Chapter 17: Troubleshooting Operating Systems
The other settings on the Compatibility tab that are located under Display settings:
* Reduced color mode: Many old Windows programs were designed to run in 256 colors. Later versions of Windows that support more colors can confuse these older programs. * Run in 640 x 480 screen resolution: A few (badly written) older programs assume the screen to be at 640 × 480 resolution. This setting enables them to work. * Disable desktop composition (Windows Vista/7): Disables all display features such as Aero. More advanced Windows display features often bog down older programs. * Disable display scaling on high DPI settings: Turns off automatic resizing of a program's windows if you're using any high DPI (dots per inch) font. This was added because many programs with large fonts would look bizarre if resized.
The other settings on the Compatibility tab that are located under Display settings cont'd:
* Run this program as an administrator: As stated, enables you to run the program as an administrator. If this option isn't available, log on as an administrator to see it. * Enable this program to work with OneDrive files (Windows 8/8.1/10): This option provides networking support for older applications that might not understand the cloud aspects of file storage. * Change settings for all users: Clicking this button applies compatibility changes made to a program to every user account on the machine. Otherwise, the settings are only for the current user.
Missing NTLDR and Missing Boot.ini
- Not Boot Device Present, NTLDR Bad or Missing & Invalid Boot.INI error messages are described as: - Windows won't start with this error.
The Recovery Console cont'd (1)
- Now you can use the Recovery Console commands. - You can use many of the commands that work in the Windows command-line interface. - See Figure for common commands.
Return to OS Choices menu
- On computers with multiple operating systems, you get an OS Choices menu to select which OS to load. - If you load Windows and press f8 to get the Advanced Startup Options menu, you'll see this option. - Choosing it returns you to the OS Choices menu, from which you can select the operating system to load.
* View diagnostic and repair details * srttrail.txt
- Once the Startup Repair Utility is complete, there is a link called ______________________. - This opens a text file called _________ .txt that lists exactly what the program found, what it fixed, and what if failed to do.
Window Memory Diagnostic Tool in action
- Once you restart, your system immediately starts running the Windows Memory Diagnostic Tool. - While the program runs, you can press F1 to see the Memory Tester options.
Event Viewer Utility
- One of the 1st tools you should use when you get to the Desktop and see what's causing problems on the computer. - Is a Windows default program about a number of interesting happenings on the system. - It turns into a virtual recording of anything you might ever want to know about your system. - Powerful tool for security as well.
Even Viewer four main bars in the Center Pane:
- Overview - Summary of Administrative events - Recently Viewed Nodes - Log Summary
WinPE
- Powers WinRE.
.NET Framework
- Programs that fail to install can be Windows preventing them from installing because of a lack of a program that the application needs so it can operate. - Best example is the Microsoft: - Is an extension to the Windows operating system that includes support for a number of features, particularly powerful interface tools and flexible database access. If a program is written to take advantage of .NET, .NET must itself be installed.
Freeze-up
- The second indication of a device problem that manifests during the final part of startup is a: - The Windows startup screen just stays there and you never get a chance to log on.
Problems with Uninstalling
- The single biggest problem with uninstalling is that people try to uninstall without administrator privileges. - If you try to uninstall and get an error, log back on as an administrator and you should be fine. - Don't forget you can right-click on most uninstallation menu options on the Programs menu and select Run as administrator to switch to administrator privileges.
Directory Services Restore Mode
- The title says it all here; this option only applies to Active Directory domain controllers, and only Windows Server versions can be domain controllers.
The Problems Reports (called Problem Reports and Solutions in Vista)
- This Control Panel applet in Windows lists all Windows Error Reporting issues.
Performance and Information Tools
- This applet tells you how powerful your computer really is.
Reboot (All Versions)
- This choice will actually do a soft reboot of the computer.
Start Windows Normally
- This choice will simply start Windows normally, without rebooting. You already rebooted to get to this menu. Select this if you changed your mind about using any of the other exotic choices.
Reset Your PC
- This option in windows 8, nukes your system, all apps, programs, user files, user settings and presents a fresh installation of Windows. - Use as a last resort and always backup your data first.
