a+ study guide (220-702)
DESCRIPTION
This is our study guide for CompTIA's A+ certification exam (220-702). We hope you find this guide useful in your studies. Listed below is the breakdown of the test percentages by domain, which should help prioritize your studying:TRANSCRIPT
A+ Study Guide (220-702)
This is our study guide for CompTIA's A+ certification exam (220-702). We hope you find this
guide useful in your studies. Listed below is the breakdown of the test percentages by domain,
which should help prioritize your studying:
Domain 1.0: Hardware
Domain 1.1: Given a scenario, install, configure and maintain personal computer components
Storage devices
o HDD: Hard drives
SATA: Installation for SATA drives is slightly different than for PATA
drives, as there is no jumper setting necessary – the SATA controller does
the work – and every SATA drive connects directly to a connector; there
is no master/slave relationship with SATA drives. The installation process
is straightforward:
Special note: With this general procedure, as with any procedure
that involves handling components and working inside a computer,
it is imperative the technician take proper ESD precautions before
beginning: wearing a properly fitted wrist strap attached to an
antistatic mat or grounded against the computer chassis; working at
a grounded workstation, preferably on an antistatic rubber mat or
special antistatic carpet; using anti-ESD bags to store components
until needed. See the A+ 220-701 study guide for a more detailed
breakdown of ESD precautions. It is assumed that technicians will
follow ESD precautions as a first step before beginning work in
any and every procedure.
If the tech isn’t sure an internal bay is available, open the system
and check for an open 3.5-inch drive bay.
If a 3.5-inch drive bay is not available but a 5.25-inch drive bay is,
attach an adapter kit and rails to the SATA drive.
Attach the SATA cable to the drive. SATA cables are keyed so
there’s only one way they can be connected.
Slide the drive into the appropriate bay; use screws or snap rails
into place to attach the drive to the bay.
Domain Percentage of Examination 1.0 Hardware 38% 2.0 Operating Systems 34% 3.0 Networking 15% 4.0 Security 13% Total 100%
Attach the power connector to the drive. If an edge connector is
not available, use the Molex-edge connector adapter to convert
one. It may be necessary to purchase a power connector, but
unlikely, since SATA is the current drive standard.
Attach the data cable to the host adapter on the motherboard or
SATA adapter.
Verify correct data and power connections.
Turn on the computer and go into the BIOS if the SATA host
adapter is built into the motherboard. Ensure the SATA host
adapter is activated, save changes if applicable and restart your
system.
If the SATA drive is connected to an adapter card, watch for
startup messages to ensure the host adapter BIOS has located the
drive.
If applicable, install drivers for the OS to enable the SATA drive
and host adapter when prompted.
PATA: For older machines that still use PATA drives (also known as
EIDE or IDE), the installation process is similar:
If the tech isn’t sure an internal bay is available, open the system
and check for an open 3.5-inch drive bay.
If a 3.5-inch drive bay is not available but a 5.25-inch drive bay is,
attach an adapter kit and rails to the PATA drive.
Set the drive jumpers according to the configuration being used.
40-wire cables use master and slave settings, whereas 80-wire
cables use either cable select or master and slave settings. Hard
drives should only use 80-wire cables, although other drives can
use either 40-wire or 80-wire cables.
Connect the drive cable to the drive, matching the colored marking
on the cable edge to the drive connector’s pin 1. Pin 1 might be
marked with a square solder hole on the drive’s underside or by
silk-screening. Otherwise, pin 1 is generally the one nearest the
power connector. If necessary, disconnect the cable from the host
adapter or other PATA drive to create sufficient slack.
Slide the drive into the appropriate bay; use screws or snap rails
into place to attach the drive to the bay.
Attach the power connector to the drive; most PATA hard drives
use the Molex power connector originally used on 5.25-inch floppy
disk drives. If necessary, use a Y-splitter to split one connector into
two.
Reattach the data cable to the other PATA drive and/or adapter if
necessary.
If there’s another PATA drive on the same cable, change the
jumper on the other PATA drive. With 80-wire cables, both drives
can be jumpered to cable select, with the drive at the far end of the
cable acting as master, and the middle drive as slave. Drives on 40-
wire cables generally only use master and slave jumper positions.
When moving jumpers, use a pair of tweezers or needle-nose pliers
to carefully grab the jumper and gently pull straight off the pins;
it’s best to change jumper settings before inserting the drive into
the bay, as case configurations can make it tough to do afterward.
Verify correct data and power connections.
Turn on the computer and go into the BIOS. Make sure that the
BIOS is properly recognizing the following information:
o Hard drive geometry, which consists of:
Number of sectors per track
Number of read/write heads
Number of cylinders
o Data transfer rate
o LBA translation
o Drives must be recognized by the system BIOS before they
can be prepared and used by the OS. Most system BIOS
will auto-detect a drive and obtain the correct configuration
from the drive. Make sure the system detects the hard drive
during an install.
Save BIOS changes if applicable and restart your system.
Solid state: Because of their high cost, solid state drives (SSD) are
currently overwhelmingly used in laptops and mobile computers, so
installing SSD devices will essentially be identical to replacing hard
drives, meaning the process is a matter of turning off the laptop, accessing
the drive bay, removing the old drive if present (a matter of simply pulling
it out of the bay), inserting the new drive and closing everything up.
o FDD: Floppy drives. Although considered an obsolete technology, floppy drives
are still commonly used, and technicians will likely have to support them for a
while yet. The installation procedure is fairly straightforward:
Select an empty 3.5-inch external drive bay; one specifically for the floppy
drive should be available, if the case supports it.
Remove the dummy plate from the case front, if present.
If the case is an ATX system, remove the left side panel as seen from the
front. If the case is a BTX system, remove the right side panel. If the case
is a desktop system, remove the top.
If the 3.5-inch drive bay is a removable ―cage,‖ remove it from the
system; this might involve pushing on a spring-loaded tab or removing a
screw. Some drive bays pull straight out, while others swing out to one
side.
Remove the floppy disk drive from its protective packaging. Ensure the
drive screws you’ll use are correctly threaded and the right length.
Look for pin 1 markings on the bottom or rear panel of the drive; if no
markings are found, pin 1 is the pin closest to the power connector.
Secure the drive to the drive bay with screws.
Replace the drive bay into the case if it was removed.
Attach the 34-pin connector at the end of the floppy disk drive data cable
with the twist to the drive.
Connect the other end of the floppy disk drive data cable to the floppy disk
drive interface on the motherboard or adapter card.
Attach the correct type of four-wire power cable to the drive.
Double-check the power and data cable connection, ensuring the cables
are connected in accordance with how they’re keyed, before starting the
computer.
Follow these steps in reverse to remove the drive from the system.
o Optical drives: CD and/or DVD drives, including CD/DVD-writer, +RW drives
and Blu-ray drives. The installation procedure is identical to that of hard drives,
with the exceptions that no special BIOS configuration is needed (auto-select will
be sufficient) and that in order to play CDs and DVDs through the optical drive, it
may be necessary to connect an audio connector on the back of the optical drive
to a 4-pin connector on the sound card; there is a special cable, usually gray with
black connectors, used for this purpose. Newer drives often process sound output
through the SATA connection, so do not have the sound connector.
o Removable: Removable drives is a term for drives that use removable media,
which includes the Iomega Zip and REV drives, as well as older technologies
such as the Jaz and SuperDisk drives. The media is usually a cartridge with either
platters or flexible magnetic disks, similar to floppy disks, inside. Internal
removable drives come in SCSI, PATA (ATAPI) and IEEE 1394 versions, and
the installation procedure is virtually identical to that of optical drives. Tape
drives, though generally used only for backup purposes and thus would be special
cases, are also considered removable media, and their installation procedures are
the same.
o External: External drives are generally hard drives, although external removable
media and optical drives are sometimes used. Most external drives use USB or
IEEE 1394 ports, but some external SCSI drives are also available. External hard
drives of the USB or IEEE 1394 variety are generally preformatted with FAT32
and designed to work out of the box; attach the drive, and it should appear in My
Computer/Computer or Explorer. Note that if an external drive is connected to a
computer that lacks the appropriate drivers, the external device cannot be used
until drivers are installed, but Windows from XP forward includes drivers for
most external drives, although SCSI external drives need to prepared for use with
a formatting program either built into the SCSI adapter BIOS or provided by the
SCSI adapter manufacturer. External USB hard disks are available in 3.5-inch,
2.5-inch and 1.8-inch form factors; most use the larger 3.5-inch or 2.5-inch
standards.
Motherboards: The motherboard is the central circuitry of the computer, where all the
major components intersect and work together to create a computing unit. While there are
several aspects of a motherboard that will be examined, this guide will start with the
general procedure for preparing and installing an ATX motherboard in a case:
o Preparing: The first step in preparing the motherboard is to review the system
documentation to determine the correct sizes of memory supported, processors
supported and configuration information. Next, install the RAM, as it is often
difficult to do this once the motherboard is in place. Install the processor (CPU)
and heat sink next, then configure CPU speed, multiplier, type and voltage
jumpers or DIP switches on the motherboard, if used; most current motherboards
configure these options through the BIOS, making the task far easier.
o Installing: After the motherboard is prepped and ready for installation, the
technician will follow these general steps, deviating where needed per the
motherboard documentation:
Place the new motherboard over the old motherboard to determine which
mounting holes should be used for standoffs – plastic supports that prevent
shorts against the chassis – and which should be used for brass spacers.
Move brass spacers as needed to accommodate mounting holes. Getting
this step correct will prevent shorts and operation issues later.
Insert the I/O shield and connector at the back of the case. Make sure all
port cutouts are completely removed before installing the I/O shield.
Secure the motherboard using the original motherboard screws.
If applicable, reattach the wires to the speaker, reset switch, IDE host
adapter and power lights. Not all of these options will be available on
newer machines; check the case documentation if in doubt.
If the system has a floppy drive and/or EIDE drives – hard drive or optical
– reattach the drives’ ribbon cables to the motherboard’s EIDE and floppy
disk drive interfaces, matching the cables’ colored sides to the respective
pin 1.
Reattach the drives’ SATA cables to the motherboard’s SATA ports.
SATA port 1 will be assigned to the first SATA drive and so on.
Attach the power supply connectors to the motherboard.
If moving adapter cards from the old motherboard, install them, making
sure the existing adapters don’t duplicate any features built into the new
motherboard. Any adapter that will be used in place of an integrated
feature must have the integrated feature disabled in the BIOS first.
Mount header cables using expansion card slot brackets (such as cables for
additional USB ports) into empty slots and connect the cables to the
appropriate motherboard ports.
Attach any cables used by front-mounted ports such as USB, serial or
IEEE 1394 ports to the motherboard and case.
o Jumper settings: Jumpers are plastic pin covers with metal inside used to connect
pins and complete a circuit. Most current motherboards don’t use jumpers –
which replaced its predecessor, DIP switches – for configuration information, but
one common use for jumpers in storing settings is with BIOS; motherboards often
use jumpers to control access to BIOS settings and to lock access to the computer.
Jumpers on the motherboard can be taken from their default ―parked‖ settings –
where a jumper is on one pin only – and set to clear passwords or allow flash
updates.
o CMOS battery: The CMOS is a volatile memory chip, which requires a small
amount of power to store the settings. Generally, this energy comes from the
power supply, but motherboards come with a small battery to keep the CMOS
powered in case the computer is unplugged. This battery can be removed and
changed.
o Advanced BIOS settings: There are several manufacturers of BIOS on the market
– the main ones being Phoenix, AMI and Award – and the settings considered
advanced depend on the makers. Overall, though, the Advanced BIOS
Settings/Features menu typically covers configuration settings that determine how
a computer boots. For example, enabling the Quick Boot feature skips certain
tests to allow the computer to start faster, mainly memory and drive tests.
Enabling Boot Sector Protection interferes with write attempts to the boot sector,
and thus provides some protection against computer viruses. Boot Up Num-Lock
LED activates the Num Lock key at boot. Another option frequently found here is
Boot Sequence, which for everyday usage should be set to this:
First device: Hard drive
Second: Floppy (if present) or optical drive. Some computers prompt the
user to press a key in order to boot from the optical drive even if a
bootable disk is found; the computer will proceed to the next device in the
boot sequence otherwise.
Third: Optical drive or USB device
o Bus speeds: Currently, different processors support different system bus speeds,
which is the maximum signal frequency the system bus can send. Intel processors
currently support bus speeds of 800, 1066, 1333 and 1600 megahertz (MHz).
AMD processors currently support system bus speeds of 800, 1000 and 1800
MHz. One MHz is equal to 1,000,000 cycles per second.
o Chipsets: A chipset is a collection of controllers and microchips that function
together to support the processor socket and type, as well as control the system
memory, the various buses and a few peripheral devices. Most chipsets available
presently come from Intel, AMD, NVIDIA and SiS. Different chipsets have
different focuses; NVIDIA chipsets, for example, tend to work well in high-end
gaming systems because NVIDIA is best known for its graphics controllers,
which integrate well into their chipsets. Intel processors naturally integrate well
with Intel chipsets; ditto for AMD.
o Firmware updates: Firmware is the programming that controls a hardware device
from a chip built into the device; CMOS is considered firmware. Updates to the
BIOS programming on a CMOS is often available through the computer or
motherboard manufacturer’s site, as these companies usually modify the BIOS
from the base configuration the BIOS maker uses. In some cases, such as with
Dell computers, firmware updates can be downloaded through an update utility.
o Socket types: Intel processors use different socket types than AMD processors,
and are not interchangeable. Intel processors presently use a land grid array
(LGA) architecture, which uses lands (which look like pads) instead of pins to
connect to the CPU. The LGA socket style was introduced with the LGA775,
which had 775 lands; current socket types are the LGA 775 (Socket T), LGA 771
(Socket J) and the LGA1366 (Socket B). AMD uses a pin grid array (PGA)
architecture, with rows of pins placed around the socket, to make contact with the
CPU. The current AMD socket types are the Socket 940, Socket 754, AM2,
AM2+ and AM3.
o Expansion slots: Expansion slots allow more I/O devices and high-speed graphics
cards to be installed in computers. The most common expansion slots on recent
systems include PCI, AGP and PCI-Express, or PCIe. Some systems also feature
audio modem riser (AMR) or communications network riser (CNR) slots for
specific purposes.
o Memory slots: Current motherboards include a minimum of two memory slots,
and some models hold as much as six. To boot, a modern computer must have at
least one memory slot filled, or it will not function. Slot design varies; systems
that used SDRAM required three-section memory slots designed for 168-pin
modules, while DDR SDRAM machines require two-section 184-pin memory
slots. DDR2 and DDR3 SDRAM machines have two-section memory slots for
240-pin modules. Regardless of slot design, however, each memory slot includes
locking levers that swivel into place and secure the modules automatically when
memory is correctly installed.
o Front panel connectors: Front panel connectors are generally pins soldered onto
the motherboard that connect to the typical front panel options: a hard drive light
to indicate disk access activity, a power light and, if available, an internal speaker.
Although many computers offer additional ports on the front, such as USB ports
and speaker/headphone jacks, these are actually connected to different circuits
through header cables, and aren’t to be confused with the front panel functions.
o I/O ports: Current motherboards have a number of I/O ports integrated into them,
including USB 1.1/2.0, parallel, Ethernet, PS/2 (for some units), IEEE 1394 and
serial ports. Some motherboards also integrate video card capability, S/PDIF and
sound mini-jacks as well. In most cases, there will be a port cluster positioned at
the back of the computer, with header cables splitting off to give port capabilities
in the front of the machine as well. Increasingly, motherboards are forgoing
―legacy‖ ports, such as the PS/2, serial and parallel ports, as USB devices become
more varied.
Power supplies: What technicians refer to as a power supply is really a power converter,
which provides power to the computer by transforming high-voltage alternating current
(AC) from the wall socket to low-voltage direct current (DC) the computer can use. It
takes a significant amount of wire coils and other components to perform this task, and
bountiful heat is created as a side effect of the conversion. Most power supplies use one
or two fans to dissipate this heat, but some supplies designed for silent operation use
passive heat sink technology.
o Installing: Installing a power supply is fairly simple, as there aren’t a lot of parts
involved. Still, it requires attention, particularly when it comes to making
connections. Follow these general steps:
Shut down the computer. Turn off the power supply’s power switch as
well, if present.
Unplug the power cord from the computer.
Open the case to show the power supply. Consult the system
documentation to look up specifics on this aspect.
Unplug the power supply from the motherboard. Note there is a catch
securing the power supply connector, which must be tripped to unplug the
connector.
Unplug the power connectors from all drives.
Unplug the power supply from the case and CPU fans.
Remove the screws attaching the power supply to the back of the
computer case.
Remove any screws holding the power supply inside the case, if present.
Unplug the power supply switch from the front of the case, if present.
Lift or slide the power supply from the case. Compare the replacement
power supply to the original, ensuring the form factors, power connectors
and switch locations match.
o Wattages and capacity: Power supplies are rated in wattage, a measure of how
much power they can provide. While there is no set standard for how large a
power supply’s wattage rating should be, there are a few things to keep in
mind. First, power supplies produce marginally more wattage at room
temperature than at operating temperature, so look for peak and actual ratings,
which are measured at room and operating temperatures respectively. If a
supply doesn’t have both, assume the listed rating is the peak rating for room
temperature and reduce the wattage rating by 10-15% to estimate operating
wattage. When determining a system’s expected power usage, add up all the
loads for installed devices, including passive USB and IEEE 1394 devices that
draw power from the bus, and add 30% to the total.
o Connector types and quantity: ATX power supplies use either 20-pin main
power connectors, used by older motherboards, or 24-pin power connectors
that meet the ATX12V 2.x power supply standard, although some high-
capacity power supplies with 20-pin connectors may include a 20-pin to 24-
pin adapter. In addition, some motherboards may also use some of the
following connector types:
Four-wire ATX12V connector, which provides additional 12 V power
to the motherboard. Known as a ―P4‖ or ―Pentium 4‖ connector.
Eight-wire EPS12V connector; replaces the ATX12V power
connector.
Six-wire AUX connector; found on older motherboards.
Four-pin Molex power connector; used to power drives and internal
devices.
Reduced-size Molex power supply connector; used to power floppy
drives.
L-shaped thinline power connector; powers SATA drives.
Six-pin PCI Express power cable; provides additional 12 V to PCI
Express x16 video cards.
Y-splitters are commonly used to split one power connection into two,
but these can lower the power supply’s ability to work, and these
connectors often short out. Adapters from Molex to reduced-size
Molex or SATA connectors are also available.
o Output voltage: Maintaining a level and consistent output voltage is important
for power supplies, as the components use far lower voltage, and a different
type of current, than what is coming in from the wall. A certain amount of
variance is expected, but very little: a power supply should vary no more than
5% from nominal on every rail. For computer components, that means a
narrow range of voltages is acceptable:
For the +5.0 output: +4.8–5.2
For the +12.0 output: +11.4–12.6
For the +3.3 output: +3.14–3.5
Power Good: +3.0–6.0
Processors: The central processing unit (CPU) is the brain of the computer, and as
such, one of the most important parts of the computer. Matching the capabilities and
technologies built into the CPU with the rest of the machine is very important, as is
exercising the utmost care when installing a CPU, using the following general
process:
o Installing: There are several different socket types available for computers, as
was noted earlier in the guide. Two of the most common architectures for
current computers are PGA and LGA.
o First, to install a PGA processor into a zero insertion force (ZIF), locate the
pin 1 corner of the CPU, which is generally marked with a dot or triangle, or
even a line pointing toward pin 1.
