Windows XP has taken Windows 2000’s Microsoft Management Console (MMC) a step further. Some of the Windows 2000 utilities have been redesigned to be only available through the MMC as a ‘snap-in.’ The Services control panel applet, Disk Management, and Device Manager have now been integrated into the MMC. Even when launched as a separate entity, they still load MMC first. The MMC is a fully customizable utility for organizing commonly used administrative functions. Computer Management, as discussed in Chapter 26, is a preconfigured MMC with the most common utilities already ‘snapped-in.’ With only two clicks of the mouse, you are able to access the Device Manager, Services, Disk Management, or many other common administrative tools. Simply right-click My Computer, choose Manage, and Computer Management appears. It is always important that you know the Microsoft way to access utilities, as it is more likely to appear on the test than the aforementioned shortcut method. You would simply navigate to Start (or Settings, for ‘Classic Start Menu’ users) > Control Panel > Administrative Tools > Computer Management.
In this chapter, we will discuss the new, as well as improved, Windows system utilities.
Device Manager has always been an invaluable tool for troubleshooting Windows systems. Windows XP includes a similar version of Windows 2000’s Device Manager; and just like in Windows 2000, it is only available as a Microsoft Management Console snap-in. It features a new utility called Roll Back Driver. If you install an upgraded or alternate driver over an existing one, Windows XP will backup the old driver in case there is a problem. At any time, you may access a device’s driver Properties pane and choose to revert to the older driver (see Figure 28.2). Obviously, this is a worthwhile addition to existing troubleshooting methods. To access Device Manager, navigate to Control Panel > System > Hardware tab > Device Manager button, or use Computer Management under Accessories > Administrative Tools, or Control Panel > Administrative Tools.
Figure 28.2: The enhanced Driver tab featuring the new Roll Back Driver.
As with Windows 2000, Windows XP offers advanced Driver Signing options that will prevent unapproved device drivers from being loaded by unauthorized users. The Microsoft Driver Signing (also known as Windows Logo Testing) standards are much more rigorous and stress testing than ever before. This is to ensure compatibility and stability regardless of computer configuration. You may choose to ignore, warn, or completely disable unsigned driver installations. The default setting is ‘warn,’ which displays a dialog requesting action when an unsigned driver installation is attempted. You may then choose the system default through this Properties pane. To access the Driver Signing Properties page, visit System Properties either through the Control Panel or by right-clicking on My Computer and choosing Properties. Once you are in System Properties, you should choose the Hardware tab, and then you will see the Driver Signing button.
As discussed in Chapter 26, the Microsoft Management Console is a handy way to centralize your administrative tasks. Windows XP has modified several existing standalone applications to be only accessible as a snap-in. Event Viewer, Disk Defragmenter, Disk Management, Device Manager, Local Users and Groups, Performance Logs and Counters, and Services are only available in Windows XP through the MMC. You can open a blank MMC window by choosing Start > Run, typing “MMC” in the Open box, and then pressing OK. You may add the aforementioned tools or several other advanced administrative programs by selecting File > Add/Remove Snap-in.
Windows XP Home Edition does not include Backup by default. You can install it by delving deep into the installation CD-ROM. Navigate to X:\Valueadd\msft\ntbackup\ (where X is the drive letter for the CD-ROM drive you are using) and launch NTBACKUP.MSI. It may be listed as just NTBACKUP if file extensions are not enabled. The Windows XP Professional Backup has a Start Menu shortcut in the System Tools folder under Accessories.
Once you have launched Backup, you will see that the opening interface is very simplistic, even in Advanced Mode. There are three wizards on the main dialog page that will allow you to perform a backup, a restore, or create an Automated System Recovery image. After the wizard, Advanced Mode has a lot of options for customizing your backup or restore routine, including scheduling automatic backups. The test is most likely going to focus on the different backup types rather than the Backup application itself. The first two of the following backup types are specific to certain software (in this case, Windows XP Backup), but it is important to understand these as well as the last two, which are industry standard types:
Normal: This type of backup has no special criteria other than the selection of specific files; and after each file is archived, the ‘Archive’ attribute bit for each file is set to an unchecked state. All attributes for a file or folder are viewed by right-clicking on a file and selecting Properties, then Advanced (if necessary).
Copy: This type of backup is exactly the same as Normal, except that it does not clear the Archive attribute for each file once complete.
