Monitoring and management

1
Monitoring and management

• Unit objectives
• Identify the stages of the Windows startup
  process
• Use Windows 2000 Professional and Windows XP
  utilities to monitor the operating system
• Troubleshoot operating system problems
• Manage the operating system

2
Windows 2000/XP startup files in order of
execution

• NTLDR(NT Loader) A program that displays the
  Microsoft Windows startup menu for Windows
  2000/XP reads the boot.ini file presents the
  boot menu and loads ntoskrnl.exe, hal.dll and
  boot-start device drivers
• Boot.ini A file that contains options for
  starting different versions of Windows installed
  on the computer.
• Bootsect.dos A file that contains information
  about the boot sector of the operating systems
  that was on the hard drive before installation of
  Windows 2000/XP. NTLDR uses this file to boot to
  an operating system other than Windows 2000/XP,
  including MS-DOS.

continued
Dynamic-link library
3
2000/XP startup files, continued

• Ntdetect.com A 16-bit real mode program that
  queries the computer for basic device and
  configuration information such as
• Time and date information stored in CMOS.
• System bus types and device identifiers attached
  to buses
• Number , size and types of disk drives
• Types of mouse input devices
• Number and types of parallel ports.
• Ntbootdd.sys A copy of a storage-controller
  device driver . If either the boot or system
  drive is SCSI based, NTLDR loads this file and
  uses it instead of boot-code functions for disk
  access.
• Ntoskrnl.exe A program that contains the
  majority of operating system instructions for
  Windows 2000/XP
• Hal.dll (Hardware Abstraction Layer) An
  interface between a computers hardware and
  software. Hal.dll provides a consistent hardware
  platform on which application are run.
  Applications dont access hardware directly but
  access the Hardware Abstraction Layer (HAL) .
  This allows applications to be device-independent
  and creates a more stable operating system.
• System Registry hive A Registry hive that
  controls the drivers and services loaded during
  Windows 2000/XP startup.
• Smss.exe (System manager subsystem) A program
  resposible for handling sessions on your
  computer. This program is initiated by the system
  thread and starts the user session, including
  launching the Winlogon and Win32(Csrss.exe)
  processes and setting system variables.
• Pagefile.sys A file that contain memory data
  that Windows cant fit into physical RAM . During
  start up , the Virtual Memory Manager moves data
  in and out of the paging file to optimize the
  amount of physical memory available to the
  operating system and applications.
• Winlogon.exe The Windows logon manager, which
  is responsible for managing user logon and
  logoff. Winlogon is needed for user
  authorization.
• Lsass.exe (Local Security Authority Service) A
  program that handles local security and login
  policies it authenticates users for the Winlogon
  service. If the user credentials submitted are
  successfully authenticated, lass.exe generates
  the users access token, which is used to launch
  the user shell.

4
The Registry

• A hierarchical database
• Created during Windows installation
• Binary files hold system configuration
  information
• Security settings
• User profiles
• Installed applications
• Attached hardware
• System properties
• In Windows 2000/XP the registry is stored in
  files called hives

continued
5
The Registry, continued

• IN Windows 2000/XP registry is Stored in the
  folder \systemroot\System32\Config
• Windows 2000 Professional C\Winnt
• Windows XP C\Windows

6
Registry keys

• The registry is divided into sections called
  Keys.
• Each key Contains subkeys and values which define
  a specific Windows setting.
• Keys
• HKEY_CLASSES_ROOT Contains file association
  data that Windows uses to start the correct
  program when you open a file from within Windows
  Explorer or My Computer.
• HKEY_CURRENT_USER Holds the user data for the
  user whos currently logged on to the computer.
• HKEY_LOCAL_MACHINE Contains all non user
  specific configuration information.
• HKEY_USERS Holds user-specific configuration
  information for the user accounts on the
  computer.
• HKEY_CURRENT_CONFIG Maintains hardware profile
  data.

