OPERATING SYSTEM - an interface between hardware and user which is responsible for the management and coordination of activities

and the sharing of the resources of the computer that acts as a host for computing applications run on the machine driver - interface between the hardware and OS kernel - supervisor of the OS krnl32.dll - kernel in w98 ntoskrnl.exe - kernel in NT DLL (dynamic link library) - Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems. These libraries usually have the file extension DLL, OCX (for libraries containing ActiveX controls), or DRV (for legacy system drivers). The file formats for DLLs are the same as for Windows EXE files that is, Portable Executable (PE) for 32-bit and 64-bit Windows, and New Executable (NE) for 16-bit Windows. As with EXEs, DLLs can contain code, data, and resources, in any combination.In the broader sense of the term, any data file with the same file format can be called a resource DLL. Examples of such DLLs include icon libraries, sometimes having the extension ICL, and font files, having the extensions FON and FOT. 32 bit OS - can communicate with 32 bit applications and hardware - x86 architecture - ex: xp professional 64 bit OS - ex: vista open source - anyone can modify it or claim ownership - ex: unix closed source - ex: microsoft OSs single user OS multiple user OS CUI (character user interface) - only takes characters, cannot use pointing devices - ex: DOS GUI (graphical user interface) - can use pointing devices and keyboard

SOFTWARE RELEASE LIFE CYCLE a software goes through various phases before it reaches the consumers 1. pre-alpha - not yet feature complete 2. alpha - tests and finds bugs - The alpha build of the software is the build to the internal software testers, that is, people different from the software engineers, sometimes to the public, but usually internal to the organization or community that develops the software. In a rush to market, more and more companies are engaging external customers or value-chain partners in their alpha testing phase. This allows more extensive usability testing during the alpha phase. 3. beta - a nickname for software which has passed the alpha testing stage of development and has been released to users for software testing before its official release. It is the prototype of the software that is released to the public. Beta testing allows the software to undergo usability testing with users who provide feedback, so that any malfunctions these users find in the software can be reported to the developers and fixed. Beta software can be unstable and could cause crashes or data loss 4. RC (release candidate) - a version with potential to be a final product, ready to release unless fatal bugs emerge 5. RTM (release to manufacturing/marketing) - also known as "going gold", is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media. RTM usually does not mean the software is actually released; it would in most cases mean that the software is being released to manufacturers, for pre-installation on ready machines, or for the manufacturer to adjust the software for their manufactured hardware and settings 6. GA (general availability) - is the point where all necessary commercialization activities have been completed and the software has been made available to the general market either via the web or physical media - also called FCS (first customer shipment) solaris - OS released by sun Microsystems *** XP SP2 is the most stable OS 21

service pack - bundle of fixes - stability, performance, and security updates FUNCTIONS OF AN OS 1. memory management 2. file management 3. process management 4. file association 5. drive management application - software that runs in the foreground service - software that runs in the background to change file association: windows explorer > tools > folder options > file types > select the file ext > change MEMORY MANAGEMENT *** memory used to be restricted to 1 MB, split into: 1. reserved memory - 384 KB - used for bios shadowing 2. conventional or system memory - 640 KB - where OS gets loaded (including command.com [DOS]) LIM (lotus intel microsoft) specification - extended memory to another 64 MB called high memory or expanded memory manager (himem.sys) emm386.exe - extended memory manager - swapped high memory area with reserved memory WINDOWS XP *** XP = experience new technology: 1. starter 2. home 3. professional 4. media center 5. tablet pc 6. 64 bit

