a look under the hood chapter 8 the registry is a database that includes settings for: device...
TRANSCRIPT
A Look under the Hood
Chapter
8
The registry is a database that includes settings for: • Device drivers• Services• Installed applications• Operating system components,• User preferences
Avoid directly editing the registry, because you can cause severe damage. The Control Panel applets provide a safe way to edit the registry.
2
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Understanding the Registry
Automatic registry changes occur when: Created during Windows Setup and modified
Windows starts up or shuts down Changes are made with a Control Panel applet A new device is installed Changes to Windows configuration Changes are made to user desktop preferences An application is installed or modified Changes are made to preferences in any application
3
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Understanding the Registry
Viewing the Registry Structure View as a hierarchical structure Use REGEDIT.EXE or REGEDT32.EXE Navigation similar to disk folders root keys — five folders at the top subtrees — root keys and their contents subkey — key that exists within another key value entries — settings within a key
4
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Understanding the Registry
Most of the registry is saved in several Registry files, called hives: SYSTEM, SOFTWARE, SECURITY, SAM, DEFAULT, and NTUSER.DAT. SYSTEM
Information used at startup, including device drivers to be loaded, the order of their loading and configuration settings, the starting and configuring of services, and other settings
SOFTWARE Configuration settings for software installed on the
local computer SECURITY
Local security policy settings for the computer
5
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Understanding the Registry
Registry Files (continued) SAM
Local security accounts database DEFAULT
User desktop settings used when no user is logged on NTUSER.DAT
User profile for a single user The first time a user logs on the NTUSER.DAT file
from the DEFAULT USER folder is used File is saved in the top-level personal folder
6
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Understanding the Registry
Data Types in Value Entries Format of the data within a key Page 383
The Short List REG_BINARY (raw binary shown in Hex) REG_DWORD (double word 4 bytes) REG_EXPAND_SZ (single string) REG_MULTI-SZ (multiple strings REG_SZ (sequence of characters, human readable)
7
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Understanding the Registry
Permanent Portions of the Registry: Registry Hives HKEY_LOCAL_MACHINE\SYSTEM HKEY_LOCAL_MACHINE\SOFTWARE HKEY_LOCAL_MACHINE\SECURITY HKEY_LOCAL_MACHINE\SAM HKEY_USERS\.DEFAULT HKEY_CURRENT_USER and HKEY_USER
Page 383
8
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Understanding the Registry
Temporary Portion of the Registry HKEY_LOCAL_MACHINE\Hardware
contains the temporary portion of the registry, the information gathered during hardware detection during each Windows startup.
It is not saved to a file
9
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Working with Device Drivers
Working with Signed vs. Unsigned Device Drivers Code signing of device drivers (driver signing)
Windows uses file signature verification Administrator can control how Windows reacts
to unsigned drivers
Driver Signing Options Ignore Warn Block
10
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Working with Device Drivers
Disconnecting a Plug-and-Play Device Can disconnect USB and IEE 1394 external
plug-and-play devices while powered up First warn Windows using the Safely Remove
Hardware icon in the System Tray Safely Remove Hardware dialog box Stop a Hardware Device dialog box
11
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Working with Device Drivers
Using Device Manager to Manage Device Drivers View and change device properties Update device drivers Configure device settings Uninstall devices Available since Windows 95 (except NT) Roll back a driver update in Windows XP System | Hardware | Device Manager button
12
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Device Drivers
Working with Device Drivers Code signing is designed to avoid problems caused by badly
written code. It involves a digital signature, provided by Microsoft as a seal of approval of program code.
Windows uses a process called file signature verification to check for code signing, and an administrator can configure what action Windows takes when it detects code that does not contain a digital signature. Configure with the Driver Signing button located on the Hardware page of the System applet.