Incremental: Incremental is an industry-standard term for files that have been created or modified since the last backup. When you create a file or modify an existing one that has been backed up previously (which clears its Archive attribute), Windows automatically turns on the Archive bit for that file, telling the backup software that it needs to be backed up again. After each file is backed up using Incremental, the Archive bit is cleared again.
Differential: Differential is also an industry-standard term, and it performs the same as Incremental, except that the Archive bit is not cleared, much like Copy.
Note | It is very important to remember from Chapter 26 that NTFS and FAT are not compatible file systems. NTFS contains extended features, such as compression, encryption, and security permissions. All of these extended attributes will be lost during the copy from NTFS to FAT. Long file names and regular attributes such as Read-Only and Archive will be retained, however. |
System Restore, first introduced in Windows Me, is a valuable tool for ‘turning back the clock.’ Think of System Restore as an expanded ‘Last Known Good configuration.’ Windows Me and Windows XP keep track of certain ‘milestones’; for example, if you install a new driver or use Windows Update to upgrade system software, Windows will create a ‘Restore Point’ that allows you to revert back to a previous date’s Registry configuration (including replaced files) in case of a problem. You may also create a Restore Point at any time you wish. It is found in the Start menu under Accessories > System Tools. You are presented with a calendar that contains system Restore Points for each milestone.
You can disable or re-enable System Restore by visiting System Properties, either in Control Panel > System, or by right-clicking on My Computer and selecting Properties. You will see a System Restore tab that allows you to disable it completely or adjust the amount of hard drive space (for each drive letter) that will be used to backup files during each milestone. The more hard drive space you allocate, the more fault tolerance your system will have. If there is not enough allocated hard drive space, certain files may be excluded from backup; System Restore becomes much less effective in this situation.
Windows Imaging Architecture (WIA) is a new standard set forth by Microsoft for imaging devices (e.g., scanners or digital cameras) to communicate directly with the operating system. It was first introduced in Windows Me, and it offers internal support for many popular cameras and scanners. It provides a much more simplified interface for scanning or downloading digital images than TWAIN. According to the TWAIN group, TWAIN is not actually an acronym, but rather a take-off on the Kipling quote, “never the twain shall meet.” It implies that the hardware and the imaging software will never directly communicate, but a device driver acting as a middleman will relay information and messages. TWAIN is the standard driver type for the majority of imaging devices prior to Windows Millennium. WIA is Microsoft’s replacement for TWAIN.
As with all Windows NT-based operating systems, Event Viewer is a vital tool for troubleshooting software, hardware drivers, and services failure. You can find the Event Viewer in Administrative Tools in the Control Panel.
All events are logged to disk and time-stamped for organization. There are three main categories of events: Application, Security, and System. Under Application, you will find errors and warnings having to do with setup programs (such as with InstallShield or the installer service for Microsoft, MSI) and regular applications (e.g., crashes, missing data, etc.). If you double-click on an entry, data useful for troubleshooting will appear, usually followed by a Web site address to Microsoft.com that will either attempt to explain the event in more detail or lead you to a fix or solution for a particular known issue. If you are looking for a particular log in any of the three sections, you should use Filter, which is found in the View pull-down menu.
In the Security section of the Event Viewer, you will find successful and unsuccessful logins, as well as items chosen by the administrator to be ‘audited.’ By default, security logging is turned off. You can use Group Policy to enable security logging. To do this, navigate to Administrative Tools in the Control Panel and choose Local Security Settings (see Figure 28.3). The main two items of importance to the Security log are listed under Local Policies, and they are called Audit Policy and Security Options. For example, if you enable Failure auditing for the Audit logon events in the Audit Policy subcategory, Security logs will be created in the Event Viewer when a logon error occurs.
Figure 28.3: Enabling Auditing with Local Security Policies.
Last, but not least, under the System section there will be events pertaining to information or errors from device drivers, services problems, and other Windows XP system components.
For computers configured as a domain controller, there will be two additional logs: Directory Service and File Replication. They will probably not be important for the test. Domain Name System (DNS) computers will also record a DNS server log.