other editions released in Europe: n xp home n xp professional *** n = not with media player DIFFERENCES BETWEEN HOME AND PROFESSIONAL 1. prof uses domain setup, home uses peer to peer networking 2. prof can be a domain in remote desktop, home can only be a client 3. prof has a backup utility 4. prof has IIS (internet information services) Microsoft's HTTP and FTP Server 5. prof has remote installation service 6. home only supports 1 proc, prof supports 2 7. prof supports converting basic to dynamic disk 8. prof has ASR (automated system recovery) - it creates repair disks by taking a snapshot of the registry 9. prof has multilingual support *** NTs version of ASR is run > rdisk.exe while win 2000 prof has ERD (emergency repair disk) ASR: run > ntbackup > advanced mode XP FEATURES 1. system restore 2. fast user switching 3. windows movie maker 4. security center 5. CD burning software 6. rollback driver 7. compressed zip 8. remote desktop 9. remote assistance 10. start menu 11. wireless networking 12. Bluetooth 13. usb 2.0 support 14. drivers 15. firewall (ICF (internet connection firewall) for sp1 and windows firewall for sp2) 16. automatic updates 17. fax 18. ASR 19. multilingual 22

20. text to speech 21. OSK (onscreen keyboard) 22. windows messenger 4.7 *** win me is the first os with system restore login screens: 1. welcome screen 2. ctrl alt del screen - seen when welcome screen is disabled to go to system properties: 1. start > right click on my computer 2. on keyboard: win key + pause break 3. run > sysdm.cpl 4. start > control panel > system EFS (encrypting file system) - encrypts files stored on the computer's hard drive so they cannot be read by another user, even with physical access to the storage medium ***encrypted folders = green compressed folders = blue remote desktop - accessing another desktop without taking control of the keyboard or mouse, logs the other user off remote assistance - doesnt log the other user off, you can take control of the mouse and keyboard enabling remote assistance and remote desktop: system properties > remote to see OS info: run > winver to access computer management: run > compmgmt.msc *** usb 2.0 support started in win xp sp1 SERVICE PACKS 1. SP1 - .net framework - java runtime environment - usb 2.0 support - sata support 2. SP2 - windows firewall - wireless networking services

- automatic updates in control panel (can be scheduled) - security center in control panel - stable OS 3. SP3 - network access protection (network resources can only be accessed if theyre compliant) - background intelligent transfer service - credentials security software provider - blackhole router detection - product key-less install - remote desktop protocol 2.1 DISC BASICS

basic disk - allows you to partition drives into primary, extended, and logical drives - can be upgraded to dynamic disks, however when this is done the disk cannot easily be downgraded to a basic disk again dynamic disk - involves the use of a single partition that covers the entire disk, and the disk itself is divided into volumes or combined with other disks to form volumes that are greater in size than one disk itself - provide the capability for software implementations of RAID *** disks usually start with the boot sector but dynamic disks have a different structure. they have 1 MB at the end of the disk to track the index *** 1 MB is the minimum space needed to convert a disk to dynamic

redundant. A RAID 0 array requires a minimum of two drives

RAID 1 (mirroring) - mirrors the contents of the disks, making a form of 1:1 ratio realtime backup. The contents of each disk in the array are identical to that of every other disk in the array. A RAID 1 array requires a minimum of two drives

MBR (master boot record) - executable code - partition table - partition signature - error messages ways to partition a disk: 1. fdisk - fixed disk 2. disk management 3. installation disk fdisk: 1. create a partition (primary partition, extended partition, and logical drives) 2. set a partition as active 3. delete dos (fat16/32) and non dos (ntfs) partitions 4. view partition details ***using fdisk will allow you to create 1 primary and 1 extended partition (23 logical drives) *** fdisk cant create non dos partitions *** using the installation disk will allow you to create up to 4 primary partitions *** using disk management will allow you to create up to 4 primary partitions or up to 3 primary partitions and 1 extended partition (23 logical drives) *** extended partition will not have a drive letter unless you create a logical drive mountable volume - a folder in a drive that act as a volume 23

dark blue - primary partition light blue - logical drive black - unallocated space dark green - extended partition light green - free space in extended partition DOS - command.com - external commands: have extensions (ex: format.com, fdisk.exe, xcopy.exe) internal commands: no extension (ex: cd, md, copy, cacls, ren) RAID - redundant array of independent disks
RAID

RAID 5 (striping with pairing) - combines three or more disks in a way that protects data against the loss of any one disk - uses block-level striping with parity data distributed across all member disks

hardware

software

5 striping with pairing

striping

mirroring

to access disk management: run > diskmgmt.msc active partition - where the boot files reside. you may have other OSs installed in other partitions but all their boot files will still be in the active partition - also called boot partition 24

