Chapter: 4

Operating Systems
 Commands And Options To Troubleshoot And Resolve Problems
 MSCONFIG
 DIR, MD / CD / RD
 CHKDSK (/f /r)
 EDIT
 COPY (/a /v /y) and XCOPY
 FORMAT
 IPCONFIG (/all /release /renew), PING (-t -l), TRACERT, NSLOOKUP
 NET
 [command name] /?
 SFC

 MS Windows Directory Structures

 User / System file locations
 Fonts Files
 Temporary files
 Program files
 Offline files and folders

 System utilities / tools

 Disk management tools
 Disk Manager
 System monitor
 Administrative tools
 Devices Manager
 Task Manager
 System Information
 System restore
 Remote Desktop Protocol (Remote Desktop / Remote Assistance)
 Task Scheduler
 Regional settings and language settings

 Evaluate and resolve common issues

 Operational Problems
 System Performance and Optimization
 Aero settings
 Indexing settings
 UAC
 Side bar settings
 Startup file maintenance
 Background processes

1
 Commands for Troubleshooting
You can reach CMD by selecting;
Start >> All Programs>> Accessories >>Command Prompt.

Or
Start >> Run, type CMD.
CMD is a command (cmd.exe) which opens the command prompt window. To return to Windows, type
EXIT and press Enter.

Here’s a summary of the commands .

 CD Serves two purposes.

 CD (Current Directory) shows you the directory that you’re currently in.

 CD (Change Directory) utility changes your current directory to the one given.
An absolute path gives the full path regardless of the directory you’re currently in (for example,
C:\Documents and Settings\All Users).

A relative path tells the utility to change you to a location relative to where you currently are. For
example, if you’re in the C:\Documents and Settings directory, you can move to C:\Documents and
Settings\all users by giving the command CD all users.

With relative addressing, you can use two periods (..) to indicate the parent directory or one period (.) to
indicate the present directory.

 CHKDSK Used to correct logical errors in FAT or NTFS volumes.

 CHKDSK command are /F and /R, which fix/repair the errors they find.

 Without /F or /R, CHKDSK is an information-only command.

 COPY Copies files from one location to another. Here are some examples:

 COPY *.* D:\ copies all files from the current folder to the D: drive (an asterisk is a wildcard for
any character.)

 COPY C:\Windows\Myfile.txt This command copies Myfile.txt from C:\Windows to the

current folder.

2
The COPY Switches

Switch Description

/a COPY that you are working with an ASCII text file

/v verifies that the written file matches the original
/y used to stop the prompts that normally appear asking you if you want to
overwrite an existing file if one by that name already exists in the destination.

 DIR Displays the contents of the current folder.

 DIR ????.* Displays all files that are exactly four letters in name length, with any extension (?
is a wildcard for any one character.)

 DIR /w displays the listing in wide (multicolumn) format, with names only (fewer details).

 DIR /p displays the listing one screenful at a time. Press Enter to see the next screenful.

 EDIT opens the Editor utility, a text editor similar to Notepad.

The EDIT Switches

Switch Description

/B Forces monochrome mode

/H Displays the maximum number of lines possible for your hardware

/R Loads the file(s) in read-only mode

/S Forces the use of short filenames

/<nnn> Loads binary file(s), wrapping lines to <nnn> characters wide

[file] Specifies an initial file to load

3
 FORMAT Prepares media for use by applying a certain filesystem to it. It’s located in the
C:\Windows\System32 folder

The FORMAT Switches

Switch Description

/V[:label] Specifies a volume label

/Q Performs a quick format

/F:size Specifies the formatted size for a floppy disk; omit for default

/B Allocates space on the formatted disk for system files to be added later

/S Copies system files to the formatted disk

/T:tracks Specifies the number of tracks per disk side

/N:sectors Specifies the number of sectors per track

/1 Formats a single side of a floppy disk

/4 Formats a 5¼˝ 360KB floppy disk

/8 Formats eight sectors per track

/C Tests clusters that are currently marked as bad

You can also access a Format utility by right-clicking a drive icon in Windows and selecting Format.

 HELP or /? used to give you the syntax and a short description of any command-line utility you
want information on.

For example; help DIR or DIR /?

 IPCONFIG view the current IP configuration for the client.