The 3 reasons to access WinRE from the Windows installation media or the dedicated recovery drive
1. The hard drive can be so messed up that you won't make it to the Advanced Boot Options menu. 2. Accessing WinRE using the Repair Your Computer option in the Advanced Boot Options menu requires a local administrator password. 3. Using a bootable disc/USB flash drive enables you to avoid any malware that might be on the system.
device drivers
- BSOD problems due to _______ ________ almost always take place immediately after you've installed a new device and rebooted. - Take out the device and reboot and if Windows loads properly go to the manufacturer's website and find an updated driver available for download.
To work with your System's Services
- Go to the Control Panel | Administrative Tools | Services and verify that the service you need is running. - If not turn it on.
restore
- If Recovery Console doesn't do the trick, the next step is to ___________ Windows XP. - You can attempt to restore to an earlier, working copy of Windows. - Assuming you made an Automated System Recovery (ASR) backup, this will restore your system to a previously installed state. - Use this as a last resort.
Failure to Boot: OS X OS X Recovery (IMAGE RECOVERY)
- Mac OS X offers a power recovery tool called: - It enables you to rebuild a Mac with a reboot and key combination. - Hold down command +R at boot to access the Recovery Environment. - Enables a full Reset, but also gives options for other tools.
Force Quit
- Mac OS X offers a surprisingly powerful tool for application problems called ____________. - Press the option + command + esc keyboard combination to access the Force Quit menu. - It'll show you every running application.
Windows Preinstallation Environment (WinPE or Windows PE)
- Microsoft calls the 32- or 64-bit installation environment in Windows 7 the:
NTLDR bad or missing
- Missing system files are usually indicated by the error:
Hardware and Configuration, or in Windows
- Most failed-boot scenarios require you to determine where the fault occurred:
Opening Event Viewer
- Go to System and Security | Administrative Tools | Event Viewer.
bootmgr and bcd
- In modern Windows, these two critical boot files risk corruption in Windows:
Failure to Boot: Linux GRUB and LILO
- Linux offers 2 common boot managers called: - Options to fix "Missing GRUB" and "Missing LILO" error is to boot to the OS media disc (the Live DVD) and let it "install" into memory. - From there, you can access the terminal and run the sudo grub-install command (along with the location of the boot drive) to repair.
Registry Files
- Load every time the computer boots.
Criteria has to be met to return to a previous version in the System Protection tab
* The file or folder was backed up using the backup program. * You created a restore point. * The file or folder was changed. - You must make sure System Protection is enabled. - Go to the System Protection tab in the Systems Properties dialog box to see if the feature is enabled.
Last Known Good Configuration
- A Windows feature that starts the computer by using the registry information that was saved during the last shutdown. - When Windows' startup fails immediately after installing a new driver but before you have logged on again, try the Last Known Good Configuration option. - This option applies specifically to new device drivers that cause failures on reboot.
System Protection
- A Windows utility for all versions of Windows that is powered by Volume Shadow Copy Service (VSS) enables the OS to make backups of any file.
No Boot Device error
- A bad sector usually shows up as a:
"invalid boot disk"
- A black screen with an __________ error message points to a hardware or CMOS problem with a PC that won't boot.
Crashing Programs
- A program can get released that isn't ready for prime time and the error-prone code causes the application to crash or even causes OS to crash. - Some scenarios caused by such programs are the computer locking up or unexpectedly shutting down. - The system might spontaneously shut down and restart.
Application Installation Problems
- A well-behaved program should always make itself easy to uninstall as well. In most cases, you should see an uninstallation option in the program's Start menu area; and in all cases (unless you have an application with a badly configured installer), the application should appear in either the Add/Remove Programs applet or the Programs and Features applet in the Control Panel.
Blue Screen of Death (BSOD)
- A windows Stop error is better known as the: - Device Drivers are one of the reasons you can see a BSOD.
Action Center settings
- Action Center only compiles the information, taking data from well-known utilities such as Event Viewer, Windows Update, Windows Firewall, and UAC and placing it into an easy-to-read format. - If you wish, you can tell Action Center where to look for information by selecting Change Action Center settings.
Event Viewer
- After the tool runs, your computer reboots normally and you can open ______ _______ to see the results.
Selecting a system image cont'd (1)
- After you click finish on the confirmation screen, the restore process begins. - The utility removes the old system data and then copies the backed-up system image to the hard drives. - Once the process completes, your system reboots and should start up again with all of your data and programs just where you left them when you last backed up.
