You need to have the right tools if you’re planning to fix an operating system. In this video, you’ll learn about automated system recovery, system repair disks, pre-installation environments, msconfig, sfc, the Windows registry, and much more.
<< Previous Video: Troubleshooting Operating SystemsNext: Troubleshooting Common Security Issues >>
If you’re troubleshooting the Windows XP operating system and you just aren’t having any success in recovering the OS and you’ve tried the last known good configuration, you’ve tried Safe Mode, you tried everything you could think of, you might want to go to the last resort available, which is something called automated system recovery. Automated system recovery is a floppy disk that you would build in the Windows backup. If you go to Accessories, System Tools, and Backup, you can choose that option to create an automated system recovery floppy disk.
Now, this floppy disk is not bootable. You still need your Windows installation media. You need a system backup. And you need this ASR, automated system recovery disk.
What is going to happen is that this process will completely delete everything on your disk. It will rebuild all of your partitions and volumes. And it will then prompt you to restore the data from a previous backup. So this naturally assumes that you’re going to have one of those backups available.
If you don’t have a backup, there will be no way to restore this. This is something that is going to be very destructive. You will lose all of the data on your system when you perform an automated system recovery.
Once you decide that you’re going to use this automated system recovery process, you would boot with your Windows installation media and choose the repair options available. And it will prompt you for your ASR floppy. And you’ll put that floppy disk in and it will delete everything on your disk and rebuild all of those partitions.
You want to be sure that you have a backup because once this is done, the ASR process will then prompt you to begin the recovery from those backup disks. So you want to be sure that you have that backup available. The ASR process itself is not backing up any of your data.
Even though you’re going into the Windows backup program and you’re choosing to create that ASR disk, there is nothing but a single floppy that describes how your system is configured. It doesn’t have any of your data on it. So always think about having this ASR process in your back pocket. But it’s probably going to be something that you’re going to wait until the very last opportunity to ever take advantage of it.
In Windows Vista and Windows 7, we have some other options available to help us troubleshoot operating system problems. One of these is the System Recovery Options. You can get to the System Recovery Options by booting the computer with your Windows installation media for Windows Vista and Windows 7. One of the challenges you have of course is that a lot of the computers that you buy these days don’t have installation media. They don’t include the DVDs anywhere in the box. And they don’t really give you a way to create your own DVDs.
Fortunately, Windows does give you a way to create the System Recovery Options bootable disk. If you go into your Backup and Restore options in Windows Vista or Windows 7, one of the options available is to create a system repair disk. This creates a bootable disk into what’s called a preinstallation environment. And it starts this process to load the System Recovery Options.
This doesn’t change any of your data. It doesn’t delete anything. It gives you the option to choose what you would like to do at this point. And then you could choose the Startup/Repair, a System Restore, an Image Recovery, a Memory Diagnostic, or go right down to the command prompt. So this gives you some options. If the operating system is not working properly on your storage device, you could always slide in your repair disk, launch the System Recovery Options and try to troubleshoot directly from here.
If you’ve used these recovery options before, you may notice that the user interface looks and feels a lot like Windows. It’s not a full-blown version of Windows. It’s a minimal version of Windows called Windows PE.
The PE stands for Preinstallation Environment. If you’ve ever gone through those recovery options, you have used that PE. The Windows PE is also used during the setup process for Windows Vista and Windows 7, where the Windows environment is there, but you don’t have a normal desktop available.
You could build your own Windows PE for Windows Vista and Windows 7. You can use the Windows Automated Installation Kit. There’s also one for Windows 8, which is the Windows 8 Assessment and Deployment Kit.
There’s also a number of third-party Windows PE tools that you can download. BartPE is probably one of the most popular ones. You can download it, burn it to a DVD ROM, and use that with a lot of pre-installed tools available that might help you during the troubleshooting process.
If you’ve ever had a malware infection on your system or you’ve had some corruption to your hard drive, one of the recommendations you often see is to run the SFC before you begin using your system again. SFC is a command called System File Checker. And it performs an integrity scan of all of your system files. That way it can check to see if the Windows operating system files are really the correct ones. If some type of malware was to replace or damage one of those files, SFC will notice the file is different and give you options for recovering and putting the correct file in its place.
If your operating system is starting, but it’s still running into problems, you can’t quite get a desktop loaded or certain applications aren’t working properly once your computer starts up, you might want to perform some diagnoses and start breaking down where the problem might be. And the msconfig, the Microsoft System Configuration utility, provides you with a lot of options for doing that.
You can control exactly what happens during the boot process. You can enable or disable certain applications from loading. You can also change the way that your services operate. If you don’t want certain services loading during that operating system start, you can modify and change those directly from this view.
There’s also a one-click View where you could choose which tool you would like to use next. This is a frontend that allows you to really start customizing how the system boots up. And if you’re trying to troubleshoot those nagging start up problems, this may be exactly the tool you’re looking for.
If you’re having performance problems when you’re accessing files that are on your hard drive, you may want to consider performing a defragmentation of those files. As files are written to your hard drive, they can be split into smaller pieces and stored in very different spots on that drive. This becomes a challenge now when you need to read that file because you have to go back to every single place where that file might have been stored so that you can put it all back together and be able to use it in your application.