 IPCONFIG /all Shows all the information related to the network card(s), not just the summary
information
 IPCONFIG /release renew releases renew the IP address leased from a DHCP server.

If the address displayed falls in the 169.254.x.x category, that means the client was unable to reach the
DHCP server and has defaulted to Automatic Private IP Addressing (APIPA), which will prevent it from
communicating outside its subnet.

In the Linux/unix world, a command is IFCONFIG.

4
 MD Make Directory is used as the name implies.

 MSCONFIG (System Configuration Utility)

Helps troubleshoot startup problems by

allowing you to selectively disable individual
items that normally are executed at startup.

There is no menu command for this utility, so

in Windows XP/Vista/7 , we use;

Start >> Run, type Msconfig.

 NET The capabilities of it differ based on whether it is server- or workstation-based and the version
of the OS

The NET Options

Purpose Syntax

Set account options (password age, length, etc.) NET ACCOUNTS

Add and delete computer accounts NET COMPUTER

See network-related configuration NET CONFIG
Control services NET CONTINUE, NET PAUSE, NET
START, NET STATISTICS, and NET STOP
Close open files NET FILE
Create, delete, and change groups NET GROUP and NET LOCALGROUP
See general help NET HELP
See specific message help NET HELPMSG
See the name of the current machine and user NET NAME
Interact with print queues and print jobs NET PRINT
Send a message to user(s) NET SEND
See session statistics NET SESSION

5
Create a share NET SHARE
Set the time to that of another computer NET TIME
Connect to a share NET USE
Add, delete, and see information about a user NET USER
See available resources NET VIEW

These commands are invaluable troubleshooting aides when you cannot get the graphical interface to
display properly. You can also use them when interacting with hidden ($) and administrative shares that
do not appear in the graphical interface.

The NET command used with the SHARE parameter enables you to create shares from the command
prompt, using this syntax: To share the C:\John directory as SALES, you would use the following
command:

NET SHARE SALES=C:\John

The NET SHARE Options

Parameter Function

/DELETE Stops sharing a folder

/REMARK Adds a comment for browsers
/UNLIMITED Sets the user limit to Maximum Allowed
/USERS Sets a specific user limit

 NSLOOKUP enables you to verify entries on a DNS server.

 PING To check a particular IP address or domain name on a network for reachability. It sends a
series of packets to another system, which in turn sends back a response. This utility can be
extremely useful for troubleshooting problems with remote hosts.
 You can use the -t switch to indicate PING should continue to ping the host without stop- ping
until you break out of it (using Ctrl+C).

 RD To delete/remove a directory.

 You cannot delete a directory that has files in it without using the /S parameter.

6
 SFC (System File Checker) To keep the OS alive and well.

SFC automatically verifies system files after a reboot to see if they were changed to unprotected
copies. If an unprotected file is found, it’s overwritten by a stored copy of the system file from
%systemroot%\system32\dllcache. (%systemroot% is the folder into which the OS was installed.)

Only users with the Administrator permissions can run SFC.

The SFC Options

Parameter Function

/CACHESIZE= Sets the size of the file cache

/CANCEL Stops all checks
/ENABLE Returns to normal mode
/PURGECACHE Clears the cache
/QUIET Replaces files without prompting
/SCANBOOT Checks system files on every boot
/SCANNOW Checks system files now
/SCANONCE Checks system files at the next boot

 TRACERT enables you to verify the route to a remote host.

Execute the TRACERT hostname, where hostname is the computer name or IP address of the computer
whose route you want to trace.
TRACERT provides a road map of all the routing an IP packet takes to get from host A to host B.

TRACERT returns the different IP addresses the packet was routed through to reach the final destination

TRACERT returns the number of hops and amount of time required for each routing hop.

 XCOPY This command is like COPY, but it also duplicates any subfolders.

7
 MS Windows Directory Structures
1. User Files
The user account (which authenticates
the user) and the user profile (which
holds their settings theme, screen saver,
and so on) are two separate things—one
is needed before the other.

The folder of user account is beneath %systemdrive%\Users\ (usually C:\Users\) in Windows Vista/7.
For Windows XP/2000 it is beneath %systemdrive%\Documents and Settings\ (usually C:\Documents
and Settings\).

When settings need to apply to everyone who uses the machine, they can be placed in All Users instead
of being copied beneath each user’s folder set.

