Browse Month

November 2017

Oracle EPM / Windows Prerequisite Tuning [Part 1]

If you are installing Oracle EPM in a Windows environment, there are a plethora of settings you need to tweak per Oracle guidance.  To greatly simplify this process, I made a script that performs all of the steps for you, saving you a pile of time / effort.  There are a few steps that you’ll need to do manually; however, this will allow you to perform these steps in a fraction of the time *and* ensure that your servers are configured in a consistent manner.

NOTE:  Part 2 of this post will actually go into what these settings do.  For now, just enjoy a free script.

http://charlescbeyer.com/Infra_Win_Prereq.txt

@echo off

@REM ----------------------------------------------------------------------------------------------------
@REM - Name: Infra_Win_Prereq.bat
@REM - Author : Charles Beyer
@REM - Creation Date : 11/2/2015
@REM - Last Modified DAte : 7/17/2017
@REM - DESC: The purpose of this script is to configure Oracle required default settings for Oracle
@REM -       Hyperion Enterprise Performance Management products running on Windows 2012, 2008, 2003
@REM -
@REM - Inputs :
@REM            %username% - Windows system variable containing the currently logged on user
@REM            %COMPUTERNAME% - Windows system variable containing the current machine name
@REM
@REM - Outputs : Command line success/fail responses
@REM -
@REM - NOTES: There are a few steps that cannot be performed via command line
@REM -         Those items are in the script and will be called out.
@REM -         User should perform the manually
@REM -         The logged on user while running this script should be the EPM Service Accout as some of the
@REM -         config items are a "per user" setting.
@REM -
@REM - Items Configured in this script are:
@REM -       DHCP Check (Should be using Static IPs)
@REM -       Time Sync w/ Domain Controller
@REM -       UAC Disable
@REM -       Local Security Policy Permission Settings
@REM -           (*NOTE* You need ntrights.exe for these steps. Available on Windows Resource CD of online download)
@REM -       Disable DEP
@REM -       Windows Firewall Disable
@REM -       Group Policy Updates (Disable force registry unload)
@REM -       Windows Power - Set to Max performance
@REM -       Adjust Advanced Display Settings to 'Best Performance'
@REM -       TCP Tuning Settings (Part 1)
@REM -       Worker Threads
@REM -       Disable Delete TEMP on logoff / Disable 'per user' temp folders
@REM -       TCP Tuning (Part 2)
@REM -       Remove TMP / TEMP User Environment variables
@REM -       Disable Anti-Virus reminder (I can't disable anti-virus software, just display message to add exceptions, etc.)
@REM -       Disable Internet Explorer Enhanced Security

@REM -----------------------------------------------------------------------------------------------------

@REM -------------------------- DHCP Check --------------------------------------
@REM Check for any Dynamic IP addresses as we should be used STATIC
@ECHO Checking for Dynamic IPs.
@ECHO If DHCP is shown as enabled, please investigate further.
@ECHO Static IPs are expected.
ipconfig /all | find "DHCP Enabled."

@REM Add space between command output
@ECHO.

@REM -------------------------- Time Sync w/ Domain ---------------------------------
@REM Sync time to Domain Server
@ECHO Configuring Date/Time to be synchronized with Domain Controller
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time

@REM Add space between command output
@ECHO.

@REM -------------------------- UAC Disable ---------------------------------
@REM Disable UAC
@ECHO Disabling UAC
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

@REM Add space between command output
@ECHO.

@REM -------------------- Local Security Policy Permissions --------------------
@ECHO Please review Location Security Policy Permissions and assign the service/install account
@ECHO 'Adding Logon as service' right
ntrights +r SeServiceLogonRight -u %username% -m \\%COMPUTERNAME%

@ECHO Adding 'Logon as batch job' right
ntrights +r SeBatchLogonRight -u %username% -m \\%COMPUTERNAME%

@ECHO Adding 'Act as part of the OS' right
ntrights +r SeTcbPrivilege -u %username% -m \\%COMPUTERNAME%

@ECHO Adding 'Bypass Traverse Checking'
ntrights +r SeChangeNotifyPrivilege -u %username% -m \\%COMPUTERNAME%

@REM Add space between command output
@ECHO.