Selecting a system image cont'd
- After you select the image you want to restore, the utility presents you with a few more options: - You can choose to format and repartition disks. With this option selected, the utility wipes out the existing partitions and data on all disks so the restored system will get the same partitions that the backed-up system had.
corrupted
- Application failures can cause any data to be:
Application Problems
- Applications can fail to install or uninstall because of OS version issues with compatibility problems. - Applications try to access a file and that file is missing or won't open. - Sloppy or poorly written code cause the application or the OS to crash. - Corrupted applications can corrupt data.
fixmbr
- At the Recovery Console prompt, just type: - This fixes the MBR.
Each Service has a startup Type called:
- Automatic, Manual, or Disabled that defines when it starts. - Common to find that a service has been set to Manual when it needs to be set to Automatic so that it starts when Windows boots.
BOOTMGR
- From Windows Vista on through Windows 8.1, the ___________ file accesses the Boot Configuration Data file and starts up the files that load the OS.
To replace the Registry
- Boot to the Windows installation media to access Windows RE and get to the command prompt shell. - Run the reg command to get to a reg prompt. - From there you have numerous commands to deal with registry and the simplest is the COPY command. - I already know the location of the backed up Registry files so just copy the files to the location of the main Registry files which is up one level in the tree under the \config folder.
Bootrec command adds 2 more repair features called:
- Bootrec / fixboot - Rebuilds the boot sector for the active system partition. - Bootrec / fixmbr - Rebuilds the MBR for the system partition. - Bootrec / scans - Looks for Windows installations not currently in the BCD store and shows you the results without doing anything. - Bootrec / rebuildmbr - Looks for Windows installations not currently in the BCD store and gives you the choice to add them to the BCD store.
Safe Mode with Networking
- Boots in Safe Mode but with network support. - Use this mode to test for problem with network drivers. - If Windows fails to startup in Safe Mode with Networking, the problem is a network driver. - What you can do is reboot back to Safe Mode, open Device Manager, and start disabling network components, beginning with the network adapter.
Viruses
- Can cause Windows to fail to start normally or make it appear to be missing.
failing hardware or hardware changes
- Can create kernel panic in Mac OS X and Linux and bring the system down. - Kernel panic in Mac OS X is demonstrated by a black or gray screen of death.
More Control Panel Tools: Problem Reports and Solutions (Windows Vista) and Action Center (Windows 7/8/8.1)
- Centralize a lot of useful information about the status of your computer.
Windows 8/8.1/10 WinRE Advanced options
- Clicking on Advanced options reveals menu similar to Windows Vista/7 options: * System Restore * System Image Recovery * Startup Repair * Command Prompt * UEFI Firmware Settings (available if your motherboard uses UEFI rather than classic BIOS).
Boot configuration data (BCD) files
- Contain information about OSs installed on a computer. - In Microsoft speak, that info is called a store or BCD store.
Different levels of Summary of Administrative Events:
- Critical - Error - Warning - Information - Audit Success - Audit Failure
Kernel panic
- Device drivers can trip up Linux systems causing their own form of BSoD, called a: - To fix go to Manufacturer's website and find updated drivers or kernel modules (code that gets inserted directly into the kernel).
Performance Information and Tools applet
- Doesn't fix anything, but provides a relative feel for how your computer stacks up agains other systems using the Windows Experience Index.
subscore
- Each component generates a subscore. - These values range from 1 to 5.9 for Windows Vista and 1 to 7.9 for Windows 7/8. - Your system's Base score is based on the lowest subscore. - Microsoft removed the Windows Experience Index and its Control Panel applet with the release of Windows 8.1.
Enable Low-Resolution Mode
- Enable Low-resolution Mode starts Windows normally, but only loads a default VGA driver. - If this mode works, it may mean you have a bad driver, or it may mean you are using the correct video driver but it is configured incorrectly (perhaps with the wrong refresh rate and/or resolution). - Whereas Safe Mode loads a generic VGA driver, this mode loads the driver Windows is configured to use but starts it up in standard VGA mode rather than using the settings for which it is configured. - After successfully starting in this mode, open the Display applet and change the settings.