RAID 0 (striping) - distributes data across multiple disks in a way that gives improved speed at any given instant. If one disk fails, however, all of the data on the array will be lost, as there is neither parity nor mirroring. In this regard, RAID 0 is somewhat of a misnomer, in that RAID 0 is non-

REGISTRY - large database of hardware and software settings - hierarchal representation of hardware and software settings with full configuration details registry hives: 1. SAM (security accounts manager) - usernames and passwords 2. security 3. system 4. software 5. default *** registry hives are located at c:\windows\system32\config registry editors: 1. regedit 2. regedt32 differences between regedit and regedt32: 1. regedit has a left-side tree view that begins at "My Computer" and lists all loaded hives. regedt32 has a left-side tree view, but each hive has its own window, so the tree displays only keys 2. regedit represents the three components of a value (its name, type, and data) as separate columns of a table. regedt32 represents them as a list of strings 3. regedit supports right-clicking of entries in a tree view to adjust properties and other settings. regedt32 requires all actions to be performed from the top menu bar 4. regedit supports searching for key names, values, or data throughout the entire registry, whereas regedt32 only supports searching for key names in one hive at a time 5. Because regedit was directly ported from Windows 95, it does not support editing permissions. (Permissions do not exist on Windows 9x). Therefore, of the two, only regedt32 can access the full functionality of an NT registry 6. regedit only supports string (REG_SZ), binary (REG_BINARY), and DWORD (REG_DWORD) values. regedt32 supports those, plus expandable string (REG_EXPAND_SZ) and multi-string (REG_MULTI_SZ). Attempting to edit unsupported key types with regedit on Windows 2000 or Windows NT 4.0 will result in irreversible conversion to a supported type

registry root keys: 1. HKEY_LOCAL_MACHINE - stores settings that are specific to the local computer - contains four subkeys, SAM, SECURITY, SOFTWARE and SYSTEM 2. HKEY_CLASSES_ROOT - stores information about registered applications, such as file associations and OLE Object Class IDs, tying them to the applications used to handle these items 3. HKEY_CURRENT_USER - subset of hkey_users, stores settings that are specific to the currently logged-in user 4. HKEY_USERS - contains subkeys corresponding to the hkey_current_user keys for each user profile actively loaded on the machine, though user hives are usually only loaded for currently logged-in users 5. HKEY_CURRENT_CONFIG - contains default configuration settings for the computer - contains information gathered at runtime; information stored in this key is not permanently stored on disk, but rather regenerated at the boot time *** hkey = handle the open key to create registry backup: file > export > select location to save file > save setting permission to a registry key: 1. select a key > edit > permissions 2. right click on key > permissions to go to backup utility: run > ntbackup *** backup of registry hives are located at c:\windows\repair *** microsoft kb 307545 is an article on how to recover from a corrupted registry that prevents Windows XP from starting 25 types: 1. clean install 2. repair install 3. parallel install 4. upgrade

XP INSTALLATION 1. download and save sp3.exe on c: 2. create 2 folders named xp and sp3. save contents of setup cd on xp folder 3. extract sp3.exe on sp3 folder using the ff dos commands: cd.. (until you get to c:\) sp3.exe -x-c:\sp3 4. merge extracted sp3 and setup files using the ff dos commands: cd sp3 cd i386 cd update update -s:c:\xp 5. burn contents of xp folder on a cd ENVIRONMENT VARIABLES to go to c:\windows: run > %systemroot% to go to temp folder: run > %temp% to change variable path: system properties > advanced > environment variables > select variable > edit to access system restore: run > c:\windows\sytem32\restore\rstrui.exe *** you can create a new variable for rstrui so you can access it just by typing %rstrui% in run instead of typing the whole path TYPES OF USER PROFILES 1. mandatory - documents saved on profile (desktop) are lost once you log off but files saved on c: is retained 2. local - changes made on profile (desktop) are retained locally once you log off (will not be accessible from other pcs in the network) 3. roaming - changes are saved across the network (can be accessed through any pc in the network) to check what type of profile you have: system properties > advanced > user profiles > settings 26

