Missing Startup and Login Data

Owned by Former user (Deleted)
Last updated: Sept 16, 2014
2 min read

Windows 8 and 8.1—Missing Startup and Login Data

Two issues in Windows 8.x have been identified, which will block the gathering and presentation of startup and login data.

  1. Fast boot / hibernation is enabled
  2. PerfProc service may have Performance counters disabled
  3. How to see the difference between theese issues

Fast Boot / Hibernation Issues

Windows 8.x by default has fast boot enabled. This means that when the user chooses to shut down the computer, Windows goes into a special hibernation. When the computer is started, after performing BIOS boot and POST, Windows reads in the hibernation file and re-initializes its drivers, effectively speeding up the startup time. It is not a proper startup, however, so the Performance Guard Agent does not pick up startup/login data.

Solution: An administrator can disable fast boot only, or hibernation altogether, by changing registry keys:

Enable/ Disable Fast Boot

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power

HiberbootEnabled REG_DWORD

0 = Turn off Fast Startup
1 = Turn on Fast Startup

Enable/Disable Hibernation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power

HibernateEnabled REG_DWORD

0 = Disable Hibernation
1 = Enable Hibernation

From an elevated command prompt (run as administrator), the setting can be manipulated as follows:

To turn off hibernation:

powercfg -h off

To turn on hibernation:

powercfg -h on


It seems prudent to mention the somewhat paradoxical situation that an administrator, in order to measure correct startup times, may slow down the startup process from a user's perspective. We'll leave it to the administrator to decide whether to measure startup times on Windows 8.x

PerfProc Service May Have Performance Counters Disabled

The perfproc service enables the PerfMon object 'Process'. Without this object and its counters, we cannot collect startup/login data.

Reportedly, Windows can turn this object off if there has been performance issues and/or errors related to this object/service, but it will never turn it on again.

To enable the object, refer to the registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfProc\Performance

Disable Performance Counters REG_DWORD

0 or value is missing = Object is enabled
1 = Object is disabled

 

How to see the difference if you have missing startup/login information from a Windows 8.x computer:

If you see some, but not all startup events for a given computer, it may be related to the fast boot/hibernation settings (restart triggers a full shutdown/startup, but shutdown triggers a hibernation, so you will only have data from the startups that occurred after a restart of the computer, not the events from shutdown > later startup.

If you see no startup data at all from a Windows 8.x computer, it may relate to the PerfProc service being disabled.