System Restore
- Enables you to go back to a time when your computer worked properly and gives those of us who make many RESTORE POINTS snapshots of a system at a given point in time.
Cache option
- Enables you to set whether the tests use the CPU's built-in cache as well as override the default settings for each test type. - Leave Cache set at Default and never touch it.
The Recovery Console cont'd
- Enter the administrative password for that computer and press ENTER. - The screen now looks like this.
Exam tip (1)
- Every once in a while you'll get an application that reports an error if the clock settings in Windows don't match. This can cause the application not to run. Likewise, if a computer has a failing battery and is offline for a while, the BIOS time and settings will be off. You'll get a brief "error" noting the change when you connect that computer to a network timeserver. - This is both a hardware issue (failing battery) and an application issue. When the Windows clock resets, so do the BIOS time and settings.
In Windows 7, the 3 ways to access WinRE are:
- First, you can boot from the Windows installation media and select repair. - Second, you can use the Repair Your Computer option on the Advanced Boot Options (F8) menu. - Third, you can create a system repair disc or system image before you have problems. Go to control Panel | System and Security | Backup and Restore and select: Create a system repair disc or select Create a system image.
The Startup Repair utility
- Fixes almost any Windows boot problem. - serves as a one-stop, do-it-all option. When run, it performs a number of repairs, including: * Repairs a corrupted Registry by accessing the backup copy on your hard drive. * Restores critical boot files. * Restores critical system and driver files. * Rolls back any non-working drivers. * Uninstalls any incompatible service packs and patches. * Runs chkdsk. * Runs a memory test to check your RAM.
* ntldr * ntdetect.com * boot.ini
- For Windows XP to start loading the main OS, the critical system files ____, ______, & ______ must reside in the root directory of the C: drive & boot.ini must point to the Windows boot files.
When Safe Mode boots automatically
- If Safe Mode boots automatically, that means someone forced it in the System Configuration utility. - Type msconfig at the Start | Search or Start | Run option and press ENTER to open the System Configuration utility and then deselect the Safe boot or Boot to Safe Mode check box.
Safe mode
- If Windows fails to startup normally, press F5 at boot-up to boot directly to:
backup
- If all goes well with the Recovery Console, do a thorough _________ asap, just in case something else goes wrong.
Register copy
- If encountered with these errors you need to restore a good:
restore from back or rebuild form the installation media or a recovery drive.
- If faced with a scenario where the GUI files have become corrupted, what CompTIA calls a "Missing Graphical Interface" problem, your only choices are to:
* No Boot Device Present * NTLDR Bad or Missing * Invalid BOOT.INI
- If ntldr, ntdetect.com, & boot.ini isn't in place, the system won't get past this step and the common error messages you get are: - These texts take place early in the startup process. - BIG CLUE THAT IT IS A BOOT ISSUE.
boot cfg / rebuild
- If the boot.ini file is gone or corrupted, run this command from the Recovery Console; - The Recovery Console will try to locate all installed copies of Windows and ask you if you want to add them to the new boot.ini file it's about to create. Say yes to the ones you want.
"No boot device detected"
- If the user says that the screen says ________________ and the system worked fine before, it could mean something as simple as the computer has attempted to boot to an incorrect device, such as to something other than the primary hard drive. - So you have to remove the thumb drive from the USB port to fix the error.
The Recovery Console
- If there is only one installation of Windows XP on your computer, type the number 1 at the prompt and press the ENTER key. - If you press ENTER before typing in a valid selection, the Recovery Console will cancel and the computer will reboot. - Make the choice now you get a new line, followed by the curser that reads: Type the Administrator password:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- If you can't find a load on startup option in your application, run the Registry Editor and go to where most applications autoload:
System File Checker
- If you get a .DLL error, the best tool to use is the: - Can use it to check and replace a number of critical files, including the important DLL cache. - Verifies the integrity of system files.
Splash screen
- If you get to the Windows ______ ________ and then the computer locks up, that's a complete different error than a boot failure in Windows XP.
Advance Settings Tool
- If you have problems with your boot, use the:
Selecting a system image
- If you have the drive containing the system image plugged in when you first run the wizard, it should detect your latest backup and present you with the dialog box. - If it doesn't list a system image or it lists the wrong one, you can select an image from another date on the same disk or even a remote network share.
