Chapter 6 TS Windows Startup
How to permanently disable automatic restarts in Windows
Control Panel > System Window > Advanced System Settings System Properties box > Startup and Recover group > Settings > uncheck Automatically Restart Click OK twice and close the system window.
What is a good data recover tool?
GetDataBack by Runtime Software (runtime.org)
Windows Is Corrupt
Here are some possible problems with Windows system files and what to do about them: Missing Boot Configuration Data - IF the BCD store is corrupt or missing and Automatic Repair did not fix the problem, try using the bootrec /rebuildBCD command Improper Shutdown -The problem can be cause by overheating, a hardware problem, or the Windows kernel. After a restart, check Event Viewer for clues, apply Windows Updates, verify memory with Memory Diagnostics, and use chkdsk /r to check HD for errors. No Graphics Appear -Suspect that he monitor is not turned on, not getting power, or not connected to the computer. -Try a different monitor or onboard video port. -Try launching a command prompt in Windows RE and use it to perform System Restore.
Recovery Drive
Is a bootable USB flash drive that can access Windows 10/8 repair tools; in addition to holding OEM recovery partition, it is handy when you need to repair a computer that doesn't have an optical drive.
How to enable/disable Advanced Boot Options menu (F8)?
Open an elevated CMD window and enter following command: bcdedit /set {default} bootmenupolicy legacy To disable enter the following command in elevated CMD window: bcdedit /set {default} bootmenupolicy standard
Create a recovery drive
Page 330
Options to reinstall windows
See Page 344-354 for details on how to do these 1. Windows 10/8 previous version - Undo a recent Windows 10/8 update. 2. Windows 10 repair upgrade - Install Windows 10 as an upgrade over the existing installation, keeping personal data, apps, and windows settings 3. Windows 10 Fresh start - Do a clean installation of the most recent version fo Windows 10. User data, some Windows settings, and a few apps can be kept. 4. Windows 10 reset - Do a clean Windows 10 installation from recovery media or the recovery partition on the hard drive. User data, some Windows settings, and a few apps can be kept. 5. Windows 8 refresh - Restore Windows 8 from a custom refresh image with the option to keep user data and some apps. 6. Apply a Windows 10/7 system image - Use a system image to replace everything on the Windows volume. Current user data, Windows settings, and apps are lost. 7. Windows 8 reset - The HD is reformatted and a clean installation of Windows is done. If an OEM recovery partition is available, it is used for the Windows installation. 8. Install Windows 10/8/7 from OEM recover partition - Laptops and brand-name computer may have OEM recovery partition on the HD that can be used to restore the system to factory state. Some manufacturer procedures allow user data to be kept. 9. Windows 10/8/7 clean install from setup media - This method is covered in Chapter 2 and may allow you to keep user data on the hard drive.
Windows Boot Process
See picture in OneDrive/iPhone photos Step 1 Startup BIOS/UEFI: -Is responsible for the early steps in the boot process. Onboard RAM accessible to BIOS/UEFI holds an inventory of hardware devices, hardware settings, security passwords, dat and time, and startup settings. Startup BIOS/UEFI reads this information and then surveys the hardware devices it finds and present, comparing it with the list kept in its RAM. Step 2 Startup BIOS/UEFI Runs POST: -POST (Power on self test), which is a series of tests to find out if the firmware can communicate correctly with essential hardware components requires for a successful boot. -Any errors are indicated as a series of beeps, recorded speech, or error messages on the screen (after video is checked). -If the key is pressed to request BIOS/UEFI setup, the BIOS/UEFI setup program runs Step 3: -Based on the information kept in onboard RAM (NVRAM), startup UEFI loads the UEFI boot manager and device drivers. BIOS/UEFI then turns to the hard drive or other boot device to locate and launch the Windows Boot Manager. If BIOS/UEFI cannot find a Windows Boot Manager or cannot turn over operation to it, one of these errors messages appear: 1. Missing operating system 2. Error loading operating system 3. Windows failed to load 4. Invalid Partition table Step 4 Boot Manager does the following: A. IT reads the settings in the BCD (boot configuration data, database file contains boot settings that control boot manager and can be viewed using the bcdedit command) B. The next step depends on entries in the BCD and these other factors: Option 1: For normal startups that are not dual booting, no menu appears and Boot Manager finds and launches the Windows Boot Loader program. Option 2: If the computer is setup for a dual-boot environment, Boot