SlideShare une entreprise Scribd logo

Understanding &Troubleshooting the Windows Logon Process

ControlUp
ControlUp

How Windows Logon process works and event tracing.

Technologie
1  sur  21
Télécharger pour lire hors ligne
Diving into the Windows Logon Process Yoni Avital (VDI Geek) Eugene Kalayev (Cloud and PowerShell Geek)
Agenda • Logon process overview • Logon process breakdown • Tools of the trade • Event log (is your friend) • Process Monitor • Advanced (Geek) stuff • Event Tracing for Windows • PowerShell Scripts • Live demo
Logon Process Overview Session Initialization Authentication User Profile Group Policy UserInit Shell
Logon Process - Optional Phases • Network Providers (RDS) • Mpnotify.exe loads network providers (e.g. pnsso) • 3rd party profile solutions (e.g. UPM) • UPM loads before the User Profile Service and can delay the logon process • Group Policy Scripts • Will affect logon duration if runs synchronously • Citrix Printer Mapping • Can delay the logon process if apps are waiting for printer mapping. Handled by wfshell.exe (part of the UserInit phase)
Session Initialization
Session Initialization
Authentication
Authentication
User Profile
Group Policy
Userinit (Pre-Shell)
Shell
Advanced (Geek) stuff • Event Tracing for Windows • PowerShell Scripts
Event Tracing for Windows • High speed kernel & user mode event tracing • Steps • Create and start new ETW trace • Reproduce the slow logon issue • Stop the trace • Convert the ETL log file to XML format • Analyze log with Notepad ++ • Example – Analyze logon processes
Event Tracing for Windows
Event Tracing for Windows
Event Tracing for Windows
PowerShell – Analyze Logon Duration Get-LogonPhaseTime -Username UserName – UserDomain Domain -CUDesktopLoadTime $args[1] User name: cuupm Logon Time: 09:46:37 PM Logon Duration: 107 seconds Logon Phase Duration (s) Start Time End Time Interim Delay ----------- ------------ ---------- -------- ------------- Network Providers 1.0 09:46:37.1 09:46:38.1 Citrix Profile Mgmt 82.3 09:46:42.0 09:48:04.2 3.815 User Profile 0.9 09:48:04.2 09:48:05.1 0 Group Policy 9.7 09:48:05.1 09:48:14.8 0.005 GP Scripts (sync) 2.4 09:48:16.2 09:48:18.6 1.398 Pre-Shell (Userinit) 2.3 09:48:18.6 09:48:20.9 0.04 Shell 3 09:48:20.9 09:48:23.9 0
PowerShell - Analyzing GP CSE Load Times Get-GPUserCSE -Username MyDomainMyUser Lists every loaded CSE by name and processing time CSE Name Time (in ms) -------- ------------ Group Policy Environment 1514 Registry 4477 Group Policy Drive Maps 936 Scripts 421 Group Policy Registry 1825 Folder Redirection 6895 Group Policy Files 2418 Group Policy Start Menu Settings 842 Citrix Group Policy 1310 Total time of 20.64 seconds Total errors: 1 Folder Redirection failed with 'ErrorCode' 1003
Live Demo • Slow logon – Group Policy • Slow Logon – Citrix UPM
Links • Xperf - http://blogs.technet.com/b/askpfeplat/archive/2012/0 6/09/slow-boot-slow-logon-sbsl-a-tool-called-xperf- and-links-you-need-to-read.aspx • Windows Logon and Authentication - https://technet.microsoft.com/en- us/library/dn169016(v=ws.10).aspx • Analyze Logon Duration PowerShell script - TBS • Analyze CSE load time PowerShell script - http://www.controlup.com/logon-gpo-analysis-via- powershell/ • ETW - https://support.microsoft.com/en- us/kb/2593157

Recommandé

CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 
SPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANSPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANNetProtocol Xpert
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPDDavide Gabrini
 
