WinNT Real time performance


Thread Starter

R A Peterson

Recently I got a new company supplied laptop. PIII/128Mram/450Mhz. A real screamer.

For those of you who are not convinced of the need for some kind of real time extensions, try the following experiment.

1. Download real audio player.

2. goto and click on the "listen live" button.

3. start the pinball game that comes with win nt.

As long as I don't use either flipper on the pinball game, the rush show comes through fine. but everytime i use the flippers, realaudio cuts out for a brief period of time.

I'm not so sure whats happening but its mildly disconcerting that a relatively simple game could eat so much resources that it could stop another
process dead. Maybe a good reason not to load games on your WinNT control system.

Glass, Philip

I'm glad I read that post.
I was on the verge of requesting a new high-powered laptop for work but if I can't listen to Howard Stern and play Doom at the same time, forget it! I have my priorities.
In my opinion, Win NT should be reasonable for soft real time, only if you are careful how you configure the system. You must test and avoid any hardware drivers or software that causes excess latencies.

I have also heard that NT is also very fussy about hardware, you must use a proven
combination for best results. It would be interesting to find an on-line resource that rates hardware for NT in terms of overall perfomance.

If it is used for soft real time, I think that NT should be considered to be a closed system.

Bill Sturm

Rod Doolittle

I'm not so sure what's happening but its mildly disconcerting that a relatively simple game could eat so much resources that it could stop another process dead. Maybe a good reason not to load games on your WinNT control system.

< SNIP >

What you are not seeing about the performance of your machine is this. In your Real Audio Player, you can setup how much of your processing time you
want it to consume. There is also a setting in your System Properties applet under the performance tab that you can set for how much performance boost for the application running in the foreground to have. I believe that out of the box NT workstation sets the slider to maximum
boost and Real Audio sets itself to run with maximum boost also. Now then, you have Real Audio running minimized taking most of your resources and you have your game trying to get all of the processing time also. WNNT and Real Audio are now fighting for resources. This is why the game is running like a pooch. This would happen with most any application that you would run under these circumstances.


Davis Gentry

So who out there is setting up RealAudio on their
control pcs???

And with NT you can with a minimum of care be sure
that the operators cannot load it on there for you.

Before the flames start, I am not suggesting that NT is a hard realtime system. It is, however, often adequate for many needs if properly set up.

Davis Gentry
Carpenter Company

Anthony Kerstens

Software programs have their own priorities!!!!

I had a similar problem playing MP3's. Every time I typed or used the mouse, the music would chirp or cut out entirely. However, I checked through the options and found some settings that allowed the player to take higher priority. Don't ask me what they are since I don't have that particular machine anymore. However, it did make it work.

Anthony Kerstens P.Eng.

Mark Blunier

> And with NT you can with a minimum of care be sure that the operators cannot load it on there for you. <


Mark Blunier
The opinions espressed in this message are not necessarily those of the company.

Ranjan Acharya

How indeed!

There are several methods to protect your Windows NT systems from unscrupulous operators. The most reliable method is a tight physical lock-down by removing the floppy disk drive and CD drive. This gives you your first level of protection.

Next, set up your system policy to only allow certain applications to run (such as your "soft controller", SCADA application ... certainly not
setup.exe or anything like that). At this time you can also severely restrict the desktop -- no shutdown, save on exit, no "My Computer", no
"Network Neighbourhood", no dial-up, fixed artwork and so on. They will not even be able to right mouse button on the desktop and change the screen properties. The only hole in this is that they can change things via on-line help -- next time they log in, it is back to your standard desktop. The policy data is saved on the server and cached on the workstation.

Finally, set up your machine on a restricted intranet so that they cannot even see other machines to do any damage. Use either programmed switches or dedicated wiring via standard switches and hubs.

One thing I did was to make the accessible hard disk as small as possible so that if anyone did get through the security they had one more hassle.

You may want to consider a full security implementation with timed log-in and so on and also changing the Administrator passwords once a week / month / six months / day :)

Always remember that NT (and even Unix) are not very secure. Linux is not secure at all from what I read. One good method of security with NT is a touch screen display with no way out in run-time.


