How to change a Symantec Endpoint Protection client from unmanaged to managed in MR3 and above using the Sylink Drop utility

Question/Issue:
How do you manually establish communication between a Symantec Endpoint Protection client and the Symantec Endpoint Protection Manager?

Symptoms:
Clients and the SEPM (Symantec Endpoint Protection Manager) are not communicating. There is no green dot embedded in the gold shield on the task bar of the client and the client does not show in the console, or if it does appear, it does not have a green dot . The green dot indicates that communication is successful.

Solution:
To export the Sylink.xml file:

1. In the console, click Clients

2. Under View Clients, select the group in which you want the client to appear

3. Right-click the group, and then click Export Communication Settings

4. In the Export Communication Settings for group name dialog box, click Browse

5. In the Select Export File dialog box, locate the folder to where you want to export the .xml file, and then click OK

6. In the Export Group Registration Setting for group name dialog box, select one of the following options:

■ To apply the policies from the group from which the computer is a member, click Computer Mode

■ To apply the policies from the group from which the user is a member, click User Mode

7. Click Export

To use the SylinkDrop tool to apply the Sylink.xml file:

1. On Disk 2 of the installation CDs, locate the \Tools\NoSupport\SylinkDrop folder, and open SylinkDrop.exe

2. Take the exported sylink and the SylinkDrop.exe to the client

3. Execute SylinkDrop.exe

4. In the Sylink Drop dialog box, click Browse, and locate the .xml file that you exported

5. Click Update Sylink

6. If you see a confirmation dialog box, click OK

7. In the Sylink Drop dialog box, click Exit

Note: SylinkDrop.exe does not provide a progress indicator. Upon completion, it displays a window with the text "Sylink file has been successfully replaced."

If you want to convert a managed client to an unmanaged client, please see "How to convert Symantec Endpoint Protection clients from managed to unmanaged without uninstalling and reinstalling" at http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008021910355348

Source: http://service1.symantec.com/support/ent-security.nsf/docid/2009030314365748?Open&seg=ent

An event ID 6002 that references Distributed File System replication is logged several times a day on a Windows Server 2003 R2-based computer

Symptoms

The following event ID 6002 that references Distributed File System replication (DFSR) is logged in the Application log several times a day on a Windows Server 2003 R2-based computer:

Event Type: Error
Event Source: DFSR
Event Category: None
Event ID: 6002
Date: Date
Time: Time
Computer: Computer_Name
Description: The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information.
Additional Information:
Object DN: CN=2762160d-2aea-4aec-8076-635e0a33cd5c,CN=DFSR-LocalSettings,CN=KFS1,CN=Computers,D C=Domain_Name,DC=Root_Domain
Attribute Name: msDFSR-MemberReference
Domain Controller: Domain_Controller_Name.Domain_Name.Root_Domain
Polling Cycle: 60 minutes

Cause

This issue occurs because of an invalid DFSR object in the Active Directory directory service. Invalid DFSR objects can occur if you select the Delete the namespace folders and associated replicated folders option in the DFS Management snap-in. Because that option may cause objects that are orphaned in Active Directory, we recommend that you first delete the replication group from the DFS Replication node in DFS Management. Then, delete the DFS Namespace.


Resolution

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

To resolve this issue, remove the object that is the cause of the error by verifying DFS subscriptions. To do this, follow the steps in the "Connect to Active Directory" and "Remove the invalid object" sections.

Note These steps only resolve the issue in which an invalid object exists in the Active Directory directory. The steps do not resolve replication issues.

Connect to Active Directory

1. On a server that has the Windows Support Tools installed, open a command prompt. To download the Windows Server 2003 Support Tools, visit the following Microsoft Web site:
   http://www.microsoft.com/downloads/details.aspx?FamilyID=96a35011-fd83-419d-939b-9a772ea2df90&displaylang=en
2. Move to the Drive_Letter:\Program Files\Support Tools folder.
3. Type adsiedit.msc, and then press ENTER.
4. On the Action menu, click Connect to.
5. In the Connection Settings dialog box, type any name that you want to name this connection in the Name box.
6. In the Connection Point area, click Select a well known Naming Context, and then click Domain.
7. In the Computer area, click Select or type a domain or Server, and then type the fully qualified domain name (FQDN) of the server. Or, you can click Default (Domain or Server that you logged in to), if this option is appropriate for your situation.
8. Click OK.

Remove the invalid object

1. Expand Domain [Server_Name.Domain_Name.Root_Domain].
2. Expand DC=Domain_Name,DC=Root_Domain.
3. Expand CN=Computers.
4. Expand the node for the computer that is logging the errors. For example, expand CN=Computer_Name, where Computer_Name is the name of the server that is logging the errors.
5. Expand CN=DFSR-Local Settings.
6. Under the CN=DFSR-Local Settings node, click each object in the navigation pane until you see an object in the details pane that has a GUID that matches the one that you observed in the event log. For example, to match the event that is listed in the "Symptoms" section, you should see an object that has the following distinguished name:
   CN=2762160d-2aea-4aec-8076-635e0a33cd5c,CN=DFSR-LocalSettings,CN=Computer_Name,CN=Computers,DC=Domain_Name,DC=Root_Domain
7. Right-click the object that you identified in step 5, click Delete, and then click Yes.
8. Exit ADSI Edit.

From: http://support.microsoft.com/kb/953527

WSUS Self-update is not working

I've noticed a number of WSUS 3.0 servers are coming up with the following error in the Application event log:

Event Type: Error
Event Source: Windows Server Update Services
Event Category: Clients
Event ID: 13042
User: N/A
Computer: WSUS01
Description: Self-update is not working.

To fix the issue, follow these steps:

• Open IIS Manager and ensure there is a Selfupdate virtual directory in the Default Web Site. If not, create it with the Local Path pointing to C:\Program Files\Update Services\Selfupdate


• Click the Directory Security tab and ensure that Anonymous Access is allowed


• Restart IIS

Verify that the problem is fixed by running the following command at the command prompt:

C:\Program Files\Update Services\Tools\wsusutil.exe checkhealth

Then examine the Application event log for the following event:

Event Type: Error
Event Source: Windows Server Update Services
Event Category: Clients
Event ID: 10000
User: N/A
Computer: WSUS01
Description: WSUS is working correctly.

As background, WSUS clients must connect to the SelfUpdate virtual directory to check for a new version of the WSUS client before checking for new updates. This always happens anonymously over port 80, even if WSUS is configured to use a custom port, such as port 8530.

