What is SharePoint Perfwiz and why do we need a replacement?
SharePoint Perfwiz was a tool used by Product Support to create performance log counters on SharePoint servers to troubleshoot performance issues. This tool has been deprecated but there is still a need to collect performance data for those pesky performance issues.
The Perfwiz tool simply used LOGMAN.exe to create a custom counter set with several selected counters specifically for SharePoint servers.
This blog will detail how to use LOGMAN.exe to mimic the baseline counter set that was created by the Perfwiz tool.
The command Line
Here is the command used to create the Baseline counter set:
Logman.exe create counter Baseline_Counters -o “c:perflogsBaseline_Counters.blg” -f bincirc -v mmddhhmm -max 250 -c “.NET CLR Exceptions(*)*” “.NET CLR Loading(*)*” “.NET CLR Memory(*)*” “.NET CLR Networking(*)*” “.NET Data Provider for SqlServer(*)*” “AppFabric Caching:Host(*)*” “ASP.NET Apps v2.0.50727(*)*” “ASP.NET Apps v4.0.30319(*)*” “ASP.NET v2.0.50727*” “ASP.NET v4.0.30319*” “ASP.NET(*)*” “LogicalDisk(*)*” “Memory*” “NBT Connection(*)*” “NetLogon(*)*” “Network Interface(*)*” “Office Web Apps – Online Viewing*” “PhysicalDisk(*)*” “Process(*)*” “Processor Information(*)*” “Processor(*)*” “Sandboxed Code Process Pool(*)*” “Search Flow Statistics(*)*” “Search Host Controller(*)*” “Search Linguistics(*)*” “Search Platform Services(*)*” “Search Query Processing(*)*” “Search Query Processor – SharePointServerSearch(*)*” “Search SPLookupService(*)*” “Server Work Queues(*)*” “Server*” “Shared Service Provider(*)*” “SharePoint Disk-Based Cache(*)*” “Sharepoint Distributed Cache Counters(*)*” “SharePoint Foundation (*)*” “SharePoint Foundation Authentication (*)*” “SharePoint Foundation BDC Metadata*” “SharePoint Foundation BDC Online(*)*” “SharePoint Foundation Request Management(*)*” “SharePoint Foundation Security Token Service*” “SharePoint Publishing Cache(*)*” “SharePoint Server Cache instances(*)*” “SharePoint Server Cache*” “SiteComponents*” “System*” “TCPv4*” “TCPV6*” “Thread(w3wp_*)*” “Thread(OWSTIMER_*)*” “W3SVC_W3WP(*)*” “WAS_W3WP(*)*” “Web Service Cache*” “Web Service(*)*” “Windows Workflow Foundation(*)*” -si 00:00:30 -cnf 12:00:00
Switches used:
-o: The output file
-f: Sets the file to a circular binary
-v: Adds a date / time stamp in the file name
-max: The max file size
-c: The counter list
-si: The sample interval
-cnf: 12:00:00 tells the counter to create a new file and continue when the max size has been reached or after 12 hours.
What is looks like
To run the LOGMAN.exe command, you will need an elevated command prompt to run this command.
Here is what it looks like after the counters are created:
Here is an example of the output file:
After the counters are created, they can be started with the following command:
logman start Baseline_Counters
After the problem is reproduced, stop the counters with the following command:
logman stop Baseline_Counters
However, they can be started and stopped manually as well.