Startup Repair
- If you have trouble booting your computer, you should try _______ ______ first.
Windows XP Mode
- If you need to make things 100 percent compatible with Windows XP and you have Windows 7 (Pro, Ultimate, or Enterprise) on your system, you can download: - It is nothing more than a premade Windows XP SP3 virtual machine that runs under Microsoft's popular (and free) virtualization program, Windows Virtual PC.
Action Center applet
- If you see a problem, Action Center includes plenty of links to get you to the utility you need. From the Action Center applet, you get direct links to some or all of the fol- lowing tools: • UAC settings • Performance Information and Tools • Backup and Restore • Windows Update • Troubleshooting Wizard • System Restore • Recovery
Hardware
- If you see the screen, "Operating System not found", the problem is with:
Debugging Mode (All Versions)
- If you select this choice, Windows starts in kernel debug mode. - To do this, you have to connect the computer you are debugging to another computer via a serial connection, and as Windows starts up, a debug of the kernel is sent to the second computer, which must also be running a debugger program.
Troubleshooting Tools once you load into Windows through Safe Mode or other option * Event Viewer
- If you suspect some service or Registry issue caused the problem, head over to the ______ viewer and see what sort of logon events happened recently.
Task Manager and Command-Line Options
- If you're unable to get to Task Manager or are comfortable with the command line, you can get to a command prompt (like in the Windows Recovery Environment) and type the command tasklist to find the names and process IDs of all the running processes. - You can then run taskkill to end any process either by filename or by process ID. - If you're in the Windows PowerShell, the commands are tasklist and kill.
spinning pinwheel of death
- In Mac OS X systems that indicates an unresponsive system.
automatically
- In Windows 7 and later, Startup Repair starts __________ if your system detects a boot problem.
Action Center
- In Windows 7/8/8.1 provides a one-page aggregation of event messages, warnings, and maintenance messages that, for many techs, might quickly replace Event Viewer as the first place to look for problems.
Advanced Startup Options menu
- In Windows Vista or Windows 7, you can use the _________ menu to discover the cause. - To get to this menu, restart the computer and press F8 after the POST message but b4 the Windows logo screen appears.
NTLDR
- In Windows XP, __________ would read the boot.ini file to find the boot partition where the OS files are stored.
Recovery Console
- Provides a command-line interface for working with Windows before the GUI starts. - Press R to start the: - Shines in manually restoring Registries, stopping problem services, rebuilding partitions, and using the expand program to extract copies of corrupted files from an optical disc or floppy disk. - You can reconfigure a service so that it starts with different settings, format partitions on the hard drive, read and write on local FAT or NTFS partitions, and copy replacement files from a floppy disk or optical disk. - Enables you to access the file system and is still constrained by the file and folder security of NTFS, which makes it a more secure tool to use than some third-party solutions.
"Registry File Failure" or text errors that say "Windows could not start"
- Registry errors may show up as BSoDs that say:
Basic
- Runs quickly (about one minute) but performs only light testing.
Pass count
- Sets the number of times each set of tests will run.
buggy device drivers or Registry problems and autoloading programs
- Several issues can create a scenario where Windows fails to start normally.
Windows Memory Diagnostic (Tool)
- Starting with Windows Vista, Microsoft added a memory tester to the Windows Recovery Environment called:
Safe Mode with Command Prompt
- Starts Windows and loads the command prompt instead of the GUI. - You can type chkdsk, defrag command. - It is a handy option if the desktop does not display at all which can be caused by corruption of the explorer.exe program. - You can delete corrupted explorer.exe and copy in an undamaged version.
Safe mode (All Versions)
- Starts up Windows but loads only very basic, non-vender-specific drivers for mouse, 800 x 600 (Vista/7) or 1024 x 768 (8/8.1) resolution monitor, keyboard, mass storage, and system services.
Windows Vista/7 WinRE with five options:
- Startup Repair - System Restore - System Image Recovery (Windows 7) or Windows Complete PC Restore (Vista) - Windows Memory Diagnostic or Windows Memory Diagnostic Tool (Vista) - Command Prompt
Tip:
- System Protection doesn't have to be only for recovery of corrupted data files caused by bad applications. - It's also a great tool to recover previous versions of files that users accidentally overwrite. - The System Protection tab also enables you to load a restore point and to create restore points manually, very handy features.