Credit: http://www.expta.com/2008/06/fix-for-self-update-is-not-working-in.html

AT&T - Sorry, we did not understand your response. Reply ONLY the word YES to activate the 4 channel/$6 Mobile TV plan

If you ever receive a message similar to this:

AT&T:
AT&T Free Tip: Get weather, movie or restaurant
tips from Google on your phone.
Text HELP to 466453 to get started.
To end Tips send no to 4436

Be careful. I replied by sending "No" to 4436 and got this back:

From: 4436
"Sorry, we did not understand your response. Reply ONLY the word YES to activate the 4 channel/$6 Mobile TV plan"


Did you notice anywhere in the original message anything related to a mobile TV plan?

No, because it was just a free tip from AT&T

The first message is a bait to get you in contact with some vendors and the second message is an attempt to make you subscribe to a mobile TV plan for $4

The only way to stop this annoying messages (which BTW came marked as "URGENT") is to reply with the word "Stop"

I sent Stop to 4436 and got this message back:

FROM: 4436
AT&T AUTO REPLY: You have Opted out of AT&T marketing messages. Please do not REPLY to this message.

How lame for any company to try to trick it's customers to sign in for a subscription this way.

UPDATE: After some time, the messages resumed; I ended up calling customer service and had them remove me from their marketing list. I had to call twice and tell them these messages were in violation to the CAN-SPAM act before the messages actually stopped.


THE CAN-SPAM ACT

In 2003, Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, which makes it illegal to send unsolicited commercial e-mail messages to wireless devices, including cell phones and pagers, without first receiving the consumer's permission. The CAN-SPAM Act works together with the Telephone Consumer Protection Act, which created the National Do Not Call Registry.

Creating a self extracting encrypted archive with 7zip

This is a walk-through on how to create a self extracting archive that is encrypted. This is a good way to add security to a file you need to email. What does that mean?

self extracting – a file that will uncompress and unencrypt itself when you double click it

archive – a compressed file containing all the files you need to protect. Compression helps you get by the pesky limits set by gmail etc where you can only send a 20MB attachment. If you have some excel data or word docs you can usually decrease the size by 5-10X.

encrypted – this will encrypt with the AES256 algorithm. The longer the password you use, the more secure it is.

This assumes you have 7zip installed. To check, right click on any file. If 7zip is in your menu like in the screenshot below, it is installed. If you do not, click this link which will pop up a new window with a walk through video on installing 7zip.

To get started -

Put the files in a folder that you want to encrypt.
Open the folder containing the files, drag your mouse across all the files, and right click. Look at this picture:

So Right click

7zip

click Add to archive

The 7zip window should come up. You need to check the following settings:

Add a name.exe

Check Create SFX archive – the self extracting part

Enter a password, the longer the better, numbers and special characters add a lot to the security of the file. I can break into a file with 5 characters in a few minutes. 8+ characters with a letters, numbers and a special character are ideal. A sentence is even better.

Check show password if you want.

Leave encryption at AES-256 and Check encrypt file names.

Hit Ok

This will create your encrypted .exe file in the folder with your files.

Now you need to rename the file.

Now select the file. You should be able to see the extensions like .txt .docx .xlsx .exe. If you can’t click here for instructions on how to have those show up.

Right click on your .exe file and click rename. (or click the file and hit F2 for the fast nerd way to rename)

Erase the .exe part and hit enter. Te 7z icon should disappear and a blank page of paper icon should be there.

Now just open your email, attach the file and send it to the person who needs it. Don’t ever put the password in the email or you defeat the purpose of doing this. The best way is to call the person and tell them what the password is.

When the recipient of the email saves the file, they need to add .exe back to the name using this same rename process. We can’t send .exe files in email because viruses would be everywhere if you could do that.

From: http://windowsnerd.com/how-to-for-normal-people/creating-a-self-extracting-encrypted-archive-with-7zip/

Reviewing File Server Limits

Updated: March 28, 2003

As you plan your file server configuration, keep in mind file system, storage, and other limits related to file servers. Table 2.10 describes these limits.

Table 2.10 File System, Storage, and File Server Limits for Windows Server 2003

Description	Limit
Maximum size of a basic volume	2 TB
Maximum size of a dynamic volume	2 TB for simple and mirrored (RAID-1) volumes. Up to 64 TB for spanned and striped (RAID-0) volumes. (2 TB per disk with a maximum of 32 disks per volume.) Up to 62 TB for RAID-5 volumes. (2 TB per disk with a maximum of 32 disks per volume and 2 TB used for parity.)
Maximum number of dynamic volumes per disk group	1,000 A disk group is collection of dynamic disks. Windows Server 2003 supports one disk group per server.
Maximum size of an NTFS volume	232 clusters minus 1 cluster Using a 64-kilobyte (KB) cluster (the maximum NTFS cluster size), the maximum size of an NTFS volume is 256 TB minus 64 KB. Using a 4-KB cluster (the default NTFS cluster size), the maximum size of an NTFS volume is 16 TB minus 4 KB.
Maximum file size on an NTFS volume	16 TB (244 bytes) minus 64 KB
Maximum number of files on an NTFS volume	4,294,967,295 (232 minus 1 file) There is no limit to the number of files that can be stored in a folder. For recommendations on limiting the number of files stored on a volume, see " Determining Maximum Volume Size" later in this chapter.
Maximum number of clusters on an NTFS volume	4,294,967,296 (232)
Maximum volumes per server	Approximately 2,000 volumes. Up to 1,000 of these volumes can be dynamic volumes; the rest are basic volumes. Boot times increase as you increase the number of volumes. In addition, you must use mounted drives to access volumes when all drive letters on a server have been used. For more information about mounted drives, see " Using NTFS mounted drives" in Help and Support Center for Windows Server 2003.
Maximum number of shared folders on a server	Varies. The number of shares on a server affects server boot time. On a server with typical hardware and thousands of shares, boot time can be delayed by minutes. Exact delays depend on server hardware. Shared folder information is stored in the system hive of the registry. For systems with less than 800 MB of RAM, the System hive can be as large as one-quarter of the physical memory. For systems with more than 800 MB of RAM, the maximum size of the System hive is 200 MB. If the system hive exceeds this limit, the server cannot mount the registry at startup and Windows Server 2003 cannot start.

For information about optimizing NTFS performance, see the Storage Technologies Collection of the Windows Server 2003 Technical Reference (or see the Storage Technologies Collection on the Web at http://www.microsoft.com/reskit).

From: http://technet.microsoft.com/en-us/library/cc780559%28WS.10%29.aspx

Recovery of MS Office Files from Temp Files

Microsoft Office has extensive AutoSave and Auto Recovery options that allow you to rescue your work in the event that it is lost due to a power failure, system crash or plain human error. However many people don't know how to use these features or that they even exist.

Even if you don't have these features enabled, you can sometimes recover data from the various temporary files that are created by Office while you are working on the document.

Microsoft have changed the way AutoSave and Auto Recover works in different versions of Office. Therefore you may want to experiment before you rely on this information.

Finding the Temporary Files

When a new file is started a temporary file is created. This can be either in the windows temp directory, in "C:\ Documents and Settings\\Application Data\Microsoft". If the file is stored on a network drive then it will be temporarily created there.

This temporary file will have a few different letters after the tilde (or squiggly line “ ~”) . These are good ones to look for to find some lost info:

Word

If you are looking for files used by word, then the following file types should be searched for, where "xxxx" is a number.

• A word document file will look like ~wrdxxxx.tmp
• A temp document file will look like ~wrfxxxx.tmp
• An auto recovery file will look like ~wraxxxx.tmp
• An auto recovery file that is complete will have the extension of .wbk.

PowerPoint

The temp file for PowerPoint looks like pptxxx.tmp

Excel

The temp file for excel looks like ~dfxxxx.tmp

There are others, but these are the ones most likely to contain data that can be recovered.

Finding and using the temporary and auto save files

Word

The default auto save time for word documents is 10 minutes. You can control this time in Options under the "Save" tab. The auto save files are placed in one of the following two locations, which is where you should look to recover the data.

1. "C:\ Documents and Settings\\Application Data\Microsoft\Word".
2. "C:\ Documents and Settings\\Local Settings\Temp"

When you have found a file that looks like it might contain data, you may want to open it in notepad instead of trying to get Word to reassemble it. The easiest way to do this is to open Notepad from the start menu then drag and drop the file in to it. The file will then be opened so that you can view the contents.

If the document was open when the system failed (power failure or crash) then you could try just opening Word again (not the document, just Word itself from the start menu). Word will then try to recover the lost document.

Excel

Excel doesn't have the AutoSave feature enabled as default, you have to add it. This is because it isn't always practical to have this functionality enabled. If you have it enabled and want to experiment with a spreadsheet, you should create a copy then open that so that the AutoSave doesn't overwrite the original.

To enable the AutoSave feature, you have to use an Add In. Go to "Tools" "Add ins" and choose "AutoSave".
With Office XP, AutoSave has been moved out from Add Ins to Options, in a similar way to Word. You will find the settings under "Save" where you can also disable the Auto Recover feature for that particular work book.

Excel automatically saves every 10 minutes to the default location of "C:\ Documents and Settings\\Local Settings\Temp" The files are identifiable as they are saved as a number .tmp e.g. "28.tmp". This means that they look different from word or any other temporary files that are being saved there by other applications.

PowerPoint

PowerPoint Auto save feature is enabled as default and will save every 10 minutes. It will prompt you for a file name the first time the auto save runs.
If you are looking for the temp files for PowerPoint then the naming convention is pptxxx.tmp (where xxxx is a number) and they are saved by default in "C :\ Documents and Settings\\Local Settings\Temp".

Other Useful Information

If you have been working on a file for hours and the document was created via copying and pasting or at one point had cut the entire page or document to paste some place and then placed something else on the clip board, the data may not have been lost. This is because when any info is copied it is sent to a temp file with the name ~wrlxxxx.tmp. Therefore you could search your system for files of this name and then use the same "Drag and Drop" technique to view the data in Notepad to recover the data.

Another interesting thing to note is that when a change is made to a document that requires a temp file to be created, when you press the save button all the temp files are merged together into one file and the file is renamed to what you called it. The original document that you created is then deleted.

Source: http://www.amset.info/tips/office-recovery.asp

Multiple copies of the Windows Installer update package (.msp) file are created when you run an Office 2000 update

This article was previously published under Q274533

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 (http://support.microsoft.com/kb/256986/EN-US/ ) Description of the Microsoft Windows Registry

SYMPTOMS

When you install any Office 2000 update, you see multiple copies of the Windows...

When you install any Office 2000 update, you see multiple copies of the Windows Installer patch package file (.msp file) in the \Windows\Installer folder. One example of an Office 2000 update is the Microsoft Office 2000 Service Release 1a (SR-1a) Update.

CAUSE

You installed multiple Office 2000 products and ran the update after you instal...

You installed multiple Office 2000 products and ran the update after you installed each Office 2000 product.

WORKAROUND

WARNING: If you use Registry Editor incorrectly, you may cause serious problems...

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.


To work around this problem, you can manually remove each orphaned .msp file, after you search for each file in the system registry and do not find the file. To do this, follow these steps:

1. Using Windows Explorer, open the \Windows\Installer folder.
   
   NOTE: You may need to customize your folder options, so that you can view all files. Please refer to your Windows documentation for more information.
2. Make a note of all files in the folder with an .msp file extension.
3. Click Start, and then click Run.
4. In the Open box, type Regedit and then click OK.
5. In the left pane of the Registry Editor, click My Computer to select it.
6. Click Find on the Edit menu.
7. Type the first .msp file name in the Find What box, and then click Find Next.
8. If you receive the message "Finished searching through the registry", the .msp file is orphaned and can be deleted. Make a note so that it can be deleted.
   
   If the Registry Editor finds a LocalPackage name with the .msp file extension in the Data column, the .msp file is referenced and should not be deleted.
9. Repeat steps 5 through 8 for each .msp file that you noted from step 2.
10. For each .msp file that you noted for deletion, right-click the .msp file in Windows Explorer, and then click Delete on the shortcut menu. Click Yes to confirm the deletion.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that ar...

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

When you update your installation of Office 2000 with the SR-1/1a Update or any...

When you update your installation of Office 2000 with the SR-1/1a Update or any other Office 2000 patch, the update files (.msp) are copied to your hard disk drive. The .msp files in the \Windows\Installer folder are always used for any Windows Installer actions on your installation of Office 2000.

Each Office 2000 family product maintains its own information about its patches, including the cached .msp files. Microsoft Office only intends to keep one cached copy of a patch, no matter how many products use the patch, but Microsoft Office fails to use the existing cached .msp file when the patch is applied to a second product. At this point, the original cached .msp file is orphaned.

REFERENCES

For additional information about the .msp file, click the following article num...

For additional information about the .msp file, click the following article number to view the article in the Microsoft Knowledge Base:

256896 (http://support.microsoft.com/kb/256896/ ) OFF2000: Error Message: The Feature You Are Trying to Use Is on a Network Resource That Is Unavailable

---

APPLIES TO

• Microsoft Office 2000 Service Pack 1

Keywords:

kbtshoot kbsetup kbprb kbupdate KB274533

Veritas BUE 9.1 error - Directory not found. Can not backup directory \\XXXXX. The directory is invalid

After moving a directory from one volume to another, I started getting this error saying that there was an invalid directory in my BackupExec 9.1 remote selections even though when looking at the selections, there was no such directory selected. It turns out that there is a bug in ver. 9 and 10 of Backup Exec for Windows and the note below shows the steps to fix it.