2. System Files

Are those used by the OSes and are used by all users. In all the OSes, these files are beneath
%systemroot% and many, such as System32, appear in the default path.

3. Fonts Files

Fonts folder is under %systemroot% (usually C:\). Fontmapper is the routine within Windows that maps
an application’s request for a font with particular characteristics to the available font that best matches
those characteristics.

4. Temporary Files
Is to hold any information that is needed for only a short time. In addition to temporary files used for
print queues, you also have cache from Internet sites and many other programs. We can use Disk
Cleanup utility, to delete temporary files, including the following:

 Downloaded program , Offline web pages, Office setup , Recycle Bin contents, Setup log , Web
client/publisher temporary , Temporary offline , and Offline and Catalog files for the Content
Indexer

8
5. Program Files
Is beneath %systemdrive% (usually C:\), holds the files needed for each of the installed applications on a
machine. Windows Vista also added a Program Data directory, which is hidden by default. It contains the
settings needed for applications and works similar to how the Local Settings folder did in previous OSes.

6. Offline Files
If you've ever needed to access important files stored in a shared folder on your network but couldn't
because your laptop was disconnected from the network, then you can understand the need for offline
files. With offline files, you can access copies of your network files even when your computer isn't
connected to the network.

You can access network files when you're connected to the

network where the files are stored.

You can access local copies of network files when you're not
connected to the network.

 Windows 2000
You can choose to do the synchronization between the copy and the original manually (in Explorer,
choose File >> Synchronize) or automatically (you log on and log off).

 Windows XP
First, you must turn on. To do so, open My Computer and
then choose Folder Options from the Tools menu. When
the Properties dialog box appears, click the Offline Files tab
and check the Enable Offline Files option, you cannot
enable offline files if Fast User Switching is enabled.

Synchronization is accomplished through the use of

Synchronization Manager (which you access by choosing Tools
>>Synchronize in any Explorer window or by typing mobsync in
the Run box).

9
To disable offline file storage, uncheck the Enable Offline Files option.

 Windows Vista
The two biggest modifications are the inclusion
of the Sync Center and the restriction of offline
file support to the Business, Enterprise, and
Ultimate versions. If you do not have one of
these versions, you will not have the ability to
access the Offline Files tab or do any
configuration.

Access it by choosing Start >> Control Panel >>

Network and Internet.

Sync partnerships can be set up with a

large number of devices, ranging from a flash
drive to handheld devices.

Note :
You cannot sync with network folders if you are using Windows Vista Starter, Home Basic, or Home
Premium editions.

Establish a partnership with the device you want to sync with in Sync Center.

10
 System Utilities and Tools
With the Windows OSes, you can choose to use either FAT32 or NTFS. The advantage of NTFS is that it
offers security and many other features that FAT32 can’t handle. You can configure indexing, archiving,
encryption, and compression settings.

Note : Convert utility can change FAT32 to NTFS.

 Disk-Management Tools

 DEFRAG
The more files are read, added to, and rewritten, the more fragmentation (affecting performance) is
likely to occur. The Disk Defragmenter utility (DEFRAG) is the best tool for correcting fragmentation.

Disk Defragmenter reorganizes the file storage on a disk to reduce the number of files that are stored
noncontiguously. This makes file retrieval faster, because the read/write heads on the disk have to move
less.

You can go to Start menu (Start >> All Programs>> Accessories >>System Tools >>Disk Defragmenter).

The available switches for the command-line version (defrag.exe) include the following:

-a Analyze only

-f Force defragmentation even if disk space is low

-v Verbose output

If we run Analyze, we can check the volume

and recommend an action, If you choose View
Report, you can see the files that are most
fragmented in successive order.

11
 NTBACKUP

With 2000/XP, you can access from the System Tools

menu, or from the Tools tab in a hard disk’s Properties
box. Then you can;

• back up files in a compressed format, so the backups

take up less space than the original files would if they
were copied.
• restore the backup (you must use the same utility
again but in Restore mode).

Five backup type choices are available:

You can also perform backups from the command line by using the ntbackup.exe executable. You can’t
restore files from the command line with this utility, however. Options include the following:

/A Performs an append (adds the new backup to the end of the existing one).

/F Identifies the disk path and filename.

/HC:{on|off} Toggles hardware compression on or off.

/J Signifies the job name.

/M Must be followed by a backup type name: copy, daily, differential, incremental, or normal.