Important notes and takeaways
- If you have multiple servers, you can use the -s switch and feed in a server list, example:
$servers = Get-Content c:tempservers.txt
foreach ($server in $servers) {
Logman.exe create counter -s $server 'Baseline_Counters' -o 'c:perflogsBaseline_Counters.blg' -f bincirc -v mmddhhmm -max 250 -c '".NET CLR Exceptions(*)*" ".NET CLR Loading(*)*" ".NET CLR Memory(*)*" ".NET CLR Networking(*)*" ".NET Data Provider for SqlServer(*)*" "AppFabric Caching:Host(*)*" "ASP.NET Apps v2.0.50727(*)*" "ASP.NET Apps v4.0.30319(*)*" "ASP.NET v2.0.50727*" "ASP.NET v4.0.30319*" "ASP.NET(*)*" "LogicalDisk(*)*" "Memory*" "NBT Connection(*)*" "NetLogon(*)*" "Network Interface(*)*" "Office Web Apps - Online Viewing*" "PhysicalDisk(*)*" "Process(*)*" "Processor Information(*)*" "Processor(*)*" "Sandboxed Code Process Pool(*)*" "Search Flow Statistics(*)*" "Search Host Controller(*)*" "Search Linguistics(*)*" "Search Platform Services(*)*" "Search Query Processing(*)*" "Search Query Processor - SharePointServerSearch(*)*" "Search SPLookupService(*)*" "Server Work Queues(*)*" "Server*" "Shared Service Provider(*)*" "SharePoint Disk-Based Cache(*)*" "Sharepoint Distributed Cache Counters(*)*" "SharePoint Foundation (*)*" "SharePoint Foundation Authentication (*)*" "SharePoint Foundation BDC Metadata*" "SharePoint Foundation BDC Online(*)*" "SharePoint Foundation Request Management(*)*" "SharePoint Foundation Security Token Service*" "SharePoint Publishing Cache(*)*" "SharePoint Server Cache instances(*)*" "SharePoint Server Cache*" "SiteComponents*" "System*" "TCPv4*" "TCPV6*" "Thread(w3wp_*)*" "Thread(OWSTIMER_*)*" "W3SVC_W3WP(*)*" "WAS_W3WP(*)*" "Web Service Cache*" "Web Service(*)*" "Windows Workflow Foundation(*)*"' -si 00:00:30 -cnf 12:00:00
}
- The default action of this counter set is to run forever, you will need to stop them manually once this data is no longer needed.
In this weekly discussion of latest news and topics around Microsoft 365, hosts – Vesa Juvonen (Microsoft), Waldek Mastykarz (Rencore), are joined by Paul Bullock – SharePoint Architect and MVP with CaPa Creative located in the UK. Paul is a major contributor to PnP modernization tooling effort which leads to this call’s discussion focus.
- So why would you share your code as open-source?
- When’s a good time to start contributing?
- How do you get plugged into the PnP community?
This session is a great place to start. PnP is not just code, it’s structure, infrastructure, policy, adoption strategies, recognition, networking, the human-side of IT. Open-source is great way to learn from and work with people who are introverts, extroverts, people located near and far with various organization affiliations, customer projects and technical skills that share common passions and a relationship to the PnP community. Additionally, in this episode, 17 recently released articles from Microsoft and the PnP Community are highlighted.
As always, if you need help on an issue, want to share a discovery, or just want to say: “Job well done”, please reach out to Vesa, to Waldek or to your PnP Community.
This episode was recorded on Monday, June 29, 2020.
Did we miss your article? Please use #PnPWeekly hashtag in the Twitter for letting us know the content which you have created.
On March 24th we shared in an announcement in the M365 message center (MC207439) details around temporary adjustments we are making to select capabilities in SharePoint Online and OneDrive.
During these unprecedented times, we are taking steps to ensure that SharePoint Online and OneDrive services remain available and reliable for your users who depend on the service more than ever in remote work scenarios.
Note: These temporary feature adjustments may be in place during business hours in your tenant's region.
Content migration, Data Loss Prevention (DLP), and backup solutions
Many SharePoint Online and OneDrive customers run business-critical applications against the service that run in the background. These include content migration, Data Loss Prevention (DLP), apps that scan the service and backup solutions. In support of the objective to remain highly available, we are moving some operations to regional evening and weekend hours.
Users may observe:
- Migration, DLP and backup solutions may achieve limited throughput during regional weekday daytime hours. During evening and weekend hours for the region, the service will be ready to process a significantly higher volume of requests from background apps.
Please review the relevant best practice guidance, which describes how to get maximize throughput.
File Management
Various background processes to manage new media (images, videos) may now be processed during evening and weekend hours.
Modified processes include:
- Users may experience reduced video resolution for playback videos.