Embedded Systems: Lecture 1: Course Overview
Embedded Systems: Lecture 1: Course OverviewEmbedded Systems: Lecture 1: Course Overview
Embedded Systems: Lecture 1: Course OverviewAhmed El-Arabawy
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Embedded Systems: Lecture 14: Introduction to GNU Toolchain (Binary Utilities)
Embedded Systems: Lecture 14: Introduction to GNU Toolchain (Binary Utilities)Embedded Systems: Lecture 14: Introduction to GNU Toolchain (Binary Utilities)
Embedded Systems: Lecture 14: Introduction to GNU Toolchain (Binary Utilities)Ahmed El-Arabawy
 
Linux kernel architecture
Linux kernel architectureLinux kernel architecture
Linux kernel architectureSHAJANA BASHEER
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteMen and Mice
 

Recommandé

CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 
SPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANSPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANNetProtocol Xpert
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPDDavide Gabrini
 
Embedded Systems: Lecture 1: Course Overview
Embedded Systems: Lecture 1: Course OverviewEmbedded Systems: Lecture 1: Course Overview
Embedded Systems: Lecture 1: Course OverviewAhmed El-Arabawy
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Embedded Systems: Lecture 14: Introduction to GNU Toolchain (Binary Utilities)
Embedded Systems: Lecture 14: Introduction to GNU Toolchain (Binary Utilities)Embedded Systems: Lecture 14: Introduction to GNU Toolchain (Binary Utilities)
Embedded Systems: Lecture 14: Introduction to GNU Toolchain (Binary Utilities)Ahmed El-Arabawy
 
Linux kernel architecture
Linux kernel architectureLinux kernel architecture
Linux kernel architectureSHAJANA BASHEER
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteMen and Mice
 
09 adm bases de datos abd5501 (03 unidad 2 oracle)
09 adm bases de datos abd5501 (03 unidad 2 oracle)09 adm bases de datos abd5501 (03 unidad 2 oracle)
09 adm bases de datos abd5501 (03 unidad 2 oracle)La_Conchito
 
Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Ahmed El-Arabawy
 
Linux boot process
Linux boot processLinux boot process
Linux boot processArchana Chandrasekharan
 
Apache Solr Workshop
Apache Solr WorkshopApache Solr Workshop
Apache Solr WorkshopSaumitra Srivastav
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyMostafa El Lathy
 
Oracle Performance Tuning Fundamentals
Oracle Performance Tuning FundamentalsOracle Performance Tuning Fundamentals
Oracle Performance Tuning FundamentalsEnkitec
 
CISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureCISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureKarthikeyan Dhayalan
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configurationUttamAgarwal9
 
Windows Registry
Windows RegistryWindows Registry
Windows Registryprimeteacher32
 
VMWARE VS MS-HYPER-V
VMWARE VS MS-HYPER-VVMWARE VS MS-HYPER-V
VMWARE VS MS-HYPER-VDavid Ramirez
 
Linux Troubleshooting
Linux TroubleshootingLinux Troubleshooting
Linux TroubleshootingKeith Wright
 
Group policy Best Practices
Group policy Best PracticesGroup policy Best Practices
Group policy Best PracticesRob Dunn
 
Introduction to SELinux Part-I
Introduction to SELinux Part-IIntroduction to SELinux Part-I
Introduction to SELinux Part-In|u - The Open Security Community
 
Advanced rac troubleshooting
Advanced rac troubleshootingAdvanced rac troubleshooting
Advanced rac troubleshootingRiyaj Shamsudeen
 
Embedded Systems: Lecture 13: Introduction to GNU Toolchain (Build Tools)
Embedded Systems: Lecture 13: Introduction to GNU Toolchain (Build Tools)Embedded Systems: Lecture 13: Introduction to GNU Toolchain (Build Tools)
Embedded Systems: Lecture 13: Introduction to GNU Toolchain (Build Tools)Ahmed El-Arabawy
 
SQL Monitoring in Oracle Database 12c
SQL Monitoring in Oracle Database 12cSQL Monitoring in Oracle Database 12c
SQL Monitoring in Oracle Database 12cTanel Poder
 
Unix signals
Unix signalsUnix signals
Unix signalsIsaac George
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensicsn|u - The Open Security Community
 
Nikto
NiktoNikto
NiktoSorina Chirilă
 
Process and Threads in Linux - PPT
Process and Threads in Linux - PPTProcess and Threads in Linux - PPT
Process and Threads in Linux - PPTQUONTRASOLUTIONS
 
