DiagTrack、WinSAT、Application Experience、Diagnostic等服务或计划任务可能影响系统性能

2024-04-24 14:20:01 浏览数 (1)

DiagTrack、WinSAT、Application Experience、Diagnostic等服务或计划任务可能影响系统性能

适用Server2012R2~Server2022,重启机器生效(操作之前先做快照以备不时之需)

操作前先读这段:

代码语言:javascript复制
1、在运行框或者cmd命令行里执行2种提权模式
提权有2种模式,可以2个级别都试试
【提权到trustedinstaller】
cmd命令行
cmd命令行
cmd命令行
AdvancedRun.exe /Clear /EXEFilename "C:WindowsSystem32WindowsPowerShellv1.0powershell.exe" /StartDirectory "C:" /CommandLine "" /RunAs 8 /Run
【提权到system】
cmd命令行
cmd命令行
cmd命令行
AdvancedRun.exe /Clear /EXEFilename "C:WindowsSystem32WindowsPowerShellv1.0powershell.exe" /StartDirectory "C:" /CommandLine "" /RunAs 4 /Run

2、提权打开的那个powershell窗口就是最高权限窗口,在这个窗口里执行命令
Get-ScheduledTask -TaskPath "MicrosoftWindowsPower Efficiency Diagnostics","MicrosoftWindowsApplicationData","MicrosoftWindowsCustomer Experience Improvement Program","MicrosoftWindowsCloudExperienceHost","MicrosoftWindowsDiskFootprint","MicrosoftWindowsStateRepository","MicrosoftWindowsApplication Experience","MicrosoftWindowsDiskDiagnostic","MicrosoftWindowsMemoryDiagnostic","MicrosoftWindowsWDI","MicrosoftWindowsUpdateOrchestrator","MicrosoftWindowsWindowsUpdate","MicrosoftWindowsDiagnosis","MicrosoftWindowsNetwork Controller","MicrosoftWindowsPI","MicrosoftWindowsDiskCleanup","MicrosoftWindowsTPM","MicrosoftWindowsWindows Defender","MicrosoftWindowsMaintenance" 2>$null | Disable-ScheduledTask 2>$null | Sort-Object -Property State | ft -auto

正式执行:

代码语言:powershell复制
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsAppCompat" /v DisablePCA /t REG_DWORD /d 1 /f
Stop-Service -Name PcaSvc 2>$null
Set-Service -Name PcaSvc -StartupType Disabled 2>$null
Get-ScheduledTask | Where-Object { $_.TaskName -like "*ProgramDataUpdater*"}| Disable-ScheduledTask 2>$null

if((Get-ItemProperty "HKLM:SOFTWAREMicrosoftWindows NTCurrentVersion").ProductName -match "2012 R2|Windows 8.1"){
reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows DefenderMiscellaneous Configuration" /v "PreventPlatformUpdate" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "FallbackOrder" /d "FileShares" /t REG_SZ /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "ScheduleDay" /t REG_DWORD /d 8 /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "ForceUpdateFromMU" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /v "DisableAntiSpyware" /d 1 /t REG_DWORD /f
}

if([System.Environment]::OSVersion.Version.Major -eq 10){
New-Item 'HKLM:SOFTWAREPoliciesMicrosoftWindows Defender' -Force 2>&1 >$null
reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows DefenderScan" /v "ScheduleQuickScanTime" /f 2>$null
reg delete "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderScan" /v "ScheduleQuickScanTime" /f 2>$null

reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows DefenderSignature Updates" /v "DefinitionUpdateFileSharesSources" /f 2>$null
reg delete "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "DefinitionUpdateFileSharesSources" /f 2>$null

reg delete "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /v "DisableAntiSpyware" /f 2>$null
reg delete "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /va /f 2>&1 >$null

$registryPath = "HKLM:SOFTWAREPoliciesMicrosoftWindows Defender"
Get-ItemProperty -Path $registryPath | Remove-ItemProperty -Name * -ErrorAction SilentlyContinue
Get-ChildItem -Path $registryPath | Remove-Item -Recurse -Force -ErrorAction SilentlyContinue

reg add "HKLMSoftwareMicrosoftWindows Defender Security CenterNotifications" /v "DisableNotifications" /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender Security CenterNotifications" /v "DisableEnhancedNotifications " /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "SignatureDisableNotification" /d 0 /t REG_DWORD /f

#Restart-Service WinDefend -Force -ErrorAction SilentlyContinue
#Restart-Service WdNisSvc -Force -ErrorAction SilentlyContinue
Start-Service WinDefend -ErrorAction SilentlyContinue
Start-Service WdNisSvc -ErrorAction SilentlyContinue

Set-MpPreference -DisableBehaviorMonitoring $true -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderReal-Time Protection" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f