Line up the pin 1 corner with the pin 1 socket corner. If the chip is
placed incorrectly and power is applied, the chip is destroyed.
Insert the CPU into the socket, after ensuring the ZIP lever is vertical,
and verify the pins are fitting into the correct holes.
Snap the lever into place to secure the processor.
Check if the heat sink has a thermal, or phase-change, pad or if
thermal compound needs to be applied to the processor core. Apply the
thermal pad or thermal compound as needed – keep in mind there must
be some type of thermal material between the processor and heat sink.
Attach the heat sink to the processor as directed by the processor
vendor, if the heat sink came with the processor, or heat sink vendor
for aftermarket heat sinks. In some cases, mounting hardware may
need to be attached to the motherboard before attaching the heat sink.
If installing an active heat sink – one with a fan – connect the fan to
the appropriate motherboard connector.
o To insert an LGA775 processor, locate the notches on each side of the CPU
that correspond with key tabs in the socket, and use this process:
Ensure the load plate assembly is completely open. The plastic cover
can be removed later.
Align the notches in the CPU with the key tabs in the processor socket
to ensure the processor’s Pin 1 is properly aligned.
Lower the processor into place, with the metal heat spreader plate face
up and the gold pads face down. Do not drop the processor; such an
impact could damage the socket’s lands.
Push down the load plate and close the load plate assembly cam lever.
Lock the lever in place on the side of the socket. Remove the plastic
cover and put it aside.
Check if the heat sink has a thermal, or phase-change, pad or if
thermal compound needs to be applied to the processor core. Apply the
thermal pad or thermal compound as needed – keep in mind there must
be some type of thermal material between the processor and heat sink.
Attach the heat sink to the processor as directed by the processor
vendor, if the heat sink came with the processor, or heat sink vendor
for aftermarket heat sinks. In some cases, mounting hardware may
need to be attached to the motherboard before attaching the heat sink.
If installing an active heat sink – one with a fan – connect the fan to
the appropriate motherboard connector.
o Socket types: Current socket types for Intel are the LGA 775 (Socket T), LGA
771 (Socket J) and the LGA1366 (Socket B). The current AMD socket types
are the Socket 940, Socket 754, AM2, AM2+ and AM3.
o Speeds: Processor speed is defined as the speed at which the processor
operates internally, as opposed to external operation frequency, which is the
system bus frequency. The processor frequency is given as the product of the
system bus frequency and a multiplier. There are many families of processor
currently, so there are a number of speed ranges available. Intel’s Celeron
processors, for example, range between 1.2 and 2.4 GHz, while the Core 2
Extreme processors range between 2.66 and 3.2 GHz. Similarly, for AMD, the
various AMD Athlon 64 processors start at 1 GHz and run all the way up to
3.2 GHz for the Athlon 64 FX line, while processors in the Phenom line go
from 1.8 to 2.6 GHz. One gigahertz (GHz) is equal to one billion cycles a
second.
o Number of cores: Having two or more physical processors provides a
tremendous performance boost; multiple processors make a computer perform
multitasking or run multithreaded programs far faster. Computers with the
hardware needed to use multiple CPUs, however, are expensive to make, and
many operating systems are not capable of utilizing multiple processors. To
counteract these disadvantages, dual core processors – two separate processor
cores bundled into one processor – were developed, giving nearly all the
advantages of two physical CPUs, while staying less expensive and being
fully compatible with all OS versions. Dual-core desktop processors reached
the market in 2005, with competing products launched by Intel (Pentium D)
and AMD (Athlon 64 X2). Since then, Intel and AMD have released a number
of multi-core processor lines, including the Core 2 Duo and Athlon 64 X2
(dual-core) and the Phenom X4 Agena and Core i5 750 lines (each of which
have 4 cores). Both companies have released multi-core lines going as high as
8 cores.
o Power consumption: Processors use tremendous amounts of power, and there
are a couple of different ways to measure this quality. Intel processors use
thermal design power (TDP), a measure of the power a computer’s cooling
system must dissipate, while AMD recently switched to the average CPU
power (ACP) benchmark, based on average daily usage of power. These
systems are not either-or scales – AMD has stated that its processors will have
ratings in both systems – but they do not precisely match; a 105 watt ACP
rating, for example, works out to 137 watts TDP. Either way it’s measured,
modern CPUs draw prodigious power: the AMD Phenom X4 Agena has a 140
watt TDP rating, while the Intel Core i7-960 draws a 130 watt TDP rating.
o Cache: Cache is a small section of RAM used by the processor to contain data
and instruction sets the memory controller expects the processor to need next,
which saves time and improves performance by avoiding excessive calls to
RAM. Cache comes in three flavors: Level 1 (L1) cache, which is on the
processor die, Level 2 (L2) cache, which is not on the die but part of the
overall processor package and Level 3 (L3) cache, which is the cache memory
farthest from the core. Cache sizes range from a tiny 64 KB of L2 cache on
older Athlon processors to a whopping 6 MB of L2 cache for some Intel Core
2 Duo processors; L3 cache generally runs 6-12 MB for current processors.
o Front side bus: The front side bus (FSB) is the main bus on the motherboard,
the data path used by the CPU, RAM and onboard chipset. Traditionally, the
FSB speed was measured in MHz, but it’s become more common among
manufacturers to rate the FSB using the maximum effective data rate, which is
measured in megatransfers per second (MT/s). Current FSB ratings range as
high as 2600 MHz, although the most common motherboards fall in the 1066-
1600 MHz range.
o 32-bit vs. 64-bit: Before the AMD Athlon 64 was developed, processors were
only designed for 32-bit operating systems and applications. One drawback to
this is 32-bit software is unable to address more than 4 GB of RAM – 32-bit
Windows applications are limited to approximately 3.25 GB of RAM –
making use of large files difficult due to memory restrictions. The Athlon 64
was the first desktop CPU to support 64-bit extensions to the 32-bit x86
architecture, known as x64, which allow access to more than 4 GB of RAM
and run 64-bit operating systems while remaining compatible with 32-bit
operating systems and applications. Most current processors support x64
functions.
Memory: The memory modules in the computer, or random access memory (RAM),
are what store the data being actively used by the OS and the running applications. As
a result, RAM has a substantial and immediate impact on the speed and efficiency
with which a system runs. Memory installs are a commonplace activity for
technicians, and fortunately, the process is straightforward:
o Line up the modules’ connectors with the socket.
o Verify the tabs at each end of the RAM socket are in the outside
o (open) position.
o Once the module is aligned with the socket, push the module straight down
into the socket until the tabs snap into place at the top corners of the module.
Be firm, as the locks need a decent amount of force to shut correctly.
Be careful not to touch the gold-plated connectors on the module’s
lower half, as contact with skin can cause corrosion or ESD damage.
o Although the installation process is easy, there are several tips technicians can
use to make the process easier yet:
Place the system on its side before installing memory; this makes it
easier to see and reduces the chances of knocking the computer over.
Open the locks on the RAM sockets before trying to insert the module.
Move cables away from the memory sockets for easier access.
Disconnect them if necessary.
Shine a flashlight inside the case so the sockets and locking tabs can
be easily seen. Use the flashlight to double-check the installation when
it’s done and before closing up the case.
Replace any moved or disconnected cables before closing the case.
Adapter cards: Adapter cards are specialized circuit boards that perform various
functions, and are often used to bring higher performance or handle specialized tasks
for a system. There are several types of adapter cards, each with their own particular
functions, but the process for installing them is similar across the board:
o Installing: These instructions presume that the technician already knows what
slots are open and what type of slot the adapter card takes. If this isn’t the
case, do not proceed until this information is known.
Shut down the system.
Unplug the computer from AC power.
Remove the system cover. This will vary depending on case and
motherboard design; consult the system documentation if unsure how
to proceed.
Locate the expansion slot to be used. If a header cable is installed in
the slot cover, move it to a different slot or remove it altogether, if not
needed.
Remove the slot cover corresponding to the desired expansion slot.
Most slot covers are secured by set screws fastening the slot cover to
the case.
If unable to remove the slot cover after removing the screw,
loosen the screw on the next cover. Sometimes the screw head
overlaps the adjacent cover.
Remove the card from its antistatic packaging, holding the adapter
card by the bracket only.
Align the connector with the slot and insert the card.
Push the card connector firmly into the slot.
Secure the card bracket, usually by replacing the set screw.
Connect any cables the card requires.
Reconnect AC power and restart the system.
Provide drivers when the system asks for them after restarting.
o Graphics cards: Some general tips for graphics card installations to keep in
mind:
Whenever installing a graphics card in a computer with Windows
already installed, it’s recommended to uninstall the current adapter
through Device Manager first. This avoids driver conflict issues.
Currently, graphics cards are available in PCI Express x16, AGP and
PCI models. PCI graphics cards are intended for systems without PCI
Express or AGP slots, or to provide support for additional displays on
systems that already have PCI Express or AGP cards installed.
Ensure the AGP card lock tab on the front of the slot is open before
installing an AGP adapter. The mechanisms can differ from board to
board, so check before proceeding.
Install the drivers provided by the graphics card manufacturer, using
the latest drivers from the manufacturer’s Web site whenever possible,
when installing an adapter.
o Sound cards: To complete sound card installation after physically putting the
card in the computer, connect speakers and a microphone to the sound card to
test the functionality. Current sound cards use the same PC99 color coding
used by onboard audio solutions. Restart the system after the card installation,
and Windows will prompt for the drivers, which may include a customized
mixer used to select speaker types, speaker arrangements and provide speaker
testing and diagnostics. Test the speakers to ensure signal is coming through
the correct jacks.
o Storage controllers: A storage controller, or an adapter card that controls hard
drives attached to internal or external ports on the adapter, is somewhat more
complex than regular adapters, as drivers are not only needed for the card
connectors but possibly a RAID (Redundant Array of Inexpensive Disks)
array as well. However, the basic process is the same; the installing technician
may simply have to run an extra utility after the physical installation and the
driver installation are finished. There are two common types of storage
controller currently in use:
RAID cards: These controllers are specifically intended to set up
RAID arrays, which are usually implemented in one of three ways:
RAID 0: Two or more drives are grouped into one logical
drive. Data is striped, meaning written evenly across the drives.
This improves performance, but offers no inherent fault
tolerance. RAID 0 arrays are called striped volumes.
RAID 1: Data written to one drive is mirrored, or written in
exactly the same way, to another drive. This provides fault
tolerance, since the data is exactly duplicated, but offers no
performance benefits. RAID 1 arrays are called mirrored
volumes; in some variations, separate controllers are used for
the drive, which is known as disk duplexing.
RAID 5: Data is striped across multiple drives, along with
parity data that can be used to reconstruct the data if one drive
goes out. This arrangement requires three volumes, and offers
both fault tolerance and performance benefits (both in speed
and capacity usage), though it is the most expensive. RAID 5
arrays are called RAID 5 volumes.
eSATA cards: External SATA (eSATA) cards were created to allow
external devices to use SATA connections. eSATA offers up to six
times the transfer rate of USB, and can be used with cables up to 2
meters (6.6 feet) long.
o I/O cards: Some current machines do not include legacy support, and some
machines may not provide enough ports to meet a customer’s needs, so I/O
cards offer a way to expand a machine’s ability to handle different types of
ports and devices. Some of the card types currently used include:
IEEE 1394 (FireWire): IEEE 1394 (also known as FireWire or i.Link)
is a serial bus interface providing high-speed data transfer between
computers and external devices. Data is sent isochronously, or without
interruption, making IEEE 1394 useful for real-time applications and
streaming multimedia. IEEE 1394 devices are hot-pluggable, and can
be daisy-chained in a series of up to 63 devices. Currently, there are
two common standards: 1394a and 1394 b; although 1394c – which
allows FireWire speeds over a standard network port – was published
in 2007, it isn’t commonly used. 1394a (often known as FireWire 400)
and 1394b (FireWire 800) support maximum data transfer speeds of
400 Mbps and 3.2 Gbps respectively, though device limitations mean
1394b connections reach a practical maximum of 800 Mbps. 1394a
cables can reach a maximum length of 4.5 meters (15 feet), allow up to
16 cables to be daisy-chained and come in 4-pin or 6-pin
configurations (the extra two pins carry power). In comparison, 1394b
cables can be up to 100 meters (328 feet) long, and use a 9-pin
connector, although they can be connected to 1394a devices with the
right connector.
USB: Universal Serial Bus (USB) was originally developed to provide
a faster, simpler connection between computers and various devices.
USB 1.1, the first widely adopted version, allowed a 12 Mbit/s transfer
rate for high-speed devices and 1.5 Mbit/s for lower-speed devices,
such as mice. USB 2.0, often known as Hi-Speed USB, allows for data
transfer speeds up to 480 Mbit/s and is backward-compatible with
USB 1.1. The most current revision is USB 3.0, or SuperSpeed USB,
which offers a maximum possible data transfer rate of 5.0 gigabits per
second (Gbit/s), which is about 10 times faster than USB 2.0. USB
devices can be daisy-chained, regardless of version, to connect up to
127 devices, although power limitations of the USB bus require
virtually all of the devices in the chain to have their own power supply.
USB connections have four wires—two for power, two for signal
transmission—and can use cables with a maximum length of three
meters for USB 1.1 devices and five meters for USB 2.0 devices.
Parallel: Parallel ports were the standard connection type for
peripherals such as scanners and printers for years. Parallel ports
transmit data over several lines at once, sending eight bits of data at a
time. Originally, parallel data could only go in one direction at a time;
the Standard Parallel Port (SPP) type was unidirectional. However,
later revisions such as Enhanced Parallel Port (EPP) and Extended
Capabilities Port (ECP) were bidirectional, and faster as well; ECP
ports use a Direct Memory Access (DMA) channel to increase
transmission rates. The current standard for parallel ports is IEEE
1284, which was finalized in 1994. Although a maximum cable length
is not defined, data integrity concerns offer a practical limit of 4.5
meters (15 feet), and most parallel cables come in 1.8-meter (6 feet)
lengths. Parallel ports use either a 25-pin connector (DB25) or a 36-pin
micro ribbon connector, although older units may have a 50-pin
connector.
Serial: Serial ports – also known as DB9 or DB25 ports, depending on
the pin configuration – are among the first connectivity standards used
on PCs. Serial ports were defined by the RS-232 standard, the most
recent version of which is RS-232c. Because of their common usage as
modem ports, they are also referred to as COM 1/2/3/4 or UART
(Universal Asynchronous Receiver/Transmitter) ports. Serial ports
send data one bit at a time, are generally male connectors, and can be
disabled in the BIOS if needed. These ports are set by default to the
I/O address and interrupt request (IRQ) settings of 3F8 and IRQ 4 (for
COM 1) and 2F8 and IRQ 3 (for COM 2).
o Wired and wireless network cards: As with most adapter cards, the installation
process for network interface cards (NICs) are the same as for any other
adapter, regardless of whether the NIC is a wired or wireless card. The only
significant difference is after the driver installation is finished, the technician
must test for connectivity on the part of the network. This can be done through
verifying network traffic once the cable is connected by checking the LEDs on
the card, pinging the loopback address (127.0.0.1) in the command prompt
and simply connecting the machine to the network.
o Video capture cards: As the name implies, video capture cards are designed to
capture video frames from analog or digital video sources. Card types include:
IEEE 1394 (FireWire) cards: Used to capture video from DV
camcorders and other 1394 devices, such as scanners. Onboard IEEE
1394 ports can capture video as well.
Analog video capture cards: Used to capture video from analog
sources, such as cable or broadcast TV, composite video or S-video;
these cards often incorporate TV tuners as well.
Digital video capture card: Used to capture digital video signals from
HDMI sources, such as HDTV.
ATI All-in-Wonder series: High-end cards that have capability of
sending accelerated 3D video display output to monitors, as well as
video capture and TV tuner support.
After installing any type of video capture card, install the driver
package provided with the card, connect the card to the available video
source and set up the TV tuner feature for cards that support it.
o Media reader: A media reader, also known as a flash card reader, is a multislot
device designed to allow users to quickly read a variety of flash cards,
generally used as storage devices for digital cameras, cell phones and other
portable devices. Most media readers that aren’t integrated into a computer are
external USB devices, so installing them is simply a matter of connecting
them to an open USB port. The computer should automatically detect the
reader, assign drive letters to each slot as required, and display a notification
at the end of the installation process. Older versions of Windows or other
operating systems may require the driver to be installed before connecting the
media reader.
Cooling systems: As detailed in earlier sections, computers generate a substantial
amount of heat, and heat is anathema to computer components. As a result, computer
manufacturers have developed a number of technologies for dissipating heat in a
computer. These technologies include:
o Heat sinks and CPU fans: A heat sink is a finned metal device that radiates
heat away from the processor. Virtually all current heat sink models are active
heat sinks, meaning paired with a fan that sits on top of the heat sink and pulls
heat vertically upward, except for those used in specially-designed cases
where the airflow is engineered to cool the processor. Copper is a superior
material for heat sinks, but aluminum is more inexpensive, and many heat
sinks combine copper and aluminum. While the active heat sink model is the
most common one, BTX cases use a different approach, applying a thermal
duct that fits over the processor and its heat sink, with a fan at one end that
directs air past the CPU.
o Thermal compound: Thermal compound, or thermal grease, is a material
applied to the chip of heat sink base that facilitates a more efficient transfer of
heat between the component being called and the heat sink. Heat sinks
packaged with CPUs might use a preapplied phase-change material on the
heat sink, while OEM CPUs with third-party heat sinks usually require a paste
or thick liquid thermal grease or silver-based compound to be applied. If the
thermal material is pre-applied, ensure the protective tape is removed before
installing the heat sink. If a heat sink is replaced, or removed and reinstalled,
be sure to carefully remove any existing thermal material from the heat sink
and processor die surface. Apply new thermal material to the CPU before
reinstalling the heat sink.
o Case fans: Like the name implies, case fans are actually part of the chassis,
and for ATX cases, there are generally at least two: one at the front, and one at
the rear. Case fans are generally powered directly by the motherboard or
through a Y-splitter on a four-pin Molex power connector. In order to work
correctly, front case fans should draw air into the case, while rear case fans
should draw air out. Fans powered through the motherboard connector can be
monitored by the PC Health or hardware monitor function in the BIOS, and
some fans that connect to a Molex power connector have a special power
connection that enables fan speed monitoring in the BIOS as well. Common
case fan sizes include 80 mm and 120 mm.
Domain 1.2: Given a scenario, detect problems, troubleshoot and repair/replace PC components
Storage devices: Hard drives are frequent points of failure in a computer, and since
they’re involved with every operation on a computer, many things can go wrong.
Some issues are specific to the drive type, but most of them are generic to the
technology.
o HDD – Troubleshooting and common issues
Scenario: Keyed cable – plugged pin 20 or raised projection – cannot
be plugged into drives or motherboards
Replace cable with unkeyed cable or properly keyed cable
Scenario: PATA UDMA-66 or faster drive limited to slower speeds
Replace 40-wire cable with 80-wire cable; may need to run
manufacturer speed-change program
Scenario: No power to drive
Shut down computer and plug power cable into drive
Scenario: No information displayed at boot, or drive error because
drive not detected at startup, and drive can be heard spinning up
Shut down computer and ensure ribbon cable is properly
aligned with connector (pin 1 to pin 1) and fully attached. With
SATA drives, ensure cable is fully plugged into drive and
connector on motherboard.