phases: 1. collecting information 2. dynamic update 3. preparing installation 4. installing windows 5. finalizing installation to open cmd during installation: shift+f10 ways to uninstall service pack: 1. c:\windows\$NTwindowsspins 2. control panel 3. c:\windows\NtServicePackUninstall$\spuninst\ spuninst.exe minimum system requirements for xp: (recommended requirement is twice the min) HD - 1.5 GB RAM - 64 MB proc - 300 MHz videocard - svga modem - 15 kbps windows update - done manually - gives you an option to either do custom or express install - start > all programs > windows update automatic update - automatically downloads all updates - control panel > automatic updates - system properties > automatic updates tab *** its possible to convert from fat32 to ntfs (or fat16 to fat32) without losing data but you cant convert backwards dos command to convert fat32 to ntfs: convert driveletter:/fs:ntfs dos command to convert fat16 to fat32: cvt driveletter:/cvt32 SLIPSTREAMING - merging sp with setup cd

documents and settings - where settings pertaining to a particular user are saved BOOT PROCESS booting - bootstrapping process that starts operating systems when the user turns on a computer boot sequence - initial set of operations that the computer performs when the power is switched on boot loader - typically loads the main OS for the computer XP BOOT PROCESS 1. initial 2. boot loader 3. kernel 4. logon phases INITIAL PHASE computer is switched on power good signal POST 3 components of POST: 1. video test - initializes video adapter 2. bios identification - displays bios version and manufacturer 3. memory test - tests the memory, displays a running sum of installed memory POST gives power supply to critical and non critical devices, gives an error or beep code if theres anything wrong with any critical device cmos settings are loaded bootup instructions BOOT LOADER PHASE files required to boot to XP: 1. \NTLDR - initializes boot loader 2. \NTDetect.com - detects and initializes any hardware device attached on the system 3. \Boot.ini - tells you if you have more than one OS and if you do, it gives a screen to select OS 4. \Windows\System32\HAL.dll - hardware abstraction layer - contacted by kernel to get information about the hardware

- the only file that gets modified during the boot process - translates info ntdetect gives to NTLDR so it can understand it 5. ntuser.dat 6. ntbootdd.sys after POST, control is given to first boot device if HD is the first device, control is given to track 0 sector 1 of physical disk 1 and loads MBR MBR (master boot record): - executable code (446 B) - partition table (64 B) - partition signature - 55AAh (2 B) - errors (2 B) NTLDR is missing NTLDR is compressed error loading the operating system if floppy is the first device, control is given to track 0 sector 1 and loads PBR PBR (partition boot record) - boot sector of the active partition - has a jump code to locate and load NTLDR OS pointer looks for NTLDR and initializes it NTLDR loads boot.ini boot.ini only responds if user presses F8 (then it gives the advanced boot menu) or if you have more than 1 OS (then it gives the OS selection screen) the boot.ini file uses the ARC (advanced RISC computing) naming conventions to specify the locations of the operating systems if boot.ini doesnt respond, NTLDR loads NTDetect.com which collects a list of currently installed hw components and returns the list to NTLDR which will later be used to create the hw key in the registry components detected include: bus/adapter type, video adapters, communications ports, parallel ports, floating-point coprocessors, removable media, keyboards, and pointing devices if NTDetect finds more than 1 hardware profile, it would ask user to select a profile, otherwise win xp will load by using the default profile system hives are loaded, if system hives are not found it gives an error c:\windows\system32\config\system not found 27

