Windows Performance Monitor Lab
Master Performance Monitor (PerfMon) for system monitoring, troubleshooting, and performance analysis
Lab Overview
Performance Monitor (PerfMon) is Windows' built-in tool for monitoring system performance, diagnosing bottlenecks, and analyzing resource usage. This lab teaches you to use PerfMon like a system administrator for real-world troubleshooting scenarios.
What You'll Learn: System monitoring, performance counters, data collection, alerting, report generation, and troubleshooting methodology
Part 1: Opening Performance Monitor
Multiple Ways to Access PerfMon:
| ✓ | Method | Steps | Best For |
|---|---|---|---|
| Run Dialog | Win + R → Type perfmon → Enter | Fastest method | |
| Start Menu Search | Win key → Type "Performance Monitor" | Beginner-friendly | |
| Computer Management | Win + X → Computer Management → Performance | Part of admin workflow | |
| Control Panel | Control Panel → Administrative Tools → Performance Monitor | Traditional method | |
| Command Line | CMD/PowerShell → perfmon.exe | Scripting/automation |
Administrator Rights: While PerfMon opens for regular users, some features require administrator privileges for system-wide monitoring.
Part 2: Interface Overview
Performance Monitor Main Components:
Left Navigation Pane:
- Monitoring Tools
- Performance Monitor (Real-time graphs)
- System Monitor (Live counters)
- Data Collector Sets
- User Defined (Custom collections)
- System (Built-in templates)
- Reports
- User Defined
- System (System diagnostics)
Main Display Area:
- Graph View - Real-time performance charts
- Report View - Current counter values
- Histogram View - Bar chart format
Toolbar Functions:
- Add/Remove counters
- Change view types
- Adjust time scale
- Save/Load configurations
Exercise 1: Interface Exploration
Part 3: Performance Counters
Essential Performance Counters:
| Category | Counter | What It Measures | Healthy Range |
|---|---|---|---|
| Processor | % Processor Time | Overall CPU usage | < 80% sustained |
| % User Time | CPU time spent on user processes | Varies by workload | |
| % Privileged Time | CPU time spent on kernel operations | < 30% typically | |
| Memory | Available MBytes | Free physical memory | > 100 MB minimum |
| Pages/sec | Memory paging activity | < 1000/sec | |
| % Committed Bytes In Use | Virtual memory usage | < 80% | |
| Page Faults/sec | Page fault frequency | Varies widely | |
| PhysicalDisk | % Disk Time | Disk utilization | < 85% |
| Avg. Disk Queue Length | Pending disk operations | < 2 per disk | |
| Disk Bytes/sec | Disk throughput | Depends on drive type | |
| Network | Bytes Total/sec | Network throughput | < 80% of bandwidth |
| Current Bandwidth | Available network speed | Interface maximum |
Exercise 2: Adding Performance Counters
Part 4: Data Collector Sets
Understanding Data Collector Sets:
Data Collector Sets allow you to gather performance data over time, create logs, and generate reports. They're essential for long-term monitoring and analysis.
Built-in System Sets:
- System Performance - Overall system health
- System Diagnostics - Comprehensive system analysis
- LAN Diagnostics - Network performance
- Wireless Diagnostics - WiFi performance
Custom Set Types:
- Performance Counter - Specific metrics
- Event Trace - System events
- Configuration - Registry/file changes
- System Configuration - Hardware info
Exercise 3: Creating a Custom Data Collector Set
Part 5: Analyzing Reports
Viewing and Interpreting Reports:
Exercise 4: System Diagnostics Report
Report Sections Explained:
- Summary: Critical issues and warnings
- Resource Overview: Performance metrics
- Software Configuration: Installed programs and services
- Hardware Configuration: System hardware details
Part 6: Performance Baselines
Creating Performance Baselines:
Baselines establish normal system performance levels, making it easier to identify problems when performance deviates from the norm.