Scenario: BIOS does not detect drive, but configuration and drive
cabling are correct; drive makes scraping or clicking noises at system
bootup
Drive has been damaged by impact or sudden drop, and needs
to be replaced
Scenario: System will not start when drive is attached to power, but
boots when drive isn’t connected
Check if power connection to drive is on an extender or Y-
splitter; if it is, connect drive directly to power supply and
retest. If problem reoccurs, replace drive.
Scenario: Two drives are on a ribbon cable, and only one is being
detected, or neither drive is detected.
Drives are jumpered incorrectly: if not using cable select, one
drive must be master and one must be slave. Change the
jumpers on the drives to master for one and slave for the other,
or cable select if both drives support it and ribbon cable is 80-
wire. If jumpers are correct and issue isn’t resolved, switch
jumper settings (set master to slave and vice versa), move slave
drive to other IDE controller and/or replace ribbon cable.
Scenario: Initial system power yields ―drive not ready‖ error, but
reboot and drive comes up fine.
Hard drive is not fully spun up when computer tries to access
it: adjust Delay Timer option in BIOS, disable Quick Boot or
let computer do full memory count and test prior to boot.
Scenario: Intermittent drive errors or unusual error codes appear
Run drive manufacturer diagnostic programs on drive
o FDD – Troubleshooting and common issues
Scenario: Drive gives ―not ready reading‖ or ―general failure‖ error
when disk is inserted
Disk is not readable, corrupted or not formatted; try formatting
the disk or reading a different disk
Scenario: Drive gives ―bad sector or sector not found‖ or ―track 0 bad‖
error
Disk is bad or formatted incorrectly: press I to ignore sector if
available, or try reformatting disk
Scenario: Drive light comes on and stays on at boot
Floppy drive cable is reversed at drive or controller; shut down
the computer, disconnect and properly reattach the ribbon
cable, and restart
Scenario: Computer displays a floppy drive error at startup, and drive
light does not come on
Data or power cable is not attached to drive; shut down, attach
the missing cable and restart
Scenario: Computer displays floppy drive error at startup and drive
light does come on, or drive cannot read, write or format disks at
correct capacities
Drive type is set incorrectly in BIOS. Start system, go into
BIOS and select correct configuration for drive
Scenario: USB floppy drive works in Windows, but inaccessible
during boot or during Windows install
Drive may not be registered correctly in BIOS, or computer
may not support USB floppy drives; go into BIOS and double-
check configuration
Scenario: Drive occasionally reads or writes data, but gives numerous
read/write errors
Read/write heads may be dirty: insert a wet-technology head
cleaner, spin heads for a few minutes using Scandisk or another
program, let heads dry and try again
Scenario: Disks with data from other drives can’t be read by drive, and
data written by drive can’t be read on other drives
Read/write heads may be misaligned, or motor may be running
too fast or too slow; replace floppy drive
Scenario: Drive doesn’t perform a seek operation at startup, and data
can’t be read or written
Head-positioning mechanism may have failed; adjust or clean
worm-drive mechanism to free it up
Scenario: Unable to insert disk into drive
Replace floppy drive
Scenario: When the directory command is invoked at command
prompt, directory for most recent disk reads as same contents as first
disk
Changeline support is not working, likely caused by problems
with pin 34; shut down computer, replace floppy drive cable
and restart
Any time a hardware failure of a floppy drive is suspected, this general
process is useful:
Exchange the floppy disk drive cable for a known good cable.
Floppy drive cables are cheap and easily damaged.
Disconnect any tape drive sharing the floppy cable. If the
floppy drive works correctly on its own, replace the tape
drive’s cable if still needed; otherwise, remove the tape drive.
Replace the drive.
If the problem persists, check the cable and drive on another
system; if the problem doesn’t follow the drive and cable,
replace the motherboard or adapter.
o Optical drives – Troubleshooting and common issues
Note that, since optical drives use the same interface types as hard
drives, they share some of the same connectivity issues and potential
fixes. The following issues will deal mainly with the optical nature of
the drives’ data storage capabilities.
Scenario: Read delays of 20 seconds or more after new media is put in
the drive
Reading mechanism may be dirty – use a cleaning CD – or
media may be scratched or damaged – gently wipe off the
surface of the disc and try it again, or try a new disc
Scenario: Disc-burning program doesn’t recognize drive, doesn’t list
drive as a write device, says no compatible drive was found during
install or shows an error when user tries to write files to drive
Program is incompatible with drive: download the latest
support files from program’s Web site, update to latest version
of software, use software that came with drive or simply
change to a different disc-burning application
Scenario: Disc-burning program displays an error message indicating
media with room enough for files to be written needs to be inserted,
and media with sufficient space is in drive
Media was likely closed when previous files were written to it;
check Properties of disc to see how much space was used. If all
space was used, no more files can be burned to disc, so
different disc is needed
Scenario: Unable to format a disc for drag-and-drop copying
Check system tray for other writing software that may be open,
ensure that media is correct type for drive and writing
application and check that media is inserted correctly
Scenario: CD-ROM and/or DVD drive can’t read CD-RW media
Drive may be too old to read lower reflectivity discs; check
specs for drive to ensure it can read media type in question.
Install Universal Disk Format (UDF) reader software to try and
read disc, or use older media (+R discs)
Scenario: Drive experiences numerous buffer underrun failures
Upgrade to a newer burning device; enable buffer underrun
protection in burning program; burn at slower speeds; and
upgrade drive firmware to latest version
Scenario: Drive unable to read damaged media
Clean media using CD cleaner kit materials, or polish surface
scratches away with disc repair kit
Scenario: Drive unable to play music through sound card speakers
Connect audio cable from drive to sound card and test; check
that sound is not muted or turned down in sound mixer control,
or turned down in CD player application
o Removable and external drives – Troubleshooting and common issues
Scenario: Drive not recognized
Ensure the interface has been enabled and the drivers have
been loaded.
Install drivers and other software before connecting the drive.
Tape drive: If the tape drive isn’t recognized by tape backup
software, check to ensure the drive is supported by the backup
application. Update the software or use a compatible
application.
Install drivers or utilities provided by backup vendor for drives
instead of Windows drivers.
Check cable connections between the port and the drive;
reattach cables if loose or replace them if damaged or
defective.
Check that USB or IEEE 1394 port provides enough juice to
run bus-powered device, particularly if on a hub or a daisy
chain. Connect drive directly to a port and test, or connect an
AC adapter to the drive if available.
Verify other devices plugged into USB or IEEE 1394 ports are
working. If not, port or bus might have failed. Check Device
Manager for port status and power available for each USB port.
If the drive is plugged into a SCSI host adapter, check the
following:
o Inspect terminator settings. Drives or devices at the end
of the SCSI daisy-chain should be terminated; other
drives/devices should not.
o Verify the drive has a unique device ID.
o Ensure external SCSI drive is turned on before the
system is.
o Check that the drive is properly connected to data cable
and power cable.
If the removable-media drive is plugged into a PATA host
adapter, check the following:
o Drive jumpers should be set to master or slave if a 40-
wire cable is used. Removable-media drive must be set
to slave if existing drive is set to master. If 80-wire
cable is used, both the existing drive and new
removable-media drive can be set as cable select.
o Check that the drive is properly connected to data cable
and power cable.
Scenario: Drive is experiencing read/write problems
Test media in another drive; if media works in another drive,
first drive is defective and needs repair or replacement.
Ensure media isn’t write-protected, either through mechanical
switch or by software protection.
Run a vendor-approved cleaning media through the drive.
Check that the drive is properly connected to data cable and
power cable.
Download and install the latest drivers and utilities for the
drive; use vendor-created diagnostic software to test drive and
diagnose issues.
Strange drive noises may be a sign of damage to the read/write
mechanism or media; contact vendor for assistance.
Re-tension tapes before reading or writing.
Motherboards – Troubleshooting and common issues
o Note that as the motherboard is one of the most vital parts of the computer,
and touches every other part of the machine, a number of different issues and
symptoms can be rooted in the motherboard.
o Scenario: System will not start
Wiring of front panel may be incorrect, preventing power switch from
working. Power down computer and carefully double-check pinouts on
motherboard to ensure correct connections.
Power supply leads may be loose or missing. Power off computer and
check connections, unplugging and reattaching connections to ensure
full connectivity.
RAM modules may be loose or missing. Power off computer and
check modules, making sure all are where they should be and that the
modules are fully locked into place. Remove and reinstall modules if
need be to ensure installation. Clean corrosion off memory contacts
with careful wiping with Artgum eraser, rubbing away from memory
chips. If working on older system with SIMMs, make sure the memory
doesn’t mix tin contacts and gold connectors or vice versa.
BIOS chips may be experiencing chip creep and be loose in the
sockets. If so, carefully press chips back into place until chip is
securely mounted.
PATA/IDE cables may be connected incorrectly. Shut down computer
and ensure ribbon cable is properly aligned with connector (pin 1 to
pin 1) and fully attached; disconnect and reconnect if needed.
System may be shorting out (dead short) and not powering up at all.
Check that a standoff is not positioned incorrectly and making contact
between the motherboard and chassis, or a loose screw or slot cover is
not touching a circuit on the board and shorting out.
o Scenario: Hardware connected to the I/O port cluster does not work.
Check in the system BIOS to make sure the port or ports are activated;
check in Device Manager to make sure it isn’t disabled in Windows.
Ensure the cable is connected to the correct port tightly, and
disconnect and reconnect if necessary.
Test the device on another port or a different system to see if the
problem follows the device (hardware failure) or stays with the
machine. Defective ports can be addressed by:
Replacing the motherboard
Installing adapter card to replace port
Use a USB/port adapter
o Scenario: Hardware connected to header cable doesn’t work.
Power off computer and ensure header cables are correctly connected
to motherboard.
o Scenario: Machine intermittently shuts down or freezes, gives occasional blue
screen of death (BSOD) error, makes whining noises and doesn’t seem to
have air moving in or out
Check internal fans and cooling apparatus are functioning correctly.
Clean fans with compressed air and clean out case with computer
vacuum to improve airflow. Check card location and cable layout
inside case; tie cables down and move cards if possible to maximize
airflow. Check screen in BIOS reporting internal temperature. Install
additional fans if possible. Update BIOS firmware. Replace thermal
compound.
o Scenario: Machine starts to boot, but starts to beep repeatedly in a certain
pattern and does not continue to boot
Note the beep code pattern and look up its meaning in the system
documentation. Beep codes can be caused by a number of different
components – memory, CPU, motherboard – but the BIOS determines
what code is assigned to which error condition. Beep codes differ
between manufacturers, so be sure to look up the specific set for the
BIOS and/or motherboard at hand.
Power supplies – Troubleshooting and common issues
o Scenario: System does not turn on: no lights, no fans spin, no sign of power at
all.
Check the power cord isn’t loose or disconnected.
Check the surge protector isn’t disconnected or turned off.
Check that power is flowing from the wall socket. If the wall socket
has no power, reset the circuit breaker.
Check the AC voltage switch on the power supply is set to 115 V for
North America. If set to 230, turn off the power, reset the switch and
restart the computer.
Check the keyboard connector, as a loose keyboard connector could
cause a short.
Check that a standoff is not positioned incorrectly and making contact
between the motherboard and chassis, or a loose screw or slot cover is
not touching a circuit on the board and shorting out.
Verify the front-mounted power switch cable is properly connected.
If available, check fuses on the motherboard. Turn off the computer,
replace any blown fuse on the motherboard with a correctly rated new
fuse and test again.
Remove all expansion cards and disconnect power to all drives, then
restart and use a multimeter to test power to the motherboard and
expansion slots.
If the power tests OK with all peripherals out of the picture, reinstall
the adapters one at a time and check the power after each installation.
Repeat process with drives.
A card or drive with a dead short should stop the system immediately
at startup once reattached. Replace the card or drive and retest.
Test the Power Good line at the power supply motherboard connector
with a multimeter.
o Scenario: Power supply whines at startup
Power down machine, unplug the power cord and open case to look
for a short. If no short is found inside the case, and whine persists,
replace the power supply.
o Scenario: Computer gives off a burning smell at startup
Power down machine, unplug power cord, open case and look for
signs of heat damage. If an adapter shows signs of damage, replace the
card. If no damage is visible, replace the power supply.
o Scenario: Computer powers down at unexpected times or sometimes freezes
while running
Check that adequate power is flowing from the wall socket and output
voltages are within tolerances. Move computer so it is the only large
device on the individual power circuit; large appliances can use
significant energy and prevent computer form getting enough. If power
fluctuates or has noise on the line, install a line conditioner and/or
surge protector.
Check that system is not overheating. Clean fans with compressed air
and clean out case with computer vacuum to improve airflow. Check
card location and cable layout inside case; tie cables down and move
cards if possible to maximize airflow. Check screen in BIOS reporting
internal temperature.
If all settings are good and problem persists, replace power supply.
Processors – Troubleshooting and common issues
o Scenario: Computer runs slower than the advertised speed
CPU may be overheating due to fan failure caused by dirt, worn-out
bearings or poor connections to the motherboard and/or power cable.
Replace the heat sink fan with a ball-bearing unit if possible; if
cleaning it is only option, follow these steps:
Remove heat sink from processor.
Lay down waste paper or newspaper and place heat sink on it.
Use compressed air to clean heat sink out.
Clean thermal compound from CPU and heat sink and reapply
before reinstalling heat sink.
Clean or replace case fans and power supply fan, as well as the case
interior, and replace any missing slot covers to maximize airflow.
Check that the installed heat sink is the right model for the installed
CPU; replace if it is not. Ensure the CPU is properly locked into place,
as the heat sink will not attach properly if the CPU isn’t locked down.
Note that the system may be underclocked due to boot failures and/or
abrupt shutdowns; some BIOS automatically drop frequency and/or
multiplier settings in those situations. Check the System Properties
sheet in Windows or the BIOS settings to ensure clock speeds are
correct; set them correctly if needed. Upgrade BIOS if needed to fully
support the CPU.
o Scenario: Machine starts to boot, but starts to beep repeatedly in a certain
pattern and does not continue to boot
Note the beep code pattern and look up its meaning in the system
documentation. Beep codes can be caused by a number of different
components – memory, CPU, motherboard – but the BIOS determines
what code is assigned to which error condition. Beep codes differ
between manufacturers, so be sure to look up the specific set for the
BIOS and/or motherboard at hand.
If all settings are good and other issues have been eliminated, replace
the CPU and heat sink apparatus.
Memory – Troubleshooting and common issues
o Note that since RAM is where all OS and application data lives while the
system is in operation, it’s important to keep the memory in good shape. Some
preventative maintenance tips can help with that, including:
Keep the RAM surfaces clean, using compressed air or a computer-
rated vacuum.
Use only recommended voltage levels for the installed RAM if the
BIOS permits modifying them.
Install additional case fans over or behind the location of memory
modules to keep operating temperatures optimal.
Keep the front air intake vents clean.
Replace defective cooling fans.
o Scenario: System randomly locks up, experiences corrupted data and/or
overheats
RAM modules may be incompatible. Research specs on installed
memory to make sure the modules will work in the motherboard and,
if there are more than one, the modules match each other in speed and
latency, among other ratings.
System may be overclocked, which runs more voltage through
components and generates more heat. Make sure system is set
correctly, or add adequate cooling if overclocked settings will remain.
RAM and sockets may mix metals in connectors and contacts. Mixing
tin contacts and gold connectors or vice versa causes corrosion, which
will cause performance issues. Make the metals match all around, and
if that’s not feasible, check the modules and connectors regularly for
corrosion and clean them.
o Scenario: System halts during bootup and gives ―parity error – system halted‖
message
Parity error comes from using parity memory with non-parity memory
and having parity checking enabled in BIOS. If using all parity or non-
parity memory is not an option, disable parity checking in BIOS.
Parity error is usually caused by:
Mixing parity and non-parity RAM on parity-checked systems
Mixing slow and fast RAM in the same bank/on motherboard
Loose or corroded chip and module connectors
Memory module/chip failure
o Scenario: Installed RAM size is reported incorrectly
Incorrect memory size is caused by either a defective cache memory or
defective motherboard. To narrow down the cause:
Take note of the onscreen memory count when the system
reports a memory error.
Check which modules must be installed first in the system
documentation.
Change one module at a time and reboot after each change,
starting with the suspected defective module, until the error
does not appear.
Disable cache RAM in the BIOS before testing.
If modules do not appear to be the problem, test the cache
RAM next:
o Disable L2 cache first; if the CPU has L2 and L3 cache,
disable both.
o Determine if the L2 cache is on the processor or
motherboard if the problem disappears. Replace the
cache memory if the motherboard uses removable
cache chips or a cache module; replace the motherboard
if it’s soldered onto the board. Replace the CPU if the
L2 cache is built into it.
o Return the original components if the replacement
didn’t fix the problem.
o Disable L1 cache.
o Replace the CPU and retest if the system runs normally.
If the computer works after that, the L1 cache was at
fault.
At any point in troubleshooting, it may be beneficial to use memory
diagnostic programs to give more detailed tests and precisely diagnose
trouble areas. Many can be run from bootable media, thus avoiding
potential system and resource conflicts.
Adapter cards – Troubleshooting and common issues
o Scenario: Hardware attached to adapter card doesn’t work
Open Device Manager and check the adapter card entry to ensure the
card is viewed by Windows as working. Windows uses a yellow !
symbol to designate non-working devices and a red X for disabled
devices. A driver upgrade will resolve the issue in some cases.
Look in the BIOS and make sure any onboard devices have been
disabled that could interfere with the adapter.
Check that the card is firmly seated and properly secured in the
expansion slot.
Ensure all appropriate power cables are connected to the adapter from
the power supply to the card, as some higher-end cards – video and
IEEE 1394, among others – require additional power for correct
operation.
o Scenario: Device Manager indicates a problem with adapter card
Use the Update Driver function in the Properties sheet in Device
Manager to check for more recent driver files, either from the Internet
or from a specified location, such as a driver CD or a folder on the
hard drive.
Check with the vendor if firmware upgrades are possible, and the
method to employ if so. Some may require a special boot disk, while
others use an installer in Windows. If firmware upgrades are available,
be sure not to interrupt the process once the upgrade begins, as it will
ruin the card.
Domain 1.3: Given a scenario, install, configure, detect problems, troubleshoot and
repair/replace laptop components
Components of the LCD, including inverter, screen and video card
o Although the LCD panel is not generally considered a field replaceable unit
(FRU), some manufacturers do allow it to be changed in the field by
authorized technicians, so it’s handy to be at least passing familiar with the
overall assembly. Parts that technicians may replace or work with in the field
include:
LCD front bezel: Plastic frame that serves as the front of the LCD
panel assembly and helps keep the entire assembly together. The
laptop manufacturer’s name is often embossed or printed on this part.
Inverter card: Just as with other inverters, this one takes AC power in
and steps it down into low-voltage DC power to run the components of
the LCD panel, including the sandwiched layers of crystalline material
that create the picture and the backlight, the white panel that evenly
distributes the light from the cold cathode fluorescent lamp (CCFL).
LCD panel: The panel is actually an assembly of parts, including the
screens, the backlight and the CCFL, integrated into one assembly.
Even if a technician can replace the entire display mechanism, this
panel is only available as one assembly.
