A Look under the Hood Chapter 8 The registry is a database that includes settings for: Device drivers Services Installed applications Operating system components, User preferences Avoid directly editing the registry, because you can cause severe damage. The Control Panel applets provide a safe way to edit the registry.
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2 Understanding the Registry Automatic registry changes occur when: Created during Windows Setup and modified Windows starts up or shuts down Changes are made with a Control Panel applet A new device is installed Changes to Windows configuration Changes are made to user desktop preferences An application is installed or modified Changes are made to preferences in any application
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 3 Understanding the Registry Viewing the Registry Structure View as a hierarchical structure Use REGEDIT.EXE or REGEDT32.EXE Navigation similar to disk folders root keys — five folders at the top subtrees — root keys and their contents subkey — key that exists within another key value entries — settings within a key
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 4 Understanding the Registry Most of the registry is saved in several Registry files, called hives: SYSTEM, SOFTWARE, SECURITY, SAM, DEFAULT, and NTUSER.DAT. SYSTEM Information used at startup, including device drivers to be loaded, the order of their loading and configuration settings, the starting and configuring of services, and other settings SOFTWARE Configuration settings for software installed on the local computer SECURITY Local security policy settings for the computer
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 5 Understanding the Registry Registry Files (continued) SAM Local security accounts database DEFAULT User desktop settings used when no user is logged on NTUSER.DAT User profile for a single user The first time a user logs on the NTUSER.DAT file from the DEFAULT USER folder is used File is saved in the top-level personal folder
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 6 Understanding the Registry Data Types in Value Entries Format of the data within a key Page 383 The Short List REG_BINARY (raw binary shown in Hex) REG_DWORD (double word 4 bytes) REG_EXPAND_SZ (single string) REG_MULTI-SZ (multiple strings REG_SZ (sequence of characters, human readable)
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 7 Understanding the Registry Permanent Portions of the Registry: Registry Hives HKEY_LOCAL_MACHINE\SYSTEM HKEY_LOCAL_MACHINE\SOFTWARE HKEY_LOCAL_MACHINE\SECURITY HKEY_LOCAL_MACHINE\SAM HKEY_USERS\.DEFAULT HKEY_CURRENT_USER and HKEY_USER Page 383
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 8 Understanding the Registry Temporary Portion of the Registry HKEY_LOCAL_MACHINE\Hardware contains the temporary portion of the registry, the information gathered during hardware detection during each Windows startup. It is not saved to a file
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 9 Working with Device Drivers Working with Signed vs. Unsigned Device Drivers Code signing of device drivers (driver signing) Windows uses file signature verification Administrator can control how Windows reacts to unsigned drivers Driver Signing Options Ignore Warn Block
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 10 Working with Device Drivers Disconnecting a Plug-and-Play Device Can disconnect USB and IEE 1394 external plug-and-play devices while powered up First warn Windows using the Safely Remove Hardware icon in the System Tray Safely Remove Hardware dialog box Stop a Hardware Device dialog box
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 11 Working with Device Drivers Using Device Manager to Manage Device Drivers View and change device properties Update device drivers Configure device settings Uninstall devices Available since Windows 95 (except NT) Roll back a driver update in Windows XP System | Hardware | Device Manager button
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 12 Device Drivers Working with Device Drivers Code signing is designed to avoid problems caused by badly written code. It involves a digital signature, provided by Microsoft as a seal of approval of program code. Windows uses a process called file signature verification to check for code signing, and an administrator can configure what action Windows takes when it detects code that does not contain a digital signature. Configure with the Driver Signing button located on the Hardware page of the System applet. Step-by-Step 8.01 Getting to Know Device Manager Page 389
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 13 Working with Device Drivers Hardware Profiles Include registry keys that contain: Settings defining the devices that must be started during Windows startup The list of files associated with each device Configuration settings for each device Profile 1 is created during Windows installation Defines all the existing hardware at the time of installation Every device is enabled
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 14 Working with Device Drivers Hardware Profiles (continued) On a desktop computer, you will probably always have a single hardware profile View, create, copy, rename, and modify hardware profiles by clicking the Hardware Profiles button on the Hardware page in System Properties If two or more hardware profiles, Windows startup pauses and displays the Hardware Profile /Configuration Recovery menu Useful on a laptop with a docking station Step-by-Step 8.02 Experiment with Visual Effects Page 395