-
Customers who use OneDrive Files On-Demand and choose to “display items by using large thumbnails” in Windows Explorer or Mac Finder will see generic icons instead of thumbnails.
Note: Photo file thumbnails (jpeg, jpg, png, etc) are not affected by this change.
The affected thumbnail types are categorized as the following:
- Video and PDF files: pdf, avi, mp4, mov, mpg, etc.
- Document files with generators: docx, txt, html, etc.
- New extensions likely to be permanently blocked because no thumbnail generator is ever likely to exist: reg|bak|iso|nupkg, etc.
- Files types already blocked today because no generator exists: lnk|xlsx|xls|url|exe|zip|rar|rdp|apprefms|msi|website
There is no workaround, we will continue listening to feedback and iterate on this approach.
Additional Information
We will provide further updates to this post as the situation may change.
Last article update: 07/1/20
In this weekly discussion of latest news and topics around Microsoft 365, hosts – Vesa Juvonen (Microsoft), Waldek Mastykarz (Rencore), are joined by – Andrew Connell (A.C.) – MVP, Instructor, owner of Voitanos located in Florida, US.
Topics included:
- Andrew’s “Mastering SharePoint Framework” course – a 2-year endeavor that is content complete – well almost.
- Waiting on SPFx v1.11 release.
- Andrew shares his honest opinions on SPFx – capabilities, reliability, completeness, engineering communications, need for functional consistency across apps and tools that encompass more just SharePoint now.
- Discussed using library components or npm packages
- UX components – using Office UI Fabric or Fluent Fabric.
- Additionally, in this episode, 18 recently released articles from Microsoft and the PnP Community are highlighted.
As always, if you need help on an issue, want to share a discovery, or just want to say: “Job well done”, please reach out to Vesa, to Waldek or to your PnP Community.
This episode was recorded on Monday, June 22, 2020
Did we miss your article? Please use #PnPWeekly hashtag in the Twitter for letting us know the content which you have created.
Safely sharing and accessing content is becoming increasingly important as the business world shifts to remote work. Join the OneDrive team on June 30, at 9:00-10:00 AM PT for a free webinar that demonstrates how Microsoft 365, OneDrive and SharePoint help users stay productive, keep your data secure and private, reduce the stress on IT during compliance or litigation issues while giving admins the tools to manage and monitor content.
This session is followed by an “Ask Microsoft Anything” session (10:00-11:00 AM PT), where you can bring your questions and feedback to: https://aka.ms/OneDriveAMA
Find all event details here.
In this weekly discussion of latest news and topics around Microsoft 365, hosts – Vesa Juvonen (Microsoft), Waldek Mastykarz (Rencore), are joined by this week are 2 members of the PnP Team and MVPs – Paolo Pialorsi, Consultant and owner PiaSys, Brescia, Italy, and David Warner, Principal Consultant with Catapult Systems, Los Angeles, US.
The discussion topic for the day: How does the PnP team get so much done? It seems like we do a lot because our work in done in the open. Yes, sharing with the PnP Community is indeed a conscious priority after family.
Discussion takeaways: Caring requires contributors to be consistent, to communicate, to be good time managers, to not be self-critical or perfectionists, to be willing to distribute the load, and to find ways to share in a way that benefits your employer, your client and your community at the same time.
“Shipped is better than perfect”, and any size contribution is a welcome contribution. Sharing is caring. Additionally, in this episode, 15 recently released articles from Microsoft and the PnP Community are highlighted.
As always, if you need help on an issue, want to share a discovery, or just want to say: “Job well done”, please reach out to Vesa, to Waldek or to your PnP Community.
This episode was recorded on Monday, June 8, 2020
Did we miss your article? Please use #PnPWeekly hashtag in the Twitter for letting us know the content which you have created.
When a working on a new confidential project, you need to make sure that collaboration (inside and outside your organization) is secured.
in this short 12 minutes video we walk you through the process of creating new sensitive information type, creating a new sensitivity label, configuring SPO and Teams site as well as configuring an Insider Risk policy.
Attached to this post is the video.
This is the first in a series of videos that we are releasing in order to help our customers understand how they can protect their sensitive information using Microsoft 365 tools.