Set-MpPreference -DisableIOAVProtection $true -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderReal-Time Protection" /v DisableIOAVProtection /t REG_DWORD /d 1 /f

Set-MpPreference -DisableArchiveScanning $true -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderScan" /v "DisableArchiveScanning" /d 1 /t REG_DWORD /f

Set-MpPreference -MAPSReporting 0 -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSpynet" /v "SpynetReporting" /d 0 /t REG_DWORD /f

Set-MpPreference -SubmitSamplesConsent 2 -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSpynet" /v "SubmitSamplesConsent" /d 2 /t REG_DWORD /f

Set-MpPreference -EnableControlledFolderAccess Disabled -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderWindows Defender Exploit GuardControlled Folder Access" /v "EnableControlledFolderAccess" /d 0 /t REG_DWORD /f

Set-MpPreference -PUAProtection Disabled -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /v "PUAProtection" /d 0 /t REG_DWORD /f

Set-MpPreference -SignatureFallbackOrder FileShares -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "FallbackOrder" /d "FileShares" /t REG_SZ /f

Set-MpPreference -SignatureScheduleDay Never -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "ScheduleDay" /t REG_DWORD /d 8 /f

Set-MpPreference -SharedSignaturesPath c:dummyPath -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "SharedSignatureRoot" /d "c:dummyPath" /t REG_SZ /f

Set-MpPreference -SignatureDefinitionUpdateFileSharesSources "\unc1 | \unc2" -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "DefinitionUpdateFileSharesSources" /d "\unc1 | \unc2" /t REG_SZ /f

Set-MpPreference -CheckForSignaturesBeforeRunningScan $false -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderScan" /v "CheckForSignaturesBeforeRunningScan" /d 0 /t REG_DWORD /f

Set-MpPreference -DisableRealtimeMonitoring $true -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderReal-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderReal-Time Protection" /v "LocalSettingOverrideDisableRealtimeMonitoring" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderReal-Time Protection" /v "DisableScanOnRealtimeEnable" /d 1 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "RealtimeSignatureDelivery" /d 0 /t REG_DWORD /f


Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "DisableUpdateOnStartupWithoutEngine" /d 1 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "UpdateOnStartUp" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "DisableScanOnUpdate" /d 1 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows DefenderSignature Updates" /v "ForceUpdateFromMU" /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows DefenderMiscellaneous Configuration" /v "PreventPlatformUpdate" /t REG_DWORD /d 1 /f

Set-MpPreference -HighThreatDefaultAction 6 -Force -ErrorAction SilentlyContinue
Set-MpPreference -ModerateThreatDefaultAction 6 -Force -ErrorAction SilentlyContinue
Set-MpPreference -LowThreatDefaultAction 6 -Force -ErrorAction SilentlyContinue
Set-MpPreference -SevereThreatDefaultAction 6 -Force -ErrorAction SilentlyContinue
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /v "DisableRoutinelyTakingAction" /d 1 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /v "DisableAntiSpyware" /d 1 /t REG_DWORD /f
Set-Service -Name MDCoreSvc -StartupType Disabled -ErrorAction SilentlyContinue 2>$null
}

reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionScheduleMaintenance" /v "MaintenanceDisabled" /t REG_DWORD /d 1 /f
Get-ScheduledTask -TaskPath "MicrosoftWindowsCustomer Experience Improvement Program","MicrosoftWindowsData Integrity Scan","MicrosoftWindowsApplicationData","MicrosoftWindowsApplication Experience","MicrosoftWindowsDefrag","MicrosoftWindowsDiskCleanup","MicrosoftWindowsDiskDiagnostic","MicrosoftWindowsDiskFootprint","MicrosoftWindowsWindows Defender","MicrosoftWindowsMaintenance" 2>$null | Disable-ScheduledTask 2>$null

Get-ScheduledTask | Where-Object { $_.TaskName -like "OneDrive*"}| Disable-ScheduledTask 2>$null

Get-Service MicrosoftEdge*, edgeupdate*|ft -auto
Get-Service GoogleChrome*, gupdate* | ft -auto
Get-Service MicrosoftEdge*, edgeupdate* | Set-Service -StartupType Disabled
Get-Service GoogleChrome*, gupdate* | Set-Service -StartupType Disabled
Get-ScheduledTask | Where-Object { $_.TaskName -like "MicrosoftEdgeUpdateTaskMachine*"} | Disable-ScheduledTask 2>&1 >$null
Get-ScheduledTask | Where-Object { $_.TaskName -like "GoogleUpdateTaskMachine*"} | Disable-ScheduledTask 2>$null


$services = @("*ssh*","*cron*","gse*","Tsys","tatsvc", "win-agent", "WinAgent", "YDLive", "YDService", "BaradAgentSvc", "StargateSvc", "WinDefend", "WdNisSvc", "MDCoreSvc")
Get-Service -Name $services 2>$null | Select-Object Name, DisplayName, Status