Complete Guide to the Citrix Logon Process
Complete Guide to the Citrix Logon ProcessComplete Guide to the Citrix Logon Process
Complete Guide to the Citrix Logon ProcessJohn Grant
 
Introduccion a la seguridad Windows 7
Introduccion a la seguridad Windows 7Introduccion a la seguridad Windows 7
Introduccion a la seguridad Windows 7EAE
 

Contenu connexe

Tendances

09 adm bases de datos abd5501 (03 unidad 2 oracle)
09 adm bases de datos abd5501 (03 unidad 2 oracle)09 adm bases de datos abd5501 (03 unidad 2 oracle)
09 adm bases de datos abd5501 (03 unidad 2 oracle)La_Conchito
 
Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Ahmed El-Arabawy
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyMostafa El Lathy
 
Oracle Performance Tuning Fundamentals
Oracle Performance Tuning FundamentalsOracle Performance Tuning Fundamentals
Oracle Performance Tuning FundamentalsEnkitec
 
CISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureCISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureKarthikeyan Dhayalan
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configurationUttamAgarwal9
 
VMWARE VS MS-HYPER-V
VMWARE VS MS-HYPER-VVMWARE VS MS-HYPER-V
VMWARE VS MS-HYPER-VDavid Ramirez
 
Linux Troubleshooting
Linux TroubleshootingLinux Troubleshooting
Linux TroubleshootingKeith Wright
 
Group policy Best Practices
Group policy Best PracticesGroup policy Best Practices
Group policy Best PracticesRob Dunn
 
Advanced rac troubleshooting
Advanced rac troubleshootingAdvanced rac troubleshooting
Advanced rac troubleshootingRiyaj Shamsudeen
 
Embedded Systems: Lecture 13: Introduction to GNU Toolchain (Build Tools)
Embedded Systems: Lecture 13: Introduction to GNU Toolchain (Build Tools)Embedded Systems: Lecture 13: Introduction to GNU Toolchain (Build Tools)
Embedded Systems: Lecture 13: Introduction to GNU Toolchain (Build Tools)Ahmed El-Arabawy
 
SQL Monitoring in Oracle Database 12c
SQL Monitoring in Oracle Database 12cSQL Monitoring in Oracle Database 12c
SQL Monitoring in Oracle Database 12cTanel Poder
 
Process and Threads in Linux - PPT
Process and Threads in Linux - PPTProcess and Threads in Linux - PPT
Process and Threads in Linux - PPTQUONTRASOLUTIONS
 

Tendances (20)

09 adm bases de datos abd5501 (03 unidad 2 oracle)
09 adm bases de datos abd5501 (03 unidad 2 oracle)09 adm bases de datos abd5501 (03 unidad 2 oracle)
09 adm bases de datos abd5501 (03 unidad 2 oracle)
 
Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1)
 
Linux boot process
Linux boot processLinux boot process
Linux boot process
 
Apache Solr Workshop
Apache Solr WorkshopApache Solr Workshop
Apache Solr Workshop
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El Lathy
 
Oracle Performance Tuning Fundamentals
Oracle Performance Tuning FundamentalsOracle Performance Tuning Fundamentals
Oracle Performance Tuning Fundamentals
 
CISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureCISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU Architecture
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configuration
 
Windows Registry
Windows RegistryWindows Registry
Windows Registry
 
VMWARE VS MS-HYPER-V
VMWARE VS MS-HYPER-VVMWARE VS MS-HYPER-V
VMWARE VS MS-HYPER-V
 
Linux Troubleshooting
Linux TroubleshootingLinux Troubleshooting
Linux Troubleshooting
 
Group policy Best Practices
Group policy Best PracticesGroup policy Best Practices
Group policy Best Practices
 
Introduction to SELinux Part-I
Introduction to SELinux Part-IIntroduction to SELinux Part-I
Introduction to SELinux Part-I
 
Advanced rac troubleshooting
Advanced rac troubleshootingAdvanced rac troubleshooting
Advanced rac troubleshooting
 