/N Signifies a new tape name; can’t be used in conjunction with /A.

/P Signifies the media pool name.

/T Followed by the tape name, this specifies which tape to overwrite or append to.

/V:{yes|no} Toggles whether to do verification after the completion of the backup.

The Backup utility in each of the different versions of Windows has different capabilities, with
newer versions having greater capabilities.

12
 Disk Manager
Allows you to perform such actions as resizing a drive or changing the drive letter.

To access this tool, right-click on Computer (or My Computer). From the menu, choose Manage, and
then click Disk Management.

 An active partition is the one that is bootable—the one that the OSes is installed on.

 A primary partition is one that is used by the OS it may or may not be bootable.

 An extended partition is used to hold files and is secondary to the primary. There can be only one
extended partition on a hard drive, but it can be further divided into logical drives.

 Performance Tool
Windows XP/2000 is divided into two sections.

1. System Monitor allows you to gather real-time statistics about what the system is doing right
now in chart format (the default), histogram format (similar to a bar chart), or report format.

2. Performance Logs and Alerts let you record data to create and compare with a baseline (to
get a long-term look at how the system is operating) or to send administrative alerts when
thresholds are reached.

Vista/7 Instead has the Reliability and Performance Monitor.

13
 Administrative Tools
1. Event Viewer provides information about
what’s been going on system-wise, to help
you troubleshoot problems. Event Viewer
displays warnings, error messages, and
records of things happening successfully.

2. Computer Management is the shell that such tools as Disk Management plug in to; it is a
predefined Microsoft Management Console (MMC). It provides a common interface that allows you to
perform all the actions that can be done separately within one location.

Computer Management also has the Storage area, which lets you manage removable media,
defragment your hard drives, or manage partitions. Finally, you can manage system services and
applications.

3. Services The more operations your system is

trying to perform, the more it must juggle
between operations. For this reason—not to
mention security—you should limit the services
running on a system to only those that you
want. Unfortunately, many services are often
installed by default, and you have to remove or
disable them.

To interact with services, access the

Administrative Tools You can right-click any
service and choose to start, stop, pause, resume,
or restart it.

4. Performance Monitor In Windows XP/2000 is divided into two sections:

1. System Monitor allows you to gather real-time statistics about what the system is doing right
now.

2. Performance Logs And Alerts let you record data to create and compare with a baseline (to get
a long-term look at how the system is operating) or send administrative alerts when thresholds are
reached. You can use this tool to identify problems with objects. If you want to watch memory, for
example, the object to monitor is Memory, and the counters to watch include the following:

 Committed Bytes If this number always exceeds the physical RAM by more than a few
megabytes, you probably don’t have sufficient RAM.

 Pages/Sec This number should be less than 100; a higher value mean the system is RAM
starved.
Note: You can also gather memory statistics by using Task Manager.

14
 Device Manager
Shows a list of all installed hardware and lets you add items, remove items, update drivers, and more.

In Windows 2000/XP;
you display the System Properties >> Hardware >> Device Manager.

In Windows Vista;
You can choose Start >> Control Panel >> System And Maintenance, System >> Device
Manager. Or you right-click on Computer >> Manage >> Device Manager.

State of the device ;

 A black exclamation mark in yellow - device is in a

problem state.
 A red X - device is disabled.
 A blue “i” in white - device does not automatically.

 Task Manager
Shows running programs and the system resources they’re consuming. Its most often used to shut down
a nonresponsive application.

There are 3 common ways to display the Task Manager.

1. Press Ctrl+Alt+Delete and click the Task Manager button.

2. Right-click in an empty location on the Taskbar and choose Task Manager from the context menu.

3. Hold down Ctrl+Shift and press Esc.

5/6 tabs can seen depends on OS.

 Applications tab; you can click one of them and then

click End Task to shut it down. (only as a last resort).
 Processes tab to see all processes—not just
applications—running,
 Performance to see CPU, paging, memory, and other
parameters.
 Processes tab, you can choose to change the priority
for it.
 Networking tab shows usage for all found connections,
 Users tab shows the current users and lets you
disconnect them, log them off, or send them a
message.

15
 System Information

You can use MSINFO32.EXE. System

Information is divided into System
Summary.

 System Restore
It allows you to restore the system to a previous point in time.