Manager displays the "Choose and operating system" screen. Option 3: If Windows was previously stopped abruptly or another error occurs, the Windows startup Menu appears to give you the option to troubleshoot the problem. Step 5 Windows Boot Loader (win load.exe or winload.efi) is responsible for loading Windows components. Does the following: A. For normal startups, Boot Loader loads into the system memory the OS kernel, Ntoskrnl.exe, but does not yet start it. Boot Loader also loads into memory the hardware abstraction layer (Hal.dll), which will later be used by the kernel. B. Boot Loader loads into memory the system registry hive (C:\Windows\System32\Config\System). C. Boot Loader then reads the registry key just created, HKEY_LOCAL_MACHINE\SYSTEM\Services, looking for and loading into memory the device drivers that must be launched at startup. The drivers are not yet started. D. Boot Loader starts up the memory paging process and then turns over startup to the OS kernel (Ntoskrnl.exe) . Step 6 The Kernel (Ntoskrnl.exe) does the following: A. It Activates the HAL, reads more information from the registry, and builds into memory the registry key HKEY_LOCAL_MACHINE\HARDWARE, using information that has been collected about the hardware. B. The kernel then starts critical services and drivers that are configured to be started by the kernel during the boot. Drivers interact directly with hardware and run in kernel mode, while service interact with drivers. Most services and drivers are located in C:\Windows\System32 OR C:\Windows\System32\Drivers and have an .exe, .dll, or .sys file extension. C. After the kernel starts all services and drivers configured to load during the boot, it starts the Session Manager (Smss.exe), which runs in user mode. Step 7: The session Manager (Smss.exe loads the graphical interface and starts the client/server run-time subsystem (csrss.exe), which also runs in user mode. Csrss.exe is the Win32 subsystem component that interacts with applications. Step 8: Smss.exe starts Logon Manager (winlogon.exe) and reads and executes other commands stored in the registry, such as a command to replace system files placed there by Windows Update. Step 9 Winlogon.exe does the following: A. It starts the Service Control Manager (services.exe). Services.exe starts all services listed with the startup type of Automatic in the Services console. B. Winlogon.exe starts the Local Security Authority process (lass.exe). The sign-in screen appears, and the user account and password are passed to the lsass.exe process for authenticating. C. Winlogon.exe launches userinit.exe. For Windows 10/7, the desktop is launched. For Windows 8, the Start screen is launched. Step 10: Userinit.exe applies Group Policy settings and any programs not trumped by Group Policy that are stored in startup folders and startup registry keys. The Windows startup is officially completed when the Windows desktop or Start screen appears and the pinwheel wait icon disappears.
Windows RE
Windows Recovery Environment
What does a system repair give you
gives system repair tools that can be used to repair Windows
Where do you create a system repair disk?
in Backup and Restore (Windows 7) via control panel Click Create a system repair disk
Error Messages On A Blue Screen
-Hardware and software errors can present as error messages on a Windows BSOD and are called stop errors. -Sometimes Windows will continually reboot or just hangs with pinwheel spinning -BSOD happens when processes running in kernel mode encounter a problem and Windows must stop the system. -Can because by corrupted Windows Update, a corrupted registry, a system file that is missing or damaged, a device driver that is missing or damaged, bad memory, or a corrupted or failing hard drive. - can occur during or after startup What to do: 1. As for the tools that useful in solving stop errors, put the web at the top of your list! (But don't forget that some sites are unreliable and other mean you harm.) Search Microsoft websites on the item labeled in the error message. 2. Disconnect any peripheral devices that might be causing trouble, such as a docking station, USB device, projector, or extra monitor. 3. Reboot the system. Immediately after reboot following a stop error, Windows displays an error message box or bubble with useful information. Follow the links in the box. 4. If possible, restart the system and enable boot logging. Check the C:\Windows\Ntbtlog.txt file to see if the correct driver files loaded. 5. Restart the computer a couple of times. Sometimes that's all you need to do to solve a problem. If Windows encounters errors, it will launch an automatic repair. If that doesn't fix the problem, you can launch Windows RE and restart Windows in Safe Mode with Networking. In safe mode, examines the log file created by Automatic Repair at C:\Windows\System32\LogFiles\Srt\SrtTrail.txt.