Ranjan Acharya 905-634-0844 x 238 (V)
Team Leader - Systems Group 905-634-9548 (F)
Grantek Control Systems
[email protected]
[email protected]
Give them user ids with absolutely minimal
permissions. Get rid of the "run" button from the
startup bar. Allow them write access only to
directories which absolutely require it. Do not allow them access to Windows Explorer or the internet unless required.

Most importantly - once you have the security set up, USE IT. Use auto login so that no one complains about forgotten passwords. Hand out the admin password to a VERY small group of people, and make sure that the ones you hand it to are both trusted and capable. Then keep backups (we use ghost.exe to keep a base image on a cd for every machine in every plant we have) handy so that the plant can quickly and easily
restore the hard drive to its original state. As a part of this, make sure your recipes are regularly backed up, preferably across the network to a server.

All of this can be set up fairly rapidly, and saves you LOTS of time trying to figure out why your controls .exe stopped working when an operator either deleted a critical file, or moved it, or loaded something else which overwrote the .dll which is being called by your .exe. This is not necessarily to imply that your (or our) operators would do this deliberately, but I have seen MANY people move files using Windows Explorer by drag and drop without realizing that they did it.

Basically, when used like this, NT is set up just like a UNIX box. How often have you had problems with people loading DOOM! onto your HP-UX or Solaris box? And how often have users complained because they can't load DOOM! onto that SCO box? People think that because Windows is so ubiquitous both at home and at work that they can do anything on it. This attitude can be seen both in users and in IS people (and though I hate to say it, in engineers as well). It doesn't
often occur that a relative neophyte is made system administrator for a Solaris box, but as Windows is seen as being easy to use it can frequently happen that full sys admin privileges are given to far too many users on an NT box.

Ok, rant.mode=FALSE

Davis Gentry
Controls Project Engineer
Carpenter Company
Hi Mark

There are a number of tools that allow an administrator to control exactly what, if anything, can be run on an NT machine. For example, Microsoft supplies ZAK (Zero Administration Kit) which can force a PC to be a single task machine and NOT let an operator to run Control Panel, Explorer, etc. There are also some better 3rd party products that we have used, but their name escapes me at the moment.

Eric Byres
Artemis Industrial Networking

Steve McAlpin

Hi Davis,

I totally agree with you and am trying to do the same on my nt system. Could you help me out with something though I have looked at all the Microsoft documentation and can't find anywhere where it says how to remove the run an for that fact everything off the start button on windows. I would also like to disable the right click button on the start button so my operators can't
get to explorer. If you know where I can get this information or can e-mail me the information I would appreciate it. Thanks.

Steve McAlpin
Controls Supervisor
Calleguas MWD
I have only found one reliable way to secure a computer running an operator interface from being broken by an operator, that is to lock out the all access to the operating system. On NT, this
means installing a keyboard trap to prevent ctrl-esc, alt-tab, ctrl-alt-del, etc. The operator interface application has to be made full-screen so that the desktop and taskbar are inaccessible.

Until recently I have been adamant about doing this for two reasons. First, like I would tell the operators during training, that may look and smell like a computer but it is really a piece of plant equipment with the specific purpose of controlling and monitoring the plant's operation, so treat it like that. Second, when I didn't
lock down the system, I would get calls at all hours from operators telling me the computer screen went "crazy" on them. This was usually caused by someone dragging a window almost completely off the desktop or running 114 copies of Solitaire.

Lately, I've been re-thinking this. Most operators that I have worked with in the last two years already know Windows, have a computer at home, and don't make the mistakes that operators
have in the past. There is some added value, in terms of flexibility, that a windowed application has over a full screen application.

Jay Kirsch
Macro Automatics
2985 E. Hillcrest Drive, Ste 101
Thousand Oaks, CA 91362
[email protected]

Guido Urdaneta

Linux is not only more secure than Windows NT, but much more secure. It may not be as secure as, say, OS/390, but is certainly more secure than
Windows NT. The simple fact that in Windows NT (AFAIK) you cannot make a program run with the privileges of a specific user (Set UID) makes the platform less secure than Linux or Unix. Add to this, that Windows NT defaults to insecure settings.

