Dec 222014
 

This is an experimental PowerShell script that looks at all the physical network adapters on a machine and verifies that they are at or above an arbitrary link speed set in the script. It works by querying the MSNdis_LinkSpeed class in WMI, filtering out non-physical adapters, and then checking each one to make sure the link speed is above the $MinSpeed value that you set. It then returns TRUE or FALSE.

I believe it is useful to use a greator than or equal to comparison instead of saying that all links must equal the minimum speed, especially in server environments where you may have a mixed environment of some servers with gigabit links for instance, and then another set of servers or virtual machines with 10gig links.

I don’t see this being useful in a PC environment because you have less control over what a desktop is hooked in to at any given point in time. Though it may still be useful if you want to enforce such a policy, like trading floor must be at gigabit or higher, and you want to catch non-compliance.

Obviously I can’t account for every InstanceName that isn’t a physical adapter. If there is a better way, by all means let me know and I’ll modify the script, but here it is!

# Robert's experimental NIC speed compliance script. 
# Emphasis on EXPERIMENTAL. 
# It will not break anything but it may not give back a sane result. 
# Manually check suspect compliance, bad compliance will probably come
# from non-physical nics where I didn't account for the InstanceName
# below when it came from MSNdis_LinkSpeed. 

# Minimum allowed speed in megabits. 
$MinSpeed = '1000' 

# This is used for compliancy.
$NonCompliant = 0

# Get link speed for all physical network adapters. 
$nics = Get-WmiObject -Namespace root\wmi -Class MSNdis_LinkSpeed | where {`
$_.InstanceName -notlike '*miniport*' -and `
$_.InstanceName -notlike '*WAN*' -and `
$_.InstanceName -notlike '*1394*' -and `
$_.InstanceName -notlike '*ISATAP*' -and `
$_.InstanceName -notlike '*Bluetooth*' -and `
$_.InstanceName -notlike '*RAS*' -and `
$_.InstanceName -notlike 'Direct Parallel' -and `
$_.InstanceName -notlike '*tunnel*' -and `
$_.InstanceName -notlike '*6to4*' -and `
$_.InstanceName -notlike '*Deterministic*' -and `
$_.InstanceName -notlike '*miniport*' -and `
$_.InstanceName -notlike '*kernel*'
}

# Go through list of NICS and make sure speed is above $MinSpeed
foreach ($nic in $nics) {
    
    #Make the link speed in megabits instead of bits.
    $LinkSpeed = $nic.NdisLinkSpeed/10000

    #See if this NIC is compliant.
    if ($LinkSpeed -lt $MinSpeed) {
        $NonCompliant++
    }
}

# Am I compliant?
if ($NonCompliant -eq 0) {
    write-host TRUE
    } else {
    write-host FALSE
}
Nov 232014
 

The following detection script accomplishes the following.

  • Determines if virtual memory is automatically managed. The desired configuration according to the script is that the pagefile should be managed manually (true can be changed to false if you want to go the automagic route).
  • If the pagefile is not automatically managed, the script determines if the size of the page file is at least double the amount of visible physical memory.

I’m working on a remediation script, but for now I figure’d I would share the love.

# This script simply checks to see if Windows is handling the page file
# automagically. Then if no, it verifies to make sure that the swap file
# is set at or over twice the available memory. 

$system = get-wmiobject -Class win32_ComputerSystem

if ($system.AutomaticManagedPagefile -eq $true) {
    write-host FALSE
    } else {  

    $mem = get-wmiobject -Class win32_OperatingSystem | select-object TotalVisibleMemorySize,TotalVirtualMemorySize

    [int64]$vismem = $mem.TotalVisibleMemorySize
    [int64]$vrtmem = $mem.TotalVirtualMemorySize

    if ($vrtmem -ge ($vismem * 2)) {
        write-host TRUE
        } else {
        write-host FALSE
    }
}

 

Mar 142014
 

UPDATE: I’ve been clued in that Windows Performance Recorder is now capable of controlling the paging executive from its command line. https://msdn.microsoft.com/en-us/library/windows/hardware/hh448229.aspx (thanks Jeff Stokes)

Here is the registry change required to disable the paging executive for use with Windows Performance Recorder, but you can do it much easier with WPR now.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"DisablePagingExecutive"=dword:00000001

Alternatively, you can download the registry file as a ZIP here. disable_paging_executive.zip