#$services = @("gse*","tatsvc", "win-agent", "WinAgent", "YDLive", "YDService", "BaradAgentSvc", "StargateSvc", "WinDefend", "WdNisSvc", "MDCoreSvc")
$services = @("win-agent", "WinAgent", "YDLive", "YDService", "BaradAgentSvc", "StargateSvc", "WinDefend", "WdNisSvc", "MDCoreSvc")
foreach ($service in $services) {
    $currentService = Get-Service -Name $service -ErrorAction SilentlyContinue
    if ($currentService -ne $null -and $currentService.Status -eq "Running") {
        Stop-Service -Name $service 2>$null
        Write-Host "已停止服务:$service"
    } elseif ($currentService -eq $null) {
        Write-Host "未找到服务:$service"
    } else {
        Write-Host "服务已停止:$service"
    }

}

$services = @("win-agent", "WinAgent", "YDLive", "YDService", "BaradAgentSvc", "StargateSvc", "WinDefend", "WdNisSvc", "MDCoreSvc")
foreach ($service in $services) {
    Set-Service -Name $service -StartupType Disabled -ErrorAction SilentlyContinue
}

$services = @("*ssh*","*cron*","gse*","Tsys","tatsvc", "win-agent", "WinAgent", "YDLive", "YDService", "BaradAgentSvc", "StargateSvc", "WinDefend", "WdNisSvc", "MDCoreSvc")
Get-Service -Name $services 2>$null | Select-Object Name, DisplayName, Status


Get-Process | Where-Object {$_.company -notlike '*Microsoft*' }|select Name,Description,Company|ft -auto

[System.Diagnostics.FileVersionInfo]::GetVersionInfo("C:WindowsSystem32driversviostor.sys")
[System.Diagnostics.FileVersionInfo]::GetVersionInfo("C:WindowsSystem32driversnetkvm.sys")

reg query "HKLMSYSTEMCurrentControlSetControlSession ManagerMemory Management"  /v "ClearPageFileAtShutdown"
reg add "HKLMSYSTEMCurrentControlSetControlSession ManagerMemory Management"  /v "ClearPageFileAtShutdown" /d 0 /t REG_DWORD /f
reg query "HKLMSYSTEMCurrentControlSetControlSession ManagerMemory Management"  /v "ClearPageFileAtShutdown"

reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsAppCompat" /v DisablePCA /t REG_DWORD /d 1 /f
Set-Service -Name PcaSvc -StartupType Disabled 2>$null
Get-ScheduledTask | Where-Object { $_.TaskName -like "*ProgramDataUpdater*"}| Disable-ScheduledTask 2>$null

Set-Service -Name DiagTrack -StartupType Disabled 2>$null
Set-Service -Name SysMain -StartupType Disabled 2>$null
Set-Service -Name WSearch -StartupType Disabled 2>$null
Set-Service -Name UsoSvc -StartupType Disabled -ErrorAction SilentlyContinue
Set-Service -Name WUAUSERV -StartupType Disabled -ErrorAction SilentlyContinue
Set-Service -Name WaaSMedicSvc -StartupType Disabled -ErrorAction SilentlyContinue 2>$null

Get-ScheduledTask | Where-Object { $_.TaskName -like "*BackgroundDownload*"}| Disable-ScheduledTask 2>$null
Get-Service MicrosoftEdge*, edgeupdate* | Set-Service -StartupType Disabled
Get-Service GoogleChrome*, gupdate* | Set-Service -StartupType Disabled
Get-ScheduledTask | Where-Object { $_.TaskName -like "MicrosoftEdgeUpdateTaskMachine*"} | Disable-ScheduledTask 2>&1 >$null
Get-ScheduledTask | Where-Object { $_.TaskName -like "GoogleUpdateTaskMachine*"} | Disable-ScheduledTask 2>$null

Get-ScheduledTask -TaskPath "MicrosoftWindowsPower Efficiency Diagnostics","MicrosoftWindowsApplicationData","MicrosoftWindowsCustomer Experience Improvement Program","MicrosoftWindowsCloudExperienceHost","MicrosoftWindowsDiskFootprint","MicrosoftWindowsStateRepository","MicrosoftWindowsApplication Experience","MicrosoftWindowsDiskDiagnostic","MicrosoftWindowsMemoryDiagnostic","MicrosoftWindowsWDI","MicrosoftWindowsUpdateOrchestrator","MicrosoftWindowsWindowsUpdate","MicrosoftWindowsDiagnosis","MicrosoftWindowsNetwork Controller","MicrosoftWindowsPI","MicrosoftWindowsDiskCleanup","MicrosoftWindowsTPM","MicrosoftWindowsWindows Defender","MicrosoftWindowsMaintenance" 2>$null | Disable-ScheduledTask 2>$null | Sort-Object -Property State | ft -auto