Step-by-Step 8.01
Getting to Know Device Manager
Page 389
13
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Working with Device Drivers
Hardware Profiles Include registry keys that contain:
Settings defining the devices that must be started during Windows startup
The list of files associated with each device Configuration settings for each device
Profile 1 is created during Windows installation Defines all the existing hardware at the time of
installation Every device is enabled
14
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Working with Device Drivers
Hardware Profiles (continued) On a desktop computer, you will probably always have a
single hardware profile View, create, copy, rename, and modify hardware profiles by
clicking the Hardware Profiles button on the Hardware page in System Properties
If two or more hardware profiles, Windows startup pauses and displays the Hardware Profile /Configuration Recovery menu
Useful on a laptop with a docking stationStep-by-Step 8.02
Experiment with Visual Effects Page 395
15
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Managing Performance in Windows
Windows Performance Settings (continued) Processor Scheduling
Programs Background Services
Memory Usage Programs System Cache
Virtual Memory Custom size System managed size No paging file
16
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Managing Performance in Windows
Performance Monitoring Frequently done on network servers Not usually done on Windows desktop computers Few performance monitoring tools in desktop Oss
System Monitor Gathers and displays performance data Monitors counters belonging to objects Displays results in report, graph, or histogram
Performance Logs and Alerts Create alerts Create counter logs Create trace logs
17
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Windows File Systems
Windows NTFS File System Available since Windows NT, excluding Windows 9x Logical structure: Master File Table Includes a transaction processing system Allocates disk space more efficiently than FAT NTFS5 theoretically supports a volume size of 256TB Actual hardware limit is 2TB Offers file and folder security through permissions Pre-Windows 2000 NTFS is now called NTFS4 Since NTFS4 is supports file compressions NTFS5 supports file encryption and indexing
18
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Windows File Systems
File Systems for CDs and DVDs CD-ROM File System (CDFS) for
CD-ROMS Writeable CDs (CD-R) Rewriteable CDs (CD-RW)
Universal disk format (UDF) DVD ROMs DVD-R DVD-RW
DVD-RAM driver (new in Windows XP) Supports 4.7GB DVD-RAM disk standard
19
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
The Windows Startup Process
Windows Boot and System Files Boot files — reside in the root of drive C: System files — reside in the folder in which Windows is
installed (default location is C:\Windows or C:\WINNT) System partition — contains the boot files Boot partition — contains the system files In most cases they are both drive C: Sometimes C: is system and D: or E: is boot
20
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
The Windows Startup Process
Windows Boot Files Located in C:\
BOOT.INI BOOTSECT.DOS (not always present) NTBOOTDD.SYS (not always present) NTDETECT.COM NTLDR
Windows System Files CSRSS.EXE systemroot\SYSTEM32\ Device drivers systemroot\SYSTEM32\DRIVERS HAL.DLL systemroot\SYSTEM32\
21
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
The Windows Startup Process
Windows registry files loaded during system startup DEFAULT The default user profile until user logon SAM The security accounts data base SECURITY The security hive of the registry SOFTWARE The software hive of the registry SYSTEM The system hive of the registry
22
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
The Windows Startup Process
Phases of the Startup Process Phase I: Power-on Self-Test
CPU loads BIOS programs beginning with POST POST:
Tests system hardware Determines the amount of memory present Verifies devices required for OS startup are working Loads configuration settings from CMOS memory Briefly displays information on the screen
23
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
The Windows Startup Process
Phases of the Startup Process (continued) Phase II: Initial Startup
CMOS settings used to locate drive with boot files Loads MBR from first physical sector of the hard disk MBR code loads the boot sector from the primary
active partition of the first hard disk Boot code from the boot sector loads NTLDR
24
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
The Windows Startup Process
Phases of the Startup Process (continued) Phase III: Boot Loader Phase
NTLDR (the boot loader) takes control Switches the processor to protected mode Starts the files system code Reads the BOOT.INI file In some cases, displays the OS Selection menu If a Windows NT family OS is selected, NTLDR
remains in control and moves to the next phase
25
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
The Windows Startup Process
Phases of the Startup Process (continued) Phase IV: Detect and Configure Hardware
NTLDR starts NTDETECT.COM NTDETECT.COM scans the hardware and
gives the list to NTLDR for later inclusion in the registry
26
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
The Windows Startup Process
Phases of the Startup Process (continued) Phase V: Kernel Loading
NTLDR looks in BOOT.INI for location of NTOSKRNL NTLDR starts NTOSKRNL.EXE (the kernel) NTLDR passes on the hardware information NTLDR loads HAL.DLL NTLDR loads SYSTEM NTLDR loads drivers required at startup Kernel scans the registry for other components
27
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
The Windows Startup Process
Phases of the Startup Process (continued) Phase V: Kernel Loading (continued)
Kernel loads and initializes the components Kernel starts SMSS.EXE SMSS.EXE loads the kernel-mode Windows subsystem Windows switches from text mode to graphics mode Session manager starts user-mode Windows subsystem Session manager creates pagefile.sys Session manager starts the Windows logon service
28
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
The Windows Startup Process
Phases of the Startup Process (continued) Phase VI: Logon
WINLOGON supports logging on and logging off WINLOGON starts SERVICES.EXE WINLOGON starts LSASS.EXE The Begin Logon prompt appears WINLOGON responds to Ctrl-Alt-Delete by displaying
the Logon to Windows dialog box
29
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
The Windows Startup Process
Phases of the Startup Process (continued) Phase VI: Logon (continued)
User enters a user name and password Logon scripts are run Startup programs for various applications are run Non-critical services are started Programs and services are started from several
locations Various registry settings Startup folders created in the profiles for All Users
and for currently logged on user
30
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
The Windows Startup Process
Modifying System Startup with the BOOT.INI File Contains the locations of systemroot Contains location for system files of an alternate OS Text file that can be edited directly or indirectly
31
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
The Windows Startup Process
Modifying System Startup with the BOOT.INI File (continued) Lines beginning with "Multi" provide location of systemroot.
