Troubleshooting Windows
Pages/sec
Object: Memory Number of pages read from or written to disk to resolve hard page faults. Indicates your system is using the paging file. I this averages above 50, you may have a problem.
% Usage
Object: Paging File Amount of the pagefile instance in use in percent. Need to keep below 50% to ensure disk performance.
Average Disk Queue Length
Object: Physical Disk Number of requests outstanding on the disk at the time the performance data is collected. If this is increasing and disk time is high, you have a disk problem.
%Disk Time
Object: Physical Disk Percentage of elapsed time that the selected disk is busy servicing read or wright requests. Indicates how busy disk is. > 85% could indicate a problem.
%Processor Time
Object: Processor Description: Percentage of time that processor is executing a non-idle thread. Should be low.
Available Bytes
Object:Memory Amount of memory available- should not be below about 10% of total system RAM.
Network
Often, the cause of slow loading times at boot are _____________ service or configurations not working optimally.
Restrictive sandbox
This feature is designed to prevent a Microsoft Store app from making system-wide changes or interfering with other apps and applications.
Event Viewer
This is a management console snap-in for viewing and managing logs.
Network Based Installer
This is used when an organization wants to deploy an application to a number of desktops.
%SystemRoot%\syswow64
This is where shared systems files (DLL and EXEs) are stored for 32-bit apps in 64-bit Windows.
Windows Settings --> Apps --> Default Apps
This is where you'd go to customize Default Programs.
bcdedit
To add boot paths, you have to use the ____________________ command.
System Properties applet
You can obtain a brief overview of some key system properties such as information about the computer, processor type and installed RAM and more from this applet in Control Panel.
General , System Configuration
You can select between Normal, Diagnostic, and Selective startup in the ____________ tab of _______________. (2 terms)
Windows Features
You can use the Programs and Features window in Control Panel to turn __________ on or off.
regsvr32 or sysWOW64/regscr32
You may be able to use _______________ to re-register DLL that the service relies on.
Computer Management Console
You would open ______________________________________ then expand Services and Applications from the tree and click the Services icon.
Programs and Features
a window within the Control Panel that lists the programs installed on a computer where you can uninstall, change, or repair programs.
sfc /scannow
sfc commad that runs sfc immediately.
sfc /scanonce
sfc command that schedules a scan when computer is next restarted
sfc /scanboot
sfc command that schedules sfc scans whenever PC boots.
Windows + Ctrl + Shift + B
this key sequence checks for a beep to determine whether the system is responsive.
Steps to take if you can't identify any overutilization:
1. Apply updates 2. Defrag Hard Drive 3. Check Power Saving-mode 4. Check for underpowered components 5. Disable app startup to prevent unnecessary programs from running at startup 6. Disable Windows services/ applications 7. Security Scan- scan PC for viruses and other malware 8. Check configuration of anti-virus software.
stalled prints
2. Open the Print queue and check for ______________.
System reserved partition
A 100-MB partition created during the Windows installation if there is unallocated space available for it. This holds the bootmgr and BCD files. Can be partitioned as FAT32 or NTFS.
service
A ___________ is a Windows process that doesn't require any sort of user interaction and runs in the background.
Rollback Updates
A feature that will allow the PC to roll back to the previous update uninstalling the newest update as long as it is less than 31 days old. There are 2 ways to accomplish this one through Recovery the other thru Security and Update History.
DLL (Dynamic Link Library)
A file of executable functions or data that can be used by a Windows application. Typically, a DLL provides one or more particular functions, and a program accesses the functions by creating links to the DLL.
Group Policy Object (GPO)
A list of settings that administrators use to configure user and computer operating environments remotely through Active Directory.
Print Management
A snap-in in Administrative Tools where you can manage drivers and monitor the status of printers.
BSoD (Blue Screen of Death)
A stop error screen that sometimes appears when a Windows-based system is unable to boot.
Process ID (PID)
A unique identifier assigned to every process as it begins.
Data Collector Sets
A utility in Performance Monitor where you can log performance files to create a System baseline for a longer-term view of performance.
Windows Boot Loader
After identifying the BCD file, if there's only one Windows installation, the boot manager loads the _____________________.
Open Database Connectivity (ODBC)
An application programming interface that provides a common language for application programs to access and process SQL databases independent of the particular DBMS that is accessed.
Go to Services
An option in the process's shortcut menu that allows you to view all services a single process may be running.
