Microsoft Windows XP Professional Resource Kit 2003
ISBN: N/A
EAN: N/A
EAN: N/A
Year: 2005
Pages: 338
Pages: 338
Windows XP Professional provides tools to help you troubleshoot problems caused by incompatible, missing, or corrupted driver and system files. Helpful tools for troubleshooting system and driver file issues are listed alphabetically in Table D-15. These tools enable you to detect and correct issues caused by problem files, or prevent their installation.
| Tool | Function | Tool Type, Interface |
|---|---|---|
| Driver Query (Driverquery.exe) | Listing information about the drivers on a computer. | Built-in, command-line |
| Driver Signing and Digital Signatures | Maintaining system stability by verifying that device drivers have passed a series of rigorous tests administered by the Windows Hardware Quality Labs (WHQL). | Built-in, GUI |
| Windows File Protection | Scanning protected system files and restoring overwritten files with the correct versions provided by Microsoft. | Built-in, GUI |
Driver signing is a multistage process in which device drivers are verified. For a driver to earn this certification, it must pass a series of compatibility tests administered by the Windows Hardware Quality Labs (WHQL). Due to stringent WHQL standards, using signed drivers typically result in a more stable system. Microsoft digitally signs drivers that pass the WHQL tests and Windows XP Professional performs signature detection for signed device categories, such as the following:
Keyboards
Hard disk controllers
Modems
Mouse devices
Multimedia devices
Network adapters
Printers
SCSI adapters
Smart card readers
Video adapters
A Microsoft Corporation digital signature indicates that a driver file is an original, unaltered system file that Microsoft has approved for use with Windows XP Professional.
Windows XP Professional can warn or prevent users from installing unsigned drivers. If a driver is not digitally signed, the user receives a message that requests confirmation to continue.
Microsoft digitally signs all drivers included with the Windows XP Professional operating system CD. When downloading updated drivers from a manufacturer s Web page, always select drivers that are signed by Microsoft.
Windows XP Professional provides the following tools to help you identify digitally signed files:
File Signature Verification
Driver Signature Checking
System Information
Device Manager
DirectX Diagnostic Tool
Hardware Compatibility List
The File Signature Verification tool (Sigverif.exe) detects signed files and allows you to do the following:
View the certificates of signed files to verify that the file has not been tampered with after being digitally signed.
Search for signed files in a specific location.
Search for unsigned files in a specific location.
To run File Signature Verification
In the Run dialog box, type sigverif.
When you click the Advanced button, the Advanced File Signature Verification Settings dialog box provides additional configuration options on the Search and Logging tabs.
You can specify file search options such as whether to search all drivers or limit the scope of your search by using file name and folder criteria.
You can specify that search results be saved to a file, the log file name to use, and whether to overwrite or append the log file. You can also view the log file by clicking View Log.
File Signature Verification writes information to systemroot\Sigverif.txt, a log that contains the following information about the scanned files:
Name
Modification date
Version number
Signed status
Location (name of catalog file)
Driver Signature Checking enables you detect unsigned drivers before you install them. Using Control Panel, you can set verification levels for driver signature checking to ensure that Windows XP Professional inspects files for digital signatures whenever you install or update drivers.
To enable Driver Signature Checking
In Control Panel, open System.
Click the Hardware tab, and then click Driver Signing.
Table D-16 describes the three levels of file signature verification that appear in the Driver Signing Options box.
| Level | Description |
|---|---|
| Level 0 (Ignore) | Disables digital signature checking. The message that identifies a digitally signed driver does not appear, and all drivers are installed even if they are unsigned. |
| Level 1 (Warn) | Determines whether the driver has passed WHQL testing. A message appears whenever a user tries to install a driver that fails the signature check. |
| Level 2 (Block) | Blocks installation of a driver that fails the signature check. You are notified that Windows XP Professional cannot install the unsigned driver. |
System Information enables you to view a list of signed drivers installed on your system.
To view a list of signed drivers
In the Run dialog box, type msinfo32.exe.
Expand Software Environment, and then click Signed Drivers.
Driver Query (Driverquery.exe) is a command-line tool that displays information about drivers running on your computer.
For more information about using Driver Query to view signing information for drivers, see Driver Query later in this appendix.
Device Manager enables you to verify that Microsoft Corporation has provided or digitally signed a driver for a specific device.
To view driver signing information by using Device Manager
In the Run dialog box, type devmgmt.msc.
Expand a device category. (For this example, expand Floppy disk controllers.)
Double-click Standard floppy disk controller, and then click the Driver tab.
Verify that Driver Provider is listed as Microsoft (for Microsoft-provided drivers) or that Digital Signer mentions Microsoft WHQL (for manufacturer-provided drivers).