Got this from http://seer.support.veritas.com/docs/207001.htm

---

Exact Error Message
Directory not found. Can not backup directory <\directory> and its subdirectories.
The job failed with the following error: The directory is invalid

Details:

Job Completion Status

Completed status: Failed

Final error code: a000fe09 HEX

Final error description: The directory is invalid

Final error category: Resource Errors

This error will occur when running a scheduled job which contains a reference to one or more directories which have been removed from the target drive.

To resolve this error, do the following:

1. From the Job Definitions tab, right-click on the backup job which produced the error, and then select Properties

2. Click the Selections tab

3. Under Display options, select Text version

4. Locate and remove all references to the directory producing the error

5. In the Selection list name, select Excludes (Figure 1)

Figure 1

6. Locate any references to the directory producing the error and remove it only if it does not have the "/EXCLUDE" at the end of the statement (Figure 1)

7. Save the Job Definition

In Backup Exec (tm) 9.x and 10.0 for Windows Servers, an alert is displayed including the error message (Figure 2) which is reported in the job log:

The job failed with the following error: The directory is invalid.

Figure 2

To resolve this issue, do the following:

1. From the Job Setup tab, right-click on the backup job for which the error occurred

2. Select Properties

3. Select the Selections option

4. Under the View format option, select Text

5. Locate and delete all references to the directory which produced the error (Figure 3)

Figure 3

Diable Dell login background

Reposted from: http://www.imroot.com/2005/07/07/disable-dell-login-background/

Do you have a Dell or other OEM server that has loaded thier own custom bitmap wallpaper for the login screen. While I know everyone needs a pretty picture to look at while they are logging in, the fact of the matter is that it really bites for remote desktop connections. Especially if the server isn’t on your local network. You get the distinct pleasure of watching it draw block by time consuming little block.

Being one that doesn’t like to wait 2 minutes just to get a login box I consulted the all knowing one for an answer to my problem. Turns out it takes a registry editor and 30 seconds to solve this annoyance. Here goes change the value of:

HKEY_USERS\.DEFAULT\Control Panel\Desktop\Wallpaper

Remove the existing value and leave the key set to nothing. Thats it…next login should be faster.

APC PowerChute Console Does Not Clear Event

I have APC PowerChute Business Edition basic 7.0.4.114 in my servers and when a power failure occurs, the event alert remains displayed on the PowerChute Console after the event
condition has ended.

It turns out that to reset the alert and send it back to normal, you can clear the event from the Console in any of three ways:

• Stop and then restart the PowerChute Agent.
• Reboot the operating system.
• Temporarily change the UPS port. In Device Properties - Communications -
UPS Communications, Change the port, and click Apply. Then change the port
back to its previous setting, and click Apply again.

Found this in here: http://www.apcmedia.com/salestools/ASTE-6Z5QET_R0_EN.pdf

Move Sharepoint 3.0 Databases to a different folder

WSS 3.0 ships with a new Windows Internal Database based on SQL Server 2005. Its code name was wYukon.

You will see it as a running service called MSSQL$MICROSOFT##SSEE

When referring to the database server name in any stsadm commands, you should use this name:

ServerName\Microsoft##SSEE

It has many advantages over the previous WMSDE that shipped with WSS 2.0 but there are 2 downsides:

1. no database admin tools are install. The only options are the sqlcmd command line utility (replaces the old osql utility) or Management Studio Express (both must be run on the server as no remote connections to WID are allowed).
2. you can't specify the install location of WID when you install WSS

If you don't have another SQL Server 2005 product installed on the WSS server then you will have to download sqlcmd from here... (also install the Native Client from the same link). After installation, you will find the utility installed in the following location:

C:\Program Files\Microsoft SQL Server\90\Tools\binn

Run the following command from this directory to connect to the WID instance:

sqlcmd -S \\.\pipe\mssql$microsoft##ssee\sql\query -E

If you have installed SQL Management Studio Express then the connection string is \\.\pipe\mssql$microsoft##ssee\sql\query

All the SharePoint database files will default to being in the C:\WINDOWS\SYSMSI\SSEE\MSSQL.2005\MSSQL\Data directory. To move them to another partition you should stop all WSS services and IIS to release any locks on the databases, Find the name of the content database from the Central Admin site or stsadm command, then use the following sqlcmd commands...

EXEC sp_detach_db @dbname = 'Content_Database_name'
Go

You will find the db and log files in the following location

WINDIR%\SYSMSI\SSEE\MSSQL.2005\MSSQL\Data\.mdf' and _log.ldf

Now copy the files to the new location and run the following command

EXEC sp_attach_db @dbname = 'Content_Database_name', @filename1 = 'drive:\path\Data\.mdf', @filename2 = 'drive:\path\Data \_log.ldf'
Go

Now you can restart the services and web sites.

There are 3 other SharePoint databases you may want to move to another location. The largest of these will be for search. To list them, use the following sqlcmd command:

select name from sysdatabases
go

Which should give you something like this (GUID's may be different):

SharePoint_Config_c464b7ce-59ef-4820-9f75-f46a0937c08e
SharePoint_AdminContent_451452bf-9dc0-40c9-be18-14f14bc23007
WSS_Search_NETSERVER_86a140c5958d4a5d97c8c2cbee745424

Before trying to move these you should stop IIS and all the Windows SharePoint Services. Then you can use the same steps as above.

If you have attached the databases to a full SQL Server instance , you can remove the SSEE SQL Instance using the following command:

X86 - msiexec /x {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB} CALLERID=ocsetup.exe

X64 - msiexec /x {BDD79957-5801-4A2D-B09E-852E7FA64D01} CALLERID=ocsetup.exe

Original posting in http://www.wssdemo.com/Pages/db.aspx

Symantec Endpoint Protection MR3 to MR4 Upgrade

This is pretty straight forward

1. Download MR4
2. Stop all SEPM services.
3. Run installer over the top of previous installation.

Enjoy

Configure diagnostic logging settings (Windows SharePoint Services)

Updated: 2008-09-18

In this article:

• Customer Experience Improvement Program

• Error reports

• Event throttling

• Configuring diagnostic logging settings

Use this procedure to configure the diagnostic logging settings for Windows SharePoint Services 3.0.

You can configure how diagnostic events are logged according to their criticality. Additionally, you can set the maximum number of log files that can be maintained, and you can set how long to capture events to a single log file.

You can also indicate whether or not to provide Microsoft with continuous improvement and Dr. Watson event data.