NTLDR loads NTOSKRNL.dll KERNEL INITIALIZATION PHASE 1. phase 0 - initializes just enough of the microkernel and executive subsystem so that basic services required for the completion of initialization become available - builds all subsystems of kernel - disables all interrupts and loads drivers 2. phase 1 - begins when HAL is called and gives kernel direct access to hardware - activates interrupt controller that list all the drivers - device drivers are initialized LOG ON PHASE displays XP progress bar screen SMSS (session manager subsystem) loads win32k.sys to be able to move from normal logon mode to protected mode (32 bit mode) loads winlogon.exe to get login screen loads MSGINA.dll to get graphics winlogon.exe loads LSASS (local security authority subsystem) which updates the SAM SAM verifies if username and password are correct, if they are it pulls up the users registry entries and loads his profile after a successful logon, an entry is made to the last known good control set MSGINA - microsoft graphical identification and authentication

error loading operating system - if the boot sector cannot be read after 5 retries - resolved by repairing boot sector invalid partition table - if any boot indicator in the MBR has a value other than 80h or 00h or if more than one boot indicator indicates an active partition (80h) missing operating system - if the boot sector can be read but missing 55AAh as the last 2 bytes of the boot sector FAT: press any key to restart 1. NTLDR is missing - if NTLDR is not found 2. disk error - if NTLDR is on a bad sector - resolved by using chkdsk NTFS: press CTRL ALT DEL to restart 1. a disk read error occurred - if NTLDR is on a bad sector 2. NTLDR is missing - if NTLDR is not found 3. NTLDR is compressed - if NTLDR is compressed - resolved by uncompressing or replacing NTLDR windows could not start bec the ff file is missing or corrupt: \winnt root\system32\ntoskrnl.exe - if the c:\winnt directory is not found NON ROM BASIC - SYSTEM HALTED - if youre lacking an MBR or a valid signature - resolved by repairing MBR black screen, blinking cursor - microsoft kb 314503 - occurs if one of the ff elements are corrupted: MBR, partition tables, boot sector, NTLDR boot.ini missing recovery console > bootcfg /rebuild hal.dll missing recovery console > expand c:\i386\hal.dl_ c:\windows\system32 bootcfg /rebuild (or do repair installation) to repair boot sector: recovery console > fixboot 28

standby - gives power supply to RAM but not on other devices hibernate - takes away power supply to all components and everything is captured on hiberfil.sys and pulls up that data when you turn the pc back on BOOT PROCESS ERRORS OS not found - if partition signature entry is wrong or if no active partition is found - resolved by using a disk editor like Disk Probe

to repair MBR: recovery console > fdisk /MBR to replace NTLDR: recovery console > copy d:\i386\ntldr c:\ to replace ntdetect.com: recovery console > copy d:\i386\ntdetect.com c:\ DEVICE MANAGER - manages all the devices and drivers how to access: 1. run > devmgmt.msc (msc = microsoft service console) 2. system properties > hardware > device manager 3. windows key + pausebreak > hw > dm 4. run > sysdm.cpl > hw > dm 5. run > compmgmt.msc > dm features: 1. install a driver 2. uninstall a driver 3. update a driver 4. roll back a driver 5. look for driver details 6. check or all info related to your resources and change them 7. option to view devices by resources or type 8. error symbols: yellow question mark - driver is not installed black exclamation mark on a yellow circle - driver is not properly installed or is corrupted red x - driver is disabled or there are conflicting devices CONTROL PANEL types of view: 1. category 2. classic *** green check next to driver means its digitally signed to access driver signing options: system properties > hardware > drivers > driver signing

to go to add or remove programs: run > appwiz.cpl bandwidth throttling technology cookies - for session tracking SSL - secure socket layer TLS - transport layer security to access user accounts: run > control userpasswords2 terminal services - service that make fast user switching work to access group policy: run > gpedit.msc ACCESS CONTROL LIST - assigning permissions to folders and files - a list of permissions attached to an object. it specifies which users or system processes are granted access to objects, as well as what operations are allowed to be performed on given objects UNC (universal naming convention): \\computer name\share name ways to share folders/drives: 1. right click folder > sharing and security 2. right click folder > properties > sharing *** to be able to see the options to share or do not share, you have to go to tools > folder options > view > uncheck use simple file sharing REMOTE DESKTOP prerequisites: 1. network connection 2. OS with remote desktop (xp pro and up) 3. enable RD in system B (system properties > remote) 4. RD is allowed in firewall (control panel > win firewall > exceptions > allow) 5. user in system B must be an admin or part of RD users group (run > compmgmt.msc > local users & groups > groups > double click administrators (or remote desktop users)) 29