Exercise 5: Establishing a Baseline
Scenario: Create a baseline during normal system operation for future comparison
Baseline Documentation Template:
| Counter | Average | Peak | Notes |
|---|---|---|---|
| CPU % Processor Time | _____% | _____% | Normal idle/light use |
| Memory Available MBytes | _____ MB | _____ MB | Typical free memory |
| Disk % Disk Time | _____% | _____% | Background activity |
Part 7: Troubleshooting Scenarios
Real-World Performance Issues:
Problem: Computer is running slowly, fans spinning loudly
Investigation Steps:
- Add Processor(_Total)\% Processor Time counter
- Add Process(*)\% Processor Time to identify specific processes
- Sort by highest CPU usage in Report view
- Check if high usage is sustained (>80% for >5 minutes)
- Identify the top CPU-consuming processes
- Research if processes are legitimate or potentially malicious
Red Flags: Unknown processes, crypto miners, malware, runaway applications
Problem: System becomes slower over time, requires restart
Investigation Steps:
- Monitor Memory\Available MBytes over time
- Add Process(*)\Working Set for specific applications
- Track Memory\% Committed Bytes In Use
- Look for steadily increasing memory usage
- Identify processes with growing memory footprint
- Check for applications that don't release memory
Problem: Applications load slowly, file operations take too long
Investigation Steps:
- Monitor PhysicalDisk(_Total)\% Disk Time
- Check PhysicalDisk(_Total)\Avg. Disk Queue Length
- Add PhysicalDisk(_Total)\Disk Transfers/sec
- Compare performance across different drives
- Look for sustained high disk utilization (>85%)
- Use Process and Thread counters to find disk-heavy applications
Problem: Slow internet, network applications performing poorly
Investigation Steps:
- Add Network Interface(*)\Bytes Total/sec
- Monitor Network Interface(*)\Current Bandwidth
- Check for network utilization >80% of capacity
- Use Process(*)\IO Data Bytes/sec to find network-heavy apps
- Compare performance during different times of day
- Check for unusual network traffic patterns
Exercise 6: Simulated Troubleshooting
Practice Scenario: Create a performance issue and use PerfMon to diagnose it
Part 8: Advanced Features
Advanced Performance Monitor Features:
Alerts and Notifications:
- Set threshold alerts for critical counters
- Configure email notifications
- Trigger automated responses
- Log alert events
Remote Monitoring:
- Monitor other computers on network
- Centralized performance tracking
- Compare performance across systems
- Remote troubleshooting capabilities
Data Export and Analysis:
- Export data to CSV for Excel analysis
- Integration with System Center
- PowerShell automation scripts
- Custom report generation
Scheduling and Automation:
- Schedule data collection times
- Automatic start/stop conditions
- Recurring monitoring tasks
- Maintenance window monitoring
Exercise 7: Setting Up Alerts
Quick Reference Card
Essential Shortcuts
Win + R, perfmon- Open PerfMonCtrl + +- Add counterCtrl + -- Remove counterCtrl + H- Highlight counterF5- Refresh view
Key Counters
- Processor\% Processor Time
- Memory\Available MBytes
- PhysicalDisk\% Disk Time
- Network Interface\Bytes Total/sec
- Process\% Processor Time
Healthy Thresholds
- CPU: < 80% sustained
- Memory: > 100 MB available
- Disk: < 85% utilization
- Network: < 80% bandwidth
- Queue Length: < 2 per disk
Troubleshooting Workflow
- Identify symptoms: Slow performance, high resource usage
- Establish baseline: Compare to normal operation
- Monitor key counters: CPU, Memory, Disk, Network
- Drill down: Identify specific processes or components
- Analyze patterns: Look for trends and correlations
- Document findings: Create reports and recommendations
Lab Completion
Continue Your Progress!
Complete all exercises above to master Performance Monitor. You're 0% complete!
40 tasks remaining