The defragmentation process will take all of those small pieces that are scattered about and put them all together into a contiguous view. That way reading the file is going to be much more efficient because the file is all contained in one place. To start this defragmentation, you can look at the properties of your drive and go to the Tools folder and choose Defragmentation or you can go to the command line and simply type the defrag command.
You can also choose to put this defragmentation process on a schedule, so you can wait until 2:00 or 3:00 in the morning, run the defragmentation. And when you get up, the defragmentation has already been completed.
You can use something like the Task Scheduler, which you’ll find in the Control Panel under Administrative Tools. Find the Task Scheduler and you can configure exactly when you’d like the defragmentation to run.
The Windows operating system relies heavily on this massive hierarchical database called the registry. A lot of information about your applications, your system configuration, the services, the drivers that you’re running, practically every little piece of your operating system is stored in this big database. And there’s some very, very critical information. If part of that database becomes incorrect or corrupted, your system may have problems running an application, booting your system, using certain pieces of hardware.
So your registry obviously becomes a very important place to go when you’re troubleshooting your system. And to be able to see what’s inside of the registry, you’d use a program called regedit, R-E-G-E-D-I-T, the registry editor. The registry allows you full and complete access to edit the information that’s inside of the registry.
You can also add keys. You can delete keys from your registry. And of course, you can back up the information in your registry and import it if you’d like to. It’s very common when you’re making a change inside of the registry that you export out the section you’re working on. That way if your change causes a problem, you can simply import the old configuration right back into the registry.
Another important utility that affects what’s in the registry is the Microsoft Register Server. This is regsvr32. This is an application that allows you to register and unregister DLLs from the operating system. And if you’re troubleshooting an application problem, it might have something relating to some of the libraries, the dynamic link libraries, that are used in Windows. This effectively does a registry update that tells the Windows operating system where this DLL is and what version it is and other information that the application needs to be able to use that dynamic link library.
In the Windows operating system, there are a lot of different things happening all simultaneously. They can be difficult to discern exactly what’s going on with the operating system just by watching things on your screen. That’s why we have the Event Viewer. The Event Viewer is a place where we can see everything that might be happening on your system. And its’ separated out into different areas. For instance, you can see Application and Security and Setup and System, along with other events that you can then filter out from there.
If you’re trying to troubleshoot what might be happening on startup, maybe there’s a blue screen of death that’s giving a problem, maybe you’ve having a driver that isn’t loading properly, you may be able to find information inside of the Event Viewer. You can also parse out this information based on how critical the problem is. So you could see information errors, warning, error, critical, successful audits, failure audits. And you can filter out and view exactly the way you’d like to.
The Event Viewer is also keeping all of this information stored over a very long period of time. So if somebody has been complaining about a problem that occurred two weeks ago, you can rewind the Event Viewer, look back in time, and see in the log what occurred when that user was having that problem.
A number of operating system troubleshooting tools are available before you even start the operating system. If you press F8 while your operating system is loading, you’ll get the advanced boot options menu. And you can see a lot of different options are available here.
If you wanted to run things in Safe Mode, you wanted to run the Windows Recovery Console, if you wanted to go back to last known good configuration, you can do all of this before your Windows operating system even starts. This is also the place you’d go to store things like Safe Mode. Once you hit F8 and choose those advanced boot options, you can start in Safe Mode, which is only going to give you just the necessary drivers to get Windows running.
Sometimes you’d like a few extra drivers loaded. Maybe you’d like to also enable the networking drivers as well, along with what would normally occur during the Safe Mode boot. Or maybe you start Windows in Safe Mode, but you don’t boot the desktop. You go straight to a command prompt, instead of going to the graphical display.
There’s also a mode called Low Resolution Mode or VGA mode. This is going to start your Windows, but it’s not going to use the standard video driver that’s usually loading with your system. That way if you’ve made a mistake with your video configuration, you can start your Windows into this Low Resolution Mode, modify the video settings, and then reboot into the proper resolution.
One of the more powerful operating system troubleshooting tools you have available is the command prompt. And you can get to the command prompt without even starting your operating system. In Windows XP, you can start from the Windows installation media. In Windows Vista and Windows 7, you go to System Recovery Options and Command Prompt. You would do with your Windows installation media or your recovery disk to be able to do that.
I have an entire video on how to use that command prompt. Look for using the Windows Recovery Console and Command Prompt. This is a very, very powerful feature. You only want to go into the command prompt and begin modifying the operating system if you know exactly what you’re doing. You don’t want to go into that command prompt, change some files, delete some files, and then realize that you can’t recover from that problem.
This is something that gives you complete control though. You can move files around. You can replace operating system files because the operating system hasn’t booted yet. You can turn on services. You can disable services.
If you need to build another Master Boot Record on your drive or the boot sector that’s in a partition, you can also do that from this command prompt. And you can also change the drive configuration itself. If you wanted to repartition and reformat entire drives, you can do all of that from this command prompt.
So as you can see you have a lot of options available for troubleshooting your operating system. Hopefully, some of these tools will help you when you run into a problem and get your operating system back up and running quickly.