7
Startup process

• ROM BIOS bootstrap process
• Boot phase using NTLDR
• Load phase
• Kernel-initialization phase
• Services-load phase
• Win32 subsystem start phase
• User logon
• Last Known Good control set created

8
Windows Diagnostics

• MSINFO32-- Utility that collects and displays
  information about the configuration of a
  specified computer.
• To run MSINFO32 at command prompt or from the Run
  dialog box , enter
• msinfo32
• System Information dialog box
• Hardware Resources
• Components
• Software Environment
• Internet Settings
• Can also use Start, Programs, Accessories, System
  Tools menu
• Connect to a remote computer
• Choose View, Remote Computer
• Enter network name of the computer

9
Task Manager

• GUI displaying Information on running processes
• Press Ctrl Alt Delete or Right-click an
  empty space in the taskbar and choose Task
  Manager
• Three tabs
• Application determines the status of the
  application running on your computer. U can end,
  start or switch to a running application.
• Processes Display info about processes that are
  running on your computer. Each process display
  executable files, the name of the account running
  the application, the processs percentage of CPU
  usage, the amount of memory the process is
  using. U can end the process here too.
• Performance Display a dynamic representation of
  the most common performance indicators for your
  computer. Graphical representation of and
  page-file usage summary totals for the number
  of handles, threads and processes running and
  totals for physical, kernel and commit memory.
• Windows XP two additional tabs
• Networking
• Users

In computer science, the kernel is the central
component of most computer operating systems
(OS). Its responsibilities include managing the
system's resources (the communication between
hardware and software components).1 As a basic
componen t of an operating system, a kernel
provides the lowest-level abstraction layer for
the resources (especially memory, processors an
I/O devices) that application software must
control to perform its function. It typically
makes these facilities available to application
processes through inter-process communication
mechanisms and system calls.
10
Task Manager in Windows XP
11
Computer Management

• Use to manage a local or a remote computer
• Administrative tasks
• Monitor system events
• Create and manage shared resources
• Determine the users who are connected the
  computer you are managing
• Start and stop system services
• Set properties for storage devices
• View device configurations
• Add or change device drivers
• Manage applications and services

12
Event Viewer

• Monitor events that occur on your system
• Use to determine the cause of problems
• Categories
• Application Errors logged by individual
  applications. The types of errors an application
  logs in Event Viewer is determined by the
  applications developers and might vary
  considerably among apps and vendors.
• Security Errors related to security of your
  Windows 2000 professional, XP Professional, XP
  Home Edition computer. For security to be logged
  by the OS you must establish an audit policy.
• System Errors reported by windows system
  components . The OS determines which components
  report errors to Event Viewer log.
• Access through Administrative Tools or Computer
  Management console

13
Event information

• Type
• Date
• Time
• Source
• Category
• Event
• User
• Computer

14
Event types

• Error
• Warning
• Information
• Success Audit (Security Log only)
• Failure Audit (Security Log only)

15
Event properties
16
Error Reporting

• Report system and program errors to Microsoft
• Track and address errors with
• Operating system
• Windows component
• Programs
• Can configure error reporting to send only
  specified information

17
Error Reporting choices

• Disable error reporting
• Notify me when critical errors occur
• Enable error reporting
• Windows operating system
• Programs
• Choose Programs
• Clicking the Choose Program button

18
Startup messages

• Computer boots successfully but reports an error
  message when loading the operating system
• Messages
• Error in CONFIG.SYS line
• Himem.sys not loaded
• Missing or corrupt Himem.sys
• Device/service has failed to start

19
Boot messages

• Computer doesnt boot successfully never gets to
  the operating-system load phase
• Messages
• Invalid boot or non-system disk error
• Inaccessible boot device
• Missing NTLDR or Couldnt find NTLDR
• Bad or missing Command interpreter

20
Operating-system load errors

• Computer successfully boots, but operating system
  interface doesnt load properly
• Messages
• Failure to start GUI
• Windows Protection Errorillegal operation
• User-modified settings cause improper operation
  at startup

21
Startup modes

• Use to diagnose and fix problems
• Press F8 after you hear your computers startup
  beep
• Modes
• Safe mode
• Safe mode with networking
• Safe mode with command prompt
• Enable boot logging
• Enable VGA mode
• Last Known Good Configuration

continued
22
Startup modes, continued

• Modes, continued
• Debugging mode
• Start Windows normally

23
Dr. Watson

• Use to log errors
• user.dmp and drwtsn32.log files
• \Documents and Settings\All Users\Application
  Data\Microsoft\Dr Watson folder
• Copy into the Windows Startup folder