File recovery software
- System Protection falls in the category generically called:
Extended
- Takes hours, but it will aggressively test your RAM.
Advanced Startup options
- The 1st step in troubleshooting these scenarios is to use the:
Exam tip
- The CompTIA A+ 902 exam objectives mention a scenario where Windows boots directly to Safe Mode. This can only happen if a tech specifically makes a change to the System Configuration utility.
Cache and Pass Count
- The Memory Diagnostic tool includes two other options called:
1. Repairing the MBR 2. Reinstalling the boot files 3. Rebuilding boot.ini
- The Recovery console works great by fixing these 3 items:
Restart now and check for problems (recommended) or Check for problems the next time I start my computer
- The Windows Memory Diagnostic (Tool) prompts you with two options:
1. Basic 2. Standard 3. Extended
- The Windows Memory Diagnostic Tool options lists 3 important Test Mix options at the top of the screen called:
Refresh Your PC
- The Windows RE option to ________________ in Windows 8 and later rebuilds Windows, but preserves all user files and settings and any applications purchased form the Windows Store.
Live DVD
- The Windows installation media is called a ____________ because WinPE loads directly from disc into memory and doesn't access or modify the hard drive.
Last Known Good Configuration boot option or restore an earlier versions of the Registry through Windows RE
- The best way to do this depending on your Windows version is the:
diskpart
- The command prompt also includes this tool, but lacks many of the safety features build into Disk Management. - Starting this command opens a special command prompt as shown: - You can un commands at the ______ prompt to add, change, or delete volumes and partitions on drives, mount or dismount volumes, and even manipulate software-level RAID arrays.
Standard
- The default choice, takes a few minutes and tests more aggressively.
Exam tip (2)
- The fact that Windows looks for the autorun.inf file by default when you insert a disc or USB drive creates a security issue. - Someone could put a malicious program on some form of media and write an autorun.inf file to point to the virus. Insert the media and boom! There goes your clean PC. Of course, if someone has access to your computer and is fully logged on with administrator privileges, then you've already lost everything, with or without a media-born program, so this "big" security issue is pretty much not an issue at all. - Nevertheless, you should know that to turn off this behavior in Windows requires opening the Registry Editor and changing up to six different settings.
System Restore Step
- The final step in recovering from a major Windows meltdown.
Windows 8/8.1/10 WinRE and choices it offers
- The first screen requires you to choose a language, and then you get to the main menu with two options: * Troubleshoot * Turn off your PC
Command prompt
- The last option in the WinRE menu is the: - It functions similarly to the regular cmd.exe shell in Windows.
Hardware change
- The only way to change a subscore in the Windows Experience Index is by making what kind of change?
hardware and driver
- The problem is that all the crashing can be caused by ______ and _____ problems, and not just application problems.
Enable Boot Logging
- This option starts Windows normally and creates a log file of the drivers as they load into memory. - The file is named Ntbtlog.txt and is saved in the %SystemRoot% folder. - If the startup failed because of a bad driver, the last entry in this file may be the driver the OS was initializing when it failed. - Reboot and go into the WinRE. Use the tools there to read the boot log and disable or enable problematic devices or services.
rebuilding boot.ini
- This takes care of two of the big three and leads us to the last issue, ____________.
Windows Vista
- This version of Windows does not have the Repair Your Computer option on the Advanced Boot Options menu. - You can either use Windows Installation media, or if you have SP1 or later, make a bootable system repair disc.
Installation CD-ROM
- To begin troubleshooting one of these Windows XP errors, boot from the:
copy d:\i386\ntldr then type this line: copy d: \i1386\ntdetect.com
- To fix missing system files, get to the root directory by typing cd\ and type the following line:
Windows 8/8.1
- Version of Windows that does not have the F8 Advanced Boot Options by default, nor a Backup and Restore applet. - The Advanced Boot Options is still there, but Microsoft removed the easy access via the F8 key.
Characteristics of Volume shadow copy
- Volume shadow copy allows Windows to copy entire volumes while Windows is running and if you have open applications.