You can access it from Start >> All Programs >> Accessories >> System Tools >> System Restore and use
it to roll back to, as well as create, a restore point.

Windows XP creates a restore point automatically every 24 hours, as well as when you install
unsigned device drivers or install (or uninstall) a program with Windows Installer or Install Shield. By
default, restore points are kept for 90 days.

16
 Remote Desktop and Remote Assistance.
Allows you to remotely connect to your workstation and use it for a variety of purposes—This utilizes
the Remote Desktop Protocol (RDP), and two elements are involved:

 Turning on the ability to access remotely

 Accessing remotely

Remote Desktop.
To setup;

Access the System Properties >> Remote >> Allow Users

To Connect Remotely To This Computer.

To access;

Select Start >> All Programs >> Accessories>>

Communications, >> Remote Desktop Connection.

mstsc.exe can be used in XP/Vista/7

To connect;

You must enter the IP address or computer name of the host using a valid username and password.

Remote Assistance.
This can help an administrator or other support
person troubleshoot problems with the machine
from a remote location.

The local user must invite the remote technician to

connect for this to work and the local user can
terminate the session at any time.

msra.exe can be used in Vista/7

17
 Task Scheduler

Allows you to configure jobs to automatically run unattended.

1. Select Start >> Programs (or All Programs) >>Accessories >> System Tools, and choose
Scheduled Tasks.

2. Double-click on the Add Scheduled Task icon. To start the Wizard.

3. A list of applications appears. From the list, choose the application you want to run.

4. Specify how often the program is to run, and provide the name that you want to call the job—
Daily,weekly,monthly,one time only, when the computer starts and when you log on.

5. After choosing the frequency, you must specify parameters related to it.

6. Because the job will be running in unattended mode, you must provide the name and password
of a user who has authorization to run this job.

7. A verification screen shows what you have configured. Click Finish to complete the task.

 Regional Settings
Allows you to customize the user location and keyboard layout.

18
 Diagnostics and Troubleshooting
Startup
The programs to begin at startup can be configured through the msconfig.

For 2000/ XP - You can also Right-clicking the Start>>Open>>Programs And Startup (appear here are
few).

For Vista/7 - You can also Right-clicking the Start>>Properties>> Customise (appear here are few).

Recovering OSes

1. Recovery Console (RC)

Is a command-line utility used for troubleshooting. From it, you can format drives, stop and start
services, and interact with files.

To install it, use the following steps:

1. Place the Windows CD in the system.

2. From a command prompt, change to the i386 directory of the CD.

3. Type winnt32 /cmdcons.

4. If you want to continue. Click Yes.

Then the RC is added as a menu choice.

To perform this task, you must give the administrator password.

You’ll then arrive at a command prompt. You can give a number of commands from this prompt, two of
which are worth special attention: EXIT restarts the computer.

HELP lists the commands you can give.

19
Recovery Console Commands

Command Purpose

ATTRIB Shows the current attributes of a file or folder, and lets you change them.
BATCH Runs the commands within an ASCII text file.
CD/CHDIR Used without parameters, it shows the current directory. Used with
parameters, it changes to the directory specified.
CHKDSK Checks the disk for errors.
CLS Clears the screen.
COPY Allows you to copy a file (or files, if used with wildcards) from one location
to another.

DEL Deletes a file.

DELTREE Recursively deletes files and directories.
DIR Shows the contents of the current directory.
DISABLE Allows you to stop a service/driver.
DISKPART Shows the partitions on the drive, and lets you manage them.

EXPAND Extracts compressed files.

ENABLE Allows you to start a service/driver.

FIXBOOT Writes a new boot sector.

FIXMBR Checks and fixes (if possible) the master boot record.
FORMAT Allows you to format a floppy or partition.

LISTSVC Shows the services/drivers on the system.

LOGON Lets you log on to Windows 2000.

MAP Shows the maps currently created.

MD/MKDIR Makes a new folder/directory.
MORE Shows only one screen of a text file at a time.

RD/ RMDIR Removes a directory or folder.

REN/ RENAME Renames a file or folder.

SYSTEMROOT Works like CD but takes you to the system root of whichever OS installation
you’re logged on to.

TYPE Displays the contents of an ASCII text file.

During the installation of the RC, a folder named Cmdcons is created in the root directory to hold the
executable files and drivers it needs. A file named Cmldr, with attributes of System, Hidden, and Read-
Only, is also placed in the root directory.