Since Windows 98, MSCONFIG has been an advantage to all technicians due to its compact interface and optimized layout. The first thing you will notice about it is that you are able to quickly select the type of start-up from the very first tab (General). This has always been helpful, because it is the first step to narrowing the spectrum of possibilities for a given issue. If there is a software problem in the system, the first step is usually to disable third-party or background software to ensure that it is not user software that is causing the particular problem. You can do so by choosing Selective Startup on the General tab and then fully unchecking the Load Startup Items box. This is a three state checkbox. If you have used MSCONFIG before, and you previously visited the Startup tab and disabled specific items, then your Load Startup Items checkbox will be checked but grayed out. It is not disabled; however, it means that there are specific items that are loading and specific ones that are not. If you were to completely uncheck this field, MSCONFIG would forget which particular items you had chosen to load, and it would completely unload all items. If you see a grayed checkbox, you should visit the Startup tab and write down the items that are not checked. That way, if you have to clear the Load Startup Items checkbox, you will be able to restore your old configuration when you have solved your problem. More will be discussed about MSCONFIG in the troubleshooting section of this chapter. The General tab also has a button called Expand File . . . that will extract files from Windows XP installation media or any location on your hard drive.
Diagnostic Startup causes Windows XP to interactively load device drivers and software when you restart the system. All Microsoft Services (e.g., networking, plug-and-play, Event Logging, etc.) are temporarily disabled in this mode.
Note | Diagnostic start-up permanently deletes ALL System Restore points. |
On the SYSTEM.INI and WIN.INI tabs, you are able to specifically disable, enable, or rearrange lines from those particular files. SYSTEM.INI commonly contains 386-Enhanced virtual device and legacy device driver entries, such as text mode fonts, keyboard and display drivers, and password lists (PWL files). WIN.INI contains Windows and software settings that have not yet migrated to the Windows Registry. These files are mainly used for backward compatibility with 16-bit and old Windows programs.
The BOOT.INI tab contains options for starting the operating system, such as the paths to each Windows operating system you may have. You are also able to enable special options such as a safe VGA video driver (/BASEVIDEO) or specify the type of Safe Mode launch (/SAFEBOOT). You may change the amount of time Windows XP gives you to make an operating system selection by modifying the Timeout value.
The Services tab contains individual check marks for all services, including third party. Unchecking a service is the same as selecting Disabled for a service’s properties in the Services section of Computer Management. There is a handy checkbox available for hiding all Microsoft services. This way, you can easily see third-party services. During troubleshooting, it is often wise to disable third-party services that are not required for your computer to function.
The last tab, Startup, contains the items from the Registry that are going to launch whenever Windows XP boots. You may specifically disable or enable start-up items here. If there is a start-up item that has been removed during an upgrade from a previous version of Windows, you will be able to use the button marked Restore Startup Programs . . . to bring them back. Windows XP Setup commonly disables start-up items that it knows have been replaced with newer software, such as an entry for Windows 9x power management or video driver utility software (not to be confused with the actual driver).
Windows XP includes an interesting tool called Remote Desktop for troubleshooting a remote computer. Other common uses for it are accessing your data or controlling a machine from a remote location, such as an office computer while you are out of the office. The computer you are going to control is known as the host computer. The computer you will connect from is called the client. Your client computer can have Windows 9x or Windows NT 4.0 and higher installed, provided that it has the Remote Desktop Connection client software installed. The host computer you will be controlling must have Windows XP Professional installed. Obviously, an Internet or network connection is required.
In order for a remote computer to connect for Remote Desktop session, the Administrator or a user from the Administrator group must have enabled it. Right-click on My Computer, select Properties, and choose the Remote tab. You must check the checkbox with the text “Allow users to connect remotely to this computer” under the Remote Desktop section. After that, it is advisable to select the remote users that will be connecting to the machine, unless you are the Administrator or part of the Administrator group.
Both Windows XP Home and Windows XP Professional install the Remote Desktop client software by default. If you are running a previous version of Windows, such as Windows 98, then you will have to insert the Windows XP Home or Windows XP Professional CD-ROM into the drive and select Perform Additional Tasks from the autorun menu. Then you will choose Set up Remote Desktop Connection. Follow the on-screen directions, and the client will be installed.
Once you have enabled Remote Desktop on the host and installed client software on a Windows-based client machine, you are ready to set up a virtual private network connection or remote access service connection to the host machine. Navigate to Start > Programs (or All Programs) > Accessories > Communications > Remote Desktop Connection. At the prompt screen, you will enter either the Universal Naming Convention (UNC) name (e.g., \\CRAYTON; the \\ is optional) or an IP address. You may either choose to connect or refine your parameters by choosing “Options >”. Options will show you many new settings, including display settings, audio settings, and user name, password, and domain settings. Choose Connect and the Log On to Windows dialog pane should appear to request your user name, password, and optional ‘domain’ (if you have not specified them already in the advanced Options area). You now have control over the host computer. The remote host computer will be locked so that no passersby can see what you are doing to it. Local users will still be able to log on if they have a proper user name and password.