![eDiscovery for Teams Webinar]()
The Advanced eDiscovery solution in Microsoft 365 builds on the existing eDiscovery and analytics capabilities in Office 365. This new solution, called Advanced eDiscovery, provides an end-to-end workflow to preserve, collect, review, analyze, and export content that’s responsive to your organization’s internal and external investigations. It also lets legal teams manage the entire legal hold notification workflow to communicate with custodians involved in a case.
References:
This webinar was presented on Tue May 14th, 2020, and the recording can be found here.
Attached to this post are:
- The FAQ document that summarizes the questions and answers that came up over the course of both Webinars; and
- A PDF copy of the presentation.
Thanks to those of you who participated during the two sessions and if you haven’t already, don’t forget to check out our resources available on the Tech Community.
Thanks!
@Adam Bell on behalf of the MIP and Compliance CXE team
Around the world in 80 days… come on, Jules Verne. We’ll do it in 5! Let us leave Phileas out in the Fogg as the virtual train (with world-class trainers) is set to whistle away from the station in ~ two weeks’ time.
GlobalCon2 – full steam ahead (soon).
Jeff “Globe Trotter” Teper (CVP, Microsoft) will be giving a keynote that’ll be multi-geographical for sure, plus Microsoft speakers delivering breakout sessions among thought leaders and members of the community from around the world. Review all sessions and start your own globetrotting today.
What: GlobalCon2 to learn more | Get your ticket today
When: June 15-19, 2020 – unique content throughout the week; full agenda
Speaker ambassadors: 37 sessions – all top-notch speakers (MVPs, RDs, Microsoft and community members)
Cost: Free during the week; Paid to get all on-demand + 10 free eBooks + content from the recent Microsoft teams event.
Primary Twitter hashtag: #GlobalCon2 (join in) & follow @Collab365
GlobalCon2 – June 15-19, 2020 (online training)
Each session will be a collectible stamp in your virtual passport. GlobalCon2 has something for everyone in all reaches of the Microsoft 365 world. The world, online, is indeed flat! You’ll find no corner of the map uncharted: Microsoft 365, Microsoft Teams, SharePoint, OneDrive, Yammer, Stream, Power Platform, Azure & much more. Passports please.
Below is a list of the Microsoft sessions – including Jeff’s keynote:
- The latest innovations in SharePoint, OneDrive, and Office for content collaboration [Microsoft keynote] | by Jeff Teper
- Microsoft 365 Live Events and remote work | by Lorena Huang Liu & Christina Torok
- Knowledge and Project Cortex – the Microsoft 365 Vision | by Naomi Moneypenny and Chris McNulty
- Share and track your information with lists across Microsoft 365 | by Lincoln DeMaris
- Design productivity apps with SharePoint lists and libraries, Power Apps, and Power Automate | by Chaks Chandran
- Connect the workplace with engaging, dynamic experiences across your intranet | by Debjani Mitra and Brad McCabe
- Content collaboration with SharePoint, Planner, and Microsoft Teams | by Mark Kashman
- The New Yammer | by Jason Mayans
- Architecting Your Intranet | by Melissa Torres
- OneDrive powers intelligent file experiences across Microsoft 365 | by Randy Wong
- Collaboration and external file sharing across Microsoft 365 | by Ankita Kirti
- Migration to SharePoint, OneDrive, and Microsoft Teams in Microsoft 365, free and easy | by Hani Loza & Eric Warnke
- Security and compliance in SharePoint and OneDrive | by Sesha Mani
- SharePoint developer overview | by Luca Bandinelli
- Jump start your projects with community projects from Patterns and Practices (PnP) | by Vesa Juvonen
Shout out to community “train conductor” members Helen Jones, Mark Jones, and the #GlobalCon2 crew who are navigating this conference by the light of the web-stars and moon, supporting and promoting the knowledge and expertise that reaffirms this: Microsoft 365 has the best tech community in the world – one that spans and chugga-chugga-choo-choos across geographies.
Ready to global trot, Mark 
![eDiscovery for Teams Webinar]()
Collaborated with @Ricky Simpson.