Customer Experience Improvement Program

The Customer Experience Improvement Program (CEIP) is designed to improve the quality, reliability, and performance of Microsoft® products and technologies. With your permission, anonymous information about your server will be sent to Microsoft to help us improve SharePoint® Products and Technologies.

For more information, see the Customer Experience Improvement Program privacy statement (http://go.microsoft.com/fwlink/?LinkID=84784&clcid=0x409).

Error reports

Error reports are created when your system encounters hardware or software problems. Microsoft and its partners actively use these reports to improve the reliability of your software. Error reports include the following: information regarding the condition of the server when the problem occurs; the operating system version and computer hardware in use; and the Digital Product ID, which can be used to identify your license. The IP address of your computer is also sent because you are connecting to an online service to send error reports; however, the IP address is used only to generate aggregate statistics.

Microsoft does not intentionally collect any personal information. However, error reports could contain data from log files, such as user names, IP addresses, URLs, file or path names, and e-mail addresses. Although this information, if present, could potentially be used to determine your identity, the information will not be used in this way. The data that Microsoft collects will be used only to fix problems and to improve software and services. Error reports will be sent by using encryption technology to a database with limited access, and will not be used for marketing purposes.

For more information, see the Microsoft Error Reporting Service privacy statement (http://go.microsoft.com/fwlink/?LinkId=85028&clcid=0x409).

If you want to provide error reports to Microsoft and its partners, select the option to collect error reports. Base your decision on your organization's policies about sharing the information collected by error reports, and the potential impact of error collection on users and administrators. Two options are available for error reports:

• You can choose to periodically download a file from Microsoft that can help identify system problems based on the error reports that you provide to Microsoft.

• You can change the error collection policy to silently send all reports. This changes the computer's error reporting behavior to automatically send reports to Microsoft without prompting users when they log on.

Event throttling

You can configure the diagnostic options for event logging. Events can be logged in either the Windows® event log or the trace log. You can configure event throttling settings to control how many events are recorded in each log, according to the criticality of the events. To provide more control in event throttling, you can decide to throttle events for all events, or for any single category of events. Several categories of events are available, based on different services and features of SharePoint Products and Technologies.

Categories of events can be defined by individual services or by groupings of related events. Selected event categories include:

• All

• Categories defined by product, such as Office SharePoint Server 2007 and Microsoft Office Project Server 2007

• Administrative functions such as Administration, Backup and Recovery, Content Deployment, and Setup and Upgrade

• Feature areas such as Document Management, E-Mail, Forms Services, Information Policy Management, Information Rights Management, Publishing, Records Center, Site Directory, Site Management, User Profiles, and Workflow

• SharePoint Services and other services such as the Load Balancer Service

• Shared services such as all Office Server Shared Services, Business Data, and Excel Calculation Services

For the selected category, select the least-critical event to record, for both the Windows event log and the trace log. Events that are equally critical to or more critical than the selected event will be recorded in each log. The list entries are sorted in order from most-critical to least-critical.

The levels of events for the Windows event log include:

• None

• Error

• Warning

• Audit Failure

• Audit Success

• Information

The levels of events for the trace log include:

• None

• Unexpected

• Monitorable

• High

• Medium

• Verbose

For more information about the Windows event log or the trace log, see the Windows documentation.

Configuring diagnostic logging settings

Note:
Membership in the Administrators group of the Central Administration site is required to complete this procedure.

Configure diagnostic logging settings

1. On the top navigation bar, click Operations.

2. On the Operations page, in the Logging and Reporting section, click Diagnostic logging.

3. On the Diagnostic Logging page, in the Customer Experience Improvement Program section, under Sign Up for the Customer Experience Improvement Program, select one of the following options:

   • Yes, I am willing to participate anonymously in the Customer Experience Improvement Program (Recommended).

   • No, I don't wish to participate.

   If you select Yes, users can decide whether they want to report Customer Experience Improvement Program events to Microsoft.

4. In the Error Reports section, under Error reporting, select one of the following:

   • Collect error reports.

     If you select this option, you can also select or clear two options to control how error reports are collected:

   • Periodically download a file that can help identify system problems.

   • Change this computer's error collection policy to silently send all reports. This changes the computer's error reporting behavior to automatically send reports to Microsoft without prompting users when they log on.

   • Ignore errors and don't collect information.

5. In the Event Throttling section, in the Select a category menu, select a category of events:

   1. In the Least critical event to report to the event log menu, select the least-critical event to report to the event log for the selected category.

   2. In the Least critical event to report to the trace log menu, select the least-critical event to report to the trace log for the selected category.

6. In the Trace Log section, in the Path text box, type the local path to use for the trace log on all servers in the farm. The location must exist on all servers in the farm.

   1. In the Number of log files text box, type the maximum number of files that you want to maintain.

   2. In the Number of minutes to use a log file text box, type the number of minutes to use each log file.

7. Click OK.

For information about how to perform this procedure using the Stsadm command-line tool, see Listlogginglevels: Stsadm operation (Windows SharePoint Services) and Setlogginglevel: Stsadm operation (Windows SharePoint Services).

Download this book

This topic is included in the following downloadable book for easier reading and printing:

• Deployment for Windows SharePoint Services 3.0 technology

Original post in http://technet.microsoft.com/en-us/library/cc288649.aspx

Migrating to Symantec Endpoint Protection 11.0 MR4

Migrating to Symantec Endpoint Protection 11.0 MR4

Question/Issue:
This document describes how to migrate to Symantec Endpoint Protection 11.0 Maintenance Release 4 (MR4).


Solution:
Before you begin
This section gives the information that you need to know in order to plan for migration. This information includes supported migration paths and factors that can affect the success of the migration.

---

Note:
This document is meant only for migrations in which a previous version of Symantec Endpoint Protection 11.0 exists on the network or on individual computers. If no previous versions of Symantec Endpoint Protection products are already installed, please read the installation guide.

---

Things to know to ensure a successful migration
The following is a list of critical information that you need to know in order for your migration to succeed.

• Before you upgrade, you should back up the database. Please read "Best Practices for Disaster Recovery with Symantec Endpoint Protection" at:
  http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082112135948
• If your site uses replication, you must disable replication before upgrading Symantec Endpoint Protection Manager. You must disable replication at each site that replicates.

Migration paths
This section lists the platforms that are supported during migration to the current version of Symantec Endpoint Protection.

Supported platforms
Symantec Endpoint Protection 11.0.4000 (MR4) can migrate seamlessly over the following:

• Symantec Endpoint Protection 11.0 (RTM), 11.0.1000 (MR1), 11.0.1006 (MR1 MP1), 11.0.2000 (MR2), 11.0.2010 (MR2 MP1), 11.0.2020 (MR2 MP2), and 11.0.3001 (MR3).