Embedded Systems: Lecture 13: Introduction to GNU Toolchain (Build Tools)
Embedded Systems: Lecture 13: Introduction to GNU Toolchain (Build Tools)Embedded Systems: Lecture 13: Introduction to GNU Toolchain (Build Tools)
Embedded Systems: Lecture 13: Introduction to GNU Toolchain (Build Tools)
 
SQL Monitoring in Oracle Database 12c
SQL Monitoring in Oracle Database 12cSQL Monitoring in Oracle Database 12c
SQL Monitoring in Oracle Database 12c
 
Unix signals
Unix signalsUnix signals
Unix signals
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
 
Nikto
NiktoNikto
Nikto
 
Process and Threads in Linux - PPT
Process and Threads in Linux - PPTProcess and Threads in Linux - PPT
Process and Threads in Linux - PPT
 

En vedette

Complete Guide to the Citrix Logon Process
Complete Guide to the Citrix Logon ProcessComplete Guide to the Citrix Logon Process
Complete Guide to the Citrix Logon ProcessJohn Grant
 
Introduccion a la seguridad Windows 7
Introduccion a la seguridad Windows 7Introduccion a la seguridad Windows 7
Introduccion a la seguridad Windows 7EAE
 
Ce hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasuresCe hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasuresVi Tính Hoàng Nam
 
Active directory and application
Active directory and applicationActive directory and application
Active directory and applicationaminpathan11
 
Group policy preferences
Group policy preferencesGroup policy preferences
Group policy preferencesRob Dunn
 
Synergy 2015 Session Slides: SYN409 Dissecting The XenApp/XenDesktop Logon Pr...
Synergy 2015 Session Slides: SYN409 Dissecting The XenApp/XenDesktop Logon Pr...Synergy 2015 Session Slides: SYN409 Dissecting The XenApp/XenDesktop Logon Pr...
Synergy 2015 Session Slides: SYN409 Dissecting The XenApp/XenDesktop Logon Pr...Citrix
 

En vedette (8)

Complete Guide to the Citrix Logon Process
Complete Guide to the Citrix Logon ProcessComplete Guide to the Citrix Logon Process
Complete Guide to the Citrix Logon Process
 
Introduccion a la seguridad Windows 7
Introduccion a la seguridad Windows 7Introduccion a la seguridad Windows 7
Introduccion a la seguridad Windows 7
 
Ce hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasuresCe hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasures
 
Active directory and application
Active directory and applicationActive directory and application
Active directory and application
 
Group policy preferences
Group policy preferencesGroup policy preferences
Group policy preferences
 
Synergy 2015 Session Slides: SYN409 Dissecting The XenApp/XenDesktop Logon Pr...
Synergy 2015 Session Slides: SYN409 Dissecting The XenApp/XenDesktop Logon Pr...Synergy 2015 Session Slides: SYN409 Dissecting The XenApp/XenDesktop Logon Pr...
Synergy 2015 Session Slides: SYN409 Dissecting The XenApp/XenDesktop Logon Pr...
 
Active Directory
Active Directory Active Directory
Active Directory
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
 

Similaire à Understanding &Troubleshooting the Windows Logon Process

Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet
 
DockerCon Europe 2018 Monitoring & Logging Workshop
DockerCon Europe 2018 Monitoring & Logging WorkshopDockerCon Europe 2018 Monitoring & Logging Workshop
DockerCon Europe 2018 Monitoring & Logging WorkshopBrian Christner
 
Managing and Monitoring TeamPage
Managing and Monitoring TeamPageManaging and Monitoring TeamPage
Managing and Monitoring TeamPageTraction Software
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiYossi Sassi
 
Analysis Of Process Structure In Windows Operating System
Analysis Of Process Structure In Windows Operating SystemAnalysis Of Process Structure In Windows Operating System
Analysis Of Process Structure In Windows Operating SystemDarian Pruitt
 
Early Software Development through Palladium Emulation
Early Software Development through Palladium EmulationEarly Software Development through Palladium Emulation
Early Software Development through Palladium EmulationRaghav Nayak
 