24
System Configuration Utility

• Msconfig
• Use to view, disable, and enable services and
  software that run at startup
• Quickly test solutions to startup problems
• Click Start, choose Run, type msconfig, and click
  OK

25
Services page
26
Startup modes

• On the General tab
• Normal Startup
• Diagnostic Startup
• Selective Startup

27
System Restore

• Creates snapshots of your computers
  configuration
• Three types of snapshots
• System checkpoints
• Manual restore points
• Installation restore points
• Use to restore your computer to a previous
  configuration

28
System Restore in Windows XP
29
Emergency Repair Disks

• Contains basic system configuration files
• Use to restore your computer to a bootable state
  if
• Registry is damaged
• NTFS partition isnt successfully booting
• systemroot\Repair folder
• Not bootable use with the Windows installation
  CD-ROM

continued
30
Emergency Repair Disks, continued

• Use to
• Inspect and repair the boot sector
• Inspect and repair the startup environment
• Verify Windows 2000/XP system files and replace
  missing or damaged files
• Update ERD whenever you make configuration
  changes to computer
• Not a substitute for a full Registry backup
• ASR in Windows XP

31
Windows 2000 ERD

• Autoexec.nt
• Config.nt
• Setup.log
• No Registry information

32
Automated System Recovery

• Creates a backup of your system partition and a
  floppy disk containing critical system settings
• Recover from a system failure caused by problems
  with the system/boot volume
• Not available in Home Edition or Media Center

33
ASR tasks

• Restores the disk configurations
• Formats your system and boot volumes
• Installs a bare-bones version of Windows
• Runs Backup to rebuild your system and boot
  volumes from your ASR backup set

34
Recovery Console

• Use to recover when your computer doesnt start
  properly or at all
• Access FAT, FAT32, and NTFS volumes from a
  command line
• Use to
• Repair the boot sector
• Replace missing or corrupt operating system files
• Create and format partitions
• Enable or disable services or devices

35
Folder access in Recovery Console

• The root folder
• The systemroot folder and the subfolders of the
  Windows XP Professional or Windows 2000
  Professional installation you selected when
  loading the Recovery Console
• The Cmdcons folder
• Removable media drives, such as CD-ROM and DVD
  drives

36
Microsoft Knowledge Base

• Troubleshooting reference
• Contains problem and solution references for
• Windows 2000 Professional
• Windows XP Professional
• Windows XP Home Edition
• Many other Microsoft applications
• Explains many Microsoft error messages
• support.microsoft.com

37
Temporary files

• Used to keep track of changes in your files as
  you work on them
• Should be deleted automatically
• Not removed if
• Application shuts down unexpectedly
• Application isnt programmed correctly to remove
  its temporary files
• File names
• Begin with tilde ()
• End with .tmp

38
Registry editors

• regedit.exe or regedt32.exe
• regedit.exe superior search capabilities
• regedt32.exe more powerful editing tool
• Click Start, choose Run, type regedit or
  regedt32 and click OK

39
The regedt32 window
40
Services and Applications

• A Computer Management utility
• Use to manage the services and applications
  running on
• Local computer
• Remote computer
• Three tools
• Services
• WMI Control
• Indexing Services

41
Services

• Configure settings relating to how services
  function and respond to potential problems
• Four configuration tabs
• General
• Log On
• Recovery
• Dependencies

42
Environment variables

• Tell applications where to find and put files on
  your hard drive
• User variables
• System variables
• Temp/tmp variables most common
• Access through Advanced tab of My Computer
  properties
• Changes to variables written to Registry
• System variables changes must be made by
  Administrator

43
Setting environment variables
44
Set command

• Configure environment variables at the command
  prompt
• set variablestring
• variable is the name of the environment variable
• string is the value you want to assign to the
  variable
• Set command alone to view variables

45
Unit summary

• Identified the stages of the Windows startup
  process
• Used Windows 2000 Professional and Windows XP
  utilities to monitor the operating system
• Resolved operating system problems
• Managed the operating system