Critical event
An unrecoverable error that made the application or Windows close unexpectedly
Home folder/ Profile
Any files created using the application or custom preferences should be saved to the user's __________________ rather than the application directory.
Dynamic Link Library
App installation and removal under legacy versions of windows could cause problems if the app changed or removed ______________ files used by other apps, causing them to malfunction.
file
Assuming there is no hardware issues, the general troubleshooting technique for BOOT PROBLEMS is to determine the failure point, and therefore the missing or corrupt ________________.
hardware components
BSoD Troubleshooting Check seating of ________________ and cables.
Stop Error Code
BSoD Troubleshooting Make a note of the _______________________ and search the Microsoft Knowledge Base for known fixes.
chkdsk, malware
BSoD Troubleshooting Run hardware diagnostics, ____________________, and scan for ______________________.
System Restore
BSoD Troubleshooting: Use _________________ or Rollback Driver to restore the system to a working state.
Hardware device
BSoD troubleshooting: Remove a recently added ______________________ or uninstall a recently installed program.
file corruption
Besides network configuration, another cause of slow boot times could be ____________.
2:1
Best compression ratio for creating a system image is
/fi
Command switch that applies various filters to task list
bootrec /rebuildbcd
Command that adds missing Windows installations to BCD
bootrec /fixboot
Command that attempts to repair the bootsector
rstrui
Command that starts System Restore
System Log
Contains info about service load failures, hardware conflicts, driver load failures and so on.
Driver, Services
Delays affecting the system prior to logon are caused by loading ______________ and ________________.
Physical Disk
Disk performance can be measured using the ______________ object.
boot sector /VBR
During boot, the Master Boot Record id's the _____________________ for the partition marked as active.
Recovery Media Creator
In Windows 8/10, you can use the _______________________ to create a USB-based repair disk and optionally include any recovery partition from the local disk.
bootmgr.efi
EFI system partition boot manager.
FAT
EFI system partitions are always formatted with ___________________.
BCD and bootmgfw.efi
Each Windows installation has a subfolder under EFI\Microsoft\ that contains a _________________ and ___________________.
Component Services (COM+)
Enables you to register new server applications or reconfigure security permissions for existing services.
Eventvwr.msc
Event Viewer command
Services
Following diagnostic testing in msconfig, permanent changes would typically made in more appropriate tools such as _____________.
Windows.old
If you are re-installing Windows over the top of an existing Windows 7, you can look for previous data in a ________________ folder and might be able to recover files.
System Configuration Boot settings
If you are troubleshooting a system that keeps using Safe Boot or boots to a command prompt, check ___________________________________.
Safe Mode with Networking
In Windows, an Advanced Options menu choice that starts Windows without several drivers and components and loads only very basic, non-vendor-specific drivers for mouse, video, keyboard, mass storage, and system services. It also displays in low resolution. The difference between Safe Mode and Safe Mode With Networking is that the latter will launch networking components. (11)
Safe Mode with Command Prompt
In Windows, an Advanced Options menu choice that will start Windows without the Windows GUI (EXPLORER.EXE) and with only a simple Command Prompt window from which you can launch Windows administrative utilities. (11)
Program Files (x86)
In a 64-bit Windows environment, this is where 32-bit apps are stored.
%privileged time / %user Time
Object : Processor If overall processor time is over 85% for sustained periods, compare these which measure system processes and software applications, individually.
store app
Installing a ___________________ app does not require UAC or computer admin-level privileges.
Safe mode
Loads only basic drivers and services required to start system.
Compare commit charge to physical memory
Multiply it by 1024
Trojan Horse
Principal threat to a PC. Software whose malicious purpose is concealed so that it can steal data or provide remote access to the host or network.
Ctrl - Shift - Esc
Quickest way to open Task Manager
Application Log
Records events logged by programs.
Setup Log
Records events when applications are installed
Objects
Resources, such as memory and disk are collected into ___________ which have counters, representing difference performance statistics.
Program Compatability Wizard
Right click shortcut or exe to launch this wizard that helps resolve compatability issues.
Successful Audit Event
Security access attemps that were successful.
Failure Audit Event
Security access attempts that were unsuccessful-- possible security breach or mistyped password.
User data files
System Restore does NOT restore or delete ___________________ files.
WinSxS
System files and shared program files are maintained and version controlled in the ________________system folder.
No boot device found/ invalid boot disk error
System has completely failed to boot
boot manager
The VBR (volume boot record) loads bootmgr.exe which is the ______________.