6. remote desktop help session manager is set to automatic in services.msc to be able to access your local devices while using remote desktop, click on options, local resources tab, under local devices put a check on drives, printers, and serial ports to check if current user is an admin: run > syskey > (if encryption key is enabled, then user is an admin) ways to access remote desktop connection: 1. run > mstsc 2. start > all programs > accessories > communications > remote desktop connection REMOTE ASSISTANCE prerequisites: 1. network connection 2. OS with remote desktop 3. enable RD in system B 4. RA is allowed in firewall to access remote assistance: start > all programs > remote assistance NT BACKUP veritas - backup used by microsoft on server OSs ways to access NT backup: 1. start > run > ntbackup 2. start > all programs > accessories > system tools > backup prerequisite: user must be part of admin or backup operators group types of backup: 1. normal - backs up selected files and marks each file as backed up 2. copy - backs up selected files but does not mark any as backed up

3. incremental - backs up selected files only if they were created or modified since the previous backup 4. differential - backs up selected files only if they were created or modified since the previous backup but does not mark them as backed up 5. daily - backs up only files that were created or modified today DISK MAINTENANCE TOOLS DISK CLEANUP - takes away all unwanted files and compresses old files to free up hd space ways to access disk cleanup: 1. start > all programs > accessories > system tools > disk cleanup 2. run > cleanmgr 3. right click drive > properties > general tab > disk cleanup CHECK DISK - checks integrity of disks for any bad sectors and marks it as bad, if theres any file residing on it, it will move it on a good sector - in 98/me its called scan disk to access scandisk: start > programs > accessories > system tools > scandisk ways to access check disk: 1. right click drive > properties > tools > error checking > check now 2. run > chkdsk c: 3. run > cmd > chkdsk c: *** to see list of switches, type chkdsk /? DEFRAG (defragmentation) - reduces the amount of fragmentation in file systems. It does this by physically organizing the contents of the disk to store the pieces of each file close together and contiguously - decreases slack and wear & tear and improves fetch time fragmented files - occurs when parts of files are stored in different places in the hd prerequisites: 1. user should be an admin 30

2. there should not be any open applications other than the defrag window ways to access defrag: 1. run > dfrg.msc 2. start > all programs > accessories > system tools > disk defragmenter 3. right click drive > properties > tools > defragmentation > defragment now MSCONFIG - system configuration utility - maintenance and diagnostic utility - a utility to troubleshoot the Windows startup process - modifies which programs run at startup, edits certain configuration files, and simplifies controls over Windows services ways to access msconfig: 1. run > msconfig 2. c:\windows\pchealth\helpctr\binaries\ msconfig tabs: 1. general - options for normal, diagnostic, and selective startup - launch system restore, expand file 2. system.ini 3. win.ini 4. boot.ini - arc path, max mem 5. services - hide all microsoft services 6. startup - enable/disable startup items *** vista msconfig has a tools tab *** boot.ini is hidden in c:\ RECOVERY CONSOLE to install recovery console: run > cmd d: cd i386 winnt32 /cmdcons *** requires 7MB min space DIAGNOSTIC AND TROUBLESHOOTING TOOLS TASK MANAGER - where you can see currently running services and applications ways to access task manager:

1. right click taskbar 2. ctrl alt del (if FUS is enabled) 3. ctrl shft esc 4. run > taskmgr tabs: 1. applications 2. processes - services that are currently running in the system 3. performance - cpu performance 4. networking 5. users to access performance monitor: run > perfmon *** if an application wont end even after clicking on end process: rt click on the application > go to process > rt click on the process > end process tree to connect to another computer: computer management > rt click on computer management > connect to another computer SERVICES - provides a brief description of the service functions and displays the path to the service executable, its current status, startup type, dependencies and the account under which the service is running. It enables users to: 1. Start, stop, pause or restart services. 2. Specify service parameters. 3. Change the startup type which includes Automatic, Manual and Disabled. 4. Change the accnt under which the service logs on. 5. Configure recovery options upon service failure. 6. Export the list of services as a text file or a CSV file. ways to access services: 1. run > services.msc 2. start > control panel > administrative tools > services 3. computer management > services and applications > services tabs: 1. general 2. log on 3. recovery 4. dependencies