Problems With User Profiles
-If windows bogs down right after the user signs in, the problem might be with loading the user profile. For a slow profile load, the user might see a black screen with spinning dots for several minutes. What to do (in least invasive order) 1. Try the Windows Troubleshooting applet (Control Panel > Troubleshooting. Run Maintenance tasks. 2. Make sure Windows updates are applied 3. Run sfc /scannow to fix problems with system files 4. Reduce startup items. Compare the time to load a user profile when starting Windows normally and during a clean boot. 5. Apply a restore point that was created before the problem started. 6. For Windows 10, try a repair upgrade. 7. Create a new user profile. You can copy user data files from the old profile into the new user profile namespace. If the user profile gets corrupt, it might not load at all and you might see the error message, "The User Profile Service failed the logon." TO rebuild the user profiles, do the following to repair Windows system files that affect corrupted files: 1. Do as many of the above steps as you can do when a single user profile is low to load. 2. Use the DISM command to repair corrupted Windows system files. 3. For Windows 10, perform a reset. Be sure to back up data before you do a reset. Sometimes you can recover a user account by deleting it without deleting its files and then creating a new one with the same name. If not able to delete profile in User Accounts and keep files then use registry to delete an old profile or repair a corrupted one: 1. Launch the Registry Edition and back up this registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList 2. Drill down into each S-1-5 folder in the above key until you find the correct user profile in the ProfileImagePath subkey. 3. If the profile has a State subkey, set it to 0. If the profile has a RefCount subkey, set it to 0. 4. Close the Registry Editor and restart the computer If still having problems with a user profile, follow steps to delete the profile: 1. Manually copy any important data files in the user profile namespace to a new location. Recall that you can find these files in C:\Users\username subfolders 2. Go to Control Panel > System Window > Advanced System settings > Properties box > Advanced tab > Settings under user profiles. IN the list of user profiles, select the profile and click Delete. 3. Launch the Registry Edition, back up the ProfileList key as you learned to do earlier, and locate the S-1-5 folder for the user profile you want to delete. Right-click the Sid key and click Delete. 4. Restart the computer and create a new profile.
Changing Startup Settings
-Is only available when Windows RE is launched from the hard drive rather than other media. -Access: Windows RE > Startup settings Options: Press 1 OR F1: Enable Debugging: -Tool moves system boot logs from the failing computer to another computer for evaluation -Computer must be connected by way of a serial port Press 2 or F2: Enable Boot Logging -Windows loads normally and all files used during the load process are recorded in a log file at C:\Windows\Ntbtlog.txt -Use this option to see what did and did not load during the boot. -For instance, if you have a problem getting a device to work, check Ntbtlog.txt to see what driver files loaded. -Boot logging is much more effective if you have a copy of Ntbtlog.txt that was made when every worked as it should. Then you can compare the good load with the bad load, looking for differences. Press 3 OR F3: Enable Low-Resolution Video (640x480) -Use when video options don't allow you to see the screen well enough to fix a bad setting (I.E: black fonts on a black background or a corrupted video driver) -Booting in this mode gives you a very plain, standard video in VGA mode. -Can then go to Display settings, correct the problem, and reboot normally. -For problems with video drivers, open Device Manager and update, roll back, or uninstall and reinstall video drivers. Press 4 OR F4: Enable Safe Mode -Launching safe mode and then restarting the system again can sometimes solve a startup problem. -Can go to Windows Desktop in Safe Mode and launch anti-malware software to scan the system for malware. -You can open Event Viewer to find events that are helpful in troubleshooting the system, run System File Checker command (sfc /scannow) to restore system files, use Device Manager to roll back a driver, use Memory Diagnostics (mdsched.exe) to verify memory, use the chkdsk /r command to check for file system errors, con figure Windows for a clean boot on the next restart, and perform other troubleshooting tasks Press 5 OR F5: Enable Safe Mode with networking -Use.when you need to access to the network to solve the problem. -I.E: you might need to download updates to your anti-malware software. -Use this mode when the Windows Installation files are available on then network, rather than Windows setup media, and you need to access those files. Press 6 OR F6: Enable Safe Mode With Command Prompt: -If safe mode can't start, try safe mode with command prompt which doesn't attempt to load the graphical interface. -At command prompt use the sfc /scannow command to verify system files. -If the problem still not solved, you can use the rstrui command to launch System Restore and then follow the on-screen instructions to select a restore point. -If restore points have not been previously made, System Restore cannot help. Press 7 or F7: Disable Driver Signature Enforcement -All 64-bit editions of Windows require that kernel-mode drivers be digitally signed. -Developers disable drive signature enforcement when they test kernel-mode device drivers that are not yet digitally signed. -Don't use this option for troubleshooting Windows startup because doing so might allow malware driver to load. Press 8 OR F8: Disable Early Launch Anti-Malware Driver: -Windows 10/8 allow anti-malware software to launch a driver before any third-party drivers are launched so that is can scan these drivers for malware. -Unless you're sure a driver is the problem, don't disable this security feature (Windows 7 doesn't offer this option on its Advanced Boot Options Screen) Press 9 OR F9: Disable Automatic Restart On System Failure: -By default, Windows automatically restarts immediately after a blue screen of death (BSOD) stop error, which is described in more detail later in this chapter. -The error can cause the system to continually reboot rather than shut down. -Press F9 to disable automatic restarts and stop the rebooting. Press 10 OR F10: Return to the startup settings screen
Windows Startup Repair
-This is the first tool you should use when addressing startup problems -This tool will not change Windows settings, user data, or applications -You can't cause more problems with this tool -Startup repair is built-in diagnostic and repair tool -Access Windows 10/8: Windows RE > Startup Repair -Access Windows 7: Windows RE > Repair your computer > enter admin PW > Startup Repair -Windows RE examines the system, fixes problems, reports what it did, and might offer suggestions for further fixes. -Log file location: C:\Windows\System32\LogFiles\SRT\SRTTail.txt
ERROR: "Bootmgr is missing"
-Use startup repair tools -Try rebuilding the BCD store - this should resolve the same problem on legacy BIOS and MBR systems.