The DirectX Diagnostic Tool (Dxdiag.exe) displays file names and properties for multimedia device drivers, such as audio and video. Use this tool to check for beta or unsigned DirectX driver files.
For more information about using the DirectX Diagnostic Tool to view information for multimedia drivers, see DirectX Diagnostic Tool earlier in this appendix.
The Hardware Compatibility List (HCL) is a Web-based searchable database, which is continuously updated as hardware is tested and approved. The HCL lists devices that have been approved for use with Windows XP Professional. For more information about the HCL, see Troubleshooting Concepts and Strategies in this book and the Hardware Compatibility List link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources
Driver Query (Driverquery.exe) is a command-line tool that lists information about drivers running on your computer.
| Tip | Run the Driver Query tool when your system is working properly and then redirect the information to a file. You can use these results as a comparison later if the system has problems with missing or corrupted drivers. |
The information generated by the Driver Query tool can fill several screens, so it is helpful to redirect the video output to a file by using the following syntax:
driverquery > drivers_M-D-Y.txt
In the preceding syntax, M is the numerical month, D is the day, and Y is the year. Keep this file in a safe location or print it and record the date on the page. Comparing Driver Query output files created on different dates can help you determine which drivers have changed.
Table D-17 describes the output from the Driver Query tool.
| Column | Description |
|---|---|
| HostName | The name of the computer queried. |
| FileName | The driver file name shown without path or file name extension information. To list driver file names with the path and extension, use the -verbose parameter. |
| DisplayName | The friendly name of the driver. |
| Description | A description of the driver. This can be the same as the DisplayName. |
| DriverType | The type of driver, for example, kernel or file system. |
The following is output from Driver Query:
Module Name Display Name Driver Type Link Date
============ ====================== ============= ========================
aec Microsoft Kernel Acous Kernel 07/07/2001 09:50:41 AM
AFD AFD Networking Support Kernel 07/16/2001 11:47:08 AM
atapi Standard IDE/ESDI Hard Kernel 07/15/2001 09:02:51 PM
When you specify the /si parameter, Driver Query displays digital signature information for both signed and unsigned drivers. The following is output obtained by typing driverquery /si:
DeviceName InfName IsSigned Manufacturer
============================== ============= ======== ====================
Microsoft AC Adapter battery.inf TRUE Microsoft
Microsoft ACPI-Compliant Contr battery.inf TRUE Microsoft
Microsoft ACPI-Compliant Contr battery.inf TRUE Microsoft
The information in the IsSigned column is useful for troubleshooting because a value of FALSE indicates that a driver has not been approved by Microsoft for use with Windows.
For more information about Driver Query, click Tools in Help and Support Center. For more information about driver signing, see Driver Signing and Digital Signatures in this appendix.
To maintain operating system stability, Windows XP Professional implements the following mechanisms to ensure that software installation programs do not overwrite critical system files:
Windows File Protection (WFP) service
System File Checker (Sfc.exe) tool
The Windows File Protection (WFP) service monitors changes to protected system files. When the WFP service detects that a protected system file has changed, it examines file signature information to determine if the new file is the correct version. If the version is incorrect, the WFP service displays a message similar to the following:
A file replacement was attempted on the protected system file filename. To maintain s ystem stability, the file has been restored to the correct Microsoft version. If problems occur with your application, please contact the application vendor for support.
The WFP service then records an entry to the System log and replaces the invalid file with a backup copy from the systemroot\System32\Dllcache folder. If a backup copy is not found in Dllcache, you are prompted to provide the Windows XP Professional operating system CD or a source file location.
System File Checker (Sfc.exe) is a command-line tool that examines protected system files on your computer and restores the correct versions by using backups stored in the Dllcache folder or files copied from the operating system CD.
Protected files include those with .sys, .dll, .exe, .ttf, .fon and .ocx file name extensions. Due to disk space considerations, storing all protected files in the Dllcache folder might not practical, especially on computers with limited storage space. Therefore, you must be ready to provide the Windows XP Professional operating system CD when prompted to do so.
You can use System File Checker to repopulate the Dllcache folder if the contents become damaged or unusable. To purge and repopulate the contents of the Dllcache folder, in the Run dialog box, type:
sfc /purgecache
You can also specify the protected file cache size by using the following syntax:
sfc /cachesize=x
The value of x represents the number of megabytes (MB) of space to use in hexadecimal notation. For example, to specify 200 MB, type:
sfc /cachesize=C8
| Note | For network-based installations, the WFP service and the System File Checker tool search the network source file directory if the required backup file is not in the Dllcache folder. You must be a member of the Administrators group to purge or change the space allotted for cached protected files. |
For more information about the Windows File Protection service and System File Checker, click Tools in Help and Support Center. Also, see article Q222473, Registry Settings for Windows File Protection, in the Microsoft Knowledge Base. To find this article, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources