Windows Enterprise Client Boot and Logon Optimization – Part 2, Tools and Instrumentation

This post continues the series that started here.

The process that I’m going to describe in the following posts will require you to benchmark the user experience as you design the client image. In order to do this, you’ll need some way to time the system as it boots and as the user logs in. What you may not realise is that the instrumentation is already built into Windows.

Event Tracing for Windows (ETW)

There’s a great deal of information out there regarding ETW and a lot of it is extremely deep. As I said during the introduction, I want to keep this pretty simple. The goal is to empower you to achieve an outcome.

The short story is this

  • ETW exists as built-in instrumentation for logging and debugging
  • Some of the instrumentation runs all the time and feeds the Event Log, Resource Monitor and other tools
  • Some of the instrumentation can be turned on when needed (no reboot required)
  • The instrumentation is non-intrusive and typically causes very little performance overhead
  • The instrumentation is very powerful
    • Able to sample down to a microsecond resolution
    • Provide call stack (code) information

A nice diagram that conveys ETW is shown here (thank you Matthew Reynolds for this conceptualization)


A quick summary -

  • ETW is the framework built into Windows that allows the instrumentation we’re interested in
  • Providers create the events captured during a trace session
  • Controllers allow you to start/stop logging and to choose the providers from which to capture events
  • Real-time Consumers can display information as it is generated
  • ETL files can capture the event data for parsing/analysis by a Consumer after the trace is complete


This series of posts will focus on tools available with the Windows Performance Toolkit (WPT). WPT is included with the Windows Assessment and Deployment Kit (ADK).

You can download the ADK for Windows 10 here.

The ADK may be installed on any down-level version of Windows that is still in mainstream support. You’ll want a client system set aside for analysis that has WPT installed as follows:

  1. Download and run ADKSetup.exe from the ADK link provided above

  2. Follow the installation wizard though until you reach the feature selection screen

  3. Clear all check boxes except Windows Performance Toolkit and then click Install


Once completed with the default installation path, WPT will reside in C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit

For deep analysis, which I’ll discuss later, you’ll want to proceed through this installation. This makes sure that additional binaries are in the right folders, components are registered and your path environment variable has been modified.

The WPT installation folder also includes a Redistributables folder. This includes WPT Windows Installer packages for each of three architectures -

  • WPTarm-arm_en-us.msi
  • WPTx64-x86_en-us
  • WPTx86-x86_en-us

For trace capture of a test system, you can flat copy this folder across to avoid a registry/Programs and Features installation footprint. I usually put my tools in C:\WPT.

Going back to the terminology discussed above, and referencing some of the .exe’s you’ll find in the WPT installation folder, we have -

  • WPR.exe – this is a command line capture tool (Controller)
    • In these blog posts, I won’t spend any time on it
  • WPRUI.exe – this is a GUI capture tool (Controller)
    • In these blog posts, this will be the go-to capture tool
  • XPerf.exe – this is a command line capture (Controller) and analysis tool (Consumer)
    • I’ll discuss this in the next blog post and how it’s used during the benchmarking process
  • WPA.exe – this is a GUI analysis tools (Consumer)
    • We’ll use this extensively during deep analysis much later in the blog post series

That’s it. You’re ready to get benchmarking.

Next Up

Trace Capture and Benchmarking