Almost everyone has had their work-life routines interrupted by the COVID-19 pandemic. Many people are working from home for the first time, leaving vast numbers of workplaces sitting empty. It’s vital that organizations continue to protect the resources that reside on-premises. As we’ve seen already, attackers are using COVID-19 to extract information from people by preying on their fears.
Two notable trends have emerged:
First, the necessity of remote work has led organizations to quickly reevaluate how staff access information. They cannot guarantee the efficacy of their users’ home network security, and a big part of how risk was identified before – as a user trying to access resources remotely – is now part of the norm post-pandemic. Organizations must balance the demands of a remote workforce as well as the appropriate security considerations.
Second, IT teams are under enormous amounts of pressure to maintain business continuity and spin up new technologies to enable remote work. A sudden shift in priorities could increase the risk of attacks on on-premises resources going unnoticed, especially if the attacks are more subtle in nature, like network reconnaissance.
How can we continue to monitor risk based on user activity, and how can we continue to protect on-premises resources when we’re nearly all using cloud technologies to work through this period of uncertainty?
Protection with Azure Advanced Threat Protection
As organizations shift to remote work, remote users could be connecting directly to on-premises resources, leaving open connections to corporate assets. Routers without proper and secure configuration are vulnerable. Attackers can take advantage of these and use reconnaissance techniques to, map all the users in the organization, move laterally in search of users and assets to exfiltrate, and ultimately gain persistence in the environment.
Organizations need to strengthen their cloud defense strategy during COVID-19; however, it is important to protect on-premises environments as well. Azure Advanced Threat Protection (Azure ATP) is a cloud-based security solution that leverages on-premises Active Directory (AD) signals to protect on-premises identities, detect and investigate lateral movement of on-premises attacks, and identify compromised identities and malicious insiders.
Azure ATP can identify account enumeration reconnaissance and provide details about the resource being accessed, providing the necessary evidence and data enrichment. The attack can be quickly remediated by changing the user’s password and enforcing multi-factor authentication (MFA) before further damage can be done.
In addition, Azure ATP’s identity security posture assessments recognize common misconfigurations, legacy components, and dormant entities that can expose the organization. For example, Azure ATP identifies dormant accounts that have been disabled or expired in Active Directory. Organizations who fail to secure dormant user accounts are leaving the door unlocked for their sensitive users.
Azure ATP also provides remediation and action plans to improve the organization’s security posture. Now more than ever, when administrators have limited visibility into on-premises apps and services that could introduce new vulnerabilities, it should be top of mind to reduce the attack surface.
For example, a common vector attackers can use to compromise identities are legacy protocols such as NTLMv1. Azure ATP uncovers internal entities and applications that leverage these protocols and helps admins review the impacted entities and take the proper actions, including disabling the protocols.
Attacks play out in phases: discovery, credential access, lateral movement, and persistence. Azure ATP leverages network traffic, trace data, and events to find anomalies quickly, using a combination of behavioral known attack techniques and security signals. This provides visibility at each stage of an attack and clearly outlines the investigation and remediation steps throughout.
During this pandemic we’ve seen organizations deploy Azure ATP on-premises and begin protecting their identities during this pandemic. It’s easy to deploy even in large environments with numerous domain controllers, and it can be done within hours, to provide immediate value and help organizations identify the attacker’s steps.
To protect your on-premises identities, identify attackers, and reduce your attack surface, deploy Azure ATP on all your domain controllers. Throughout these unprecedented times protect hybrid and on-premise environments and ensure users are protected and can successfully work remotely uninterrupted.”
For more information on Azure ATP, please find all documentations here. To begin a trial of Azure ATP, click here. To find out how to set up your Azure ATP instance, click here.
Azure ATP also feeds into Microsoft Threat Protection, Microsoft’s end-to-end experience that integrates and correlates signals from Microsoft 365 security products, including Office 365 ATP, Microsoft Defender ATP, and Microsoft Cloud App Security, responding to attacks and healing affected assets across user identities, endpoints, cloud applications, and email and collaboration tools. Click here to see how SecOps teams can use signals from across Microsoft’s security portfolio to advance their threat protection capabilities.