Hinges: The mechanism by which the display panel folds down and
becomes the lid for the laptop. Because the connections between the
LCD panel and the motherboard are routed by the hinges, and hidden
by the hinge covers, they are treated as part of the display assembly.
LCD interface cables: This cable set provides a signal path between
the video card and the LCD panel set, as well as power to the inverter
and other parts.
LCD rear cover: With the LCD front bezel, the rear cover comprises
the shell that contains the whole assembly.
o Although the exact process for disassembling and removing LCD display
assemblies differs with every manufacturer, most technicians will find that the
general process will look like this process:
Disconnect the antenna leads from the integrated wireless Ethernet
adapter going to the display, if present.
Remove the keyboard frame and keyboard.
Disconnect the FPC cable – which transmits power and data to the
LCD panel assembly – from the system board.
Remove the antenna leads from the wireless Ethernet adapter from the
top cover clips, if present.
Rotate the display assembly at a 90-degree angle to the base unit.
Take out the screws holding the display assembly together.
Remove the display assembly from the base unit.
Save all screws, ground springs and other hardware removed during
the disassembly process; if a partitioned screw carrier is available,
place the parts removed in each partition in order of removal so the
process can be easily reversed.
Hard drive and memory
o Hard drives: Laptop hard drives use very different specifications than their
desktop counterparts. Mobile computer hard drives are 2.5-inch or 1.8-inch
form factors, not the 3.5-inch form factor drives used in desktops. Also, while
SATA power and data connectors are identical, mobile computer PATA
drives utilize a 44-pin connector to deliver both power and data.
o Removal and installation – hard drives
Turn off the laptop and disconnect it from the AC adapter.
Remove the battery.
Loosen or remove the screw(s) that retain the drive cover.
Remove the drive cover.
Remove the screws fastening the drive to chassis, if that is the
configuration.
Push the drive away from the retaining screw holes and remove it from
the chassis.
Remove the screws holding the drive to the drive cover or frame, if
applicable.
Remove the drive from the drive cover or frame.
Insert the new drive into the drive cover or frame.
Replace the fastening screws.
Insert the drive into the chassis. Replace the cover screw if the drive
fastens to the cover.
Replace the chassis screws.
Replace the cover.
Replace the battery.
Connect the machine to the AC adapter.
o Memory: Mobile computers usually have one or two RAM sockets, which
hold SODIMMs in current models but sometimes were proprietary memory
configurations in older machines. Because space is so limited, it’s advised
when obtaining memory for mobile computers to get the largest-capacity
modules the motherboard will support.
o Removal and installation – memory
Turn off the laptop and disconnect it from the AC adapter.
Remove the battery.
Remove the memory upgrade socket cover on the bottom of the
system.
Remove any screws or fastening devices.
Remove the old memory, if necessary.
Insert the new memory, ensuring the contacts on the back or edge of
the module connect firmly with the socket.
Push on the top of the module until the latches lock if installing a
SODIMM or small-outline Rambus stick.
Install screws to secure the RAM if the socket utilizes them.
Test the module by booting up and watching the memory count; use
diagnostic software if available.
Close the cover and fasten it.
Disassemble processes for proper reassembly
o Document and label cable and screw locations: When disassembling a mobile
computer, it’s easy to get overwhelmed by all the little screws, springs, pins
and other parts that are used. Before beginning, it’s recommended that the
tech obtain a pillbox or other partitioned container in which to keep the screws
and other parts removed from the machine during the disassembly process.
Some techs recommend taping the screws and parts next to the relevant step in
the process; whatever way helps keep the parts logically grouped and
organized for the tech is the right way to go. Additionally, when taking apart a
machine, the tech should carefully mark the location and arrangement of
cables in the system, either by marking them on the machine lightly or by
making notes and drawings as the tech goes. A misplaced cable can affect the
final reassembly, as well as its functionality once reassembled.
o Organize parts: Keeping parts organized not only makes it easier for the tech
to find when needed, but helps keep them from getting lost. As importantly,
organized parts make it easier for another tech to step in if the first tech is
unable to complete the job for some reason.
o Refer to manufacturer documentation: Every disassembly process is different,
and sometimes procedures vary wildly between model lines, even specific
models within a line, something that Apple technicians constantly face.
Whenever possible, the tech should make sure that the service manual for the
exact model being worked on is available and ready to be used. Even for
experienced techs, disassembling a mobile computer without the specific
service manual is not recommended.
o Use appropriate hand tools: Manufacturers often specify certain hand tools in
the documentation to ensure that the technician minimizes the potential for
structural and cosmetic damage during the repair process. Apple technicians,
for example, often need to use a black nylon stick in disassemblies, because
Apple has engineered so many of their machines to require a firm but non-
damaging lever to pry and push tabs and arrange cables in small spaces. Also,
having the correct tools avoids problems in the long run; trying to remove a
Philips screw with a Torx driver, for example, leads to stripped screws, a
damaged driver and a greatly reduced chance the disassembly can proceed.
Recognize internal laptop expansion card types: For space reasons, laptops don’t use
regular expansion slots. A series of expansion slot types have been created
specifically for mobile hardware:
PCMCIA: The first PCMCIA card specification, PC Card, used the 16-
bit ISA bus and eventually developed into a set of specifications
known as Type I (up to 3.3 millimeters (mm) thick and mostly used to
add RAM), Type II (up to 5.5 mm thick and often used for modems)
and Type III (up to 10.5 mm thick, and can accommodate a portable
hard drive or two Type I or Type II cards). PC Cards can be hot
swapped.
CardBus used the 32-bit PCI bus, but was backward-compatible with
PC Card devices; however, CardBus devices can’t be used in 16-bit
PC Card slots, due to a raised strip across the connector end of the
device. CardBus slots are Type II or Type III slots. CardBus cards can
be hot-swapped.
The current PCMCIA slot standard is ExpressCard, which uses the
PCI-E or USB 2.0 standard. ExpressCard devices come in 34 mm and
54 mm widths – known respectively as ExpressCard/34 and
ExpressCard/54 – and are 75 mm long and 5 mm thick. ExpressCard
devices are not backward-compatible with PC Card or CardBus, but
are hot-pluggable, hot-swappable and can be autoconfigured.
Mini-PCI: Most current mobile computers with built-in modem,
Ethernet or Wi-Fi support use a smaller version of the PCI standard,
mini-PCI. There are three primary mini-PCI types:
Type I
Type II
Type III
Type I and Type II cards use a 100-pin stacking connector which
connects directly to the motherboard. Type II cards, unlike Type I
cards, have built-in network or modem connectors. Type III, which
uses an edge connector, has become the most popular format. Like
Type I, Type III mini-PCI cards do not incorporate RJ-11 or RJ-45
connectors; Type I and Type III cards use connectors built into the
system. Although mini-PCI cards are sometimes considered FRUs,
they can only be purchased from the portable computer manufacturer,
since they are matched to the characteristics of a specific product line.
Mini-PCI cards configure different features on particular mobile
computers, and since they can be replaced, defective or obsolete
components can be replaced without swapping out a motherboard. Not
all cards can be replaced easily, however; some Wi-Fi cards have
antenna leads that are soldered to the card, and can only be replaced by
factory-trained technicians.
Upgrade wireless cards and video card
o Video card: Note that if it’s possible to replace the video card – and in many
systems, it’s not, unless the whole motherboard is replaced, since many
machines use integrated video – it is a complex process, often requiring a
complete disassembly of the machine. With that in mind, the general process
(the exact process is detailed in the service manual for the particular machine)
will be similar to this:
Take ESD precautions.
Unplug AC power.
Remove the battery.
Remove the hinge covers carefully.
Detach the keyboard from the chassis (usually by either removing
screws or depressing tabs).
Lift the keyboard carefully and unplug the cable from the
motherboard.
Remove the display assembly.
Unplug the video and Wi-Fi antenna cables.
Remove the optical drive.
Remove the bottom shell of the computer.
Remove the video card.
Install the new video card.
Reassemble the computer.
Boot the machine and install new drivers.
o Wireless cards: Since most current wireless cards use the mini-PCI standard,
this general process for upgrading the wireless card will focus on that
specification:
Turn off the computer.
Unplug the computer from the AC adapter and remove the battery.
Locate the mini-PCI card in the unit, which may be accessible from
the underside, or it may be necessary to remove the keyboard or other
components.
Remove the cover or components over the card.
Release the spring latches retaining the card.
Lift the top of the card until the socket releases the card.
Slot the new mini-PCI card’s edge connector into place.
Push the top of the card down into the socket until the spring clips
lock.
Replace the cover or components removed to access the socket.
Reinstall the battery.
Plug the computer into the AC adapter.
Start the computer. Install required drivers. Note that for Wi-Fi cards,
it will likely be necessary to take the antenna cables from the old card
before removing it; check the system documentation.
Domain 1.4: Given a scenario, select and use the following tools
Multimeter: Used for testing power at wall sockets and inside the computer. Most
useful for diagnosing power outputs and motherboards.
Power supply tester: Tests power supply capacity and output, and is generally safer
than other methods. More precise, but more expensive; only worth the investment if
checking power supplies is a regular occurrence (such as in repair shops).
Specialty hardware/tools: Depending on nature of machines supported, certain
specialty tools such as a soldering iron, specialized Torx bits and drivers or Allen
wrench set may be necessary to have on hand. Most PC technicians will probably
never need specialty hardware, as a screwdriver is the main tool in use with most PC
work.
Cable testers: Cable tester loops a cable into adapter ports and runs a signal through it
to determine the resistance and signal strength. This tool can determine what kind of
cable is being tested (if it’s old or not clearly marked) and whether it’s functional or
not. Most often used with network cables.
Loopback plugs: Used for testing NICs and I/O ports. The plugs send a signal back to
themselves – ―loop back‖ – or transmit lines to receive lines during diagnostic testing.
Common types of loopback plugs include serial, parallel, USB 1.1/2.0 and Ethernet.
Extension magnet: A long extendible wand with a magnetic head or tip, strong
enough to retrieve dropped screws or other components from within a case but not
strong enough to materially affect storage media. Commonly used with printers and
inside PC cases.
Domain 1.5: Given a scenario, detect and resolve common printer issues
Symptoms
o Paper jams: Curved paper paths increase the likelihood of paper jams,
particularly in environments that are less than ideal for paper, such as high
humidity. Many laser printers use an S-shaped paper path, which has a higher
mechanical complexity and greater chance of deforming or catching the paper.
Printers with C-shaped paper paths – like many inkjets, pulled horizontally
from the front of the printer, pulled through and around a series of rollers
inside the printer during the print process and ejected through the front or top
of the printer onto a paper tray – are less prone to jams. A straight-through
path, often used for heavier papers like cardstock and envelopes, reduces the
chance of mechanical issues, though the heavier paper itself is more inclined
to jam. Beyond the paper path, jams can be caused by incorrect paper loading,
overloading the input tray or using thicker media than recommended. If the
printer jams, open the cover or remove the paper tray(s) as needed to clear the
jam. It’s generally recommended to fan the pages before inserting new paper
to avoid any pages sticking due to static or residue.
o Blank paper: Blank pages printed immediately after a toner cartridge change
generally means the tape that holds the toner in place during shipping wasn’t
removed; take out the toner cartridge and ensure the tape is taken out. If the
blank page comes out after hundreds or thousands of pages, depending on the
model, the toner cartridge is likely empty; replace it.
o Error codes: Most printers either have a formatter board built-in – essentially a
motherboard – or are host-based printers, meaning the OS does all of the
processing. As such, a printer can display either on-printer error codes and
messages – provided by an LCD display or signal lights flashing – or
Windows printer driver error messages, which are displayed within the print
spooler window or a print progress dialog. Although error codes vary between
manufacturers, HP LaserJet printers are a de facto standard, and use the
following error codes to describe printing problems:
13 or 13.xx: Paper Jam (.xx stands for specific numeric values
indicating where the paper jam occurred)
20: Insufficient memory; press Go to print partial page
40: Bad transmission to EIO interface card
41.xx: Various printer errors involving media or other issues (.xx
stands for specific numeric values indicating specific error)
49.xx: Firmware error
50.x: Fuser error
51.x: Beam detect (.1) or laser error (.2)
52.x: Scanner speed errors; startup error (.1); rotation error (.2)
53.xy.zz: DIMM memory error in specified module (x= DIMM type;
y=location; zz=error number)
54.1: Sealing tape not removed from toner cartridge
54.4: Line voltage error
55.xx: Internal communications error; can be caused by formatter,
firmware, DIMM, engine controller board or fuser problems
56.x: Error in paper input or accessory (.1) or output bin (.2)
connection
59.x: Main motor error (.0), startup error (.1), or rotation error (.2)
62.x: Printer memory error in internal memory (.0) or DIMM slots (.1–
.4)
64: Scan buffer error
66.xx.yy: External paper-handling device error
68: NVRAM or permanent storage error
69.x: Temporary printing error
79: Printer detected error (can be caused by memory, firmware, EIO,
formatter)
8x.yyyy: EIO device or slot error
o Out of memory error: Sending a page to a printer that requires more memory
than the printer has causes the printer to try and print the page, but stop once
the printer’s memory fills us. The printer displays an error message or blinks
error status lights, and the page must be manually kicked out with only part of
the page printed. Most modern printers can compress data coming in to avoid
this kind of issue, although it slows the printing down. To avoid this, a user or
technician can:
Lower the resolution of the print job. Dropping the graphics resolution
to the next lower figure (from 1,200 to 600 dpi, or 600 to 300 dpi) will
reduce the memory requirement for printing the page by a factor of
four. This can be done in the Graphics or Advanced – Printing
Defaults – Paper/Quality Properties sheet. Reducing the resolution will
not affect the text resolution, but graphics will look noticeably poorer.
Eliminate or reduce the size of graphics.
Convert color photos to black-and-white photos before printing. This
could increase output quality from a monochrome laser printer, in
addition to reducing the memory needs of the pages.
Add RAM to the printer. This is the best option; the ones listed above
are simply workarounds.
o Lines and smearing: For laser printers, smearing or wet print indicates a
problem with the fuser; it isn’t getting hot enough to fuse the toner, meaning it
needs reseating or, more likely, replacement. Lines can indicate a problem
with the drum not holding charge well or being cleaned sufficiently; if that’s
the case, replacing the drum is the best option. For inkjet printers, lines and
smearing generally mean a clogged printhead or nozzles. Cleaning the
printhead or running a cartridge cleaning cycle is recommended, but if that
doesn’t help and manual cleaning has no effect, replacing the printhead and/or
cartridge is next.
o Garbage printout: A printout of nonsense and gibberish could mean a cable
problem, but more often, it’s a printer driver issue. Has the driver been
updated? Is it the correct driver? Is it the correct version of the driver (PCL vs.
PostScript)? Check the cable first, as it’s easy to swap out with a known good
one if disconnecting and reconnecting doesn’t help, but if that doesn’t fix it,
focus on the driver. Remove it and reinstall if needed.
o Ghosted image: Most often, ghosted images mean the drum isn’t being fully
cleaned, and leftover toner is causing the ghosting. If available, cleaning the
drum with the manufacturer’s printer maintenance application should be tried
first, then replacing the toner cartridge, which is where much of the
mechanical pieces of the printing process are. If that doesn’t help, replace the
image drum.
o No connectivity: A printer that can’t be reached over the network could have a
number of issues at hand, ranging from the trivial to the serious. As with
everything else, start simple: check to make sure the printer’s online first. If
so, and the printer is shared over the network and connected to a computer,
power-cycle the printer first, then reboot the computer it’s attached to locally.
Make sure the print job is being sent to the right printer on the right port. Test
that the computer it’s directly connected to can print to it as a local printer.
Test if the user can print to other network printers. If the printer prints locally
and other printers are accessible, remove the driver and reinstall it. If the
printer is directly connected to the network, ping the printer and see if it can
be found. Try a different cable, possibly even a different NIC. Check for error
messages of status light patterns. Remove and reinstall the drivers on the
user’s machine. Run diagnostic software if available.
Issue resolution
o Replace fuser: Do this to fix smearing issues on laser printouts where the
toner comes out still wet.
o Replace drum: Do this to fix ghost images or speckles on laser printouts.
o Clear paper jam: Do this whenever the printing process stops with paper still
inside the printer, or when error codes or status light patterns indicate. Usually
occurs when wrong paper or too much is fed into the printer. May also happen
in extreme environmental conditions, such as high humidity.
o Power cycle: Do this if printer loses network connectivity or to clear the print
queue, particularly if the pages are printing out with garbage characters.
o Install maintenance kit (reset page count): Do this every so often to keep the
paper path functioning and the printer operating at peak capacity; the printer
will usually prompt with an error message when it’s time. Resetting the page
count is necessary to know when the printer will likely need periodic
maintenance again. Not installing maintenance kits regularly will shorten the
working lifespan of the printer, and raise maintenance and replacement costs
needlessly.
o Set IP on printer: A network printer needs an IP address to communicate over
a network, which will need to be set manually if DHCP is not in place.
However, it may be necessary to manually set the IP address on the printer for
testing purposes or to avoid conflicts.
o Clean printer: Cleaning a printer, even if nothing ever spills, is periodically
necessary to keep the paper path from getting clogged and to keep the
printheads/cartridges functioning. With laser printers, it’s even more
important, as toner particles are very fine and get into every mechanism inside
a printer. Also, especially with laser printers, dirt and foreign material inside
the printer can affect the imaging and writing process, producing poor-quality
printouts.
Domain 2.0: Operating Systems (refers to Windows 2000, XP Home/Professional/Media
Center, Vista Home/Home Premium/Business/Ultimate, Windows 7 Starter/Home
Premium/Professional/Ultimate unless otherwise noted)
Domain 2.1: Select the appropriate commands and options to troubleshoot and resolve problems
Msconfig: The Microsoft System Configuration Utility, or msconfig, is used to
selectively disable startup programs and services, which is useful in troubleshooting
slow operation, intermittent issues or startup/shutdown issues. To run msconfig, click
Start -> Run, type msconfig and hit Enter. The tabs allow users to select the type of
startup -- Normal, Diagnostic (clean boot) or Selective Startup (where the user selects
which items and services are loaded) – launch System Restore or modify the startup
applications and processes.
Dir: Command available in command prompt and Recovery Console that shows a list
of files and subfolders in a folder, and lists file/folder attributes for each item listed.
Useful for troubleshooting file access issues. Has a number of switches and options
built into it, including:
o [drive:][path][filename] – Specifies the drive, directory and/or files to display.
o /P: Pauses after each screen.
o /W: Uses wide list format.
o /A: Displays files with specified attributes:
D: Directories
R: Read-only files
H: Hidden files
A: Files ready to be archived
S: System files
-: Prefix meaning not
o /O: List by files in sorted order:
N: Alphabetic by name
S: Arranged by size, smallest listed first
E: Alphabetic by extension
D: Arranged by date and time, earliest listed first
G: Group directories first
-: Prefix to reverse order
A: By last access date, earliest listed first
o /S: Displays files in specified directory and all subdirectories.
o /B: Uses bare format, meaning no heading information or summary.
o /L: Uses lowercase.
o /V: Verbose mode.
o Switches and options for DIR can be used in combination, with no
requirements for order of options.