DIRECT X - application programming interface that allows windows to enhance multimedia and graphics components: 1. direct graphics (direct draw, direct3d, dxgi, direct 2d, direct write) 2. direct compute 3. direct input 4. direct play 5. direct sound 6. direct music 7. direct media 8. direct diagnostics 9. direct media objects 10. direct setup to access dxdiag tool: run > dxdiag WHQL - windows hardware quality labs SYSTEM INFORMATION - view all information about the system ways to access system info: 1. run > msinfo32 2. start > all programs > accessories > system tools > system information 3. run > winmsd EVENT VIEWER - lets administrators and users view the event logs on a local or remote machine - reports events that have taken place, such as a failure to start a component or complete an action ways to access event viewer: 1. run > eventvwr 2. start > control panel > administrative tools > event viewer 3. rt click my computer > manage > system tools > event viewer 4. run > compmgmt.msc > system tools > event viewer log sources: 1. application 2. security 3. system 31

symbols: x - error i - information exclamation pt - warning SYSTEM FILE CHECKER - allows users to scan for and restore corruptions in Windows system files - scans files using Windows File Protection to access system file checker: command prompt > type sfc prerequisites: 1. user must be an admin or part of admin group 2. installation cd sfc /scannow /quiet /scanonce /cachesize /scanboot /cancel /revert /quit /purge cache - clears all cache files hkey_local_machine > software > microsoft > windows nt > current version > winlogon SYSTEM PROPERTIES ways to access system properties: 1. run > sysdm.cpl 2. start > control panel > system 3. rt click my computer > properties 4. win key + pause brk tabs: 1. general 2. computer name - computer name, network id,switch from workgroup to domain 3. hardware - device manager, driver signing, windows update, hardware profiles 4. advanced - performance, user profiles, startup and recovery, environment variables, error reporting 5. system restore - turn off sytem restore, disk space usage (200MB - 12% partition size) 6. automatic updates 7. remote - enable RA and RD virtual memory - pagefile.sys - win386.swp (in win98) 32

to change size of virtual memory: system properties > advanced tab > performance > settings > advanced tab > virtual memory > change *** min page file size is 1.5 x size of physical memory DR WATSON - allows you to send error messages to microsoft as a file ways to access dr watson: 1. run > drwtsn32 2. system info > tools > dr watson types of errors: 1. user mode - pertains to user 2. kernel mode - to system DLL AND ITS DEPENDENCIES DLL - library of files which can be accessed by any program, can have any of the ff file extensions: ocx, drv, cpl location of dll cache: c:\windows\system32\dll cache types of dll: 1. load time dll 2. run time dll cmdlg.dll - common dialog box dll to register a dll: go to command prompt go to c:\ regsvr32 dllfilename to unregister a dll: regsvr32 /u dllfilename MICROSOFT MANAGEMENT CONSOLE - allows you to create your own console to access MMC: run > mmc to add snap-in: file > add/remove snap-in

*** you can save your console to windows\system32 so you can access it in the run line by typing consolefilename.msc COMPUTER MANAGEMENT 1. system tools - event viewer - shared folders - local users and groups - performance logs and alerts - device manager 2. storage - removable storage - disk defragmenter - disk management 3. services and applications - services - WMI control - indexing service ways to access: 1. rt click my computer > manage 2. run > compmgmt.msc SYSTEM RESTORE - takes a snapshot of the registry when OS loads properly - used when an application or driver failed to start - should not be done if you suspect a virus in the system - allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure ways to access: 1. start > all programs > accessories > system tools > system restore 2. start > run > c:\windows\system32\restore \rstrui.exe 3. start > run > msconfig > general > launch system restore 4. start > run > msinfo32 > tools > system restore *** to enable/disable system restore: system properties > system restore > enable *** disabling system restore deletes all restore points *** SR only keeps restore points for 90 days 33