Downloading the Symantec Endpoint Protection 11.0.4000 MR4 Maintenance Release

• The installer package to upgrade Symantec Endpoint Protection is available from the Symantec Fileconnect site.
https://fileconnect.symantec.com/

Migration overview
The following table gives an overview of the migration process for each component of Symantec Endpoint Protection:

Component	Migration overview
Symantec Endpoint Protection Manager	When you migrate a server, the installation automatically detects and configures it appropriately. You do not need to uninstall management servers before you install the new version. The overinstall process saves legacy settings, and then upgrades to the latest version.
Symantec Endpoint Clients	When you migrate a client, the overinstall automatically detects the client, and migrates and installs it appropriately. You do not need to uninstall existing clients before you install the new version.

Overview of the migration process
Migration to the current version of Symantec Endpoint Protection includes the following steps in order:

• Create a migration plan
  Before you begin to install the Symantec Endpoint client, manager, and any administration upgrades, you should have a solid understanding of your network topology and a streamlined plan to maximize the protection of the resources on your network during the upgrade. Symantec strongly recommends that you migrate the entire network to the current version rather than managing multiple versions of Symantec Endpoint Protection.
• Backup up the database
  Before you upgrade, you should back up the database.
• Disable replication
  If your site uses replication, you must disable replication before upgrading Symantec Endpoint Protection Manager. You must disable replication at each site that replicates.
• Stop the Symantec Endpoint Protection Manager service
  Before you upgrade, you must manually stop the Symantec Endpoint Protection Manager service on every management server in your site. After you upgrade, the service is started automatically.
  WARNING: You must stop the Symantec Endpoint Protection Manager service before you perform this procedure or you will corrupt your existing installation of Symantec Endpoint Protection Manager.
• Upgrade the Symantec Endpoint Protection Manager
  You do not need to uninstall management servers before you install the new version. The overinstall process saves legacy settings, and then upgrades to the latest version.
• Enabling replication after migration
  After you migrate all servers that used replication including the servers that were configured for failover and load balancing, you need to re-enable replication. After migration, you add a replication partner to enable replication. You only need to add replication partners on the computer on which you first installed the management server. Replication partners automatically appear on the other management servers.
• Upgrade the Symantec Endpoint Protection Clients
  You do not need to uninstall previous clients before you install the new version. The overinstall process saves legacy settings, and then upgrades to the latest version.

Backing up the database
Before you upgrade, you should back up the database.

To back up the database
1. Click Start > Programs > Symantec Endpoint Protection Manager > Database Back Up and Restore.
2. In the Database Backup and Restore dialog box, click Back Up.
3. When asked "Are you sure you want to back up the database?" click Yes.
4. When you see the message "The database has been backed up successfully," click OK.
5. In the Database Backup and Restore dialog box, click Exit.

Disabling replication
If your site uses replication, you must disable replication before upgrading Symantec Endpoint Protection Manager. You must disable replication at each site that replicates.

To disable replication
1. Log-on to the Symantec Endpoint Protection Manager Console.
2. Click the Admin tab, then Click the blue Servers tab at the bottoms of the pane
3. On the Servers tab, in the left pane, expand Local Site, and then expand Replication Partners.
4. For each site that is listed under Replication Partners, right-click the site, and then click Delete.
5. In the Delete Partner prompt, click Yes.
6. Log-off the console, and repeat this procedure at all sites that replicate data.

Stopping the Symantec Endpoint Protection Manager service
Before you upgrade, you must manually stop the Symantec Endpoint Protection Manager service on every management server in your site. After you upgrade, the service is started automatically.

---

WARNING: You must stop the Symantec Endpoint Protection Manager service before you perform this procedure or you will corrupt your existing installation of Symantec Endpoint Protection Manager.

---

To stop the Symantec Endpoint Protection service
1. Click Start > Settings > Control Panel > Administrative Tools.
2. Double Click Services to launch the Services MMC snap-in.
3. In the Services window, under Name, scroll to and right-click Symantec Endpoint Protection Manager.
4. Click Stop.
5. Close the Services window.
   • Warning: Close the Services window or your upgrade may fail.
6. Repeat this procedure for all Symantec Endpoint Protection Managers.

Upgrading the Symantec Endpoint Protection Manager
You must upgrade all Symantec Endpoint Protection Managers on which you stopped the Symantec Endpoint Protection service.

To upgrade Symantec Endpoint Protection Manager
1. Download and unzip the maintenance release.
2. Browse to the location where you unzipped the maintenance release.
3. Double Click on setup.exe to start the installation.
4. In the Symantec Endpoint Protection panel, click Install Symantec Endpoint Protection Manager.
5. In the Install Wizard Welcome panel, click Next.
6. At the License Agreement panel, select "I accept..." then click Next
7. At the Ready to install the Program panel, click Install.
8. In the Install Wizard Completed panel, click Finish.
9. In the Upgrade Wizard Welcome panel, click Next.
10. In the Information panel, click Continue.
11. When the Upgrade completes, click Next.
12. In the Upgrade Succeeded panel, click Finish.

Repeat the above steps on all other Symantec Endpoint Protection Managers on which you stopped the Symantec Endpoint Protection Manager service.

Enabling replication after migration
After you migrate all servers that used replication including the servers that were configured for failover and load balancing, you need to re-enable replication. After migration, you add a replication partner to enable replication. You only need to add replication partners on the computer on which you first installed the management server. Replication partners automatically appear on the other management servers.

To enable replication after migration
1. Log-on to the Symantec Policy Management Console if you are not logged on.
2. Click the Admin tab, then click the blue Servers tab at the bottom of the pane.
3. On the Servers tab, in the left pane, expand Local Site, and then click Add Replication Partner.
4. In the Add Replication Partner panel, click Next.
5. In the Remote Site Information panel, enter the identifying information about the replication partner, enter the authentication information, and then click Next.
6. In the Schedule Replication panel, set the schedule for when replication occurs automatically, and then click Next.
7. In the Replication of Log Files and Client Packages panel, check the items to replicate, and then click Next.
   (Replicating packages generally involves large amounts of traffic and storage requirements.)
8. To complete the Add Replication Partner Wizard panel, click Finish.
9. Repeat this procedure for all computers that replicate data with this computer.

Upgrading the Symantec Endpoint Protection clients
The easiest way to migrate Symantec Endpoint Protection clients is by using the auto-upgrade feature. All other client software deployment methods are supported, but the auto-upgrade approach is the easiest way. The client migration installation can take up to 30 minutes. It is recommended to migrate when most users are not logged on to their computers.

---

Note: Test this migration approach before rolling out migration to a large number of computers. Create a new group and place a small number of client computers in that group for testing purposes.