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft XP" /fastdetect
32
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Troubleshooting Windows Problems
Proactive Tasks Keeping Windows Updated
Windows XP Service Pack 2 Configuring Automatic Update Working with Windows Update
Using Runas Command-line program for running a single command using
a user account other than the one currently logged on. Use when logged on as an ordinary user, and needing to run
a single command requiring administrative rights Step-by-Step 8.03
Create and Test a Runas ShortcutPage 409
33
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Troubleshooting Windows Problems
Create Startup Disks for Windows NT/2000/XP Only contain the boot files Cannot start up Windows completely unless the system files are
located on the hard disk Use when boot files are damaged on the hard drive Start with this disk to bypass the hard disk boot files Format floppy disk in Windows Copy to the floppy: NTLDR, NTDETECT.COM, BOOT.INI, and
NTBOOTDD.SYS (if present)
Step-by-Step 8.04
Creating and Testing a Windows Startup Disk
Page 411
34
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Troubleshooting Windows Problems
Back up Data Files and the Registry Before making changes, back up data files and registry
Back up a portion of the registry using Regedit Back up entire registry using a backup program
Third-party backup programs More options; and a greater variety of media
Windows Backup (NTBACKUP) NT version only backs up to tape Windows 2000/XP versions back up to any hard disk or network
location (providing permissions allows)
Step-by-Step 8.05
Configuring an Alert
Page 414
35
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Troubleshooting Windows Problems Troubleshooting with Event Viewer
Event Logs System Events
OS Components Drivers, services, etc.
Application events Office suites, etc. Windows components that run in the GUI Events recorded by Dr. Watson applet
Security events Only logged if auditing turned on and events selected
36
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Troubleshooting Windows Problems
Troubleshooting with Event Viewer (continued) Configuring and Saving Event Logs Properties for each log file allow setting of maximum
size and action to take when the log file is full Actions: clear each log file, save log file to view
later, open a previously saved log file, and create multiple views
Use context menu of log file to access actions
37
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Troubleshooting Windows Problems
Solving Problems by Modifying the Registry Modified automatically when …
Windows Setup is run A new device is installed A device is configured Changes are made though Control Panel applets A change is made in the OS or an application
Direct Registry modification is part of some problem solutions, only do this when there is no other choice
Step-by-Step 8.06Modifying the Registry
Page 420
38
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Troubleshooting Windows Problems
Last Known Good Configuration Recovery Startup option in Windows NT family of OSs Selects the last configuration changes set before
the last successful user logon How to: Windows 2000 and Windows XP
Press F8 after the POST and before Windows “splash” screen appears
Select Last Known Good ConfigurationStep-by-Step 8.07Using Safe Mode
Page 424
39
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Troubleshooting Windows Problems
Troubleshooting Device Problems Device manager shows a yellow exclamation mark next to
a device with a problem Problem may be hardware, driver, or the ability of the OS
to automatically configure it Double-click device icon to open Properties Use Troubleshoot button to find problem resolution
Step-by-Step 8.08
Working with Device Manager
Page 427
40
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved.
Troubleshooting Windows Problems Recovery Options
Advanced options beyond Safe Mode Emergency Repair Process Recovery Console System Restore Automated System Recovery (ASR)