Chkdsk: Used to check hard drives for errors. Available in Windows from the user
interface, but can also be run from the command prompt. Recommended to run
Chkdsk before running any other disk tools such as Disk Defragmenter. Windows
allows Chkdsk to run with the option of automatically fixing file system errors and
trying to recover bad sectors. By default, Chkdsk runs automatically at boot if a drive
has errors (―dirty‖). If run from the command prompt, Chkdsk uses switches:
o /F: Fix file system errors, including lost clusters (data not belonging to any
file) and cross-linked clusters (data belonging to more than one file)
o /R: Search for and recover bad sectors, areas of the drive marked as defective
Edit: Used to read and modify batch files, system files and other text files. Use the
syntax ―edit filename‖ to open a file in edit mode. Switches and options used with the
Edit command include:
o /B: Forces monochrome mode.
o /H: Displays maximum number of lines possible for display hardware.
o /R: Load file(s) in read-only mode.
o /S: Forces the use of short filenames.
o The Edit window has pull-down menus that can be activated by mouse or
keyboard. Hold down the Alt key and press the first letter of each menu to
display the menu if a mouse driver isn’t loaded. Edit window uses same
keyboard shortcuts Windows does:
o Ctrl+X: cuts text
o Ctrl+C: copies text
o Ctrl+V: pastes text
o Del: clears text
Copy: Used to copy files from one drive and folder to another. Folder specified in the
Copy command must already exist on the destination drive. Copy command doesn’t
work with system or hidden files, which require the Xcopy32 command. Switches
and options used with Copy include:
o /A: Indicates ASCII text file.
o /B: Indicates binary file.
o /V: Verifies new files are written correctly.
o /Y: Suppresses prompting to confirm overwriting destination file.
o /D: Allow the destination file to be created decrypted.
o /N: Uses short filename, if available, when copying file with a non-8.3 name.
o /Z: Copies networked files in restartable mode.
o Example of syntax: COPY *.PDF C:\TEMP
Xcopy: Similar to Copy, but has a number of advantages: copies files into RAM
before copying to the destination, which speeds up the operation; can create
destination folder if needed; able to operate as backup utility through modifying the
archive bit ad can copy files changed/created on or after a specific date. Switches and
options included with Xcopy include:
o /A: Copies only files with the archive attribute set, doesn’t change the
attribute.
o /M: Copies only files with the archive attribute set, turns off attribute.
o /D:m-d-y: Copies files changed on or after the specified date, or copies only
files with source time newer than destination time if no date is provided.
o /EXCLUDE:file1[+file2][+file3]...: Specifies a list of files containing strings.
Each string should be in a separate line in the files, and if any of the strings
match any part of the absolute path of the file to be copied, that file will be
excluded; specifying a string like \pdf\ or .pdf, for example, will exclude
every file in the directory pdf or with a .pdf extension.
o /P: Prompts before creating each destination file.
o /S: Copies directories and subdirectories except empty ones.
o /E: Copies directories and subdirectories, including empty ones; may be used
to modify /T.
o /V: Verifies each new file.
o /W: Prompts to press a key before copying.
o /C: Continues copying even if errors occur.
o /I: If destination does not exist and copying more than one file, assumes
destination is a directory.
o /Q: Does not display file names while copying.
o /F: Displays full source and destination file names while copying.
o /L: Displays files that would be copied.
o /G: Allows the copying of encrypted files to destination that does not support
encryption.
o /H: Copies hidden and system files.
o /R: Overwrites read-only files.
o /T: Creates directory structure, but does not copy files and does not include
empty directories or subdirectories.
o /U: Copies only files that already exist in destination.
o /K: Copies attributes.
o /N: Copies using the generated short names.
o /O: Copies file ownership and ACL information.
o /X: Copies file audit settings (implies /O).
o /Y: Suppresses prompting to confirm overwrite of an existing destination file.
o /-Y: Causes prompting to confirm overwrite of an existing destination file.
o /Z: Copies networked files in restartable mode.
Format: Used to delete all existing files and folders from a system; overwrites current
contents of the target drive unless /Q (Quick Format) option is used, which only
overwrites the file allocation table and root folder. Format has different switches and
capabilities, depending on the media being targeted. These switches include:
o Volume: Specifies the drive letter (followed by a colon), mount point or
volume name.
o /FS:filesystem: Specifies the type of the file system (FAT, FAT32 or NTFS).
o /V:label: Specifies volume label.
o /Q: Performs a quick format.
o /C (NTFS only): Files created on new volume will be compressed by default.
o /X: Forces the volume to dismount first if necessary, making opened handles
to the volume invalid.
o /A:size: Overrides the default allocation unit size. Default settings are strongly
recommended for general use.
o The following options apply to floppy disks only:
/F:size: Specifies size of the floppy disk to format
/T:tracks: Specifies number of tracks per disk side.
/N:sectors: Specifies number of sectors per track.
Ipconfig: Used to display the computer’s present network configuration, including
current IP address, subnet mask and default gateway. The ipconfig /all command
shows all current network information. Other options exist, but the two most common
are ipconfig /release, which causes the computer to relinquish the lease on the DHCP-
assigned IP address, and ipconfig /renew, which creates a new lease and obtains a
new IP address from the DHCP server.
Ping: Used to discover if a specific IP address is available and/or receiving traffic.
Generally used with loopback address (127.0.0.1) or to see if traffic is reaching an
address on a network. Command sends four packets to address and records time of
the round trip; the lower the time, the faster the connection. Switches include:
o –t: Ping host until stopped (Ctrl-C or Command-Break)
o –a: Resolves addresses to host names
o –n (count): Number of requests to be sent
o –w (timeout): Time to wait for each reply (given in milliseconds)
o –l: Send buffer size
Md/cd/rd: Used to make a directory, change to a directory or remove directories. The
commands are pretty basic; although cd and rd do have switches, they aren’t
commonly used. Directories, or folders, are referred to as either absolute, meaning
they provide a full folder path, or relative, meaning they refer to one level down from
the present directory location. Examples of usage:
o MD \Temp: Makes the Temp folder one level below the current drive’s root
folder
o CD \Temp: Changes to the \Temp folder
o RD \Temp: Deletes the \Temp folder, if it’s empty
Net: Used for displaying and using network resources from the command line. Some
of the Net commands available:
o net help: Shows help for a Net option.
o net use: Maps a network drive to a shared resource on the network.
o net view: Displays other hosts on the network.
o net helpmsg errorcode#: Shows meaning of any Microsoft error code.
Tracert: Used to delineate path a packet takes from host PC to an Internet destination,
showing number of hops and how long each hop takes. Generally used to discover
bottlenecks or points of failure. Known as traceroute on many UNIX systems. Syntax:
tracert <destination hostname>.
Nslookup: Used to determine information about the DNS. When run without options,
nslookup displays the name and IP address of the default DNS server before
displaying a DNS prompt. Enter the name of a Web site/server to determine its IP
address; enter the IP address of a Web site/server to determine its name.
[command name] /?: Used to show commands and appropriate syntax. Works for all
valid commands in the command interpreter.
Sfc: Used to check protected system files – generally, .DLL, .SYS, .OCX, and .EXE
files, and some font files used by Windows – and replaces incorrect or missing files
with correct files. SFC can fix problems with built-in Windows apps caused by
installation of obsolete Windows system files, user error, deliberate erasure, virus or
Trojan horse infections and other issues. Type SFC at the command prompt, along
with the desired switch, to run the utility. Common switches include:
o /scannow: Scans all protected files immediately.
o /scanonce: Scans all protected files at next boot. SFC will prompt to reinsert
Windows distribution disc so files can be copied to DLL cache if missing files
are discovered.
o /scanboot: Scans all protected files every time system starts.
o /revert: Returns scan setting to the default.
o /purgecache: Allows user to delete file cache.
o /cachesiz=x: Allows user to modify file cache size.
Domain 2.2: Differentiate between Windows OS directory structures (Windows 2000, XP, Vista
and Windows 7)
Directory structure Windows XP/2000 Windows 7/Vista
User file locations %SystemDrive% (usually C:)
\Documents and
Settings\{username}
%SystemDrive%\Users/User
User profile and
program files %SystemDrive%\Documents and
Settings\{username}
%SystemDrive%\Users\{username}
System file
locations
The Windows directory, usually
C:\Windows, formerly C:\WINNT
%SystemDrive%\Windows
Fonts %windir%\fonts %windir%\fonts
Temporary files %SystemDrive%\Documents and
Settings\{username}\Local
Settings\Temp
%SystemDrive%\Users\{username}\
AppData\Local\Temp
Program files %SystemDrive%\Program Files %SystemDrive%\Program Files,
%SystemDrive%\Program Files (x86)
(only in 64-bit version)
Offline files and
folders
%systemroot%\CSC (hidden
folder)
%systemroot%\CSC (hidden folder)
Domain 2.3: Given a scenario, select and use system utilities/tools and evaluate the results
Disk management tools
o Defrag: As files are erased and added to the hard drive, the blocks of data that
make up system and user files become fragmented, stored on different areas of
the drive. Disk Defragmenter, as well as several third-party utilities, can move
these blocks on the drive so that data is stored in contiguous sections,
increasing read speeds and decreasing overall resource usage. Disk
Defragmenter can be run:
From the Accessories menu’s System Tools submenu
From the drive’s Properties sheet’s Tools tab
From the command line: defrag (use defrag /? for options)
o NTBackup: NTBackup is a backup program that can be run from the
Windows XP/2000 GUI or from the command line. NTBackup can be run:
From the Accessories menu’s System Tools submenu
From the command line: ntbackup
From the Tools menu of the drive’s Properties sheet
NTBackup supports backups to a number of drive types,
including tape drives, floppy disk drives, removable-media
drives and external hard disks. A backup can be saved to a CD
or DVD burner if the backup fits on a single disc, but the
backup file must be created first and can’t be burned to the disc
during the backup process. The backup process allows users to
choose:
o Which drive(s) to back up
o Which files to back up: all data files, or new and
changed files only
o Whether to back up the Windows Registry
o Where to create the backup: tape drive, floppy disk,
another hard drive or a removable-media drive
o Whether to replace an existing backup on the backup
medium or to append it to existing backup files
o How to run the backup: whether to use data
compression, password protection, verification and/or
volume shadow copy, enabling open files to be backed
up
XP’s version of NTBackup adds the ability to perform an
Automated System Recovery (ASR) backup/restore to rebuild
Windows after system failure, but the Windows 2000
Emergency Repair Disk (ERD) functionality isn’t supported.
o CheckDisk (chkdsk): Used to check hard drives for errors. Chkdsk can
attempt to recover data from bad sectors, but can’t fix the sectors. It can be
run from the command line or the Tools tab in the Properties window of the
hard drive, accessible through the right-click context menu in the My
Computer or Computer window. Windows allows Chkdsk to run with the
option of automatically fixing file system errors and trying to recover bad
sectors. By default, Chkdsk runs automatically at boot if a drive has errors
(―dirty‖).
Disk Management: Disk Management is a snap-in, part of the Computer Management
console; it’s the Windows application for analyzing and configuring hard drives. Disk
Management has a number of options and configuration possibilities, and allows the
user to set up:
o Active, primary, extended and logical partitions: When setting up drive
partitions, a user can choose from four types, which are closely interrelated. A
primary partition is treated as an individual drive, or volume, by Windows;
only a primary partition can be made active, or bootable. A single drive can
hold up to four primary partitions, but only one primary partition can be
active. An extended partition can’t itself take a drive letter, but can contain
one or more logical partitions, which can each take a drive letter. In addition,
an extended partition can’t be bootable, nor can any drive inside the extended
partition. Only one extended partition can be stored on each physical drive.
o Mount points/mounting a drive: A mount point is an empty folder that
essentially acts as a shortcut to a mounted drive. To act as a mount point, a
folder has to be both empty and stored on an NTFS volume. Mounted drives
use drive paths, which provides for more drives than using drive letters, and
provide more space for temporary files. To mount a drive, follow these steps:
Right-click the partition or volume to mount and select Change Drive
Letters and Paths.
Click Add in the window that appears.
Browse to the intended mount point and click OK for both windows.
To remove the mount point, open Disk Management, right-click the
mounted volume and select Change Drive Letters and Paths, and select
Remove.
o FAT32, NTFS, FAT64 (exFAT): As detailed in previous sections, FAT32 is
an older (introduced in 1995) 32-bit file allocation table system that can
handle logical partitions sizes up to 2 TB, and can be used for hard drives,
flash memory and removable media. NTFS is the native file system for
Windows 7, Vista, XP and 2000, and is widely considered the superior file
system, as it has many upgrades and additional features, including the native
ability to compress files, folders and drives; a theoretical partition limit of 16
exabytes (EB); support for encryption; the ability to mount drives and treat
them as regular drives, which allows the use of removable media; and disk
quota support. FAT64, or exFAT, is a 64-bit file allocation table system that
doesn’t have the storage limitations of FAT32 or the security features of
NTFS. It’s most often used with low-end systems where security is of no
concern.
External hard drives/flash drives: For compatibility purposes, virtually
all external hard drives and flash drives are formatted with FAT32.
o Drive status: Disk Management has several status classes for drives connected
to the system. These classes include:
Foreign: Remote disk, or dynamic disk added from another system
Healthy: Volume is accessible and functioning correctly. May see
―Healthy (boot),‖ which means the active partition on the first drive.
Formatting: Drive or partition is being formatted.
Unallocated: Space that hasn’t been assigned to a partition
Failed: Volume or partition is not accessible.
Dynamic: Volume or partition can be managed and resized without
restarting the computer.
Offline: Dynamic disks that cannot be reached due to various possible
reasons. The disk may be remote.
Online: Volume or partition is accessible.
o System Monitor: The System Monitor, or Performance Monitor, is often used
to determine the memory usage on a computer and whether more should be
added. Many performance factors can be determined through the measurement
of objects, which include physical devices such as the processor and RAM
and software such as protocols and services, with counters.
Administrative tools: Windows has certain tools and applets built-in to allow
administrative-level users to make configuration changes and perform certain tasks on
a system. These tools include:
o Performance Monitor: The System Monitor, or Performance Monitor, is often
used to determine the memory usage on a computer and whether more should
be added. Many performance factors can be determined through the
measurement of objects, which include physical devices such as the processor
and RAM and software such as protocols and services, with counters. It can
be accessed by typing perfmon.exe in the Run prompt and hitting Enter, then
clicking Performance Monitor, or through the Administrative Tools applet in
Control Panel.
o Event Viewer: Windows provides a built-in tool called Event Viewer to
examine various troubleshooting or diagnostic log files, which can be viewed
by right-clicking the Computer/My Computer icon on the desktop or entry in
the Start Menu, clicking Manage and clicking Event Viewer; it’s also
available from the Administrative Tools applet in Control Panel. Event
Viewer captures a number of different logs, but the three most useful to
technicians are usually the Application, Security and System logs. To view an
entry, click on a log in the left pane and entries will appear in the right pane.
o Services: A service is program designed to run in the background without user
intervention and perform specific tasks. In Windows, the Services console
controls the various Windows and third-party services installed on the
computer. The console can be reached from the Administrative Tools applet in
Control Panel, or typing services.msc in the Run prompt and hitting Enter. In
the console, the service name will be on the left, with a description of what it
does to the right, its status right next to that and the startup type to the right of
the status. Startup type can be Automatic (Delayed Start), meaning it starts
after Windows boots to avoid delaying user login; Automatic, or starting with
Windows; Manual, or starts only when needed; or Disabled.
o Computer Management: Unlike most of the other programs mentioned here,
Computer Management isn’t a tool in itself, but more of a handy one-stop
interface for using the others. It’s usually simpler to use Computer
Management, as it has most of the configuration tools – Event Viewer, the
Device Manager, Local Users and Groups, Services, and disk tools such as
Disk Management – in one window. Computer Management can be accessed
by these methods:
Click Start -> Right-click Computer/My Computer -> Click Manage
Click Start -> All Programs/Programs -> Administrative Tools ->
Computer Management
Press Windows+R to open the Run prompt (or open the Start Menu)
and type compmgmt.msc.
Device Manager: Device Manager is the main tool for managing hardware in
Windows; it provides a graphical method of viewing hardware configurations and
resources, including drivers. Device Manager can be accessed by typing
devmgmt.msc at a Run prompt and hitting Enter, or right-clicking My
Computer/Computer – from the desktop or the Start Menu – and selecting Properties.
Within Device Manager, a user can perform several tasks:
o Enable/Disable: Devices can be disabled for troubleshooting purposes quickly
in Device Manager, either through right-clicking the device in the main
Device Manager window and selecting Disable, or by going to the Driver tab
in the device’s Properties sheet and clicking Disable. To enable a disabled
device, use the same procedure, but select Enable for either path.
o Warnings/Indicators: Device Manager uses a yellow ! symbol to designate
non-working devices and a red X for disabled devices; in Vista and Windows
7, users may see a white circle with a black down-pointing arrow to signify
disabled devices. Device Manager also uses error codes in the Device Status
field on the General tab of the device’s Properties sheet; these error codes can
be used to discover the cause of device failures.
Task Manager: The Task Manager utility allows users to see, in real time, the behind-
the-scenes functioning of Windows and its installed applications. Task Manager can
be invoked in a number of ways, including:
o Right-click the taskbar and select Task Manager
o Press Ctrl+Shift+Esc
o Open the Run prompt and type taskmgr
o Press Ctrl+Alt+Del and select Task Manager from the Windows Security
dialog box.
o The Task Manager has a number of tabs, including:
Applications – shows what programs are running
Processes -- shows the program components loaded in RAM
Performance – statistics on CPU, memory, pagefile usage and caching.
XP version has a Networking tab, which lists network utilization by
adapter, and a Users tab, which enumerates the currently logged-in
users.
Windows Vista adds a Services tab, which shows the active services
on the computer and present status.
o The Process tab can be useful when trying to determine what may be behind a
lockup or freezing issue; the processes can be examined by resource usage,
and processes that are stuck or using excessive amounts of system resources
can be terminated by using the End Process button. Processes can also be
killed by right-clicking the process in question and selecting End Process of
End Process Tree. Although not generally recommended, it also possible to
modify the process priority – its chance of getting processor time, based on a
ranking by the OS – of a process or program in Task Manager, by right-
clicking the process and selecting Set Priority.
System Information: The System Information utility – msinfo32 – details the settings
and specifications for the hardware and software installed in the computer, ranging
from audio codecs to print jobs to the amount and type of RAM. Most commonly
used to check system memory and BIOS version, msinfo32 can also be used to check
which drivers successfully loaded at startup. It can be accessed by typing msinfo32 at
the Run prompt, or through the System applet in Control Panel.
System Restore: System Restore enables users to reset a PC’s configuration to an
earlier state, generally to fix issues caused by a bad hardware or software installation.
Driver and software files installed stay, as does user-created data, but Registry
changes made by the defective installation are reversed, so the system works as it did
before. Restore points can be created by the user with System Restore, and are created
automatically by the system before new hardware or software is installed. To create a
restore point in Windows 7 and Vista, use this process:
o Right-click Computer and select Properties.
o Click the System Protection tab.
o Click Create. This opens the System Protection window.
o Enter a name for the restore point and click Create.
In Windows XP, use this process:
o Navigate to Start, All Programs, Accessories, System Tools, System Restore.
o Click Create a Restore Point and click Next.
o Enter a descriptive name for the restore point, such as Before I Installed
DuzItAll Version 1.0 and click Create.
o System Restore stores the computer’s current hardware and software
configuration as a new restore point.