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 15 Managing Performance in Windows Windows Performance Settings (continued) Processor Scheduling Programs Background Services Memory Usage Programs System Cache Virtual Memory Custom size System managed size No paging file
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 16 Managing Performance in Windows Performance Monitoring Frequently done on network servers Not usually done on Windows desktop computers Few performance monitoring tools in desktop Oss System Monitor Gathers and displays performance data Monitors counters belonging to objects Displays results in report, graph, or histogram Performance Logs and Alerts Create alerts Create counter logs Create trace logs
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 17 Windows File Systems Windows NTFS File System Available since Windows NT, excluding Windows 9x Logical structure: Master File Table Includes a transaction processing system Allocates disk space more efficiently than FAT NTFS5 theoretically supports a volume size of 256TB Actual hardware limit is 2TB Offers file and folder security through permissions Pre-Windows 2000 NTFS is now called NTFS4 Since NTFS4 is supports file compressions NTFS5 supports file encryption and indexing
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 18 Windows File Systems File Systems for CDs and DVDs CD-ROM File System (CDFS) for CD-ROMS Writeable CDs (CD-R) Rewriteable CDs (CD-RW) Universal disk format (UDF) DVD ROMs DVD-R DVD-RW DVD-RAM driver (new in Windows XP) Supports 4.7GB DVD-RAM disk standard
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 19 The Windows Startup Process Windows Boot and System Files Boot files — reside in the root of drive C: System files — reside in the folder in which Windows is installed (default location is C:\Windows or C:\WINNT) System partition — contains the boot files Boot partition — contains the system files In most cases they are both drive C: Sometimes C: is system and D: or E: is boot
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 20 The Windows Startup Process Windows Boot Files Located in C:\ BOOT.INI BOOTSECT.DOS(not always present) NTBOOTDD.SYS(not always present) NTDETECT.COM NTLDR Windows System Files CSRSS.EXEsystemroot\SYSTEM32\ Device drivers systemroot\SYSTEM32\DRIVERS HAL.DLL systemroot\SYSTEM32\
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 21 The Windows Startup Process Windows registry files loaded during system startup DEFAULT The default user profile until user logon SAM The security accounts data base SECURITY The security hive of the registry SOFTWARE The software hive of the registry SYSTEM The system hive of the registry
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 22 The Windows Startup Process Phases of the Startup Process Phase I: Power-on Self-Test CPU loads BIOS programs beginning with POST POST: Tests system hardware Determines the amount of memory present Verifies devices required for OS startup are working Loads configuration settings from CMOS memory Briefly displays information on the screen
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 23 The Windows Startup Process Phases of the Startup Process (continued) Phase II: Initial Startup CMOS settings used to locate drive with boot files Loads MBR from first physical sector of the hard disk MBR code loads the boot sector from the primary active partition of the first hard disk Boot code from the boot sector loads NTLDR
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 24 The Windows Startup Process Phases of the Startup Process (continued) Phase III: Boot Loader Phase NTLDR (the boot loader) takes control Switches the processor to protected mode Starts the files system code Reads the BOOT.INI file In some cases, displays the OS Selection menu If a Windows NT family OS is selected, NTLDR remains in control and moves to the next phase
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 25 The Windows Startup Process Phases of the Startup Process (continued) Phase IV: Detect and Configure Hardware NTLDR starts NTDETECT.COM NTDETECT.COM scans the hardware and gives the list to NTLDR for later inclusion in the registry
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 26 The Windows Startup Process Phases of the Startup Process (continued) Phase V: Kernel Loading NTLDR looks in BOOT.INI for location of NTOSKRNL NTLDR starts NTOSKRNL.EXE (the kernel) NTLDR passes on the hardware information NTLDR loads HAL.DLL NTLDR loads SYSTEM NTLDR loads drivers required at startup Kernel scans the registry for other components
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 27 The Windows Startup Process Phases of the Startup Process (continued) Phase V: Kernel Loading (continued) Kernel loads and initializes the components Kernel starts SMSS.EXE SMSS.EXE loads the kernel-mode Windows subsystem Windows switches from text mode to graphics mode Session manager starts user-mode Windows subsystem Session manager creates pagefile.sys Session manager starts the Windows logon service
