Server 2008 R2 Performance Tuning

Here’s some of the things I do to a new Server 2008 R2 install (physical and/or virtual settings are mixed in; (VIRTUAL ONLY) specifies I only do configuration change on Virtual systems).

  • Disable Screen Saver, Personalize -> Screen Saver -> None
  • Sound, Do not start Audio Service -> Sound
  •  No Sounds
  •  Display Performance, System -> Advanced System Settings -> Performance Settings -> Adjust for Best Performance
  • Power Options -> High Performance
  • Power Options -> Changed when the computer sleeps -> Turn off Display = Never
  •  Pagefile, System -> Advanced -> Performance -> Set no pagefile (VIRTUAL ONLY)
  •  Disable System Screensaver Regedit -> “HKEY_USERS\.DEFAULT\Control Panel\Desktop” -> Delete SCRNSAVE.exe
  •  Stop Audio Service in services.msc, set to Manual
  •  Remove ipv6 support
  •  Start Menu -> remove quick launch
  •  Drive Indexing, My Computer -> C:\ Properties -> Unselect “Index this drive…” -> Apply recursively -> ignore all permission errors
  •  Run as administrator ‘cmd.exe’ -> ‘powercfg -h OFF’ to disable hibernation and delete hiberfil.sys from C:
  •  reboot
  •  delete pagefile.sys on c:\ (VIRTUAL ONLY)
  •  defrag C: (I use contig http://live.sysinternals.com/contig.exe and run contig -s c:\*.*)
  •  clear c:\users\administrator\appdata\local\temp folder
  •  enable remote desktop, right click my computer -> properties -> advanced properties -> remote tab
  •  activate windows
  • Run as administrtor ‘cmd.exe’ and copy/paste the following:
    powercfg -setactive scheme_min
    Powercfg -setacvalueindex scheme_current sub_processor 45bcc044-d885-43e2-8605-ee0ec6e96b59 100
    Powercfg -setactive scheme_current
    Powercfg -setacvalueindex scheme_current sub_processor 893dee8e-2bef-41e0-89c6-b55d0929964c 100
    Powercfg -setactive scheme_current
    Powercfg -setacvalueindex scheme_current sub_processor bc5038f7-23e0-4960-96da-33abaf5935ec 100
    Powercfg -setactive scheme_current
    powercfg -setacvalueindex scheme_current 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 54533251-82be-4824-96c1-47b60b740d00 893dee8e-2bef-41e0-89c6-b55d0929964c 100
    Powercfg -setactive scheme_current

Cisco IOS ACL for DNSChanger

I added this to my edge router to block DNSChanger trojan. I created a new ACL (101) and then applied it to my fast ethernet interface (Fa0/0) outbound. This blocks outound domain requests (DNS) to the netblock specified for each rule. You have to convert subnet masks to wildcard netmasks. You can do this with ipcalc easily.

ip access-list extended 101
! 85.255.112.0/20 DNSChanger
10 deny udp any 85.255.112.93 0.0.15.255 eq domain log
! 67.210.0.0/20 DNSChanger
20 deny udp any 67.210.0.0 0.0.15.255 eq domain log
! 93.188.160.0/21 DNSChanger
30 deny udp any 93.188.160.0 0.0.7.255 eq domain log
! 77.67.83.0/24 DNSChanger
40 deny udp any 77.67.83.0 0.0.0.255 eq domain log
! 213.109.64.0/20 DNSChanger
50 deny udp any 213.109.64.0 0.0.15.255 eq domain log
! 64.28.176.0/20 DNSChanger
60 deny udp any 64.28.176.0 0.0.15.255 eq domain log
70 permit ip any any
int fa0/0
ip access-group 101 out

To see how bad things are on the network, I can show the access-list hits by using:

cisco# sh access-list 101
Extended IP access list 101
    10 deny udp any 85.255.112.0 0.0.15.255 eq domain log (5 matches)
    20 deny udp any 67.210.0.0 0.0.15.255 eq domain log
    30 deny udp any 93.188.160.0 0.0.7.255 eq domain log
    40 deny udp any 77.67.83.0 0.0.0.255 eq domain log
    50 deny udp any 213.109.64.0 0.0.15.255 eq domain log
    60 deny udp any 64.28.176.0 0.0.15.255 eq domain log
    70 permit ip any any (3058492 matches)

I see that there are 5 matches to the first rule (my tests after I implemented it to ensure it was blocking it). Cool, eh?

More information on DNSChanger:

FBI

Debian Handbook

I have added the Debian Handbook to my Resources navigation menu.

Debian 6.0 Handbook

The handbook is available at: http://www.techish.net/debian-handbook/

You can install it on your Debian system (available in Unstable):

apt-get install debian-handbook

The documentation is stored in: /usr/share/doc/debian-handbook/.

You can also download the handbook from Raphael’s site: http://raphaelhertzog.com/2012/05/10/the-debian-administrators-handbook-is-available/ as well as from the handbook development site: http://debian-handbook.info/