Vinicorp: Information management with redmine
Vinicorp: Information management with redmine Vinicorp: Information management with redmine
Vinicorp: Information management with redmine vinicorp
 
Advanced troubleshooting linux performance
Advanced troubleshooting linux performanceAdvanced troubleshooting linux performance
Advanced troubleshooting linux performanceForthscale
 
cse581_03_EventProgramming.ppt
cse581_03_EventProgramming.pptcse581_03_EventProgramming.ppt
cse581_03_EventProgramming.ppttadudemise
 
Pm ix tutorial-june2019-pub (1)
Pm ix tutorial-june2019-pub (1)Pm ix tutorial-june2019-pub (1)
Pm ix tutorial-june2019-pub (1)ewerkboy
 
Sunil phani's take on windows powershell
Sunil phani's take on windows powershellSunil phani's take on windows powershell
Sunil phani's take on windows powershellSunil Phani
 
Lecture_Slide_4.pptx
Lecture_Slide_4.pptxLecture_Slide_4.pptx
Lecture_Slide_4.pptxDiptoRoy21
 
Windows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server ManagementWindows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server ManagementSharkrit JOBBO
 
Chapter -2 operating system presentation
Chapter -2 operating system presentationChapter -2 operating system presentation
Chapter -2 operating system presentationchnrketan
 
Automating System Center 2012 R2 (MVP Roadshow CPH 2015)
Automating System Center 2012 R2 (MVP Roadshow CPH 2015)Automating System Center 2012 R2 (MVP Roadshow CPH 2015)
Automating System Center 2012 R2 (MVP Roadshow CPH 2015)Jakob Gottlieb Svendsen
 
Advanced Operating Systems......Process Management
Advanced Operating Systems......Process ManagementAdvanced Operating Systems......Process Management
Advanced Operating Systems......Process ManagementVeejeya Kumbhar
 

Similaire à Understanding &Troubleshooting the Windows Logon Process (20)

Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
 
Ch3 processes
Ch3 processesCh3 processes
Ch3 processes
 
DockerCon Europe 2018 Monitoring & Logging Workshop
DockerCon Europe 2018 Monitoring & Logging WorkshopDockerCon Europe 2018 Monitoring & Logging Workshop
DockerCon Europe 2018 Monitoring & Logging Workshop
 
Managing and Monitoring TeamPage
Managing and Monitoring TeamPageManaging and Monitoring TeamPage
Managing and Monitoring TeamPage
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
 
Analysis Of Process Structure In Windows Operating System
Analysis Of Process Structure In Windows Operating SystemAnalysis Of Process Structure In Windows Operating System
Analysis Of Process Structure In Windows Operating System
 
Early Software Development through Palladium Emulation
Early Software Development through Palladium EmulationEarly Software Development through Palladium Emulation
Early Software Development through Palladium Emulation
 
Vinicorp: Information management with redmine
Vinicorp: Information management with redmine Vinicorp: Information management with redmine
Vinicorp: Information management with redmine
 
Cs8493 unit 2
Cs8493 unit 2Cs8493 unit 2
Cs8493 unit 2
 
Advanced troubleshooting linux performance
Advanced troubleshooting linux performanceAdvanced troubleshooting linux performance
Advanced troubleshooting linux performance
 
cse581_03_EventProgramming.ppt
cse581_03_EventProgramming.pptcse581_03_EventProgramming.ppt
cse581_03_EventProgramming.ppt
 
Pm ix tutorial-june2019-pub (1)
Pm ix tutorial-june2019-pub (1)Pm ix tutorial-june2019-pub (1)
Pm ix tutorial-june2019-pub (1)
 
Sunil phani's take on windows powershell
Sunil phani's take on windows powershellSunil phani's take on windows powershell
Sunil phani's take on windows powershell
 
Dominique
DominiqueDominique
Dominique
 
Lecture_Slide_4.pptx
Lecture_Slide_4.pptxLecture_Slide_4.pptx
Lecture_Slide_4.pptx
 
Windows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server ManagementWindows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server Management
 
Processes
ProcessesProcesses
Processes
 
Chapter -2 operating system presentation
Chapter -2 operating system presentationChapter -2 operating system presentation
Chapter -2 operating system presentation
 