An example of a system that is not secure at all is DOS/Windows 95/98. BTW, I would like to know the reasons why what you have read states that
Linux is not secure at all. Could you provide a http link or some kind of reference?

Guido Urdaneta

P.S.: If I am wrong and Windows NT can make ordinary programs be marked to run with the privileges of a specific user, please let me know, because I have not been able to find this feature (despite the supposed ease of use of Windows NT) and have had to incorporate Linux or UNIX software in several systems for security reasons, not to mention stability.
Have you tries using the policy editor, (poledit.exe, I think). It may only come with NT Server however. Maybe it could be obtained from Microsofts web site.

Bill Sturm
Best thing to do is buy the Windows NT Resource Kit. It has a utility called poledit.exe, which allows you to build policies for users and usergroups. It gives you a gui that you can learn in about 10 minutes if you already have sys admin experience. Most of the stuff you need can be found under the "System->Restrictions" and "Shell->Restrictions" directories. Also go through the profile under the \winnt\profiles directory and make sure that everything you want the user NOT to see is not in the Desktop or Start Menu directories.

Davis Gentry
Controls Engineer
Carpenter Company
--- Vegeta <[email protected]> wrote:
> Linux is not only more secure than Windows NT, but
> much more secure. It may not be as secure as, say,
>OS/390, but is certainly more secure than Windows NT.

btw - At the MS Developer's Conference last year they set up several stock Windows NT 4.0 machines and asked the developers to try to break the security of the machines. Everything was locked out in the OS for a fully secure anonymous login. To the best of my knowledge, no one even managed to crash any of the machines, much less break the security. And this was a vast crew of administrators and hard core windows developer types - major nerd heads.

It all comes back to what I said in an earlier email - if you know what you are doing, NT is a VERY secure environment. If you do not know what you are doing, it is not, but then again, I bet I could manage to thoroughly hose a Linux installation - and I've got training and experience with HP-UX and Solaris administration as well as with NT (not that I am a true expert at ANY of them).

Controls engineers are certainly required to maintain a dismayingly broad front of knowledge, eh? Oh well, guess that's why they pay us the big bucks.

Davis Gentry
Controls Project Engineer
Carpenter Company
--- Vegeta <[email protected]> wrote:
> The simple fact that in Windows NT (AFAIK) you
> cannot make a program run
> with the privileges of a specific user (Set UID)

This is not a fact of any kind, much less simple.
There are two ways to do what you describe. First and easiest, using poledit.exe from the Windows NT 4.0 Resource Kit set the user or group permissions on any executable, or set it up so that they can run ONLY those executables which are specified.

If your boss won't spring for the Resource Kit, then the simple fact is that you can right click on the .exe file in the Windows Explorer window, click 'properties', then click on the 'security' tab. Once in the security window, click on the 'permissions' button, and for a user or group that you do not want to have permissions of any kind, click on "no access" and add user or user group. This is of course somewhat tedious to do for every .exe file on an NT machine, so you can do the same thing for directories.

If you do this to the WINNT directory you need to
watch out for two pitfalls: 1) Make sure that
everyone who you want to allow to print is given
read/write access to the \winnt\system32\spool
directory and subdirectories. 2) Make sure that none of the executables you have the operators running want to write to the winnt directory using the operator's login id.

Davis Gentry
Controls Project Engineer
Carpenter Company
Under X11 (Unix/Linux) it is very easy to control what the user does with the display. One very usefull technique is to simply not launch a window manager at all, and just have the underlying X engine. That means that the only controls available to the user are those offered by the application program.

I have seen this condition on NT boxes, but only when they are malfunctioning. After log in you just get the background, no icons or task bars etc. Ctrl-Alt-Del brings up the little box which allows you to launch new tasks using the task manager. I could not help wondering if there was any 'correct' way to achieve this state?