Services, System Configuration
The __________________ tab lets you choose specifically which services are configured to run at startup, along with the date service was disabled.
winload.efi
The ____________________,the windows loader file for .efi, is read by bootmgrfw.efi and reads the BCD to determine whether to show boot menu an for location of windows loader.
Tools Tab, System configuration
The ______________________ tab in system configuration contains shortcuts to admin utilities like System Information, Configuring UAC, Registry Editor and so on.
msconfig
The ________________________ tool is frequently used to test configurations for diagnostic purposes, rather than to permanently make configuration changes..
Removable Hard Drive
The best option for a backup disk is usually a _______________________.
Boot Configuration Data (BCD)
The boot manager reads information from the _______________________, which ID's system operating system.
ntuser.dat
The file containing user-specific registry entries in a user profile.
power-on self-test (POST)
The first job the basic input/output system (BIOS) performs, ensuring that essential peripheral devices are attached and operational. This process consists of a test on the video card and video memory, a BIOS identification process (during which the BIOS version, manufacturer, and data are displayed on the monitor), and a memory test to ensure memory chips are working properly.
Preserve any data being processed.
The first priority when an app crashes is to ________________.
System Configuration Utility
The graphical user interface version of MSCONFIG.
Processes Tab
This Task Manager tab allows you to se which applications might be using or over-using system resources.
Startup Tab
This Windows 10 Task manager tab allows you to disable programs added to the Startup folder.
System Protection
The system restore feature can be configured in the __________________ tab of System Properties.
Temporary Files/Folders
Try to give process time to become responsive and try to decide if you need to recover data from _________________.
1. Malware infection 2. Corruption of driver or other system files
Two most likely causes of display failure at logon
taskkill /pid processid or taskkill /im ImageName
Type this command to run taskkill and ends specified programs and services.
application, security, application, and setup .evtx
What are the 4 system log files?
winload.exe
What is the name of the boot loader software used in Windows Vista and later releases of the Microsoft OS?
1. Wait for system to complete. 2. If System continues to be unresponsive, restart service or kill the task process. 3. If killing the process doesn't restore system performance, try restarting the computer. 4. If the service or process becomes unresponsive again after restarting, disable it and check with the software vendor for known problems.
What steps do you take if you identify a Windows Service running within svchost.exe?
Check connections to disk
What to check if SSD or HD fails to boot
Uninstall, the reinstall
When you cannot identify a problem, the generic solution is to ___________________.
Kill the process
When you have done all you can do to preserve crashing data, ____________________.
Services
Provide Windows OS functionality including logon, browsing the network, or indexing file details to optimize search.
Performance Tab
Provides graphs to show how system resources are used.
Event Viewer and/ or Services
Where would you check if you see the message "One or more services failed to start" during Windows load sequence?
Task Manger
Where would you look to determine if any resources are at 90-100% utilization?
Processes
Which Windows 10 Task Manager tab allows you to expand each app or background process to view sub processes?
ntuser.dat ntuser.dat.log ntuser.ini
Which files would you exclude from copying to the new profile?
%systemRoot%\System32\Winevt\Logs
Which folder are the default system logs stored in?
Admin rights are required to end processes not started by the user.
Why might a Task Manager not end an application when requested by an ordinary user?
print spooler
3. Restart the ________________ service.
Driver Updates
4. Check for any _________________ or known issues.
%systemroot%\system32
Windows 64-bit shared system files (DLLs and EXEs) are stored in _______________ , the same system folder as 32-bit versions of Windows.
Permissions
5. Check ________________ configured on the printer.
bootrec
A Windows Recovery Environment troubleshooting and repair tool that repairs the master boot record, boot sector, or BCD store. It replaces the fixboot and fixmbr Recovery Console commands used in Windows XP and earlier operating systems.
System File Checker (SFC)
A Windows utility that verifies and, if necessary, refreshes a Windows system file, replacing it with one kept in a cache of current system files.
tasklist
A command-line version of the Task Manager
Data Sources (ODBC)
Allows a client application to share data from a server application.For example, an Excel spreadseet could be set up with a data connection to an SQL Server.
svchost.exe
Windows Update/Installer, Superfetch/Prefetch catching engine, and Windows Defender often run within which Windows service and cause slow system performance?
bootrec /fixmbr
Command to fix the Master Boot Record on a physical drive
Windows Resou
Windows mechanism to prevent damage to or malicious use of system files and registry keys/files.
Windows Memory Diagnostic
Windows tool that to test memory chips for errors.
Warning Events
Events that may indicate future problems such as system running low on disk space.