Automating System Center 2012 R2 (MVP Roadshow CPH 2015)
Automating System Center 2012 R2 (MVP Roadshow CPH 2015)Automating System Center 2012 R2 (MVP Roadshow CPH 2015)
Automating System Center 2012 R2 (MVP Roadshow CPH 2015)
 
Advanced Operating Systems......Process Management
Advanced Operating Systems......Process ManagementAdvanced Operating Systems......Process Management
Advanced Operating Systems......Process Management
 

Dernier

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 

Dernier (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Understanding &Troubleshooting the Windows Logon Process

  • 1. Diving into the Windows Logon Process Yoni Avital (VDI Geek) Eugene Kalayev (Cloud and PowerShell Geek)
  • 2. Agenda • Logon process overview • Logon process breakdown • Tools of the trade • Event log (is your friend) • Process Monitor • Advanced (Geek) stuff • Event Tracing for Windows • PowerShell Scripts • Live demo
  • 3. Logon Process Overview Session Initialization Authentication User Profile Group Policy UserInit Shell
  • 4. Logon Process - Optional Phases • Network Providers (RDS) • Mpnotify.exe loads network providers (e.g. pnsso) • 3rd party profile solutions (e.g. UPM) • UPM loads before the User Profile Service and can delay the logon process • Group Policy Scripts • Will affect logon duration if runs synchronously • Citrix Printer Mapping • Can delay the logon process if apps are waiting for printer mapping. Handled by wfshell.exe (part of the UserInit phase)
  • 12. Shell
  • 13. Advanced (Geek) stuff • Event Tracing for Windows • PowerShell Scripts
  • 14. Event Tracing for Windows • High speed kernel & user mode event tracing • Steps • Create and start new ETW trace • Reproduce the slow logon issue • Stop the trace • Convert the ETL log file to XML format • Analyze log with Notepad ++ • Example – Analyze logon processes
  • 15. Event Tracing for Windows
  • 16. Event Tracing for Windows
  • 17. Event Tracing for Windows
  • 18. PowerShell – Analyze Logon Duration Get-LogonPhaseTime -Username UserName – UserDomain Domain -CUDesktopLoadTime $args[1] User name: cuupm Logon Time: 09:46:37 PM Logon Duration: 107 seconds Logon Phase Duration (s) Start Time End Time Interim Delay ----------- ------------ ---------- -------- ------------- Network Providers 1.0 09:46:37.1 09:46:38.1 Citrix Profile Mgmt 82.3 09:46:42.0 09:48:04.2 3.815 User Profile 0.9 09:48:04.2 09:48:05.1 0 Group Policy 9.7 09:48:05.1 09:48:14.8 0.005 GP Scripts (sync) 2.4 09:48:16.2 09:48:18.6 1.398 Pre-Shell (Userinit) 2.3 09:48:18.6 09:48:20.9 0.04 Shell 3 09:48:20.9 09:48:23.9 0
  • 19. PowerShell - Analyzing GP CSE Load Times Get-GPUserCSE -Username MyDomainMyUser Lists every loaded CSE by name and processing time CSE Name Time (in ms) -------- ------------ Group Policy Environment 1514 Registry 4477 Group Policy Drive Maps 936 Scripts 421 Group Policy Registry 1825 Folder Redirection 6895 Group Policy Files 2418 Group Policy Start Menu Settings 842 Citrix Group Policy 1310 Total time of 20.64 seconds Total errors: 1 Folder Redirection failed with 'ErrorCode' 1003
  • 20. Live Demo • Slow logon – Group Policy • Slow Logon – Citrix UPM
  • 21. Links • Xperf - http://blogs.technet.com/b/askpfeplat/archive/2012/0 6/09/slow-boot-slow-logon-sbsl-a-tool-called-xperf- and-links-you-need-to-read.aspx • Windows Logon and Authentication - https://technet.microsoft.com/en- us/library/dn169016(v=ws.10).aspx • Analyze Logon Duration PowerShell script - TBS • Analyze CSE load time PowerShell script - http://www.controlup.com/logon-gpo-analysis-via- powershell/ • ETW - https://support.microsoft.com/en- us/kb/2593157