McAfee ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE, Руководство пользователя

Страница: 15 / 26

15
TCP/IP KeepAliveTime Reduction
Reduce this setting on all EEPC servers from two hours (the default) to five minutes. The server will require a
restart. Once this is done, if an endpoint client loses the connection with the server, the server will release the
lock after approximately 5 minutes. This will also prevent broken remote sbadmcl connections from locking
the scripting user account for 2 hours.
Procedure
1. Open Regedit
2. Go to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
3. Open or create the Dword KeepAliveTime
4. Change the value to 300000 in decimals (Time in milliseconds)
Extra info
The KeepAliveTime setting controls how often keep ‐ alive packets are sent in milliseconds (300,000 is
recommended). It controls how often TCP sends a keep ‐ alive packet to verify that an idle connection is still
intact. If the remote computer is still reachable, it acknowledges the keep ‐ alive packet.
MS KB article: http://support.microsoft.com/default.aspx?scid=kb;en ‐ us;324270#EQACAAA
Key: Tcpip\Parameters
Value Type: REG_DWORD (Time in milliseconds)
Valid Range: 1 ‐ 0xFFFFFFFF
Default: 7,200,000 (two hours)
NOTE : A similar setting KeepAliveInterval has a default 1000 (= 1 second), this setting is correct so do not
change this.
Last Access Time Stamp (NtfsDisableLastAccessUpdate)
With large databases, it is possible that some groups may become overpopulated. When a large group is
opened (for example one with over 5000 users), it can take some time to open. To reduce hard disk read and
write time, a registry setting can be set to prevent the Last Access time stamp from being updated on every file
access. The performance boost will be about 50%! A restart is needed after the change.
Procedure
1. Open regedit.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem.
3. Create a new DWORD value, or modify the existing value, named " NtfsDisableLastAccessUpdate " and
set it to " 1 ".
Microsoft article: http://technet2.microsoft.com/WindowsServer/en/library/80dc5066 ‐ 7f13 ‐ 4ac3 ‐ 8da8 ‐
48ebd60b44471033.mspx?mfr=true
Windows Server as a File Server
Tune Microsoft Windows 2003 server to be a file server.
See the Microsoft article http://support.microsoft.com/kb/174619 about this.
Theory
Increase NTFS MFT (Master File Table, used to be FAT) to 50% of the disk space. The result is that small files
are being stored in the MFT and not as separate files in the NTFS. This helps a lot because we have thousands
of small files.
Procedure