To restore a Vista/7 system to an earlier condition:
o Access the System Protection tab again, and click System Restore.
o Select either Recommended Restore or Choose a Different Restore Point.
o The Recommended Restore point will ask for confirmation. Select a different
restore point if needed and confirm.
o The system will initiate the restore and automatically restart. Windows 7 and
Vista allows users to undo a system restore if it did not repair the issue.
To restore an XP system to an earlier condition:
o Navigate to Start, All Programs, Accessories, System Tools, System Restore.
o Click Restore My Computer to an Earlier Time and click Next.
o Select a date from the calendar; bolded dates have restore points.
o Select a restore point and click Next.
o Close any open programs and save all work before clicking Next to start the
process; Windows will shut down and restart.
o The system will initiate the restore and automatically restart.
o Note that System Restore is vulnerable to virus or malware infection, since if
a restore point is created during an infection, reverting the system to that
restore point could reestablish an infection. Most anti-virus vendors
recommend System Restore be disabled before removing computer viruses.
Remote Desktop Protocol: Windows from XP forward includes Remote Desktop, a
feature that enables a user to access the system remotely and use its desktop,
applications, peripherals and other resources. Only one connection can be active at a
time; if another user is currently logged on locally, he or she must log off to allow the
remote connection. Windows Vista and XP Professional automatically runs the
Terminal Services service, which is required for Remote Desktop incoming
connections. To accept remote connections:
o Make sure the remote user has been added as a user for this computer and has
a password. Use the User Accounts applet in Control Panel to check.
o Configure the firewall to permit connections via TCP port 3389. If the system
uses Windows Firewall, selecting Remote Desktop on the Exceptions menu
automatically opens this port, but for a third-party firewall, the setting may
need to be set up manually.
o Open the System Properties sheet, click the Remote tab, and select Allow
Users to Connect Remotely to This Computer in the Remote Desktop portion.
o Click Select Remote Users to view the list of Remote Desktop Users. If the
user to be added isn’t in the list, click Add. On the Select Users dialog, enter
the user name and click Check Names.
o Repeat Step 4 until all remote user names are added. Click OK when finished.
To start the connection process:
o Click Start, All Programs, Accessories, Remote Desktop Connection.
o Enter the name or IP address of the remote computer, and click Connect.
o Provide a username and password from the list of authorized remote users and
click OK when prompted. The remote desktop appears.
To quit the remote session:
o To end the remote session but stay logged in, click the X in the remote dialog
tab and click OK on the Disconnect Terminal Services Session dialog.
o To log out of the remote session, click Start Log Off, and click Log Off when
prompted.
o To disconnect, click Start, Disconnect and click Disconnect when prompted.
Task Scheduler: Task Scheduler is a utility that allows users to set up recurring events
on the computer, such as Disk Defragmenter or NTBackup. To access Task Scheduler
in Windows 7 and Vista, click Start -> All Programs -> Accessories -> System Tools
-> Task Scheduler, or in XP, the Scheduled Tasks wizard by clicking Start -> Control
Panel -> Scheduled Tasks.
Regional settings and language settings: When configuring Windows for users who
use language settings other than American English, the Region and Language applet
in Windows 7 and Vista, or Regional and Language Options in XP, is the tool that
allows users to change keyboard layouts, alter how numbers and dates are displayed
and switch default locations, among other settings. These applets are in the Control
Panel, and can quickly be configured. It’s most often used for keyboard settings.
Domain 2.4: Evaluate and resolve common issues
Operational problems
o Windows-specific printing problems: Printers are complex machines, driven
by equally complex drivers and controlled by an OS that represents a massive
amount of programming and logic. It’s no surprise, then, that there are certain
printing issues that crop up more frequently than others. Two of the more
common ones are:
Print spooler stalled: Windows runs the print spooler as a service, so if
the spooler seems to freeze or stop, restarting the service is a common
fix. To restart the print spooler, use this procedure:
Open Computer Management.
Expand Services and Applications and click on Services.
Scroll to the Print Spooler entry.
Right-click it and select Restart from the menu. Another way to
restart the spooler is to open a command prompt, type net stop
spooler to stop the service, and net start spooler to start it
again.
Incorrect/incompatible driver: Nonsense characters printing can have
several causes, but a corrupted or incompatible printer driver is the
most common. To install a new driver for an existing printer, use the
New Printer Driver wizard; start it with the New Driver button on the
Advanced tab of the printer’s Properties sheet. This wizard displays
XP drivers for a variety of printers, and allows for loading a driver
from a disk or folder. Note that this may not work for printers that use
a setup program to install the driver, such as many inkjet printers. If
that’s the case, download an updated driver from the vendor’s Web
site and run the setup. The printer should be turned off before running
setup to avoid interference. If a printer continues to print gibberish
after the update, look for cable or port damage.
o Auto-restart errors: Ever seen an error that immediately caused the system to
reboot? That’s an auto-restart error. There is no difference between an auto-
restart error and a STOP/BSOD error itself; the only real difference is a
Stop/BSOD error triggers auto-restart on systems configured to restart the
computer when a Stop error occurs. Systems that require 24/7 availability and
rarely experience Stop/BSOD errors should probably be configured to restart
automatically; the default setting is to force a manual restart. Follow these
steps to set this option:
Open the System Properties window.
Click the Advanced tab.
Click Settings under the Startup and Recovery section.
To enable auto restart, click the empty checkbox for Automatically
Restart under the System Failure section. Clear this checkbox to
disable auto-restart if enabled.
In order to diagnose a STOP/BSOD error on an auto-restart-enabled
system, ensure the Write an Event to the System Log option is
enabled.
o BSOD: A blue screen of death (BSOD), also known as a Stop error, generally
occurs during startup or after the machine is running. When a BSOD occurs,
the system completely stops, which is by design, and requires the user to
power cycle the machine. Note the error code displayed on the screen when a
BSOD happens; this error code can reveal what component or subsystem has
generated the BSOD, which can be caused by any of the following:
Incompatible or defective hardware or software
Restart the PC in Safe Mode and uninstall the last item added
to the system, whether it was hardware or software. Obtain the
latest updates to the driver or software before reinstalling, and
swap out the RAM (a common BSOD cause) or run memory
diagnostics.
Registry problems
Reboot and select Last Known Good Configuration from the
Windows boot menu.
Viruses
Use an antivirus program to scan the PC and remove any
found.
Miscellaneous causes
Open Event Viewer and check the System log, and look up the
error code on Microsoft’s online support site.
To determine the exact cause of the error:
Record the exact error message before restarting the computer.
Research the error at Microsoft’s online support site if the
BSOD keeps happening.
o System lockups: A system lockup can be a frustrating problem to have, since
there are a number of possible causes that may seem unrelated, including:
Corrupted or outdated display, mouse or DirectX drivers
Overheating
Memory configuration issues in BIOS
If the computer won’t start except in Safe Mode or VGA mode, has
frequent lockups or display signal corruption when the mouse is
moved, it’s likely the system needs updated display, mouse or DirectX
drivers. As a temporary workaround, the video acceleration settings
can be reduced:
In Windows 7 and Vista, right-click the desktop and select
Personalize.
Click the Display Settings link at the bottom of the window.
Click Advanced Settings.
Select the Troubleshoot tab and click Change settings.
To reduce video acceleration in Windows XP:
Open the Display Properties window.
Click the Settings tab.
Click Advanced.
Click the Troubleshoot tab.
If unsure which setting to try, follow these steps:
Start the computer.
Open the Troubleshooting or Performance dialog box as
described previously.
Slide the acceleration pointer one notch to the left from its
current position.
Click Apply, OK, and then OK again to close the Display
Properties dialog box.
Use your normal software and perform typical tasks.
If the computer now performs acceptably, use this setting until
updated drivers can be installed. If the computer continues to
have problems, repeat Steps 2–5 and move the pointer one step
to the left each time until the problems stop or drivers can be
updated.
o Device driver failure: If an error message such as ―Device x referred to in
System.ini/Win.ini/Registry not found‖ appears, the most likely cause is the
file invoked has been removed from the system incorrectly. Use the
appropriate option to uninstall or remove undesired programs and/or devices:
For hardware, use the Remove option in Device Manager before you
physically remove the hardware. Using Remove removes Registry and
.ini file entries so it won’t be referred to restart.
Open Programs and Features in Vista and Windows 7, or Add/Remove
Programs in XP in the Control Panel, select the program to remove.
This starts the uninstall process for applications and utilities listed on
the menu.
Use the program’s own uninstall option or a third-party uninstaller.
Any of these options should remove both the program and references
to it in the Registry and other locations, such as System.ini or Win.ini.
If the program is removed by deleting its folder, leaving references in
the Registry or .ini files, use the error message to determine which file
contains the reference.
Application install/start/load failure: Programs might not start or load
for several reasons, which include:
Invalid working directory
Missing or damaged shortcut
System hardware, system configuration or OS version not
compatible with program
Program components not properly listed in registry
The Invalid Working Directory error might be displayed if a program
is configured to use a folder that’s unavailable. In that case, try these
options:
Configure the program to use an available folder using the
program’s Properties sheet.
Make sure the user is logged onto the network if the working
folder is on a network drive.
Ensure the user has inserted the correct media before beginning
work if the working folder is a removable-media drive. If the
drive is present but has been assigned a different drive letter,
use Disk Management to assign the correct drive letter.
A program not listed on the Start Menu or the Windows desktop may
indicate a shortcut was deleted or was never created. Follow these
steps to add a desktop shortcut:
Make sure desktop icons are visible. If they aren’t, right-click
an empty part of the Windows desktop, select Arrange Icons
By and select Show Desktop Icons.
Right-click an empty part of the Windows desktop and select
New, Shortcut.
Enter the path to the program or click Browse to locate the
program for which the shortcut is being created. Click Next.
The shortcut name created by Windows is displayed. Click
Finish to keep the name, or change it and click Finish.
Another way to enable operation of troublesome programs by using
the Program Compatibility Wizard, located in the Accessories menu,
to select an older Windows version to emulate for a particular program
or customize display settings. If the program is not compatible with the
Windows version installed, check the manufacturer’s Web site for
patches, updates or workarounds. If a program worked previously, its
components might be damaged or erased; reload the program if
possible, or reregister the .dll components with the command-line tool
Regsvr32.
o Service fails to start: Services can be run automatically or manually and are
controlled through the Services node of the Computer Management Console.
Right-click My Computer/Computer and select Manage, then expand the
Services and Applications node and click Services, or access the Services
dialog from the Services applet in Administrative Tools. The Services dialog
lists each service by name, provides a description, status message, startup type
and whether the service is for a local system or network service. To view the
properties for a particular service, double-click the service listing. Users can
stop, pause or resume a service from this dialog, as well as from the Services
dialog. Use the Log On tab if the service should be configured to run for a
specific user, the Recovery tab to specify what to do if the service fails, and
the Dependencies tab to see what other services work with the specified
service. If a system cannot perform a task that uses a service, go to the
Services dialog and restart the service. If a service prevents another task from
running, go to the Services dialog and stop the service.
Error messages and conditions
o Boot – Common errors and likely causes
Error: Invalid boot disk
Hard drive is not formatted
File allocation table is corrupted
No bootable CD or media in drive
Check for hard drive issues
Error: Inaccessible boot drive
BIOS unable to find drive
Check for BIOS setup errors
Error: Missing NTLDR
OS boot loading program could not be found
Check for hard drive issues
o Startup – Common errors and likely causes
Error: Device/service failed to start
OS unable to load service
OS unable to load device drivers
Check for corrupted .ini files or registry
Error: Device or program in registry not found
Windows may be corrupted
Device driver might be missing or corrupted
Check for corrupted .ini files or registry
o Event viewer (errors in event log): In Event Viewer, the System log records
error information regarding drivers and system files, while the Application log
records information and errors about applications within the operating system.
o System performance and optimization
Aero settings: Although Aero is a popular addition to Windows
technologies, it can present an impediment to system operation, as it
presents a significant load on memory and graphics processors. In
some situations, it may be recommended to disable Aero. To disable
Windows Aero, click the Theme link from within the Personalize
window. Then, from the Theme drop down menu, select Windows
Classic.
Indexing settings: Indexing too much content can lead to poorer
system performance, particularly on systems that are not packing the
latest and greatest hardware. To adjust indexing settings in Vista and
Windows 7, go to Start, Control Panel, System and Maintenance and
click Indexing Options, which allows users to modify whether folders
are indexed by clicking on the Modify button and selecting or
deselecting specific folders. Selecting an entire volume is not
recommended, as it will slow the system down. Use indexing for
specific folders where important data is stored. Follow these steps to
disable indexing altogether:
Click Start, then right-click Computer and select Manage to
bring up Computer Management.
Expand Services and Applications in the left window pane and
click Services.
Scroll down to Windows Search in the right pane, right-click it
and select Stop. Check the startup type by right-clicking the
service and selecting Properties. If the startup type is set to
Automatic, change it to Manual or Disabled, or the service will
start up again when the computer is restarted.
Indexing for individual drives can be turned off as follows:
o Open Windows Explorer.
o Right-click the volume to stop indexing on and select
Properties.
o At the bottom of the window, deselect Index This Drive
for Faster Searching.
Follow these steps to turn off indexing in Windows XP:
o Click Start, then right-click My Computer and select
Manage to bring up Computer Management.
o Expand Services and Applications in the left window
pane and click Services.
o Scroll down to Indexing Search in the right pane, right-
click it and select Stop.
Indexing can be deactivated on any volume by right-clicking
the volume, selecting Properties and deselecting Allow
Indexing Service to Index This Disk for Fast File Searching.
UAC: User Account Control (UAC) is a security component
introduced in Windows Vista that keeps every user except the
Administrator account in standard user mode instead of administrator
mode, even if they belong to the administrators group. UAC was
created with two goals in mind: eliminate unnecessary requests for
excessive administrative-level access and reduce the risk of malicious
software using administrator access to infect OS files. While the UAC
is an important part of Windows security, disabling the UAC box may
provide a slight performance gain; it’s not recommended, but in some
situations, it may be useful to have the extra boost.
To change UAC status, go to Start, Control Panel, User
Accounts and Family Safety, then select User Accounts, and
Turn User Account Control On or Off. UAC can be turned on
and off by checking or unchecking the box. The system will
need a restart after making the change.
Sidebar settings: Introduced with Vista, the Windows Sidebar is a new
desktop window pane used to house gadgets, or mini-applets that
provide a range of services and interact with other applications. For
performance reasons, the Sidebar can be modified by right-clicking it
and selecting Properties. There, users can choose whether the Sidebar
starts with Windows, change its orientation and remove gadgets.
Startup file maintenance: Most PCs are set to run programs and
services at startup. Windows can also start programs automatically
from these locations:
Startup folder in the Start Menu for all users
Startup folder in the Start Menu for the current user
Registry keys, such as
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cu
rrentVersion\Run,
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr
entVersion\Run,
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cu
rrentVersion\RunOnce,
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr
entVersion\RunOnce
Startup programs might wind up in the Task Bar or the systray,
or they might be in a window or full-screen. To keep a program
from loading at startup, configure the program not to run at
startup if possible, or use msconfig.exe to block the program
from running at startup.
Background processes: Windows can be configured to use more
memory for background services – minimized windows, printing –
instead of the default setting favoring foreground applications. This is
recommended when the computer is a file or print server on a small
network. Use these steps to make that configuration happen:
Open System Properties and click the Advanced tab.
Click Settings in the Performance box to open Performance
Options.
Click the Advanced tab.
Adjust for best performance of either Programs or Background
services. Click OK.
Domain 3.0: Networking
Domain 3.1: Troubleshoot client-side connectivity issues using appropriate tools
TCP/IP settings: Configuring the TCP/IP settings correctly means the difference
between a fully networked device and one that just sits there, able only to access
what’s installed on it. There are certain settings and configurations that need to be in
place for the networking connection to function, including:
o Gateway: This setting identifies the IP address of the device that connects the
computer to the Internet or other network. Most current networks use DHCP
to automatically assign TCP/IP settings, including the gateway address, but if
DHCP is not used on the network, this address will have to be entered
manually. To do that, open Network Connections, right-click the network
connection, select Properties, click Internet Protocol (TCP/IP) or Internet
Protocol (TCP/IP)v4 in the list of protocols and features and click Properties.
Users can select the Use the Following IP Address radio button to enter the
information.
o Subnet mask: This setting identifies a value that is used to distinguish between
the network portion of the IP address, and the host portion. It’s also used to
define subnetwork segments. As with the gateway, it is usually assigned by
DHCP in modern networks, but can also be configured manually in the same
method as detailed before.
o DNS: The Domain Name Service setting identifies the address of the DNS
servers, which are responsible for resolving IP addresses into readable domain
names and vice versa. It is also generally configured through DHCP, and
manually configured in the same way as already detailed. If it is necessary to
manually enter the DNS server address, it’s general practice to input two
server addresses, so in case one fails, the ability to use the network is
preserved.
o DHCP: The Dynamic Host Configuration Protocol is designed to manage a
limited number of IP addresses by assigning them automatically to a pool of
machines on an as-needed basis. DHCP makes managing networks easier, and
joining networks easier yet. All the configuration work is done at the server
end; a client only has to set the network configuration to Obtain an IP Address
Automatically. This is in stark contrast to the older method of network
configuration, using static IPs, where every device had to have the network
information – IP address, gateway, subnet mask, DNS servers, WINS servers
– entered in for each and every machine.
o NAT: Network Address Translation (NAT) is another technology created to
manage resources. NAT maps a group of private IP addresses, which use non-
public address ranges, to a single public IP address in a technique known as IP
masquerading. It has security purposes to it as well, but its main effect has
been to conserve IP addresses until TCP/IPv6 is widely adopted. Most
wireless access points and routers sold for small office/home office (SOHO)
setups use a form of NAT.
Characteristics of TCP/IP
o Loopback address: The loopback address – 127.0.0.1 – is part of a special
class of IP addresses; the range of addresses that begin with 127 is reserved
for testing and experimental purposes. 127.0.0.1 is used to test network
connectivity, as a ping command sent to that address will come right back to
the sending device.
o Automatic IP addressing: Automatic IP addressing (APIPA) is an addressing
scheme used by computers to assign IP addresses when DHCP is not
available. APIPA assigns addresses in the 169.254.x.x range, which allows
LAN connections, but a machine assigned an IP address through APIPA will
not connect to the Internet.
Mail protocol settings:
o SMTP: Simple Mail Transfer Protocol (SMTP) sends email from a client
system to an email server, which uses SMTP to send the message to the
receiving server. SMTP packets generally use port 25.
o IMAP: Internet Message Access Protocol (IMAP) enables messages to remain
on the email server so the user can retrieve messages from any location. IMAP
also supports folders, so messages can be organized into a directory structure.
IMAP-based email accounts must have IMAP selected as the email server
type, and the name of the server, the user’s user name and password and
whether the server uses SSL must be configured in the client. IMAP packets
generally use port 143.
o POP: Post Office Protocol (POP), the more popular of two receiving email
protocols, supports downloading messages from the mail server to a
computer’s local folders. Travelers may want to stay away from POP systems,
as it is not suitable for users who frequently switch computers due to email
being spread out over multiple computers. POP3 is the current standard. POP3
users typically use SMTP to send messages. POP packets generally use port
110.