This discussion has led me to re-think the whole windows in automation issue. I have recently returned to the automation field after a long absence in which I have had a lot of exposure to 'nix systems, and I have built up a great respect for them. But returning to automation I find the field dominated by windows, and have thrown myself wholeheartedly into the windows concept. Yet the deeper I go the more allarmed I am becoming. The windows philosophy seems to encourage exaggerated systems, bloated code, and
a complexity way in excess of what is required by the task. This inevitably leads to misconfigured
systems and broken code, and often results in overly complicated solutions to simple problems that can be difficult to document and hence modified by others at a later date.

I also rufute the 'ease of use issue' as a very dangerous misconception. I have been using computers for 25 years, and yet I find NT difficult to configure correctly, unless I need the default configuration for everything, but that his hardly likely in the automation sector. Instead we find that maintenaince personel and others who think they 'know windows' because they can set up thier W95 box at home, fearlessly modify NT configurations oblivious to the fact that the 2 OS's are completely different under
the cover.

Looking at the whole picture of real time, it is worth remembering that real-time extensions to standard operating systems are not really extensions at all. What happens is that the machine is primarily governed by the RTOS which handles all the scheduled code, and then runs the 'host' OS as a background task. Leastways this is how it works with the NT extensions and the real-time linux extensions, I have not seen extensions for other OS's, allthougth AFAIK QNX basically works along the same lines (normal tasks are launched by a regular scheduler that runs as a background task of the hard scheduler).

This means that the RT performance and stability are primarily issues of the RTOS code, and not the host OS. This thread appears to have blurred this distinction.

But there is another issue. If we take an automation system, our mission critical core code will be under RTOS control, the host OS is used for the user interface, communications with the rest of the world, and general system housekeeping.

Frankly, having used GUI builder software to make UI's on a variety of systems ('nix, windows and MAC), I find that there is no fundamental difference to the platform being used, i.e. they are all pretty much the same. As for general system housekeeping and communications, the success of 'nix, and in particular Linux and FreeBSD, as internet server platforms and general file/print servers would suggest they have
much to offer in this area. Indeed in IT circles Linux enthusiasm seems to have reached epidemic
proportions, with the W2K launch being somewhat obscured by the latest Linux kernels with features such as journaling file systems that W2K, for all its montrosity, simply does not have, not to mention that Linux is allready up and running in full 64-bit mode on the new Merced processor (the porting, which was done in-house by Intel, was made easy by the fact that Linux has been running as a 64-bit system for several years on.Alpha and Sparc platforms).

So now I find myself burning up the midnight oil polishing my windows skills to deploy NT in automation, and yet I do not understand WHY I am doing this (other than the rather stupid reason 'it is what everybody else is doing'). I had expected (hoped?) that as I delved more deeply into windows it's advantages would rub off on me, but the reverse is happening.

Here IMHO, are some of the advantages Linux would appear to offer over NT in the automation sector:
Linux tends to take the simplest and most straightforward approach, rather than trying to package thinks into complex proprietry 'technology packs'. This makes it smaller and more efficient (less hardware required), and more stable as there is less to go wrong or be incorrectly configured.

Linux systems, kernel included, are very easy to customise to make minimal systems, or high powered
systems, or whatever. There are also many Linux distributors who supply systems pre-customised for
specific application sectors (BTW, Zenotropic do a Linux distro with Real-Time extensions ready to go, as do Hard HAt Linux, whose distro is designed for Compact PCI systems).

The loadable kernel modules feature of Linux allows dynamic re-configuration, i.e. no re-boots. It also makes a higher degree of driver optimization possible. Used in conjunction with the Plug-and-play support, it allows risorse overloading, which is especially usefull on development systems.

Kernel modules (device drivers and other) are very easy to develop, so easy that application developers can easily learn how to develop their own. As a device driver can handle interupts, this can in many cases alleviate the need for real time scheduling. For instance, if you need to support a tricky time critical serial protocol, you can implement it as a kernel module. I also believe that the simplicity of
writing modules/drivers for Linux is a key to it's stability, after all, device drivers are often blamed as the cause of NT instability.