Boot menu
If more than one OS is installed, the boot manager shows a _____________.
User profile
If system is slow to load desktop folowing logon, the issue could be a corrupt ___________________.
graphics adapter
If system will boot to GUI in safemode, replace the _______________ driver_.
Repair or Recover Windows Installation
If system will not boot to GUI at all, then you will probably need to _________________.
Press F8 after POST to open Advanced Options menu.
How do you disable automatic restarts option?
Set Priority submenu
How do you privilege one task over another in task manager?
System Properties --> Advanced --> Performance Settings button
How would you increase pagefile manually if it is running out of space?
Create a new account and copy filesfrom the old to the new one.
How would you rebuild a local user profile?
Event logs
IF app crashes continually, check the _________________________ for any possible causes.
Kernel Memory
IN Task Manager, this displays physical and paged memory used by Windows core files.
Lab
Ideally, applications should be tested in a _______________ environment before being deployed widely.
1. Check that modules are seated correctly. 2. Remove all the modules but one and reset. Use process of elimination. 3. If a known-good module is reported faulty, problem likely lies in motherboard.
If Memory Diagnostic returns errors, what steps should you take?
Safe Mode
If System Restore or Startup Repair do not work and you cannot boot to a log on, try to boot to ___________________ to determine if the problem is with drivers later in startup.
System Files
If a core Windows service is affected check ___________________ and scan the disk for errors and malware.
CPU / Power Problem
If a system halts without any error messages, there is likeyl to be either a ___________________________ or _________________.
application or file specific problem
If a test page print is successful, then there must be an ___________________.
Reinstalling
If an app service is affected, try __________________ the app.
SFC (system file checker)
If blank screens occur frequently, you can use ______________ to verify system file integrity and check video drivers.
Modifying settings
If chkdsk does not detect disk, enter system setup and try ___________________.
diskpart
If disk is not detected, you could also use _______________ command to ensure that the system partition is marked as active and that no other partitions have been marked as active.
Startup Repair Tool
If disk is reported by firmware, but Windows will not boot, use a ________________ to open a recovery mode command prompt and use bootrec.
recdisc
If you don't have product media, you can make a system repair disk from Windows using the _______________ tool.
View --> Select Columns
If you suspect an application is misbehaving, you can see more details in Task manager by selecting ______________________.
Physical Memory
In Task Manager, this displays usage of system ram, not including pagefile.
System summary
In Task Manager, this shows handles, threads, processes, system uptime, and the commit charge.
Processes /Details
In Windows 10, Applications and Processes Task Bar tabs are consolidated across the _____________ and ______________ tabs.
Verbose vs normal status messages
In Windows 7 , enable ____________________ to show long status messages during the Windows load sequence.
Advanced Boot Options
In Windows 7, press F8 during startup after the memory count to display the _________________.
Startup, System Configuration
In Windows 7, the _____________ tab controls the shortcuts that have been placed in the Startup folder.
Reset
In Windows 8 and 10 there is a _____________ option that tries to repair the installation by re-copying system files and reverting all PC settings to the default. This remove desktop apps, but preserves data files and apps installed via Windows Store.
Task Manager
In Windows 8 and 10, use __________________ to disable startup items.
Shift
In Windows 8/10 , hold the ____________ key when selecting the restart option from POWER Menu to display troubleshooting options.
Display highly detailed status messages
In Windows 8/10 enable _____________________ to show long status messages during Windows load sequence.
Firmware set to use USB to boot
Modern cause of boot failure
Faulty hardware or Hardware Drivers
Most BSoD are caused by either ________________ or _______________.
System Ram
Most applications require at least 2 GB of ___________________.
Floppy disk in drive at restart
Most common caue of complete boot failure
Master Boot Record (MBR)
Legacy BIOS firmware scans the ________________ in the first sector of the disk.
Privileges
Make sure that the service has sufficient __________________.
Virtual Memory Manager
Manages the memory mappings and assignments to prevent system from running out of memory and crashing.
Startup repair
Once in System Recovery, if boot files are damaged, you can use the ______________ option to try to fix them.
kernel
Once winload has loaded the kernel, hal, and boot device drivers, control is passed to the _________________ which initializes and starts loading the required resources.
COM OLE
One example of this allows an Excel spreadsheet to be saved within a Word document or a custom software application.
Security Log
One of the logs in Event Viewer. It records security events, such as when users enter incorrect passwords.