If you want to delete the RC, you can do so by deleting the Cmldr file and the Cmdcons folder, and
removing the entry from the Boot.ini file.

20
2. Automated System Recovery-ASR (Windows XP only)
It’s possible to automate the process of creating a system recovery set by choosing the ASR Wizard on
the Tools menu of the Backup utility.
You can click (Start >> All Programs >> Accessories >> System Tools >> Backup). This wizard walks you
through the process of creating a disk that can be used to restore parts of the system in the event of a
major system failure.

The default name of this file is BACKUP.BKF; it requires a floppy disk (becomes a bootable - which can
be weakness/hard to come by these days).

3. Emergency Repair Disks-ERD (Windows 2000 only)

The Windows Backup and Recovery Tool/Wizard allow you to create an ERD. To repair a portion of the
system in the event of a failure.

It require a blank, formatted floppy disk. If you don’t choose to save the Registry, the following files are
placed on the floppy disk: (The disk isn’t bootable)

 SETUP.LOG, CONFIG.NT, AUTOEXEC.NT

This doesn’t leave you much to work with.

If you check the box to include the Registry in the backup, the floppy disk contains the preceding
files plus the following:

 SECURITY._, SOFTWARE._, SYSTEM._, DEFAULT._, SAM._, NTUSER.DAT and USRCLASS.DAT

The user profile (NTUSER.DAT) is for the default user; the files with the ._ extension are compressed
files from the Registry. The compression utility used is EXPAND.EXE, which offers you the flexibility of
restoring any or all files. Because this floppy contains key Registry files, it’s important that you label it
appropriately and store it in a safe location, away from users who should not have access to it.

During the process of creating the floppy, the Registry files are also backed up (in uncompressed state)
to %systemroot%\repair\RegBack.

As before, the floppy isn’t bootable, and you must bring the system up to a point (booted) where the
floppy can be accessed before it’s of any use.

ERD does not exist in Vista. The System Restore tab lets you disable/enable and configure the new
System Restore feature in Windows XP and Vista. If you have a system crash, it can restore your data
back to the restore point. You can turn on System Restore for all drives on your system or for individual
drives. Note that turning off System Restore on the system drive (the drive on which the OS is installed)
automatically turns it off on all drives.

21
Common Operational Problems
 Printing Problems
Due to either improper configuration (driver- Local and Network) or actual physical problems.
 Install proper driver.
 You can also solve most problems using the Printing Troubleshooter (select Start >> Help and
Support, and type in Printing Troubleshooter).

 Auto-Restart Errors
If the system is automatically restarting, there is the possibility that it has a virus or is unable to continue
current operations.
 Install virus-detection software on every client (as well as on the server).
 Keep the definitions current, and run them often.

If the problem is with the system being unstable.

 Examine the log files and try to isolate the problem. Reboot in Safe Mode (Disable the Auto restart),
and correct any incompatibility issues. You can also deselect the option of the System (Advanced
tab) in Control Panel to prevent the system from rebooting.

Occasionally, systems reboot when they have been updated. This is a necessary process, and users are
always given warning before the reboot is to occur.

 Blue Screens (Blue Screen of Death)

Become less common. Most of them come from driver problems. Occasionally, systems will lock up;
 You can usually examine the log files to discover what was happening when this occurred.
 Use verifier driver manager

 System Lockup

The difference between a blue screen and a system lockup is whether the dump message that
accompanies a blue screen is present. With a regular lockup, things just stop working. As with blue
screens, these are mostly a thing of the past (the exception may be laptops, which go to hibernate
mode).
 You can examine the log files to discover what was happening.

 Driver Failure

Drivers are associated with devices, and you can access them by looking at the properties for the device
with the two or three most common tabs:

 General Displays the device type, manufacturer, and location. It also includes text regarding
whether the device is currently working properly and a Troubleshooter button to walk you
through diagnostics.

22
  Driver View information on the current driver and digital signer. Three command buttons allow
you to see driver details and uninstall or update the driver.
 Resources Shows the system resources in use (I/O, IRQ, and so on) and whether there are
conflicts.

Use verifier driver manager

 Application Failures

If applications fail to install, start, or load,

 You should examine the log files associated with them to try to isolate the problem. Many
applications write logs that can be viewed with Event Viewer (choose Application Logs).