@REM -------------------- Disable DEP --------------------
@REM Disable Data Execution Prevention (DEP)
@ECHO Disabling Data Execution Prevention (DEP)
bcdedit /set nx AlwaysOff

@REM Add space between command output
@ECHO.

@REM -------------------- Disable Firewall --------------------
@REM Disable Firewall
@ECHO Disabling Firewall for EPM
netsh advfirewall set currentprofile state off

@REM Add space between command output
@ECHO.

@REM -------------------- Upgrade Group Policy --------------------
@REM Update Group policy to Disable force unloaded of user registry upon logoff
@ECHO Updating Group policy to Disable force unload of user registry upon logoff
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableForceUnload /t REG_DWORD /d 1 /f

@REM Add space between command output
@ECHO.

@REM -------------------- Set Power Option to High Perf --------------------
@REM Set Power Option to High Performance
@ECHO Setting Power Option to High Performance
powercfg /S SCHEME_MIN

@REM Add space between command output
@ECHO.

@REM -------------- Update Adv Settings for Best Performance --------------
@REM Update Advanced Settings / Adjust for Best Performance (UI)
@ECHO Updating Advanced Settings / Adjust for Best Performance (UI)

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" /v VisualFXSetting /t REG_DWORD /d 2 /f

@REM Add space between command output
@ECHO.

@REM ------------- Registry Updates (TCP / Session Mgr / Term Svr) -------------
@REM Add Windows Registry settings for TCP Performance, Additional CPU Thread settings, Disable Delete Temp Directories on Exit
@ECHO Updating Registry settings for TCP, CPU, Temp/User
reg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpTimedWaitDelay /t REG_DWORD /d 30 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive" /v AdditionalCriticalWorkerThreads /t REG_DWORD /d 64 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive" /v AdditionalDelayedWorkerThreads /t REG_DWORD /d 20 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v DeleteTempDirsOnExit /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v PerSessionTempDir /t REG_DWORD /d 0 /f

@REM Add space between command output
@ECHO.

@REM ------------------- Network Performance Settings -------------------
@REM TCP Performance Settings
@ECHO Apply TCP Performance Settings

netsh int tcp set global autotuninglevel=disabled
netsh int tcp set global chimney=disabled
netsh int ipv4 set dynamicport tcp start=1025 num=64000
netsh int ipv4 set dynamicport udp start=1025 num=64000
netsh int ipv6 set dynamicport tcp start=1025 num=64000
netsh int ipv6 set dynamicport udp start=1025 num=64000

@REM Add space between command output
@ECHO.

@REM ------------------- Remove TEMP USER Env Variables -------------------
@REM Delete User TEMP variables
@ECHO Deleting Current User defined TEMP/TMP Environment Variables
@ECHO NOTE: You may see ERROR / Unable to find key messages. These indicate the
@ECHO TMP / TEMP environment variables have not been set for the current user.
reg delete HKCU\Environment /F /V TEMP
reg delete HKCU\Environment /F /V TMP

@REM Add space between command output
@ECHO.

@REM ----------------- Display Virus Exception Reminder ----------------
@REM Virus software warning
@ECHO IF virus scanning is active on this machine, be sure to do the following:
@ECHO - Disable Scanning on Hyperion servers during software installation
@ECHO - Enable Scanning after install, but exclude the \Oracle folders.

@ECHO.
@ECHO All steps complete, please review for any errors.

@REM ----------------- Disable IE Enhanced Security ----------------------
@REM This disables the IE enhanced security

@REM Disable for users (0 = disabled, 1 = enabled)
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v IsInstalled /t REG_DWORD /d 0 /f

@REM - Disable for Admin Users (0 = disabled, 1 = enabled)
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v IsInstalled /t REG_DWORD /d 0 /f