions) on each local server, Access permissions through the Firewall, Access permissions of Domain Resources, Local process level permissions, etc).  It was a nightmare, but I believe I figured it out.

There are a few things that needed to be done in this situation.  First, the permissions on the SAN needed to allow Administrators full control.  Additionally, the local user on the file server needed to have administrative privileges, to both the system and the SAN, thus allowing the network share.   Next, the firewall rules needed to allow file traffic (I can’t remember the SMB ports right now – and Windows needs netBios and something else to let file transfers go through, as well as authentication).  Finally, the Web Server local user needs admin rights.

To get this to work, I needed everything involved to run with elevated privileges, from IIS, to each thread in the application.  Since there was going to be a large amount of file movement, as well as resource and memory manipulation, it’s required.

Therefore, the admin credentials were inputted into IIS to map the network share from the Web Server to the File Server.  Next, I had to impersonate the admin user in each thread within the application, a pain, but the guide can be found via Google (if I have time, I’ll track them down again). Next, the machine.config needed to be modified to allow the ASP.NET process to run with the elevated permissions.  The web.config needs to be altered to allow impersonation with the credentials as well.

Now here’s the kicker, and something that’s not quite known but buried within Microsoft’s documentation.  For this to work (Work Group computer to authenticate to another computer) is to mirror the accounts (same username and password) on both servers (these are local accounts, not domain accounts – since the share was local on the server, the domain can be bypassed. If it were a domain resource, we would have to authenticate via NTLM to an Active Directory server, which would have been a bit more complicated).  This allows the hash sent from one system to another to be identical, and thus, you will authenticate (if you know the username and password on one workgroup computer, and it’s the same on another, chances are you’re who you say you are).

This took me a week to figure out, which was not enjoyable.  I hope this saves you some time.

My Outlook 2007 hung, so I forced it closed and opened it back up. I found that my backup PST was corrupted.  Outlook told me to run ScanPST.exe, but didn’t bother telling me where it was.  According to the KB article, it’s located in the Common Files directory, which I can verify for Outlook 2000/2003/XP.  However, with Microsoft Office 2007 Enterprise, I found it here:

C:\Program Files\Microsoft Office\Office12

Hopefully that’ll save you some time searching and get to the bigger issue at hand…

So I recently got bombarded with 2 infections of this pesky beast. Some variants are easy to remove (SpyBot can simply pull them out) but the variant I came across was resilient. It loaded a DLL into the Winlogon.exe (injection) executable file (the Windows process responsible for authentication to the Operating System – Windows cannot run without it) and ran from there. So you can’t kill the process, because the OS will reboot. You can’t delete the DLL file, because the OS has it locked. Basically, it’s like a tumor in the center of your brain… there’s really no winning.

There are a few solutions out there (very few) such as Bayles’ solution and this one from a poster on TechRepublic , but unfortunately, neither was any good for me. Bayles’ solution works for variants that inject into Explorer.exe, which is loaded once the OS is loaded and you log in. However, winlogon is loaded as one of the first steps in loading the registry, so it’s loaded even before you press control-alt-delete (it’s actually the process that shows you the login screen). The other solution could have worked had I had administrative privileges on my machine, but I did not (this is my work machine). Therefore, I had to find another solution to bypass the OS from reinfecting itself, but still have access to the underlying file system.

I could have removed the hard drive, but I did not have another laptop to install the HDD into. I couldn’t boot to the Recovery Console using an XP CD, because I did not know the Administrative password. So my solution? I booted the laptop using an Ubuntu Linux CD I had in my laptop bag. Here’s what I did.