 Common steps to try include closing all other applications and beginning this one, reinstalling
fresh, and checking to see whether the application works properly on another machine.

Common Error Messages

Event Viewer is the primary tool for finding problems and uncovering what is going on. Other issues that
can occur, however, include problems with booting and system failure.

Booting problems can occur with corruption of the boot files or missing components, and common error
messages include an invalid boot disk, inaccessible boot drive, or missing NTLDR file. Luckily, during the
installation of the operating system, log files are created in the %SystemRoot% and %SystemRoot
%\Debug folders (C:\WINNT for Windows 2000 and C:\WINDOWS for Windows XP and Windows Vista).
If you have a puzzling problem, look at these logs and see if you can find error entries there. With
Windows 2000, for example, the following six files are created:

Comsetup.log This log file holds information about the COM+ installation and any optional components
installed. Of key importance are the last lines of the file, which should always show that the setup
completed. If the last lines don’t show this, they depict where the errors occurred.

Mmdet.log This file is used to hold information relevant to the detection of multimedia devices and
ports. On most systems used for business, this file is very small and contains only a few lines.

Netsetup.log This file differs from all the others in that it’s in the DEBUG folder and not just
%SystemRoot%. Entries in it detail the workgroup and domain options given during installation.

Setupact.log Known as the Action log, this file is a chronological list of what took place during the
setup. There is a tremendous amount of information here; of key importance is whether errors
occurred. The last lines of the file can show which operation was transpiring when the installation failed,
or whether the installation ended with errors. Like all the log files created during setup, this file is in
ASCII text format and can be viewed with any viewer (WordPad, Word, and so on).

23
Setupapi.log This file shows every line run from an INF file and the results. Not only is this file created
during installation, but it continues to get appended to afterward. Of key importance is whether the
commands are able to complete without error.

Setuperr.log The Error log, as this file is commonly called, is written to at the time errors are noted in
other log files. For example, an entry in Setupact.log may show that an error occurred, and additional
information on it will be found in Setuperr.log. Not only are the errors here, but also the severity of each
is given.

You can configure problems with system failure to write dump files (debugging information) for
later analysis when they occur by going to the System applet in Control Panel, choosing the Advanced
tab, and clicking Settings under Startup and Recovery. Here, in addition to choosing the default
operating system, you can configure whether events should be written to the system log, whether an
alert should be sent to the administrator and then type of memory dump to be written.

Diagnostic Tools

 Safe Mode
If, when you boot, Windows won’t come all the way up (it hangs or is otherwise corrupted), you can
often solve the problem by booting into Safe Mode. Safe Mode is a concept borrowed from Windows 95
wherein you can bring up part of the operating system by bypassing the settings, drivers, or parameters
that may be causing it trouble during a normal boot. The goal of Safe Mode is to provide an interface
with which you’re able to fix the problems that occur during a normal boot and then reboot in normal
mode.
To access Safe Mode, you must press F8 when the computer starts/restarts or when the
operating system menu is displayed during the boot process if you have multiple operating systems
installed. A menu of Safe Mode choices will then appear, as listed in Table 8.7. Select the mode you
want to boot into.

Safe Mode Startup Menu

Choice Loaded

Safe Mode Provides the VGA monitor, Microsoft mouse drivers,

and basic drivers for the keyboard (storage system
services, no networking)

Safe Mode With Networking Same as Safe Mode, but with networking

Safe Mode With Command Prompt Same as Safe Mode, but without the interface and
drivers/services associated with it

Enable Boot Logging Creates ntbtlog.txt in the %systemroot% directory

24
 during any boot—normal attempted

Enable VGA Mode Normal boot with only basic video drivers

Last Known Good Configuration Uses the last backup of the Registry to bypass
corruption caused during the previous session

Debugging Mode Sends information through the serial port for

interpretation/troubleshooting at another computer

Boot Normally Bypasses any of the options here

Return To OS Choices Menu Gives you an out in case you pressed F8 by accident.
This option only appears if you have installed multiple
operating systems and/or the Recovery Console

You need to keep a few rules in mind when booting in different modes:

 If problems don’t exist when you boot to Safe Mode but do exist when you boot to normal mode, the
problem isn’t with basic services/drivers.