Set-Service -Name BaradAgentSvc -StartupType Automatic 2>$null
Set-Service -Name StargateSvc -StartupType Automatic 2>$null

重启后powershell验证

代码语言:powershell复制
(1)检查开机耗时是否在30秒内(差个几秒没事,如果超过35秒太多就得考虑是否要优化下了)
$event12 =Get-WinEvent -FilterHashtable @{logname='System';id=@(12);StartTime=(Get-Date).AddDays(-10) } -EA 0 | Where-Object {$_.ProviderName -eq "Microsoft-Windows-Kernel-General" -or $_.ProviderName -eq "User32" -or $_.ProviderName -eq "EventLog" } | Sort-Object -Property TimeCreated -Descending:$true|Select-Object -First 1
$event6005 =Get-WinEvent -FilterHashtable @{logname='System';id=@(6005);StartTime=(Get-Date).AddDays(-10) } -EA 0 | Where-Object {$_.ProviderName -eq "Microsoft-Windows-Kernel-General" -or $_.ProviderName -eq "User32" -or $_.ProviderName -eq "EventLog" } | Sort-Object -Property TimeCreated -Descending:$true|Select-Object -First 1
$event12
$event6005
($event6005.TimeCreated - $event12.TimeCreated).TotalSeconds

(2)检查计划任务和Defender、DiagTrack状态全是Disabled和Stopped就行
顺便也看下云监控组件("BaradAgentSvc", "StargateSvc")和自动化助手TAT("tatsvc")的状态是否正常
Get-ScheduledTask -TaskPath "MicrosoftWindowsPower Efficiency Diagnostics","MicrosoftWindowsApplicationData","MicrosoftWindowsCustomer Experience Improvement Program","MicrosoftWindowsCloudExperienceHost","MicrosoftWindowsDiskFootprint","MicrosoftWindowsStateRepository","MicrosoftWindowsApplication Experience","MicrosoftWindowsDiskDiagnostic","MicrosoftWindowsMemoryDiagnostic","MicrosoftWindowsWDI","MicrosoftWindowsUpdateOrchestrator","MicrosoftWindowsWindowsUpdate","MicrosoftWindowsDiagnosis","MicrosoftWindowsNetwork Controller","MicrosoftWindowsPI","MicrosoftWindowsDiskCleanup","MicrosoftWindowsTPM","MicrosoftWindowsWindows Defender","MicrosoftWindowsMaintenance" 2>$null | Sort-Object -Property State
Get-Service "BaradAgentSvc", "StargateSvc", "tatsvc" -ErrorAction SilentlyContinue
Get-Service "YDLive", "YDService", "WinDefend", "WdNisSvc", "DiagTrack" -ErrorAction SilentlyContinue

(3)检查驱动不低于58005就行
[System.Diagnostics.FileVersionInfo]::GetVersionInfo("C:WindowsSystem32driversviostor.sys")
[System.Diagnostics.FileVersionInfo]::GetVersionInfo("C:WindowsSystem32driversnetkvm.sys")

如果光是执行,上面这些就够了。

以下是一些扩展

诊断跟踪(DiagTrack)是一项非常消耗系统资源的服务,而且对于普通用户来说,也没有什么价值,建议关闭,降低磁盘的损耗。

https://jingyan.baidu.com/article/48a420579ef9f5e82525042c.html

列出DisplayName StartsWith Diag和Name StartsWith Diag的服务

代码语言:powershell复制

Get-Service | Where-Object { $_.DisplayName.StartsWith('Diag') -or $_.Name.StartsWith('Diag') }

Diagnostic Execution Service:diagsvc

Diagnostic Policy Service:DPS

Diagnostic Service Host:WdiServiceHost

Diagnostic System Host:WdiSystemHost

Connected User Experiences and Telemetry:DiagTrack

列出DisplayName StartsWith Diag和Name StartsWith Diag的服务并逐个打印这些服务的description

代码语言:powershell复制
$services = Get-Service | Where-Object { $_.DisplayName.StartsWith('Diag') -or $_.Name.StartsWith('Diag') }
foreach ($service in $services) {
    $description = (Get-WmiObject -Class Win32_Service -Filter "Name='$($service.Name)'").Description
    Write-Host "Name: $($service.Name)"
    Write-Host "DisplayName: $($service.DisplayName)"
    Write-Host "Description: $description"
    Write-Host "---------"
}

禁用DiagTrack/SysMain/WSearch 三个服务可以让你的系统运行更加的流畅

http://www.winwin7.com/JC/18120.html

windows windowsserver 云服务器

0 人点赞