1. Boot normally in Windows XP and get the names of the infected DLLs using Bayles’ method (again, pendmove won’t work because winlogon is placed in memory (with the infected DLL) before pendmove is loaded).
2. Reboot using Ubuntu CD – hit enter at the first screen (Run or Install Ubuntu)
3. Unmount the NTFS file system (on a typical installation, it will be the entire drive) – We do this because the standard driver file is a read-only NTFS driver.
4. Open a terminal and install the ntfs-3g packages
   1. sudo apt-get install ntfs-3g
5. Create mount point
   1. sudo mkdir /mnt/test
6. Mount the hard drive
   1. sudo mount -t ntfs-3g /dev/sda1 /mnt/test
      1. /dev/sda1 – is the partition we want to mount, yours may be different
      1. /mnt/test – is the directory in which to mount the partition
7. You can then browse to the windows/system32 directory and delete the infected DLLs (in my case the path was /mnt/test/windows/system32/sbbqikklll.dll)
8. Reboot and then you must run some scanners. I suggest running SpyBot to clean up the rest of the garbage, and then maybe an anti-virus scanner (I used Symantec Corporate). Finally, run the Windows Malware Removal Tool.
   1. This step is extremely important. This trojan downloads other infections to your systems (ads, other programs, etc). Who knows if these other files contain other viruses, trojans, keyloggers, etc.

I hope this helps. Contact me if you need any special assistance.

EXT2IFSHere’s a neat little driver that allows you to mount your EXT2 partition under a wndows OS. I’ve tested this and it does indeed work.

EXT2IFS is an Installable File System Driver (IFS) for Microsoft Windows NT 4.0, Microsoft Windows 2000 (NT 5.0) and Microsoft Windows XP (NT 5.1).The driver can read the Second Extended File System (EXT2) and Third Extended
File System (EXT3)

Update:

Found this recently…

Ext2Fsd

Ext2Fsd is an open source Ext2 file system driver for Windows (NT/2K/XP). “Explorer” your linux ext2 volumes with ease under windows systems.

Update:

Another one!
Ext2 Installable File System For Windows

It provides Windows NT4.0/2000/XP with full access to Linux Ext2 volumes (read access and write access). This may be useful if you have installed both Windows and Linux as a dual boot environment on your computer.The “Ext2 Installable File System for Windows” software is freeware.

This post provides a summary of performance tuning options for a Windows Server 2003 file server. Included is information on NTFS, lanmanserver, NIC, Disk and HBA performance tuning options. None should be used in a production environment without testing. Note that the Microsoft excerpts come from a 2008 performance tuning document, after verifying that the options are supported on 2003.

General Performance Settings

Disable 8.3 name creation

HKLM\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation

Excerpt from Microsoft on this option:

The default is 0. This parameter determines whether NTFS generates a short name
in the 8.3 (MS DOS®) naming convention for long file names and for file names
that contain characters from the extended character set. If the value of this
entry is 0, files can have two names: the name that the user specifies and the
short name that NTFS generates. If the user-specified name conforms to the 8.3
naming convention, NTFS does not generate a short name.

Changing this value does not change the contents of a file, but it avoids the short-name attribute
creation for the file, also changing the way NTFS displays and manages the file.
For most file servers, the recommended setting is 1.

Note that when accessing files that go beyond the 260 MAX_PATH length, short filenames can be a very useful method of accessing these files.

Ignore Write Flush Commands from Clients

HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\TreatHostAsStableStorage
Excerpt from Microsoft on this option:

The default is 0. This parameter disables the processing of write flush commands
from clients. If the value of this entry is 1, the server performance and client
latency for power-protected servers can improve. Workloads similar to the
NetBench file server benchmark benefit from this behavior.

Network tuning

NIC Offloading

Newer NICs have offloading capabilities, allowing the Operating System to offload one or more tasks to the network adapter. For example, Broadcom BCM5708S NetXtreme II adapters have the following offload capability enabled:
• IPv4 Checksum offload – Calculation and validation of checksums on TX/RX of TCP and UDP packets
• IPv4 Large Send offload – Offload the segmentation of large packets to the hardware

TcpWindowSize

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpWindowSize

Windows Server 2003 auto-tunes this setting, and benefits to manually choosing a window size are acknowledged in high-latency networks.

NumTcbTablePartitions

HKLM\system\CurrentControlSet\Services\Tcpip\Parameters\NumTcbTablePartitions

Increasing this number from the default of 1 can decrease contention in the TCP/IP stack. Microsoft warns of modifying this setting without significant testing, with a recommended maximum of the number of processors in the system.