 If the system hangs when you load drivers, the log file can show you the last driver it attempted to
load, which is usually the cause of the problem.

 If you can’t solve the problem with Safe Mode, restore the Registry from the ERD to a state known to
be good. Bear in mind that doing so will lose all changes that have occurred since the last ERD was
made.

 System File Checker

Is to keep the os alive and well. SFC.EXE automatically verifies system files after a reboot to see if they
were changed to unprotected copies. If an unprotected file is found, it’s overwritten by a stored copy of
the system file from %systemroot%\system32\dllcache. (%systemroot% is the folder into which the
operating system was installed.)

Only users with the Administrator can run SFC. It also requires the use of a parameter.

SFC Options

Parameter Function

/CACHESIZE= Sets the size of the file cache

/CANCEL Stops all checks
/ENABLE Returns to normal mode
/PURGECACHE Clears the cache

25
/QUIET Replaces files without prompting
/SCANBOOT Checks system files on every boot
/SCANNOW Checks system files now
/SCANONCE Checks system files at the next boot

System Performance and Optimization

 The first is the Aero interface.
It is a features of translucent glass design
with subtle window animations and new
window colors.
 Right-click on the desktop>>Personlize

 Indexing
Allow you to configure how the system caches
information that can speed up searches within
Windows. The index, when used, holds
information about files and their properties
(author, date modified, and so on)
 Available from Control Panel>> Go to
Services, and stop Indexing Services.
 Or Control Panel>>Indexing Option.

 UAC (User Account Control)

It has the sole purpose of keeping the user from running programs that could pose a potential
threat by escalating privileges to that of administrator.
 You can click any icon for that program>> Properties>>Compatibility>>check the box Run
This Program as an Administrator.
 Or you can Right-click the program icon>>Run As Administrator.

26
 Sidebar.
It is a desktop gadgets.
 Right-click on an area of it and choose Properties (if the Sidebar is not visible, click Start >> All
Programs >> Accessories >> Windows Sidebar).

 Startup maintenance.
This will allow you to change the location, security, and other settings related to startup.
 Using msconfig.
 Right-click on Start >>Properties.
 Right-click on Start >>All Program>>Properties.

 Background processes
This will show you the processes of application running. Some of them aren't busy working on the
system.
 using Task Manager.

 Performance.
This will show you the visual effects, processor scheduling, memory usage and virtual memory.
 using System Properties>>Advence>>Performances.

Review Questions

1. Which command-line utility displays or changes the attributes for one or more files?

2. You have opened a command window with CMD and now want to close it. What command
should you use to do this?

3. At the command line, what switch can be used with DIR to see the listing one screenful at
a time?

4. You are in the directory C:\Documents and Settings\Johny\photos. Where will the
command cd .. take you?

5. What is the command—and syntax—that should be used to change the G: drive from
FAT32 to NTFS without losing data?

6. Which command is used to start the System Configuration Editor?

7. Which type of backup copies only the files for which the archive bit is currently turned on,
and turns off the archive bit after the files are backed up?

8. When does Windows XP automatically create restore points?

9. What are three ways to start Task Manager?

10. What is the command used to install the Recovery Console from the CD?

27
28
Answers to Review Questions

1. ATTRIB displays or changes the attributes for one or more files.

2. EXIT closes the CMD window.

3. DIR /P display the listing one screenful at a time. Press Enter to see the next screenful.

4. This will take you to the directory C:\Documents and Settings\edulaney.

5. The command is convert G: /FS:NTFS.

6. The command is MSCONFIG. You can start it by going to Start >> Run, and typing MSCONFIG.

7. An incremental backup copies only the files for which the archive bit is currently turned on.
After the files are backed up, the archive bit is turned off.

8. Windows XP creates restore points automatically every 24 hours, as well as when you install
unsigned device drivers or install (or uninstall) a program with Windows Installer or InstallShield.

9. Three ways of starting Task Manager were discussed in this chapter. One way to display the Task
Manager is to press Ctrl+Alt+Delete and click the Task Manager button (if needed). The second way
is to right-click an empty location on the Taskbar and choose Task Manager from the context menu.
The third method is to hold down Ctrl+Shift and press Esc. There are actually more than three. For
example typing taskmgr (or taskmgr.exe) will do the same in the Run dialog box or at the command
prompt.

11. The command is winnt32 /cmdcons.

29
30