FTP settings
o Ports: File Transfer Protocol (FTP) is designed to allow access to specialized
servers for file transfers up and down to users. FTP traffic generally uses ports
20 and 21.
o IP addresses: FTP servers are hosts in the same way that HTTP servers are, so
Web browsers can be used to access FTP sites by typing in a URL than begins
with ftp://. FTP sites can also be reached through their IP addresses; if using a
command prompt to access the site, this is a common method to use. It’s not a
bad idea to ping the IP address first to make sure it’s active.
o Exceptions: When configuring a firewall on a computer, the user may want to
leave ports 20 and 21 open to allow FTP traffic. While standard practice, FTP
is not a secure method of file transfer, as all its transmissions are in clear text.
FTP is considered a deprecated protocol by many, and it’s recommended that
any implementation of FTP-like services be carried out through secure FTP,
which uses Secure Shell (SSH) to keep packets secure. SSH uses port 22.
o Programs: Windows incorporates a command-line FTP program, ftp.exe, into
the command prompt, and Internet Explorer is a functional FTP client as well,
but it’s generally recommended to use a third-party program for FTP traffic,
as third-party software often provides a multitude of features to make FTP
more secure and easier to use. CuteFTP and WinFTP are two examples of
well-known FTP clients.
Proxy settings
o Ports: Proxy servers are computers that intercept Web requests from users on
the internal network for the Internet. The proxy caches the requested files, and
substitutes its IP address for requests to outside servers, much like NAT.
Proxies are frequently set up to act as firewalls for an organization’s internal
network and a gateway. Traffic to proxy servers can be set on any port, but
since they usually handle secure connections as well, which use SSH, note
that port 22 will need an exception set for it on the firewall.
o IP addresses: Users that utilize a proxy server may not even realize it,
especially in large corporations with IT departments to handle that
configuration for them. Settings for using proxy servers are usually configured
in the Web browser being used, and the IP addresses and/or fully qualified
domain names of the servers are included, along with the ports the proxy
traffic is on.
o Exceptions: Port 22 will need an exception as noted earlier, as well as
exceptions for whichever port(s) the proxy traffic is using for Web packets.
HTTP traffic generally uses port 80, but administrators may change that for
security and monitoring purposes.
o Programs: Most users and technicians will work with proxy servers only in the
context of Web browsers: Internet Explorer, Mozilla Firefox, Google Chrome
and a few others. Configuring a proxy server is outside the scope of the A+
exams.
Tools (use and interpret results)
o Note that all of the following tools, unless otherwise noted, are command-line
utilities.
o Ping: Used to discover if a specific IP address is available and/or receiving
traffic. Often used with loopback address (127.0.0.1) to test individual
machine’s setup or to see if traffic is reaching an address on a network.
Standard command without switches sends four packets to address and
records time of the round trip; the lower the time, the faster the connection.
Syntax: ping <switches> <destination address>. Switches and other
information can be looked up by typing ping /?, although most common
usage is to simply type in the command with an address – say, ping
65.55.12.249 – and seeing what the results are. If the packets are returned with
―Reply from <address>‖ and statistics regarding the bytes, time and TTL, the
ping was successful and connectivity is proved. If the packets are returned
with ―Request timed out,‖ that could indicate a need for further testing, if the
address is known to be good.
o Tracert: Used by Windows to follow the route taken by data traveling from
the computer to a specified IP address or website. By default, tracert will
check up to 30 hops between the computer and the website or IP address. To
use tracert to check routing, follow these steps:
Start your Internet connection.
Open a command prompt.
Type tracert <IP address> or tracert <servername> and press Enter.
Tracert displays the IP addresses and URLs of each server used to
relay the information, as well as the time required.
o Nslookup: Used to determine DNS information about the DNS. If run without
switches, nslookup displays the name and IP address of the default DNS
server before displaying a DNS prompt. Enter the name of a Web site/server
to determine its IP address; enter the IP address of a Web site/server to
determine its name.
o Netstat: Used to display network activity statistics, such as programs making
connections, which is displayed by using the –b switch. Netstat can run until
manually interrupted using Ctrl-Break or for a set number of iterations, and
then output to a text file. Useful for determining possible sources of network
resource hogging.
o Net use: Used to create connections to remote computers, sever connections or
show information about all connections; in practice, most often used to map
network drives. Net use command without switches just shows connections.
To map network drives to a drive letter, use UNC paths (\\servername\share).
o Net /?: Displays complete list of commands using net. If used with |More
switch, user can scroll through them. /? is the standard switch to use to bring
up help documentation on commands and switches.
o Ipconfig: Used to display the computer’s present network configuration,
including the NIC’s MAC address, current IP address, subnet mask and
default gateway. Ipconfig has a number of switches, but the most common
usage is:
Ipconfig /all: Shows all current network information.
Ipconfig /release: Causes computer to relinquish IP address lease
Ipconfig /renew: Causes computer to renew IP address lease
o Telnet: Used to make text-based connections to a remote computer or device
and use it as if the user was physically present. To use telnet, open a command
prompt and type telnet a.computer.com, where a.computer.com is the
remote computer. Remote computers must be configured to accept telnet
access, and TCP port 23 must be open for a telnet connection to work.
o SSH: Secure Shell (SSH), designed to create a secure channel for data
transmission between computers. More secure than FTP and telnet, and is the
security protocol used for secure FTP (SFTP). SSH traffic uses port 22.
Secure connection protocols
o SSH: As noted before, SSH is more secure than FTP and telnet, and is the
basis for SFTP. While Windows supports SSH, there are no native Windows
clients for it, so third-party client software must be installed to utilize it.
Applications that use SSH version 2.0 and higher offer the best security.
o HTTPS: The secure version of HTTP encrypts Web browser/server data
before sending and decrypts it before it is processed. Like FTP and telnet,
HTTPS is an application-level protocol. In most browsers, the presence of
https:// in the URL and the padlock icon (or something similar) indicate the
Web connection is using HTTPS.
Firewall settings
o Open and closed ports: Firewalls – which check data packets sent over a
network to make a determination, based on various data in the packet and
rules programmed into the firewall, on whether to block the packets or send
them on to the intended destination – work essentially by guarding the open
ports on a system. By default, a firewall should close off all ports except the
ones that need to stay open, including common ports such as 20, 21, 22, 23,
25, 53, 80, 110 and 143.
o Program filters: In addition to port security offered by restricting all but a few
ports, firewalls can offer control port traffic by using program filters, in which
only designated programs are allowed to send and receive traffic on certain
ports; for example, blocking every program on a computer from port 80
except for Chrome, a Web browser. Program filters offer more targeted
protection, but require more overhead.
Domain 3.2: Install and configure a small office/home office (SOHO) network
Connection types: Before the rest of the office can be set up, a tech must configure
the Internet connection that will be used. There are a number of options a SOHO can
use, but the connection will fall into three broad types:
o Dial-up: It’s unlikely a tech will be setting up a new dial-up connection, and
even less likely a SOHO will be running on one, but the process of creating
one is straightforward enough. To create a dial-up connection, the tech will
need:
Client software, including the preferred browser, dial-up information
and TCP/IP configuration information
Dial-up access numbers
Modem types supported (33.6Kbps, 56Kbps, v.90, v.92)
User name and initial password
Windows Vista and 7 does support dial-up networking (DUN)
and can create DUN connections through the Network and
Sharing Center. Windows XP and 2000 can create DUN
connections through Network Connections in XP or Network
and Dial-Up Connections in Windows 2000.
Setting up a DUN connection follows these basic steps:
Install an external modem or modem adapter card and the
necessary drivers, making sure Windows recognizes the
modem.
Connect the modem to a live phone jack with good-quality
phone cable, directly or only through a surge protector if
possible.
Open the Network and Sharing Center on Windows Vista and 7
machines, and click Set Up a Connection or Network. In XP,
open Network Connections and click Create a New
Connection.
Choose Set Up a Dial-Up Connection and click Next.
Enter the information provided by the ISP, including the phone
number and login information. Click Connect, or OK.
Test the connection to make sure it was done correctly.
o Broadband: Broadband has become the new standard in Internet service,
covering a range of technologies delivering data throughput of 300 kbps and
more. There are several varieties of broadband delivery available, including:
DSL: Digital subscriber line (DSL) uses the telephone line to deliver
Internet service. A DSL modem, which sends and receives signals at
different frequencies than the voice band, connects the computer to
DSL service, and typically connect through the computer’s Ethernet
port or a USB connection. Setting up a DSL connection can be simpler
than setting up a DUN connection, because much of the configuration
work is usually automated through vendor-provided software. To set
up a DSL connection:
The vendor will send the DSL modem and software around the
same time the phone lines have been activated for DSL. Once
the modem arrives and the lines are live, follow the setup
instructions for the modem, as procedures vary widely. Some
require the software to be installed first.
Put microfilters – which usually come with the modem – on
every phone and device in the house that uses a phone line,
such as fax machines or digital video recorders (DVRs). This
prevents interference from other devices from degrading the
network connection.
Connect the DSL modem to a wall jack; do not use a
microfilter on the modem line. Power up the modem and
connect it to the computer.
Open the Network and Sharing Center on Windows Vista and 7
machines, and click Set Up a Connection or Network. In XP,
open Network Connections and click Create a New
Connection.
Choose Connect to the Internet and click Next.
Choose Set Up My Connection Manually and click Next.
Select Connect Using a Broadband Connection That is Always
On and click Next. Click Finish after the wizard completes.
Test the connection to make sure it was done correctly.
Cable: Cable Internet service is delivered through the same coaxial
cable that provides a cable TV signal. Nearly all current cable Internet
service is a high-speed duplex signal that shares the fiber-optic
network used for digital cable and music services. Cable Internet can
reach download speeds anywhere from 1Mbps up to 10Mbps or faster;
upload speeds generally are restricted at 128 kbps, but some plans
offer higher upload speeds. When cable TV and Internet service share
the same cable, a splitter must be used to prevent the signals from
interfering with each other. Virtually all cable modems are external
devices that plug into a RJ-45 or USB port. To set up a cable modem
connection:
Connect the cable modem to the pre-selected cable jack from
the wall, and power on the modem.
Connect the computer to the modem via Ethernet port. If using
the USB connection, read the instructions carefully first, as it
may require a different order of steps.
Open the Network and Sharing Center on Windows Vista and 7
machines, and click Set Up a Connection or Network. In XP,
open Network Connections and click Create a New
Connection.
Choose Connect to the Internet and click Next.
Choose Set Up My Connection Manually and click Next.
Select Connect Using a Broadband Connection That is Always
On and click Next. Click Finish after the wizard completes.
Test the connection to make sure it was done correctly. The
cable company may have a checklist of steps to complete in
order to finish the connection, including providing them with
the modem’s MAC address.
Satellite: Satellite Internet service uses parabolic dish antennas to send
and receive signals between geosynchronous and home receiving
stations. Satellite modems connect the computer to the satellite dish
through a USB or Ethernet port, similar to DSL or cable modems. As
the Federal Communications Commission requires professional
installation for satellite Internet service, technicians will not likely
have to do much with hardware, setting up the Windows configuration
after the dish has been installed, the double coaxial cables have been
run from the dish to the modem and everything has been hooked up
correctly and tested. Depending on the service used, the satellite
technician may even set up the Windows configuration.
ISDN: ISDN (Integrated Services Digital Network) is an older
technology originally developed to provide an all-digital method for
connecting multiple devices to a single telephone line and provide a
faster connection for teleconferencing for remote users. A home/small
office-based connection can also provide an all-digital Internet
connection at speeds up to 128 kbps. ISDN has been mostly
supplanted by DSL, so it’s unlikely techs will see a new ISDN
connection being set up, but if so, the Windows side of the
configuration is identical to creating a DUN connection.
o Wireless: Wireless networking is really another form of broadband, but with
the major difference of not having to be physically connected to the router or
network access point. Before setting up a wireless network, it’s useful to
understand the various configurations and technologies that will come into
play, which include:
All 802.11 types: 802.11 is the blanket term for a set of wireless
protocols compatible with wired Ethernet, also known as wireless
LAN (WLAN) standards. Wireless Ethernet is commonly known as
Wi-Fi. These standards include:
802.11a: Runs in the 5 GHz range, with a maximum data
throughput of 54 Mbps. Needs dual-mode (802.11a/b or
802.11a/g) hardware to run on current machines; 802.11n
networks support 5 GHz frequency.
802.11b: Uses 2.4 GHz range, with maximum throughput of 11
Mbps. Interoperable with 802.11g
802.11g: Uses 2.4 GHz range, with maximum throughput of 54
Mbps. Interoperable with 802.11b, 802.11n.
802.11n: Uses 2.4 GHz range (standard), can use 5 GHz range
(optional). Maximum throughput up to 600 Mbps, but 300
Mbps is typical maximum. Interoperable with 802.11b,
802.11g, 802.11a on networks also supporting 5 GHz
frequency.
Wireless Ethernet hardware supports both the star
(infrastructure) network topology – uses a central wireless
access point to transfer data between devices, or nodes – and
peer-to-peer topology, where every device in the network
communicates directly with another device.
WEP: Wired Equivalent Privacy (WEP) was the first encryption
protocol for wireless networks, defined in 802.11b. WEP used 64- or
128-bit encryption keys, though since the user only had access to 40 of
the 64 bits, it was often referred to as 40-bit WEP encryption. WEP is
no longer considered secure for several reasons and is not
recommended for wireless networks; it’s not even supported in
802.11n.
WPA: Wi-Fi Protected Access (WPA) was developed in part to
address certain disadvantages WEP presents. WPA comes in two
levels of security: WPA, which uses TKIP encryption, and the more
robust WPA2, using AES encryption. WPA/WPA2 supports a key
length from 8 up to 63 alphanumeric characters. All clients and
wireless access points (WAP) or wireless routers on a network must
use the same encryption standard, the highest level supported by all
devices on the network. WPA2 is recommended for all devices, even
though WPA2 encryption may require upgraded drivers and firmware
for older network adapters, WAPs and wireless routers.
SSID: The Service Set Identifier (SSID) is essentially the name of the
wireless access point’s network, and all wireless networks must have
an SSID; by default, the manufacturer’s name or the device’s model
number is frequently used as the SSID out of the box.
MAC filtering: Most wireless routers and WAPs allow users to specify
the allowable MAC addresses so that only these devices may use the
network. In some cases, routers can be set to block specific MAC
addresses from accessing the network. While MAC address filtering
can block casual hackers from gaining access, it is possible to change
the MAC address of a network device, and since MAC addresses are
not encrypted – and thus detectable by network hacking software –
MAC address filtering is not a foolproof security method.
DHCP settings: Virtually all WAPs and wireless routers are
configured to act as DHCP servers, which is convenient for users
trying to set up a wireless network but a headache for users trying to
secure one. The most recommended setting for wireless routers and
WAPs is to disable DHCP and assign static IP addresses to devices. If
that isn’t feasible, the next best setting is to limit the number of IP
addresses that can be assigned and specify a narrow range of addresses
that can be assigned.
o Routers/access points: The router, or access point, is the key piece in a
wireless network, the central point from which all information flows. Setting
up a wireless access point (WAP) to connect to the Internet is only the first
step. Once done, there are several actions the tech should take to secure the
wireless network. These include:
Disable DHCP: Using DHCP makes it easier for clients to use the
network, but it also means that someone who gains unauthorized
access to the network is treated just like an authorized user in terms of
network resources. Whenever possible, it’s recommended to disable
DHCP and assign static IP addresses to devices. If that isn’t feasible,
the next best practice is to limit the number of IP addresses that can be
assigned (preferably to the number of devices known to be on the
network) and specify a narrow range of addresses that can be assigned.
Use static IP: Using a static IP system ensures that only devices that
have been specifically configured to use the network can access it. It
also makes it possible to identify what clients are using the network at
any given time, and know who has been configured to use the network.
However, using a static IP system requires more administrative
overhead.
Change SSID from default: Most manufacturers use a default SSID on
WAPs that identify the make and model of the device, which makes it
easy for would-be unauthorized users to look up certain pieces of
information to assist in attacking the network. It’s recommended to
change the default SSID to something not easily guessed or deduced to
help protect against the possibility of attacks.
Disable SSID broadcast: By default, WAPs broadcast the SSID of the
wireless network with every transmission. Changing the SSID from
the default is a good step, but it should be accompanied by disabling
the SSID broadcast in the WAP configuration utility so that anyone
looking for a connection doesn’t just see the network.
MAC filtering: Every network device has a unique Media Access
Control (MAC) address built into it, and most wireless routers and
WAPs allow users to specify the allowable MAC addresses so that
only these devices may use the network. In some cases, routers can be
set to block specific MAC addresses from accessing the network.
Change default username and password: Virtually all WAPs come
from the factory with a default username and password, usually
―admin‖ for both or a blank field for one of the choices. While this
makes it easy for novice users to get in and set up the WAP, it’s
terrible from a security standpoint, as the default configuration info is
readily available from manufacturer and other Web sites. Once the
WAP is up and the tech is in the configuration utility, the default
username and password should be changed in accordance with strong
password standards, and recorded somewhere secure.
Update firmware: Firmware for nearly every device that uses it is
occasionally updated by manufacturers. Generally, firmware is
updated for performance and security issues, so especially for WAPs,
it’s important to keep firmware as up to date as possible to keep the
network safe from intrusion. Check the manufacturer’s Web site for
firmware updates; in some cases, firmware updates can be downloaded
through an update utility.
Firewall: Firewalls check data packets sent over a network to make a
determination, based on various data in the packet and rules
programmed into the firewall, on whether to block the packets or send
them on to the intended destination. Most WAPs can be configured as
firewalls, and even if individual clients on the network have firewalls
installed on them, the WAP should be configured as a firewall as well:
closing all ports except the well-known ports and setting up exceptions
as needed.
o LAN (10/100/1000BaseT, speeds): Wired local area networks (LAN) are rated
in terms of cabling and/or speed. The cabling often defines the standard used
and the length of network segments. The most common wired LAN types
technicians will see are:
10BaseT: 10 Mbps max speed
100BaseT: 100 Mbps max speed; standard for most large organization
networks
1000BaseT: 1 Gbps (1000 Mbps) max speed; known as Gigabit
Ethernet
o Bluetooth (1.0 vs. 2.0): Bluetooth is a short-range wireless network
technology designed to operate in peer-to-peer, or ad hoc, mode between
computers and devices such as printers, smart phones, mice and keyboards.
Bluetooth uses the same 2.4 GHz frequency used by IEEE 802.11b/g/n
networks, but minimizes interference by using spread-spectrum frequency-
hopping signaling. There are three versions of the Bluetooth standard, version
3.0 being the newest; most devices technicians will see for a while will be
Bluetooth 1.0 and 2.0. Version 2.0 uses significantly less power than version
1.0 (2.5 mw vs. 100 mw maximum power usage) and is much faster (3 Mbps
vs. 1 Mbps maximum speed). Version 2.0 is also far better at device
interoperability, and is backward-compatible with version 1.0.
o Cellular: Cell phone networks can be used for Internet access and remote
networking, making mobile work and play even simpler. A cellular modem
with a data access plan purchased from a carrier is needed to allow a mobile
computer to use a cellular network for data access; these modems can be
connected to USB ports or installed into CardBus or ExpressCard slots.
Modems can be bundled with a data access plan or bought separately, but if
purchased from a vendor different than the cellular carrier, make sure it
supports the access method used by the carrier.
o Basic VoIP (consumer applications): Voice over IP (VoIP) is a popular
method for providing consumer and business telephone service. VoIP uses an
organization’s or home’s internal network and the Internet to phone calls.