The unified tree approach to the filesystem layout allows a consistent approach. I s ther really no way to mount partions on the root tree under NT? Is there really no equivalent of symbolic links? Apart from helping a neat layout of the system, I also know a lot of usefull tricks that can be done with symlinks.

Linux configuration is generally done by means of ASCII files. These may contain 'help text' inline, and also allows you to add your own comments and leave previous configurations commented out. So if you change the configuration you comment the previous line(s) modify a copied version, and add a comment so you and others no about the change and what the prevoius settings have been. This may sound silly, but I think this is far better than the registry. People tell me the registry is so good, but never give me a
valid reason why. After all, I can parse and write ASCII files with just about any software, I can use Find/Replace and macro tools in a text editor to manipulate them (not to mention the power of SED), and I can easily cut and paste snippets of configurations from one file to another (for example on another machine).

Linux distros come with a wide range of tools ready to use and free. The reality of this struck me the other day when I wanted to take a photo CD image, manipulate it, and save it as a jpeg. I went and opened the paintbrush program under NT and found it had basicaly not changed scince Win3.1. I could not even find a program to read the photo CD format. A collegue suggested I use Photoshop. That may be a valid answer if I were a graphic artist, but all I wanted to do was a splashscreen. While it is true that a full time C++ programmer would likely want to a full blown commercial package with hotline support such
as the Cygnus kit, it is ALSO nice to be able to knock up little programs, in just about any language, using simple tools supplied with the OS. I can extend NT with add-ons (invariably nag-ware), but then things become inconsistent. I can grep a compressed file on any linux system, on windows I need a shareware package just to de-compress the file, and when working on a system in the field it is likely that these tools are not present.

Linux runs on a vast range of hardware, from flash based credit card sized computers based on low power ARM processors througth to IBM 390 mainframes. The latter point is interesting, these mainframes are designed for processing huge volumes of transactions, and can handle multiple OS's running at the same time in much the same way as our RTOS can schedule a host OS to run as a background task. IBM offer Linux on these platforms as an auxilliary OS, to do general housekeeping, provide user interfaces, and
communicate with the rest of the world, deja vu.

In Linux Open When you get that obscure error message, you really can trace back the problem to it's source and fix it. Ever had a program that could do what you wanted but did not allow you to change a silly little configuration, or was missing a stupid feature?

Remote administration, headless operation, remote terminals (text and graphic). These things are standard and very easy under Linux. They are also very useful in automation applications. Under NT they are add-ons, and messy, and IMHO limited (well, can I run QUAKE from a remote terminal? I can on Linux using the standard software and configuration ;-) ).

Multiple window manager/GUI options, which I can use concurrently, so I can have the 'application' on one desktop setup, and toggle to another, completely different type of desktop, for administration purposes, particularly usefull if the app desktop has no general controls, as we mentioned at the start.

A command line that works, including cut and paste with the mouse.

TCP/IP communications under Linux are robust and standard. I have found that TCP/IP under NT has many quirks. For example RPC's do not appear to work with anything other than themselves, which rather ruins the whole concept of them. The NT ftp server seems to put a lot of client software in difficulty. The telnet is beserk, almost unusable, and has been like that for years. Does nobody ever fix things at Microsoft? Speaking of Telnet, how do you Telnet into an NT machine?

Filesharing (exporting files) using SMB (the default windows protocoll) appears (ironicaly) easier to administer and more flexible under Linux than it is on it's native platform. I particularly like the fact that I can configure the whole setup from a single ASCII file. I can do configurations that do not seem possible under NT. For example, I can export to the net to appear as a W95 machine in a peer network, and
yet each user who access's sees the shares I say they will see, and of course they read and write and access with thier own permissions on the filesystem, as if they were on an NT server. This gives the protection of NT server without the hassle of domain admistration, which is more trouble than it is worth on small networks.

Oh I could go on, but lets stop there. I AM NOT TRYING TO START AN OS HOLY WAR, so please not get into the silly comments domain. I am hoping that people will tell me ways I can do these things on NT, or if not, why I am better off using it. I seem to be condemmed to use it at the moment 'just becuase everybody else does'.Somebody please give a better reason than that.