MaxFreeTcbs and MaxHashTableSize

HKLM\system\CurrentControlSet\Services\Tcpip\Parameters\MaxFreeTcbs
HKLM\system\CurrentControlSet\Services\Tcpip\Parameters\MaxHashTableSize

MaxFreeTcbs can be adjusted manually to set the maximum number of TCP control blocks the system creates. This number determines the simultaneous number of connections the server can handle. If MaxFreeTcbs is changed, MaxHashTableSize should also be modified, dictating the size of the hash table that stores the control blocks.

Disk Tuning

LargeSystemCache and LanManServer file system caching

The amount of memory allocated to file system caching can help to increase the disk cache hits for a file server. In Windows Server 2003 this setting is enabled by default, although a casual glance of the system working set and the lanmanserver service working set do not show a large amount of the available physical memory for cache.

Windows 2003 also has logical block caching in addition to caching at the file system level. Further information could not be found on configuring or measuring the performance of logical block level caching.

The file cache is part of the system working set, which is protected from excessive trimming when the LargesystemCache option is usedThe lanmanserver service working set must also be protect in some way, part of services.exe (use tasklist /svc).

CacheSet from sysinternals can be used to modify the system working set size

Excerpt from Microsoft TechNet:

The Memory object performance counter System Cache Resident Bytes reports the amount of real memory currently in use by the file cache. As the number of System Cache Resident Bytes increases, we normally expect that the various measures of hit ratio will also increase. Moreover, the cache size can grow simply as a function of the size of the files that are currently in use and their pattern of access.

The Cache Resident Bytes counter reports the amount of real memory the file cache is currently occupying. The Cache Bytes counter, which sounds like it might tell you the size of the cache, actually reports the full system working
set, which includes Cache Resident Bytes and several other real memory areas. In a Windows 2000 file server (remembering Windows 2000′s heritage as the follow-on to the joint IBM/ Microsoft-developed OS2 LAN Manager), the file cache so dominates the system working set that internal documentation frequently refers to the entire system working set as the cache. This usage carries over to tools like Task Manager, which labels the system working set as the System Cache in the Performance tab, illustrated in Figure 7-2. The Windows NT version of Task Manager called this field File Cache, which is probably just as misleading. Curiously, the number of bytes in the System Cache reported by Task Manager does
not correspond exactly to the Cache Bytes counter in the System Monitor.

Disk Alignment

Using disk alignment to realign partitions can occasionally decrease the number of disk I/O operations. This occurs because the MBR is on the first 63 sectors of a disk, and the first partition starts on the 64th sector instead of the 65th sector – the beginning of the next boundary. This is vendor and disk specific, and does not apply to every disk.

Excerpt from Microsoft TechNet:

Microsoft Windows 2000 Server has an internal structure known as the master boot
record (MBR) that limits the maximum number of hidden sectors to 63. This
characteristic of the MBR causes the default starting sector for disks that
report more than 63 sectors per track to be the 64th sector. Therefore, when
programs transfer data to or from disks that have more than 63 sectors per
track, misalignment can occur at the track level, with allocations starting at a
sector other than the starting sector. This misalignment can defeat system
optimizations of I/O operations that are designed to avoid crossing track
boundaries.

Diskpar.exe is a command-line tool from the Windows 2000
Server Resource Kit that can explicitly set the starting offset in the MBR. By
doing this, the track is aligned with the physical disk partition, which results
in an improvement in disk performance. Exchange writes four kilobytes to the
database and up to 32 kilobytes for the streaming data. Therefore, make sure
that you set the starting offset to be a multiple of four kilobytes.

Write-caching option on each disk

Excerpt from Microsoft on this option:

Enabling write caching allows writes to be completed immediately after being
cached in the storage subsystem. Note that with this action a period of time
passes during which a power failure or other catastrophic event could result in
a loss of the data. However, this period is typically fairly short because write
caches in the storage subsystem are usually flushed during any period of idle
activity. Alternately, you can use time-outs at the cache level to force dirty
data out of the cache even if other active requests exist.