Presently, companies such as Vonage, Skype, AT&T, Verizon and others
provide VoIP services. Adding VoIP service to an existing network requires
either an analog telephone adapter (ATA) or a VoIP router. An ATA enables
standard phones to work with VoIP services, and connects to the present
router in use. A VoIP router can replace an existing router, wired or not.
Typical VoIP routers support most or all of the following features:
Quality of Service (QoS) support: Streaming media, such as VoIP
phone calls and audio or video playback, takes higher priority than
other network packets.
One or more FXO ports: An FXO port allows regular phones to be
used with VoIP service.
Real-time Transport Protocol/Real-time Transport Control Protocol
(RTP/RTCP): Supports streaming media, video conferencing, and
VoIP applications.
Session Initiation Protocol (SIP) support: Signaling protocol used for
multimedia distribution and multimedia conferences.
Basics of hardware and software firewall configuration
o Port assignment/setting rules (exceptions): Firewalls can generally be
configured either on a port basis or an exception basis, meaning using specific
ports or rules based on applications and traffic. When set by port, it means that
only specific ports are opened for traffic. When set by exception, all ports are
closed except to traffic from explicitly designated programs. These programs
are designated by rules the firewall follows in parsing network traffic.
Whenever possible, it’s recommended to use exception-based rules on a
firewall.
o Port forwarding/port triggering: Port forwarding is a term describing the
process of sending traffic designated for a specific computer and port to that
device. A common example is using port 80 to send traffic to a Web server,
where the Web server is the only device allowed by the firewall to get traffic
on that port. Port triggering is when a device on a network opens another port
in response to traffic, and closes the port afterward; an example would be a
device that has port 110 closed until it receives traffic from port 25, then
opens port 110 just long enough to send traffic. Port forwarding requires a
static IP address to send traffic to, but port triggering has no such requirement.
Physical installation
o Wireless router placement: The wireless router should be placed roughly in
the middle of the functional area. If possible, placing in a high area to
maximize signal coverage can help, and if the area where the clients are
located is open, that also helps. Walls can block signal, especially if they have
a lot of metal. Keep interfering devices, such as microwave ovens or large
appliance motors, away from the router. Finally, restricting physical access to
the router is recommended, to lower the chance of malicious or accidental
damage, theft or misadventure.
o Cable length: With virtually all Ethernet cabling presently in use, a network
segment can be up to 100 meters (328 feet) long from endpoint to endpoint,
although network performance on a segment of that length would likely be
noticeably slower. Using hubs and repeaters, devices that amplify and forward
on network signal, are recommended for larger sites that have substantial
cable runs, but most SOHOs and small businesses won’t likely need such
devices.
Domain 4.0: Security
Domain 4.1: Given a scenario, prevent, troubleshoot and remove viruses and malware
Use antivirus software: Having an up-to-date antivirus (AV) program on a computer
is a necessity, one of the hard and fast rules of computer usage in the modern world.
An up-to-date copy of a major AV/antimalware program helps find and remove
viruses and Trojan horse programs. If the computer doesn’t have a licensed AV
program, but it has a working Internet connection, use a free online scanning service,
such as Trend Micro’s HouseCall or BitDefender Online Scanner to scan the system.
Windows from XP forward does include Windows Defender, a real-time, scan-based
protection tool against malware such as Trojan horses and worms, but Defender by
itself is not sufficient; having a full AV program at work and defending a system is
paramount.
Identify malware symptoms: Once a system is infected with malware, it can display a
number of symptoms, some of which can be caused by other factors. In general, a
malware infection will display one or more of the following:
o Pop-up ads when Web surfing
o Slow system performance and application loading
o Excessive disk access cycles and increasing numbers of bad sectors
o Drive access lights turn on when no activity is happening
o Unusual error messages
o Less memory or disk space available than usual
o Strange graphics or noises from computer
o Optical drive no longer recognized
o Filenames with unusual characters
o Unusually large files, or disappearing and reappearing files
o Changing file extensions
o Corrupted files appearing
o System hangs during boot
o E-mails stating an infected message has been sent
o Messages from antivirus program
o Unfamiliar processes running in Task Manager
o Changes in home page and/or toolbars in Web browser
o Difficulty in surfing the Web or visiting AV vendor Web sites
Quarantine infected systems: If a system becomes infected, it is necessary to
quarantine, or separate it from the network and other machines, immediately to avoid
spreading the infection. The simplest way to do this is immediately disconnect the
network cable, or tuning off the wireless NIC. Larger networks can use network
monitoring software to block access to network resources, restrict an infected device
to a dedicated network or simply drop it off the network. If it is necessary to have the
computer retain some network access, boot the machine into Safe Mode with
Networking, which may prevent or slow down the malware while the tech works on
cleaning the system.
Research malware types, symptoms and solutions (virus encyclopedias): Techs may
find programs that seem to be malware, but may not be. If unsure, don’t make a
guess; do research and find out. Every major AV vendor, such as Symantec/Norton,
Sophos, AVG and Trend Micro, maintains a support base and virus encyclopedia that
lists known virus/malware files, symptoms and tips on how to clean them. In addition,
there are several reputable sites online not affiliated with companies that offer useful
information. A little research can go a long way toward helping resolve infection
issues.
Remediate infected systems: Once a system has been identified as infected,
quarantined and researched, it’s time to remediate, or clean, the system.
o The first step is to run AV software on the machine, preferably from a boot
disk so the infection won’t be active and interfere with efforts to clean it.
Many vendors, including Microsoft and BitDefender, have boot disks that
include AV products that can be upgraded once the boot disk has been loaded,
if the computer can get network access temporarily. If the computer didn’t
already have AV software, the tech can try to install it now and clean the
system that way. There are many reputable products out there, from vendors
such as Panda, Kaspersky, AVG, Symantec and many others. Another
approach to getting AV software to clean the computer is to network it to
another machine, but this introduces an unnecessary element of risk by
exposing another machine. When cleaning a system, the AV software should
be updated, allowed to scan and clean the machine, then should be updated if
available and scanned again, repeating until the AV software can’t find
anything else. If possible, scanning the machine with two separate AV
products is recommended, as no single AV product will find everything.
o After running AV software, run antimalware or antispyware software;
although AV software often searched for malware and spyware, those
searched are general in nature, whereas antimalware/antispyware software is
engineered for those specific threats. Vendors such as Lavasoft, Malwarebytes
and Webroot provide well-regarded cleaning programs that routinely find
malware that even the best AV program will miss. The pattern should mimic
that of AV programs when remediating: update, scan, clean, update again,
scan again and repeat until the program can find nothing else.
o Once the software scans are over, the tech should clean up anything left by the
process: quarantined files, orphaned entries in the Registry, files that couldn’t
be cleaned or deleted by the scanners, startup entries that generate errors at
startup. All of those should be cleaned, either manually or by using products
such as CCleaner and msconfig. Any files that are deleted at this stage should
be emptied from the Recycle Bin to ensure they stay gone. If a file was
running during the scans and missed detection, the tech may need to use Task
Manager to kill its process and then delete the file; it’s a good idea to check
processes after scans for that reason.
o Those steps will take care of active infections, but the remediation isn’t over.
The tech now needs to clear out areas where the infections might be lying in
wait, which means turning off System Restore if active and purging restore
points created since the infection first appeared – more likely, all restore
points to be safe – and cleaning out the browser cache and Temporary Internet
Files folders, manually or with Disk Cleaner or third-party utilities. It also
means cleaning out the Registry, using CCleaner, RegClean or any number of
reputable utilities designed for that purpose.
o At this point, the system is most likely clean. However, some infections dig
deep, and may need advanced cleaning to eradicate. If the system is still
demonstrably infected at this point, and the system is not vital or has all its
important data backed up, it may be more cost-effective to format the drive
and rebuild it. Otherwise, the tech will need to examine processes using Task
Manager or a more in-depth tool such as Microsoft’s Process Explorer; obtain
a rootkit removal tool and scan the system; and use a boot block repair tool to
check the master boot record (MBR).
o Finally, the system is clean. Make sure it stays that way by installing AV
software, antimalware/antispyware software and, if not already present, a
firewall solution. Make sure these programs update automatically and
frequently, make sure Windows Update runs automatically and without user
intervention and educate the end users about security measures.
Update antivirus software: An outdated AV program represents a security risk, and is
next to useless, since new viruses and infections appear on a daily basis. Keeping the
AV program up to date is vital to protecting a machine.
o Signature and engine updates: With AV programs, a virus signature is a file
that describes a virus’s structure and behavior; it’s what allows the AV
program to find and quarantine or delete the virus. An engine update is a
software upgrade to the program that allows it to function more effectively.
o Automatic vs. manual: Most AV programs can update themselves
automatically, meaning they are set to connect to the manufacturer’s servers
every so often and check for updates to the signature library and/or program.
Some AV programs, however, require manual updating, meaning the user has
to initiate the update process. Whenever possible, a computer should use an
AV program that updates automatically, to avoid lag times and security gaps
caused by inconsistent user intervention.
Schedule scans: Users can schedule scans with AV programs on a recurring basis,
which is highly recommended to keep a machine secure and as important as keeping
the AV program up to date. Default settings include daily and weekly scans, as well
as custom settings that can be modified as needed. The time and type of scan – quick
scan, full scan, only certain folders and drives – can also be set by the user. A full
scan at least once a week is recommended, as well as daily quick scans.
Repair boot blocks: When an infected computer isn’t booting, it’s possible the
infection has infected or corrupted the boot sector of the hard drive, or the BIOS code
has been corrupted. If the BIOS code is corrupted, it may be possible to fix it by
restoring to default settings or reflashing the CMOS. If the boot sector is the issue,
then repairing the first sector of the hard drive – the boot block, also known as the
master boot record (MBR) – is the next step. This can be done by booting into
WinRE, accessing the command prompt and using bootrec /fixmbr to repair the
MBR and bootrec /fixboot to repair the OS boot record; in XP, boot into the
Recovery Console and use fixmbr and fixboot.
Scan and removal techniques: When scanning a system, it sometimes isn’t possible to
do the job correctly while Windows is running. In those cases, the tech can choose to
use different options:
o Safe Mode: Since Windows loads a minimal set of drivers and files in Safe
Mode, malware often won’t run in Safe Mode or will run much slower. If the
tech suspects normal Windows operations are interfering with AV scans,
attempting to run them in Safe Mode is a good start. Either Safe Mode or Safe
Mode with Networking can be used in this regard; however, some AV
programs will not run in Safe Mode.
o Boot environment: Using a boot disk or the Windows repair tools – WinRE or
Recovery Console – is another way of obtaining access to the drive without
letting the infection proceed. Using boot disk tool sets, like the Knoppix
LiveCD, Microsoft’s DaRT or an AV boot disk, can allow a tech to scan a
hard drive without fear of spreading the infection or having it be disguised,
since the boot disk is providing the interface and not running any potentially
infected files.
Educate end user: Some malware and black hat techniques, such as social
engineering, depend on the user’s personal interaction and sense of helpfulness to
work; others, like phishing, play on users’ hopes and desires. Regardless of the
method, users can be trained to recognize potential security threats and risks and deal
with them correctly. In general, users should know to:
o Keep AV, antispyware and antimalware programs updated, if manual
intervention is required
o Scan computers for various malware
o Understand major malware types and techniques
o Scan removable-media drives for viruses and malware
o Configure scanning programs for scheduled operation
o Respond to security program notifications when viruses, spyware or malware
have been detected
o Quarantine suspect files
o Report suspect files to the help desk and/or software vendor
o Removal of malware
o Disable AV when needed, such as during software installations, and re-enable
AV when necessary
o Use antiphishing features in browsers and mail programs
Domain 4.2: Implement security and troubleshoot common issues
Operating systems: Security is not just a matter of AV programs and passwords; it
also depends on the operating systems being set up correctly and using built-in tools
to protect its users and the organization.
o Local users and groups: On large networks that use a domain and/or Active
Directory structure, users are assigned accounts and privileges based on their
job responsibilities and level of access needed within the network. Assigning
users just the level of access they need and no more is not only good
organization, it’s good security. From an OS standpoint, most users are going
to fall into one of four groups:
Administrator: This role can make all sorts of changes to the computer
and/or network’s configuration, affecting security of the system and
other accounts, including some that could render the system
inoperative if done incorrectly. Administrator is the highest level of
access available, and should only be assigned to a small handful of
people, the fewer the better. A local account with Administrator access
can modify the computer and OS settings, but not the network.
Power User: Power users have slightly more rights than regular users,
capable of installing applications and performing limited
administrative tasks, such as backups. Any technician working on a
system will likely need a Power User account to do the majority of
repair work.
User: The standard account for Windows is a user account, allowing a
user to use the hardware and software on the machine and make a few
system changes, but cannot make changes that may affect the security
of the system or other users. Many applications can’t be installed with
a user account.
Guest: The guest account is a very limited one, and is disabled by
default in Windows. Guest account users would be limited to using a
few applications and Web surfing, for all practical purposes.
o Vista/Windows 7 User Account Control (UAC): UAC is a security component
in Windows Vista and 7 that keeps every user except the Administrator
account in standard user mode instead of administrator mode, even if they
belong to the administrators group. UAC was created with two goals in mind:
eliminate unnecessary requests for excessive administrative-level access and
reduce the risk of malicious software using administrator access to infect OS
files. Its implementation in Windows 7 is less intrusive than in Vista by
default, but still security-focused.
o NTFS vs. share permissions: When configuring permissions in a network
environment, it’s important to distinguish between share permissions, which
only apply to shared network folders, and NTFS permissions, which apply
both on local systems and over a network. There are a number of NTFS
permissions – including Modify, Read and List Folder Contents – but only
three share permissions: Read, Change and Full Control.
Allow vs. deny: Setting access to a resource can be configured to
allow access or deny access; however, since deny is a restrictive
permission, and restrictive permissions override lenient permissions
and pass down the line, setting a deny permission can have major
effects, preventing accounts from accessing folders and files up and
down the network hierarchy. As a result, it’s more common to simply
not select a setting for Allow when the administrator doesn’t want to
grant access to a specific resource.
Difference between moving and copying folders and files: Copying a
folder or file means that the information is duplicated and placed in
another location, leaving the original file or folder unaffected. Moving
a folder or file sends the resource to the new location and removes it
from the old location. Depending on the permissions in place, it may
not be possible to perform one operation, but be able to perform the
other.
File attributes: File attributes are designations used to show certain
conditions, such as which files have been archived or need to be
archived, which files should be invisible to users and which files are
used by the system. Additional attributes, such as when a file was
created and last modified, encryption and compression, are available in
Windows and NTFS. Basic file attributes include:
Archive: Shows if files have been backed up
Read-only: Can’t be overwritten or deleted without
modification of the attribute
System: Used by the OS; often hidden as well
Hidden: Not visible to users, and can’t be copied
o Shared files and folders: A shared file or folder is one that is made accessible
to other users on a network. Sharing is relatively straightforward to do – in
XP, for example, right-clicking a folder, selecting Sharing and Security and
clicking Share This Folder on the Network will do it – but there are other
factors to consider when setting up shares.
Administrative shares vs. local shares: Administrative shares are
hidden shares that only administrators can access, and can be
identified by a $ on the end of the share name. These shares cannot be
seen by standard users when browsing over the network. All the shared
folders including administrative shares can be found by navigating to
Computer Management > System Tools > Shared Folders > Shares.
Note that every volume has an administrative share (for example, C$ is
the administrative share for the C: drive). A local share is simply a
non-administrative share.
Permission propagation/inheritance: When a subfolder, or child folder,
takes the permissions that were assigned to the folder it’s contained in,
or the parent folder, that passing of permissions is permission
propagation. Inheritance is the state of deriving permissions from a
parent object, which can be a folder or drive; it applies to a larger set
of objects than permission propagation, which refers to folder to folder
passing.
o System files and folders: System files and folders are those used by the OS,
and are thus marked with the System attribute. They are usually marked with
the Hidden attribute as well, meaning users cannot see them in normal view.
o Encryption: Encryption is the encoding of information to make it unreadable
except by parties with the correct key to decode it, is an important part of
security practices. Two of the major technologies available in Windows for
encryption are:
EFS: The Encrypted File System (EFS) allows files and folders to be
encrypted within Windows. To run EFS, the hard drive must be
formatted with NTFS, and the OS must be a Professional, Business,
Ultimate or Enterprise version of XP, Vista or Windows 7. When
using EFS, a folder that is encrypted automatically encrypts any file
inside it or copied to it, although encryption can be specified to be only
for that folder or all of its subfolders. Encrypted files stay encrypted if
moved to another folder on the same or another NTFS drive, even if
the destination isn’t encrypted. When using EFS, it’s recommended to
encrypt at the folder level. EFS files can be opened only by the
encrypting user, an administrator or by EFS keyholders, meaning
individuals who have been provided with the EFS certificate key.
Explorer and My Computer/Computer show files encrypted with EFS
with green filenames.
BitLocker: BitLocker allows a user to encrypt an entire volume, and
any other volume, on the drive. Intended to work in conjunction with
file and folder encryption, BitLocker – which is based on the
Advanced Encryption Standard (AES) and uses a 128-bit encryption
key – is one of several drive encryption schemes available, though it’s
the only one native to Windows. To use BitLocker, a user will need:
A Trusted Platform Module (TPM), which is a motherboard
module that stores the encrypted keys, or an external USB key
to store the encrypted keys. The Group Policy will need to be
changed in order to use BitLocker without a TPM.
A hard drive with two volumes, preferably created during
Windows installation. One volume, which will be encrypted, is
for the OS, while the other is the active unencrypted volume so
the computer can boot. If the computer was configured with
only one drive, download the BitLocker Drive Preparation
Tool from Windows Update.
o User authentication: With BitLocker, user authentication can be carried out on
systems without a TPM by using a startup key stored on a USB flash drive,
which must be installed before the computer boots. This method of checking
the user’s identity against an authorized user database is not as secure as using
authentication protocols in combination with TPM, but is more so than not
using encryption methods at all.
System: Applying physical security measures to a computer in combination with
software and OS security measures is recommended to maximize the protection
against unauthorized access. Some of the measures that can be incorporated include
BIOS security technologies, including:
o Drive lock: When enabled, a drive lock, or HDD password, prompts for a
password to be entered for the hard drive when the machine boots. If the user
doesn’t enter the correct password, the drive will lock down, preventing the
OS from booting. This password is empty by default on most machines, but if
the password has been set and then forgotten, it can generally be reset within
the BIOS.
o Passwords: Virtually all machines have this feature available to prevent
unauthorized users from altering BIOS information. One caveat: If the setup
password is lost, the CMOS chip used to store BIOS settings can usually be
reset through a jumper setting on the motherboard or by removing the CMOS
battery for several minutes, which may be handy in some cases but could
represent a problem if an unauthorized user gains physical access to the
machine.
o Intrusion detection: Fortunately, another option for BIOS security is intrusion
detection, which uses a sensor connected to a set of pins on the motherboard
to detect if the case is opened. If it is, an interrupt is sent by the sensor, which
is recorded by the BIOS.
o TPM: A Trusted Platform Module (TPM) is a motherboard chip used to store
encrypted keys for various encryption methods, including BitLocker. It
provides security because, even if an unauthorized user simply removed the
hard drive from a system, the drive would not allow access without the TPM’s
encrypted keys. Note that if a system using BitLocker has a motherboard
failure, a backup copy of the keys will be needed to access any data.