Volume Snapshot Service (VSS)
- Volume shadow copy is enabled because there is a service allowing us to do this called: - Provides the "Previous Versions Tab"
* Set-up Windows XP * Repair using the Recovery Console * Quit Setup
- What are the 3 options from the initial screen that come up when you inserted the installation CD-ROM?
WinRE
- When faced with a failure-to-boot scenario in modern versions of Windows, _________ is one of your primary tools.
Windows Recovery Environment (Windows RE) referred to as System Recovery Options menu
- When you access Windows PE and opt for the troubleshooting and repair features, you open a special set of tools called the: - Built on the Windows Pre-installation Environment.
In Safemode
- When you are in safe mode you can use Device Manager to locate sources of problems. - You can access properties for all devices and ones even the ones that are not working in Safe Mode. - You can disable any suspect device or perform other tasks, such as removing or updating drivers. - Check Device Manager for warning icons that indicate an unknown device if problem with device driver is preventing the OS form starting normally.
Windows 8/8.1/10 WinRE and the next screen
- When you click on the troubleshoot option, you see three more options: * Refresh your PC * Reset your PC * Advanced options
Application Installation Problems: * autorun.inf * setup.exe
- When you insert the disc or USB drive, Windows knows to look for a text file called _________ that tells it which file to run off the disc or USB drive, usually _________.
Windows Boot Manager and Windows Boot Loader
- When you run bcdedit you get the following information with two sections that are called: - Windows Boot Manager describes the location of bootmgr and Windows Boot Loader section describes the location of the win load.exe file.
ntdetect
- When you select the Recovery Console, you will see a message about _______, another message that the Recovery Console is starting up, and then you are greeted with the following message and command prompt. - Recovery console command to find the NTLDR and fix it.
Windows Error Reporting
- When your computer has a problem and you want to tell people who are in charge of the program you're having that problem so they can fix it.
bootrec
- WinRE's command prompt, includes an important utility called ______ that you can't find in the regular command prompt. - It is a WinRE troubleshooting and repair tool that repairs the MBR, boot sector, or BCD store. - Most important command in the WinRE.
Complete, Image
- Windows 7 & later differ from backup tools in Windows vista. - Windows Vista uses the Windows __________ PC Restore Utility, whereas Windows 7 and later include the System _________ Recovery tool.
recovery drive
- Windows 8/8.1, you create a ________ drive on a 16 GB+ USB flash drive by accessing the Recovery applet in Control Panel.
POST, Loading Windows
- Windows XP boot errors take place in those short moments between the time __________ ends and the ________ _________ screen begins.
Compatibility tab
- Windows handles compatibility using the aptly named ___________ tab in every executable program's Properties dialog box. (Right-Click on the executable file and click properties).
Services
- Windows loads a number of services as it starts. - In a scenario where any critical service fails to load, Windows tells you at this point with an error message. - The important word here is CRITICAL. Windows will not report all service failures at this point. - If a service that is less than critical to Windows doesn't start, the OS usually waits until you try to use a program that needs that service before it prompts you with an error message.
Autoloading Programs
- Windows loves to autoload programs so they start at boot. - The problem with auto-loading programs is that when one of them starts behaving badly, you need to shut off that program! - Use the System Configuration utility (Windows Vista/7) or Task Manager (8/8.1/10) to temporarily stop programs from autoloading. - If you want to make the program stop forever, go into the program and find a load on startup option.
Compatibility modes
- Windows performs various different forms of ___________ _________ to support older applications.
Disable Driver Signature Enforcement
- Windows requires that all very low-level drivers (kernel drivers) must have a Microsoft driver signature. - If you are using an older driver to connect to your hard drive controller or some other low-level feature, you must use this option to get Windows to load the driver.
Volume Shadow Copy Service (VSS)
- Windows uses _______ for its System Protection feature, enabling you to access previous versions of any data file or folder. - Try right-clicking on any data file and selecting Restore previous versions, which opens the file's Properties dialog box with the Previous Versions tab displayed.
Image
- With an ________ in hand, you can use the Windows Complete PC Restore/System Image Recovery tool to restore your system after a catastrophe.
Windows PE
- You boot directly to the Windows DVD which loads a limited-function graphical OS that contains both troubleshooting and diagnostic tools, along with installation options.