This option is enabled by default on all SAN-attached storage

‘Advanced Performance’ option on each disk.

Excerpt from Microsoft on this option:

The advanced performance option strips all write-through flags from disk
requests and also removes all flush-cache commands. The assumption is that if
you have power protection on your I/O path you don’t need to worry about those
two pieces of functionality; by definition, any written data is safe and
“in-order” after it is copied into power-protected storage subsystem hardware,
just as if it had been written to the physical disk media.

This option is disabled by default on all SAN-attached storage.

Emulex Lightpulse scatter/gather list elements

“HKLM\System\CurrentControlSet\Services\lp6nds35″

Add (if not already present) the following Keys under lpxnds

Parameters->Device (Parameters apply to ALL LPxxx adapters)
or
->Devicen (Parameters apply to LPxxx adapter number ‘n’ 0-99)

Under Device or Devicen add a value of “MaximumSGList” Type REG_DWORD,
with a value of from 13 to 255 (decimal). Microsoft specifies to use
this value sparingly, as these request entries come from Non-Page-Pool.

Emulex Lightpulse asynchronous requests

“HKLM\System\CurrentControlSet\Services\lp6nds35″

Add (if not already present) the following Keys under lpxnds

Parameters->Device (Parameters apply to ALL LPxxx adapters)
or
->Devicen (Parameters apply to LPxxx adapter number ‘n’ 0-99)

Under Device or Devicen add a value of “NumberOfRequests” Type REG_DWORD,
with a value of from 16 to 256 (decimal). Microsoft specifies to use
this value sparingly, as these request entries come from Non-Page-Pool
(this is especially true with the ALPHA systems).

References:

Windows Server 2008 performance tuning
http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Perf-tun-srv.docx

How To Improve Windows 2003 File Server Performance
http://support.microsoft.com/kb/555041

CacheSet
http://technet.microsoft.com/en-au/sysinternals/bb897561.aspx

How to Configure the Storage Subsystem
http://technet.microsoft.com/en-us/library/bb643100.aspx

Examining and Tuning Disk Performance
http://www.microsoft.com/technet/prodtechnol/Windows2000Pro/reskit/part6/proch30.mspx?mfr=true

Aligning Disk Partitions by Using Diskpar.exe
http://technet.microsoft.com/en-us/library/bb643097.aspx

PagedPoolSize
http://technet2.microsoft.com/windowsserver/en/library/b1bda681-28b0-4339-a4ea-feb0fd9ff0c01033.mspx?mfr=true

Optimizing Your Memory Configuration
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/core/fnec_evl_fhcj.mspx?mfr=true

About Cache Manager in Windows Server 2003
http://support.microsoft.com/kb/837331

MaxPagedMemoryUsage for the server sevice
http://technet2.microsoft.com/WindowsServer/en/Library/357c7af1-7a0b-47a5-8af1-ff44756c498a1033.mspx

MaxPagedMemoryUsage for the server sevice
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/58636.mspx?mfr=true

LargeSystemCache
http://technet2.microsoft.com/WindowsServer/en/library/efa621bd-a031-4461-9e72-59197a7507b61033.mspx

Optimizing Your Memory Configuration
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/core/fnec_evl_fhcj.mspx?mfr=true

File Cache Performance and Tuning
http://technet.microsoft.com/en-us/library/bb742613.aspx

Cluster resource command-line operation
http://technet2.microsoft.com/windowsserver/en/library/f6b35982-b355-4b55-8d7f-33127ded5d371033.mspx

File Cache Performance and Tuning
http://technet.microsoft.com/en-us/library/bb742613.aspx

About Cache Manager in Windows Server 2003
http://support.microsoft.com/kb/837331

How to Configure the Storage Subsystem
http://technet.microsoft.com/en-us/library/bb643100.aspx

Why should you use Diskpar
http://msexchangeteam.com/archive/2005/08/10/408950.aspx

Emulex Lightpulse HBA device settings
http://contents.driverguide.com/content.php?id=106500&path=README.TXT