---

To migrate client software
1. Log-on to the newly migrated Symantec Endpoint Protection Manager Console if you are not logged on.
2. Click Admin > Install Packages.
3. In the lower-left pane, under Tasks, click Upgrade Groups with Package.
4. In the Welcome to the Upgrade Groups Wizard panel, click Next.
5. In the Select Client Install Package panel, all existing client packages are listed in the drop down box. Select one of the following:
   • Symantec Endpoint Protection .
   • Symantec Network Access Control .
6. Click Next.
7. In the Specify Groups panel, check one or more groups that contain the client computers to be migrated, then click Next.
8. In the Package Upgrade Settings panel, check Download client from the management server.
9. Click Upgrade Settings.
10. In the Add Client Install Package dialog box, on the General tab, specify whether or not to keep existing client features or specify new ones, then configure a schedule for when to migrate the client computers. Under the Notification tab, specify a message to display to users during the migration.
    • If the clients in the group run a version of Symantec Endpoint Protection previous to MR2, turn off scheduling. Scheduling is on by default when a new client install package is added to a group. If scheduling is turned on, the upgrade fails. To turn off scheduling, in the Add Client Install Package dialog box, uncheck Upgrade Schedule.
11. For details about settings on these tabs, click Help.
12. Click OK.
13. In the Upgrade Groups Wizard dialog box, click Next.
14. In the Upgrade Groups Wizard Complete panel, click Finish.

References:
Creating new Client Installation packages in the Symantec Endpoint Protection Manager Console
Release notes for Symantec Client Security 3.1.x and Symantec AntiVirus 10.1.x


Document ID: 2008121712452848
Last Modified: 12/22/2008
Date Created: 12/17/2008
Operating System(s): Windows 2000 Professional, Windows 2000 Server/Advanced Server, Windows XP Home Edition, Windows XP Professional Edition, Windows XP Tablet PC Edition, Windows Server 2003 Web/Standard/Enterprise/Datacenter Edition, Windows Vista, Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition, Windows Vista x64 Edition, Windows Server 2008 DataCenter 64-bit, Windows Server 2008 DataCenter 32-bit, Windows Server 2008 Enterprise 64-bit, Windows Server 2008 Enterprise 32-bit, Windows Server 2008 Standard 64-bit, Windows Server 2008 Standard 32-bit, Windows Server 2008 Web Server 64-bit, Windows Server 2008 Web Server 32-bit
Product(s): Endpoint Protection 11
Release(s): Endpoint Protection 11 [All Releases]

How to determine the appropriate page file size for 64-bit versions of Windows Server 2003 or Windows XP

The 64-bit versions of Microsoft Windows Server 2003 and Microsoft Windows XP can support more RAM than the 32-bit versions of these products. When lots of memory is added to a computer, a paging file may not be required. When you use the Pages/sec counter to measure paging file use, the value that is returned may not be accurate. To obtain an accurate measurement of paging file use, you must also use other performance counters. You can use System Monitor measurements to calculate the size of the paging file that your computer requires.

Windows Server 2003 Domain Controllers are not supported without a configured pagefile. Because the algorithm the LSASS database cache depends on the "transition pages repurposed/second" perfmon counter, a pagefile is required to make sure that the database cache is capable to release memory if memory is requested by other services or applications.

Note If you are running Microsoft SQL Server together with MSDTC (COM+), the pagefile should be at least 1 percent larger than how much RAM is installed in the system. For example, when you are using 32 GB of RAM, the pagefile should be at least 32.32 GB of RAM.

INTRODUCTION

When you set up a 64-bit version of Microsoft Windows Server 2003 or Microsoft Windows XP, the operating system will create a page file that is one and a half times the amount of RAM that is installed in your computer. However, as the amount of RAM in a computer increases, the need for a page file decreases. The following guidelines and methods will help you determine the appropriate page file size for your system.

Comparison of memory and CPU limits in the 32-bit and 64-bit versions of Windows

When you set up a 32-bit version or a 64-bit version of Windows Server 2003 or Windows XP, a page file is created that is one and a half times the amount of RAM that is installed in the computer provided there is sufficient free space on the system hard disk. However, as more RAM is added to a computer, the need for a page file decreases. If you have enough RAM installed in your computer, you may not require a page file at all, unless one is required by a specific application.

The following chart illustrates the amount of RAM and the number of CPUs that can be installed on a computer depending on the operating system that is installed. RAM and CPU limits are much larger in 64-bit operating systems than in 32-bit operating systems.

Collapse this tableExpand this table

General memory limits	32-bit	64-bit
Total virtual address space	4 gigabytes (GB)	16 terabytes
Virtual address space per 32-bit process	2 GB, 3 GB if the system is booted with the /3GB switch	2 GB, 4 GB if the application is compiled with the /LARGEADDRESSAWARE switch
Virtual address space per 64-bit process	Not applicable	8 terabytes
Paged pool	470 megabytes (MB)	128 GB
Non-paged pool	256 MB	128 GB
System cache	1 GB	1 terabyte

Physical memory and CPU limits	32-bit	64-bit
Windows XP Professional	4 GB / 1-2 CPUs	128 GB / 1-2 CPUs
Windows Server 2003, Standard Edition	4 GB / 1-4 CPUs	32 GB / 1-4 CPUs
Windows Server 2003, Enterprise Edition	32 GB / 1-8 CPUs	1 terabyte / 1-8 CPUs
Windows Server 2003, Datacenter Edition	64 GB / 1-32 CPUs	1 terabyte / 1-64 CPUs
Windows Server 2003 SP1, Enterprise Edition	64 GB / 1-8 CPUs	1 terabyte / 1-8 CPUs
Windows Server 2003 SP1, Datacenter Edition	128 GB / 1-32 CPUs	1 terabyte / 1-64 CPUs

There is no specific recommendation for page file size. Your requirements will be based on the hardware and software that you use and the load that you put on the computer. To monitor page file usage and requirements, run System Monitor, and gather a log during typical usage conditions. Focus on the following counters.

Collapse this tableExpand this table

Counter threshold	Suggested value
Memory\\Available Bytes	No less than 4 MB
Memory\\Pages Input/sec	No more than 10 pages
Paging File\\% Usage	No more than 70 percent
Paging File\\% Usage Peak	No more than 70 percent
Process\\Page File Bytes Peak	Not applicable

Note Page file use should be tracked periodically. When you increase the use or the load on the system, you generally increase the demand for virtual address space and page file space.

The Pages/sec counter

When you use System Monitor, the values that are returned by the Pages/sec counter for the Memory performance object may be more than you expect. These values may not be related to either paging file activity or cache activity. Instead, these values may be caused by an application that is sequentially reading a memory-mapped file.