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 28 The Windows Startup Process Phases of the Startup Process (continued) Phase VI: Logon WINLOGON supports logging on and logging off WINLOGON starts SERVICES.EXE WINLOGON starts LSASS.EXE The Begin Logon prompt appears WINLOGON responds to Ctrl-Alt-Delete by displaying the Logon to Windows dialog box
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 29 The Windows Startup Process Phases of the Startup Process (continued) Phase VI: Logon (continued) User enters a user name and password Logon scripts are run Startup programs for various applications are run Non-critical services are started Programs and services are started from several locations Various registry settings Startup folders created in the profiles for All Users and for currently logged on user
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 30 The Windows Startup Process Modifying System Startup with the BOOT.INI File Contains the locations of systemroot Contains location for system files of an alternate OS Text file that can be edited directly or indirectly
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 31 The Windows Startup Process Modifying System Startup with the BOOT.INI File (continued) Lines beginning with "Multi" provide location of systemroot. [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft XP" /fastdetect
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 32 Troubleshooting Windows Problems Proactive Tasks Keeping Windows Updated Windows XP Service Pack 2 Configuring Automatic Update Working with Windows Update Using Runas Command-line program for running a single command using a user account other than the one currently logged on. Use when logged on as an ordinary user, and needing to run a single command requiring administrative rights Step-by-Step 8.03 Create and Test a Runas Shortcut Page 409
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 33 Troubleshooting Windows Problems Create Startup Disks for Windows NT/2000/XP Only contain the boot files Cannot start up Windows completely unless the system files are located on the hard disk Use when boot files are damaged on the hard drive Start with this disk to bypass the hard disk boot files Format floppy disk in Windows Copy to the floppy: NTLDR, NTDETECT.COM, BOOT.INI, and NTBOOTDD.SYS (if present) Step-by-Step 8.04 Creating and Testing a Windows Startup Disk Page 411
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 34 Troubleshooting Windows Problems Back up Data Files and the Registry Before making changes, back up data files and registry Back up a portion of the registry using Regedit Back up entire registry using a backup program Third-party backup programs More options; and a greater variety of media Windows Backup (NTBACKUP) NT version only backs up to tape Windows 2000/XP versions back up to any hard disk or network location (providing permissions allows) Step-by-Step 8.05 Configuring an Alert Page 414
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 35 Troubleshooting Windows Problems Troubleshooting with Event Viewer Event Logs System Events OS Components Drivers, services, etc. Application events Office suites, etc. Windows components that run in the GUI Events recorded by Dr. Watson applet Security events Only logged if auditing turned on and events selected
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 36 Troubleshooting Windows Problems Troubleshooting with Event Viewer (continued) Configuring and Saving Event Logs Properties for each log file allow setting of maximum size and action to take when the log file is full Actions: clear each log file, save log file to view later, open a previously saved log file, and create multiple views Use context menu of log file to access actions
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 37 Troubleshooting Windows Problems Solving Problems by Modifying the Registry Modified automatically when … Windows Setup is run A new device is installed A device is configured Changes are made though Control Panel applets A change is made in the OS or an application Direct Registry modification is part of some problem solutions, only do this when there is no other choice Step-by-Step 8.06 Modifying the Registry Page 420
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 38 Troubleshooting Windows Problems Last Known Good Configuration Recovery Startup option in Windows NT family of OSs Selects the last configuration changes set before the last successful user logon How to: Windows 2000 and Windows XP Press F8 after the POST and before Windows “splash” screen appears Select Last Known Good Configuration Step-by-Step 8.07 Using Safe Mode Page 424
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 39 Troubleshooting Windows Problems Troubleshooting Device Problems Device manager shows a yellow exclamation mark next to a device with a problem Problem may be hardware, driver, or the ability of the OS to automatically configure it Double-click device icon to open Properties Use Troubleshoot button to find problem resolution Step-by-Step 8.08 Working with Device Manager Page 427
McGraw-Hill/Irwin© 2006 The McGraw-Hill Companies, Inc. All rights reserved. 40 Troubleshooting Windows Problems Recovery Options Advanced options beyond Safe Mode Emergency Repair Process Recovery Console System Restore Automated System Recovery (ASR)