2 ways restore points are created: 1. created by system itself - when theres a change in registry wrt applications and drivers 2. user manually creates a checkpoint TASK KILL - used to terminate processes (if task manager is disabled) in command prompt, type: tasklist - to view all running processes tasklist /? or taskkill /? - to view all taskkill commands to terminate a process: taskkill /M imagename (put /T after the image name to terminate the entire process tree) ADVANCED BOOT OPTIONS 1. safe mode - only loads minimal drivers (video, mouse, keyboard) - used to troubleshoot driver related issues 2. safe mode with networking 3. safe mode with command prompt 4. enable boot logging - ntbtlog.txt (in c:\windows) tracks all files that got loaded up 5. enable vga mode - screen resolution is 640x480 - for display troubleshooting 6. last known good configuration - restores system to the last time when computer started and shut down correctly 7. directory services restore mode - active directory restore 8. debugging mode - used by programmers for testing 9. disable automatic restart on system failure to be able to install applications in safe mode: hkey_local_machine > system > current control set > control > safe boot > create a new key called MSIserver > change data value to service CACLS - change access control list - utility capable of displaying and modifying ACL on folders and files to see cacls commands: cacls /?

to grant access rights: go to the file directory cacls filename /G user:perm to replace access rights: cacls filename /P user:perm DUN (DIAL UP NETWORKING) prerequisites: 1. telephone connection 2. dial up modem 3. dialer (connectoid) 4. configuration common error codes: 630 - port already in use 676 - busy 678 - no answer 680 - no dial tone 691 - incorrect UN/PW WMP 9 & 10 XP TROUBLESHOOTING 1. enable automatic logon (if cust is on login page and cant login to his accnt) - login using another accnt, go to regedit, hkey_local_machine > software > microsoft > windows NT > current version > win logon > double click on default username and change it to the username you want to automatically logon > rt click on the right pane > new > key > name it as DefaultPassword > rt click on the right pane > new > key > name it as AutoAdminLogon > double click it > change value to 1 2. takes a long time to shut down - hkey_current_user > control panel > desktop > double click wait to kill apptimeout > reduce the value 3. internet connection sharing 4. stop error: unable to load the device driver - go to recovery console > rename the driver to drivername.bak > copy drivername.sys from setup cd to c:\windows\system32 34

5. volume in IDE drive caching enabled is mounted - update service pack 6. unmountable boot volume - connect 40 pin wire - set bios to faster udma - file system may be damaged (do chkdsk /r, fixboot c:) 7. inaccessible boot device - may have a boot sector virus (do fixboot c:) - could be a device driver issue, hard drive issue, or boot volume is corrupted - if youre using scsi hd, you need to install scsi drivers on xp setup 8. stop error during installation of windows - system requirements are not met - need to flash bios 9. computer stops responding with black screen and blinking cursor - remove cd in the cd drive - mbr/partition table/ntldr/boot sector issue - fixmbr, fixboot, repair install 10. 0x80072f8f while doing update - change date and time 11. 0x80070002 license checking issue - hkey_users > default > software > microsoft > cryptography > delete providers key - kb 310794 12. explorer encountered error and needs to close - kb 822797 - uninstall other links from favorites 13. forgotten pw for an accnt created in xp - use hint - log in as admin - pw reset disc 14. hardware device driver fails after running an update - uninstall, reinstall driver - windows update, reinstall driver 15. invalid boot.ini - bootcfg /rebuild (fast detect)

16. missing ntldr in dual boot xp and vista - winre repair 17. mmc cant open device manager - kb 914231 18. nothing happens when you click on system restore - pchealth.inf 19. restoring windows.old - kb 933168 20. setup stops when inspecting computer hw configuration - boot from the hard drive 21. sp installation did not complete (access denied) - get sp from download center - check firewall - reset file permissions 22. windows update is disabled by admin - gpe > administrator templates > disable/enable win update 23. xp restarts when you shut down - sys prop > advanced tab > startup and recovery > disable automatic restart 24. sp3 fails with error: status prerequisite failed - connect laptop to AC 25. to be able to access recovery console without admin pw: - HKLM > software > microsoft > windows nt > current version > setup > set security level to 1

35

36