Views
- You can click any event to see a dialog box describing the event in detail referred by Microsoft as: - Filters existing log files, great for custom reports using beginning / end times, levels of errors and more.
Missing File or Incorrect File Version
- You can experience this error message with a "missing DLL" or "cannot open file xyz." - Easiest fix is to 1st try to reinstall the program, and check for any special instructions about versions of support files. - If that doesn't work then the second step is perform an Internet search for missing DLL or file that fails to open, along with the name of the program you're trying to use.
\Windows\System32\config\RegBack
- You can find the backed-up Registry files in: - By default, the task runs every 10 days with automatically backed-up files. - Better to keep regular backups more often.
identifiers
- You can use the ____________ from the bcdedit output to make changes to the BCD store using the /set switch. for Example: - Changes the path of the {current} identifier to point to an alternative win load.exe. - When you have more than one identifier, that means it is a dual-boot scenario.
Rebuild
- You have several options rebuild. - You could simply reboot to the Windows CD-ROM and install right on top of the existing system. - Use the Recovery CD or recovery partition. - The Recovery CD is a CD-ROM that you boot to and run. - The recovery partition is a hidden partitions on the hard drive that you activate at boot by holding down a key combination specific to the manufacturer of that system. - Both "recovery" options restore you computer to the factory-installed state. - If you run any of these programs you will wipe everything off your system. - Always make sure that all your important files and folders are backed up on an optical disc or spare hard drive.
Logs
- You record all data to ______. - ________ in Windows have limitations, such as a maximum size, a location, and a behavior for when they get too big (such as overwrite the log or make an error). - Note that only users with Administrator privileges can make changes to log files in Event Viewer.
bcdedit command
- You use this tool to see how Windows boots. - Running this tool by itself without any switches shows the boot options.
To make changes to the BCD store, you need to use switches:
- bcdedit / export <filename> exports a copy of the BCD store to a file. This is a good idea when you use bcdedit. - bcdedit / import <filename> imports a copy of the BCD store back into the store.
bcdedit
- bootmgr & bcd boot files can be fixed with the tool: - This tool is in the Windows Recovery Environment.
Windows RE
- is the repair tools that run within Windows PE.
The three-level process to get Windows XP up and running if you are in a failure-to-boot scenario is:
1. Attempt to repair. 2. Attempt to restore from a backup copy of Windows if repair didn't work. 3. Rebuild if restore doesn't work. - (YOU WILL LOSE DATA AT THE RESTORE AND REBUILD PHASES).
Security and Maintenance
Action Center Separates issues into two sections, making it easier to review a system's issues quickly:
Windows Startup Problems / From 30BIRD Chap. 10 * Missing Graphical Interface (GUI) * Graphical Interface fails to load
Probable causes - Device Drivers that prevent Windows from starting and loading the GUI. - Registry errors.
Windows Startup Problems / From 30BIRD Chap. 10 * Failure to Boot * Missing OS * Missing NTLDR (Pre-Windows Vista) * Missing Boot.ini (Pre-Windows Vista)
Probably Causes - Missing or corrupt files that control the boot process and load the OS. - Incorrect Boot order in the BIOS (so the system boots to a non-system disk or device).
Disable Automatic Restart on System Failure
Sometimes a BSoD will appear at startup, causing your computer to spontaneously reboot. That's all well and good, but if it happens too quickly, you might not be able to read the BSoD to see what caused the problem. - Selecting Disable automatic restart on system failure from the Advanced Startup Options menu stops the computer from rebooting on Stop errors. - This gives you the opportunity to write down the error and hopefully find a fix.
SYSTEM FILES Dynamic Link Library (DLL)
Windows lives on _________ files. - Almost every program used by windows and the important ones call to ______ files to do most of the heavy lifting that makes Windows work. - Core SYSTEM FILES that make up Windows itself may become corrupted, preventing Windows from starting properly. - Example error: "Error loading XXXX.DLL," or a program you need simply won't start when you double-click its icon.
The Five components of the Performance Information and Tools applet:
• Processor - Calculations per second • Memory (RAM) - Memory operations per second • Graphics - Desktop performance for Windows Aero • Gaming graphics - 3-D business and gaming graphics performance • Primary hard disk - Disk data transfer rate