Windows 7 Last Known Good Configuration
-Windows 7 Last Known Good Configuration settings are saved in the registry each time the user successfully logs on to the system. -If your problem is caused by a bad hardware or software installation, using the Last Known Good can, in effect, undo the bad installation. -Try the Last Known Good option early in the troubleshooting session before a bad Last Known Good overwrites a good one.
Desktop methods to Launch Windows RE
1. Windows 10: Settings app > Update & Security > Left pane click Recovery. Under Advanced Startup, click Restart Now. 2. Shift + Restart (Windows 10/8) 3. Command prompt: shutdown /r /o /r - instructs pc to restart /o - instructs windows to open RE after restart
Errors With Services Or Other Programs
Applications don't generally cause stop errors because they all run in user mode rather than kernel mode. When a blue screen with a stop error identifies a service or other program that failed to start or is causing problems do the following: 1. Check Event Viewer, which might provide events it has logged. Recall that critical errors and warning are recorded in the Administrative Events log. 2. Use Task Manger to stop the service or other program causing the error. If you cannot end the process using Task Manager, suer the taskkill command. Try restarting the program. 3. Use Task Manager or the Service console to disable the service from launching at startup. 4. Update Windows 5. IF you are not sure which service or program is causing the problem do a clean boot. IF a clean boot still gives errors, try a safe boot. 6. Undo any recent changes to the system. If you are not sure which changes to undo, consider using System Restore to restore the system to the point before the problem started. 7. Use the Memory Diagnostics tool to check memory and use the chkdsk /r command to check the HD for errors. If the problem still not resolved, you might need to repair Windows system files by using SFC or DISM command or other Windows startup repair tools.
Startup Error Messages On A Black Screen (Solutions)
Error messages: "No OS found" "A disk read error occurred" "Invalid boot disk" "Hard drive not found" "Disk boot failure" "No boot device found" What to do about it: 1. Research the error message 2. If seeing spinning white dots on a black screen, Windows may be installing updates before it launches. This may take a while. If system hangs indefinitely, the updates might be causing a problem. If a reboot doesn't solve the problem, boot into Windows RE and return to a previous version of Windows. 3. Consider that startup BIOS/UEFI might not be able to communicate with the HD. Check BIOS/UEFI setup for the boot sequence. Update the boot order so that you can try booting from another device. 4. For Windows 10/8, try going into BIOS/UEFI setup and disabling any quick boot features. This causes BIOS/UEFI to do a more thorough job of POST and reports more information on the screen as it performs POST 5. Windows might hart and show a black screen when it encounters a video problem at startup. Try restarting the system in Safe Mode, as you learned to do earlier in the chapter. Then check Even Viewer for clues, update Windows, and use Device Manager to roll back drivers or disable or uninstall the video adapter. If you cannot boot into safe mode, launch Windows RE and use Startup Repair, Memory diagnostics, and the chkdsk /r command to check Windows, memory, and HD. 6. The HD might be failing. To recover data from the drive, move it to another computer and install it as a second hard drive without formatting it.