Remote Assistance is similar to Remote Desktop, but with a few exceptions. It is an interactive connection in which the host computer will display what the client computer is controlling. Remote Assistance also requires that there be someone at the host computer to send an invitation for a connection. To use Remote Assistance, both computers must either be running Windows XP Home or Windows XP Professional. Remote Assistance can happen in one of three ways:
If both machines have Windows Messenger installed, you can navigate to the Tools menu of Windows Messenger and choose Ask for Remote Assistance. All online contacts will be displayed with their e-mail addresses. If your friend accepts the invitation, you will be prompted for confirmation. Although the remote computer will have temporary control over your machine, you will still be able to end the session by clicking on the Stop Control button or by pressing the escape (ESC) key. The person you chose to control your machine will receive a password confirmation dialog to initiate the Remote Assistance session. After that, they can either watch your display or chat with you, or they can click on Take Control to begin controlling your computer.
Remote Assistance can also begin via e-mail. Click Start > Help and Support. When the Help and Support Center opens, you will choose “Invite a friend to connect to your computer with Remote Assistance” under the Ask for assistance heading. Click Invite someone to help you, and then enter the e-mail address of the person you are inviting. Choose Continue, and enter your name and a brief summary of the issue. For security reasons, you are able to set an expiration date for this session, which will disallow Remote Assistance connections after that date. You must also specify a password, which you will have to give to the person in a separate communication. Choose Send Invitation. Your friend will receive an e-mail with an attachment. They must open the attachment, enter the password in the dialog box, and choose Yes.
If you use Web-based e-mail or prefer not to send the request over the Internet, you may save the request to a file. During the e-mail type of Remote Assistance (step 2, above) you may opt to Save Invitation as a file instead of Send Invitation. This way, you could transport the request via another means than e-mail, if you have to. You can also use Web-based e-mail and attach it as a file, avoiding the necessity for Outlook Express (or similar e-mail clients).
Recovery Console is a tool used to repair a damaged system, such as a boot problem. Windows 2000 and Windows XP both have the Recovery Console on their installation CD-ROMs. To use the Recovery Console for Windows XP, simply insert the installation CD-ROM and boot it as you normally would to install Windows XP. Press “R” at the blue screen to repair a Windows XP installation using Recovery Console. You will be prompted to select which installation to repair. Although there is usually just one, this gives you the option to access other Windows 2000 or Windows XP installations. You will then be prompted for the Administrator password. After logging on, you will be at a screen similar to an MS-DOS prompt, but it is actually a CMD.EXE-style prompt. If you type HELP at the prompt, you will be presented with a list of all possible commands. If you type a command followed by a slash and a question mark (e.g., ATTRIB /?) you will be presented with the syntax and options specific to that command.
Although you are logged on as an Administrator, it is more secure an environment than an MS-DOS or command prompt. You are able to:
View the root directory of all disk drives
View the Windows directory and all subdirectories
Access removable media, such as floppy disks and CD-ROM drives
Copy files from a floppy or CD-ROM to the accessible directories
Extract files from cabinet (.CAB) files
Write a new boot sector or write a new master boot record using FIXBOOT and FIXMBR, respectively
Manage disk partitions using DISKPART
List, enable, or disable services using LISTSVC, ENABLE, and DISABLE, respectively
You are not able to do the following:
View any directory or access files in any place other than the root of any drive and the Windows directory
Copy files to a floppy or CD-ROM from the accessible directories
There are eight different attributes possible for files and folders when in the console. Here is a quick run-down of those attributes:
“D” is for directory. Files will show a dash (-).
“A” is for a file or directory that has its ‘archive’ bit turned on (see the previous section on Backup).
“R” is for files and directories that are set to ‘read-only.’
An “H” means the file or directory is hidden.
An “S” on a file or directory means it has its ‘System’ attribute on.
“E” is for encrypted files or directories.
“C” stands for compressed files or directories.
“P” means ‘reparse point.’ Reparse points are special NTFS file stubs that contain user-controlled data. The format of this data is understood only by the program, which stores the data as well as a file system filter that you install to interpret the data and process the file. The test is not likely to ask any questions about reparse points.