Last Known Good Configuration
Option on the Advanced Startup Options menu that enables your system to revert to a previous configuration to troubleshoot and repair any major system problems.
Turning off advanced compositing effects.
Problems with the Aero desktop compositing engine and older software can be solved by _______________________.
winlogon
Process that begins once kernel loads resources and allows user to authenticate Windows login.
kernel, hardware abstraction layer, and boot device drivers
Winload begins Windows boot process by loading these three objects ______________________.
Affected other services
Verify that disabling one service has not inadvertently ______________.
Compatibility Mode
a group of settings that can be applied to older drivers or applications that might cause them to work in Windows using a newer version of Windows than the one the programs were designed to use.
SVGA
Safe Mode defaults to ______________ resolution.
Error Event
Significant problems, such as service failures and device conflicts
Component Object Model (COM)
Software interface used to allow interprocess communications and dynamic object creation using different programming languages
Networking tab
Task Manager tab that shows status and utilization of network adapter(s). Shown as a percentage of link.
taskkill
Tasklist command that can be used to end processes and services.
tasklist /svc
Tasklist command that shows a list of services within each process.
tasklist /fi "memusage gt 150000"
Tasklist command that shows processes using more than 150MB
hal.dll
The Hardware Abstraction Layer dynamic link library allows the OS kernel to communicate with hardware.
manually
The first step when trouble shooting services is to try to start the service ______________.
Commit Charge
The overall amount of memory that has been assigned to running processes
Applications and Services Logs
Where are other non-system logs stored?
Restore Points
These are created automatically in response to application and update installs.
Counter Logs
These logs allow you to collect statistics about resources (memory, disk, processor) and can help you determine system helath performance.
Trace logs
These logs collect statistics about services, providing you with detailed reports about resource behavior. Essentially an extension of Event Viewer.
Administrative Tools or Windows Preinstallation/Recovery Environment
Where are the two places you can go to run Windows Memory Diagnostic?
C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu
Where are user-specific shortcuts stored?
File ----> Options, Edit ---->Preferences or Help
Where in a program would you go to find software configuration options?
Advanced tab
This System Properties tab includes the following options : configures desktop visual effects, virtual memory, foregroound /background memory, startup and recovery options, environment variables, and user profiles
WOW64
This acts as the emulator for allowing 32-bit applications to run seamlessly on a Windows 64-bit OS
Default Programs
This applet sets programs you wish to use for a particular task or to configure individual file associations.
Windows Performance Monitor
This can be used to provide real-time charts of system resources or log info for long-term analysis of computer performance.
services.msc
This command opens the services window in this window, services can be started, stopped, restarted enabled and disabled
/f switch
This tasklist switch terminates the process without any user notifications and will also terminate it even if it is currently displaying dialog box.
Defragment your disk and set max and min sizes of the pagefile to same value.
To ensure that pagefile uses contiguous disk space, you will need to _____________________.
Advanced Boot Option , System Recovery
To recover system using a backup image, use the __________________ or the __________________.
NTFS
To use System Protection, the disk must be formatted with _____________ and have a minimum 300 MB free space and be over 1 GB in size.
show processes from all users
To view system level processes in task manager, you must select the __________________ option.
C:\Programdata\miscrosoft\Windows\Start Menu\Programs
Where is the Start Menu template stored?
Roll back Driver
Use this feature of Device Manager when an updated device driver causes problems.
Running the program as administrator
User Account Control problems associated with software designed for Legacy Windows can be solved by _______________________.
Printing a test page
User the printer's property dialog box to try ______________________.
Write/modify permissions
Using GPO, _________________________ on folders where executable files are installed are restricted to admin-level accounts.
Read/Execute permissions
Using GPO, a user must be granted ____________________ over the directory where the application will be installed.
chkdsk
What command to run if OS missing/ not found
Ntoskrnl.exe
What is the file name given to the Windows kernel?
GUID Partition Table (GPT)
With an EFI boot, following POST, the firmware reads the ______________________ on the boot device.
Boot, System Configuration
You can change the default OS, add boot options, and set timeout value in the __________ tab of the __________________. (2 terms)
Backup and Restore applet
You can create a system image using the _____________________ applet in Control Panel.
System Properties , System Protection
You can manually create Restore Points from the ____________________ and clicking on ________________________.
Remote Settings
_______________ tab enables or disables connections to the local PC from another PC via Remote Assistance or Remote Desktop.
Information Events
include three activities: recording data about operating events, maintaining reference data that are important to the organization, and reporting useful information to management and other decision makers.