IF ALL ELSE FAILS
If possible backup all important user data and NUKE Windows files and partitions and perform one of the below installations: 1. Windows 10/8 previous version - Undo a recent Windows 10/8 update. 2. Windows 10 repair upgrade - Install Windows 10 as an upgrade over the existing installation, keeping personal data, apps, and windows settings 3. Windows 10 Fresh start - Do a clean installation of the most recent version fo Windows 10. User data, some Windows settings, and a few apps can be kept. 4. Windows 10 reset - Do a clean Windows 10 installation from recovery media or the recovery partition on the hard drive. User data, some Windows settings, and a few apps can be kept. 5. Windows 8 refresh - Restore Windows 8 from a custom refresh image with the option to keep user data and some apps. 6. Apply a Windows 10/7 system image - Use a system image to replace everything on the Windows volume. Current user data, Windows settings, and apps are lost. 7. Windows 8 reset - The HD is reformatted and a clean installation of Windows is done. If an OEM recovery partition is available, it is used for the Windows installation. 8. Install Windows 10/8/7 from OEM recover partition - Laptops and brand-name computer may have OEM recovery partition on the HD that can be used to restore the system to factory state. Some manufacturer procedures allow user data to be kept. 9. Windows 10/8/7 clean install from setup media - This method is covered in Chapter 2 and may allow you to keep user data on the hard drive. Restore user data from backups
Error With Hardware And Device Drivers
If the blue screen names a device or device driver that caused the problem, do the following: 1. If the driver has been recently updated and Safe Mode desktop is loaded, open Device Manager and roll back the driver. 2. Consider that the device driver might have been updated along with a Windows update. For recent Windows, updates, try to return to a previous version of Windows. 3. A Windows update might fix the problem. Open settings app and update windows. 4. Use Device Manager to uninstall the device. When given the option, select Delete the driver software for this device. Then reboot the system. 5. If the stop errors does not identify the device but names a program file, open File Explorer or Windows Explorer on a working computer to locate the program file. Driver files are stored the C:\Windows\System32\drivers folder. Right - click the file and select Properties form the shortcut menu. The Details tab of the Properties box tells you the purpose of the file. You can then reinstall the device or program that caused the problem. 6. If you cannot start Windows in Safe Mode, use Windows RE to open command prompt window. Then backup the registry and open the Registry Editor using the regedit command. Drill down to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services Disable the service or driver by changing the Start value to 0x4. Close the Registry Editor and reboot. If the problem foes away, use the copy command to replace the service or driver program file, and restart the service or driver.
Command Prompt WIndows RE
Manage Data Files and System Files: -SFC and DISM commands to restore critical Windows system files. -cd, copy, rename, and delete command to manage data files and system files. Repair The Hard Drive File Systems and Partitions: -use chkdsk /r to try and repair the files system -If HD is very corrupt and must reinstall Windows, use the diskpart command to totally wipe the HD clean of everything, including the partitioning system, before you install Windows again using Windows setup media. Enable Networking: -Use wpeinit command to enable networking -The wpeinit command initializes Windows PE. Use BOOTREC And BCEDIT To Repair The File System and Key Boot Files: -A failure to boot can be caused by a corrupt BCD. -If startup repair does not fix the problem, you can use bootrec command to repair the BCD and boot sectors. -Use the bcdedit command to manually edit the BCD (MAKE A COPY OF THE BCD BEFORE EDITING) -Use the bootsect command to repair a dual-boot system. -To get helpful information about these commands, enter the command followed by the /?, such was bcdedit /?. bootrec /scanOS - Scans the HD for Windows installations not stored in the BCD bootrec /rebuildBCD - Scans for Windows installations and rebuilds the BCD bootrec /fixboot - Repairs the boot sector of the system partition bootrec /fixmbr - repairs the MBR for HDs using the MBR partitioning system bootrec /enum - Displays the contents of the BCD
Methods to Launch RE when Windows CANNOT start Normally
Windows Detects startup problems and launches automatic diagnostics and repairs: -If you restart the computer several times within a few minutes or Windows detects errors during startup, it automatically launches diagnostics and takes you through steps to attempt to repair the system. Its called Automatic Repair or Startup Repair, includes running both Check Disk, and System File Checker -IF Automatic Repair Fails, you're given the option to boot into Windows RE, where there are other TSing tools. -If you cannot launch Windows RE after a normal Windows startup, which can sometimes happen when working with Windows 10 installation in a VM, you can restart Windows several times. Each time you see the Windows flag appear, turn off the computer. After two or three attempts to start Windows, it will launch Automatic Repair on the next startup, and then you can access Windows RE. Boot from a USB recovery drive, DVD system repair disc, or Windows setup DVD or USB drive: -These boot recovery media give you the option to launch Windows RE. -You might have to adjust BIOS/UEFI settings to boot from alternate media. -TO launch Windows RE from a Windows setup DVD or flash drive, click Repair your computer when you see the Windows setup screen. Press F8 during startup: -If it is enabled, press F8 durning startup to launch the Advanced Boot Options menu, which is part of Windows RE.
Are recovery drives bit-specific
YES, user 32-bit recovery drive to repair 32-bit OS, and use 64-bit to repair 64-bit OS