The Pages/sec counter counts the number of pages that are read from the disk or that are written to the disk to resolve memory references to pages. These pages were not in memory at the time of the reference. The Pages/sec value is the sum of the Pages Input/sec and Pages Output/sec counter values. The Pages/sec counter includes paging traffic on behalf of the system cache to access file data for applications.

Pages/sec is the primary counter to watch if you are concerned about excessive memory pressure (thrashing) and the excessive paging that may result.

However, the Pages/sec counter also accounts for other activity, such as the sequential reading of memory-mapped files that are either cached or not. Typically, the Pages/sec counter is counting other activity when you see the following:

• A high value for the Memory: Pages/sec counter.
• An average value, relative to the system being monitored, or a high value for the Memory: Available Bytes counter.
• An average or small value for the Paging File: % Usage counter.
• For a non-cached memory-mapped file, you also see average or low cache activity. (Low cache activity is also known as cache fault activity.)

Therefore, a high value for the Memory: Pages/sec counter does not necessarily indicate memory pressure or a System Monitor reporting error. To gain an accurate reading of your system, you must also monitor other counters.

How to calculate page file size

Use one or more of the following methods to help you calculate page file size.

Method 1: Use performance logs to understand the paging activity on your computer

1. Click Start, point to Administrative Tools, and then click Performance.
2. Expand Performance Logs and Alerts, click Counter Logs, right-click the blank space in the right-pane, and then click New Log Settings.
3. In the Name box, type a name for the log, and then click OK.
4. On the General tab, click Add Counters.
5. Click Use local computer counters.
6. In the Performance object list, click Paging File.
7. Click Select counters from list, click % Usage, and then click Add.
8. In the Performance object list, click Memory.
9. In Select counters from list, click Available Bytes, and then click Add.
10. In Select counters from list, click Pages Input/sec, click Add, and then click Close.
11. Click OK.

Use the log that you collect during typical computer use to understand the paging activity on your computer. Then, adjust the page file size accordingly.

Method 2: Use the Page File Bytes Peak counter to calculate page file size

1. Click Start, point to Administrative Tools, and then click Performance.
2. Click System Monitor.
3. In the right pane, click + (the Add button).
4. Click Use local computer counters.
5. In the Performance object list, click Process.
6. Click Select counters from list, click Page File Bytes Peak, click Add, and then click Close.
7. Let the counter run during typical use of your computer.
8. Note the maximum value for the Page File Bytes Peak counter, and then multiply the value by 0.70. The sum of the equation is the size to set for your page file.

Method 3: Calculate the minimum and maximum page file size

To determine the approximate minimum page file that is required by your system, calculate the sum of peak private bytes that are used by each process on the system. Then, subtract the amount of memory on the system.

To determine the approximate maximum page file space that is required for your system, calculate the sum of peak private bytes that are used by each process on the system. Then, add a margin of additional space. Do not subtract the amount of memory on the system. The size of the additional margin can be adjusted based on your confidence in the snapshot data that is used to estimate page file requirements.

Note This estimate is accurate only if the snapshot of data that is used to make the calculations is accurate.

Page file input/output rates

To avoid overloading the system or other disks with page input/output (I/O) activity, use the following guidelines when you set up the page file on your computer:

• If the page I/O (real disk I/O) rate is more than 10 pages per second, we recommend that you do not put the page file where the I/O activity occurs on the system disk. When the page I/O rate is 10 pages per second or more, we recommend that you dedicate a separate hard disk for paging.
• If the page I/O rate to a particular disk that is used for paging is more than 60 disk I/O operations per second, use more than one dedicated page hard disk to obtain better performance. To do this, use multiple non-striped disks for paging, or use raid 0 striped disks for paging. Dedicate approximately one I/O hard disk to paging for every 60 pages per second of I/O activity.
  
  For example, if a system is averaging 150 pages of I/O activity per second, use three individual hard disks, or a three-disk raid 0 stripe set for the page file.
  
  Note These estimates are for hard disks that run at 7200 revolutions per minute (rpm). If you use a hard disk that runs faster, the I/O rate a disk can handle for page I/O will increase.
  
  Note If peak performance is critical to your system, use peak I/O rates instead of average I/O rates for these calculations.

Important Supportability Information: This article is specifically for computers that do not need kernel mode or full memory dump analysis. For business-critical servers where business processes require to server to capture physical memory dumps for analysis, the traditional model of the page file should be at least the size of physical ram plus 1 MB, or 1.5 times the default physical RAM. This makes sure that the free disk space of the operating system partition is large enough to hold the OS, hotfixes, installed applications, installed services, a dump file, and the page file. On a server that has 32 GB of memory, drive C may have to be at least 86 GB to 90 GB. This is 32 GB for memory dump, 48 GB for the page file (1.5 times the physical memory), 4 GB for the operating system, and 2 to 4 GB for the applications, the installed services, the temp files, and so on. Remember that a driver or kernel mode service leak could consume all free physical RAM. Therefore, a Windows Server 2003 x64 SP1-based server in 64-bit mode with 32GB of RAM could have a 32 GB kernel memory dump file, where you would expect only a 1 to 2 GB dump file in 32-bit mode. This behavior occurs because of the greatly increased memory pools.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

294418 (http://support.microsoft.com/kb/294418/ ) Comparison of 32-bit and 64-bit memory architecture for 64-bit editions of Windows XP and Windows Server 2003

MORE INFORMATION

Technical support for Windows x64 editions

Your hardware manufacturer provides technical support and assistance for Microsoft Windows x64 editions. Your hardware manufacturer provides support because a Windows x64 edition was included with your hardware. Your hardware manufacturer might have customized the Windows x64 edition installation with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your Windows x64 edition. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware.

For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site:

http://www.microsoft.com/windowsxp/64bit/default.mspx (http://www.microsoft.com/windowsxp/64bit/default.mspx)

For product information about Microsoft Windows Server 2003 x64 editions, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2003/64bit/x64/editions.mspx (http://www.microsoft.com/windowsserver2003/64bit/x64/editions.mspx)

Back to the top

---

APPLIES TO

• Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
• Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
• Microsoft Windows Server 2003, Standard x64 Edition
• Microsoft Windows Server 2003, Datacenter x64 Edition
• Microsoft Windows Server 2003, Enterprise x64 Edition
• Microsoft Windows XP Professional 64-Bit Edition (Itanium)
• Microsoft Windows XP Professional x64 Edition
• Windows Server 2008 for Itanium-Based Systems
• Windows Server 2008 Datacenter
• Windows Server 2008 Enterprise
• Windows Server 2008 Standard

Keywords:

kbhowtomaster kbdiskmemory kbvirtualmem kbtshoot kbinfo KB889654