iSelfSchooling.com  Since 1999     References  |  Search more  | Oracle Syntax  | Free Online Oracle Training

    Home      .Services     Login       Start Learning     Certification      .                 .Share your BELIEF(s)...

 

. Online Accounting        .Copyright & User Agreement   |
    .Vision      .Biography     .Acknowledgement

.Contact Us      .Comments/Suggestions       Email2aFriend    |

 

Windows NT Startup and Recovery 

Introduction to startup and recovery 

Key Topics 

Windows NT Startup Process Step1 

Windows NT Startup Process Step 2 

Windows NT Startup Process Step 3 

Loading VGA Mode 

Startup Process Kernel Loaded 

Startup Process Windows NT Initialization 

Startup Process User Login 

Windows NT Initial Boot Files 

Windows NT Initial Boot Files 

Important Files 

Windows NT Memory Dump 

Drwatson 

Windows NT Diagnostic Tool 

Introduction to the Event Viewer 

Enabling the Security Log 

Event Viewer Logs 

Event Viewer Events 

Event Viewer Logs Files 

Security Log Events 

Creating The Setup Boot Disks 

Introduction to the Emergency Repair Disk (ERD) 

What Is The Best ERD 

When To Create An ERD 

Generating The ERD 

Updating the ERD 

Creating an ERD 

CONFIG.NT And AUTOEXEC.NT Files 

Using The ERD To Recover Windows NT 

Questions 

Windows NT  Startup and Recovery

Introduction to startup  and recovery

  • Windows NT  has provided administrators with a number of monitoring and recovery  tools including Last known good, Dr Watson , Event Viewer and the ERD .

  • The startup  process of Windows NT  provides you with the ability of loading Windows NT normally, loading Windows NT in VGA  mode, loading the previous OS, and finally recovering our system.

 

Key Topics

  • Windows NT  Startup Process Steps

  • Kernel  Loaded

  • Windows NT  Initialization

  • User Login

  • Windows NT  Boot Files

  • Important Files

  • Last Known Good

 

  • Windows NT  Memory Dump

  • Dr Watson

  • Windows NT  Diagnostic Tool

  • Event Viewer

  • Creating The Startup Disks

  • The Emergency Repair Disk

 

Windows NT  Startup Process Step1

  • After the system Power  On Self Test (POST ) the Master Boot Record (MBR ) is loaded which means the boot files  are loaded.

  • The Windows NT  loader NTLDR  is loaded obtaining information  on system hardware and required drivers

Windows NT  Startup Process Step 2

  • The NTLDR  loads the BOOT.INI  file, which allows you to select the operating system  to load in a multi boot system and also contain the location of window NT operating system.

Windows NT  Startup Process Step 3

  • NTDETECT .COM  is loaded if Windows NT  is selected which performs hardware scan and sets up certain hardware in windows NT.

  • BOOTSECT .DOS  is loaded which begins the second operating system  if Windows NT  is not selected.

 

Loading VGA  Mode

  • The BOOT.INI  file also provides the menu to boot windows NT in VGA  mode which allows us to resolve incorrect SVGA  drivers  inside the windows environment.

Startup Process Kernel  Loaded

  • Since windows NT is selected the NTLDR  now loads the NTOSKRNL.EXE  from the c:\WINNT\System32 directory  and passes control to the kernel .

  • The Hardware  Abstract Layer (HAL ) component of the registry  is now also examined and loaded for the required hardware.

  • HAL  is the core hardware within a system which includes the processor, chipset , system board  ECT.

Startup Process Windows NT  Initialization

  • Now the Windows NT  kernel will start to load the GUI environment  completing the boot process.

  • This phase of the startup  process also load

  • Loads the registry  

  • Loads the system services  and processes

  • Activates all the hardware devices  defined by loading the required drivers

  • Finally bring up windows explorer.

Startup Process User Login

  • To complete the startup  process the user must login to the system successfully. This initiates the creation of the backup of the registry  for the last known good configuration  option of Windows NT .

  • The last known good configuration  is required for system recovery  incase something catastrophic happens to the operating system .

Windows NT  Initial Boot Files

  • Windows NT  has a total of five files  located on the root directory  designed to initiate the boot process.

  • These files  include NTLDR , BOOT.INI , NTDETECT .COM , NTBOOTDD .SYS , and BOOTSECT .DOS .

Windows NT  Initial Boot Files

  • The NTBOOTDD .SYS  file is required in Windows NT  systems, which contain SCSI  hard drive  drivers . This file provides a route for the NTLDR  to access the rest of the operating system  files  stored on the SCSI drives.

  •  is only required in dual boot  systems when booting in DOS.

 

Important Files

 

 

 

 

  • Windows NT  stores a backup copy of the registry , which contains the working hardware configuration  on every normal system startup  called the last known good configuration .

  • If the system completes the startup  process and the user logs into the environment then the previous backup registry  will be automatically overwritten.

  • The key within the registry  which contains the last known good configuration  is HKEY_LOCAL_MACHINE\HARDWARE

Windows NT  Memory Dump

  • When a Windows NT  stop occurs during startup  a you can see the famous blue screen of death, a memory  dump file can be generated if the create crash dump file option was checked previously.

  • The generated dump file is called MEMORY.DMP  that contains coded binary  errors  to be investigated by the system debugger and is stored in the windows folder.

  • Programmers and specialized personal can use any of the two utilities Dumpchk.exe  or Dumpexam.exe  to examine the memory  dump file MEMORY.DMP  in a diagnostic  investigation.

Drwatson

  • The DR Watson utility is a tool that a window automatically activates on application errors . DR Watson generates a dump file with coded errors for farther investigation.

  • The log file generated is called Drwtsn32.log and is stored inside the Document and settings\All users\Documents\Drwatson folder.

  • The properties of Drwatson can be changed from the registry  key Hkey_Local_machine\Software\Microsoft\Drwatson.

Windows NT  Diagnostic Tool

  • The Windows NT  diagnostic  tool WinMSD  allows the user to inspect the different components of Windows NT and is equivalent to the system information  on windows 98.

  • The WinMSD  program can view system information  on the computer including system version, display, drives, memory , services , resources , environment, and network .

  • The WinMSD  program can be accessed from the administrative tools .

Introduction to the Event Viewer

  • The event viewer  logs information  and allows the user to view previously logged information regarding the system itself; the applications  currently installed within it and security factors within the environment.

Enabling the Security  Log

  • The security log needs to be enables and later viewed only by the system administrator  auditing access success or failure to folder and files  by the different system users.

Event Viewer Logs

  • System log : Records general and coded information  about the system components load success and failure during Windows NT  boot up  and routine activity.

  • Application Log : Records general and coded information  about the application components load success and failure during application startup .

  • Security  Log: Needs to be activated to monitor login activity and auditing particular user activity on files  and folders .

Event Viewer Events

  • Event viewer generally produces 3 types of responses Information , Warning , and error

  • Information : The successful achievement of an operation e.g. loading drivers , starting and stopping processes.

  • Warning : This event is not harmful as yet but may become an error if ignored e.g. not obtaining IP  addresses from DHCP  or limited disk space.

  • Error : failed services  and applications , data loss events all will cause an error event

Event Viewer Logs Files

  • The log files  can be saved for future reference if required. All the log files have different size limitations, which are configurable for each log ranging in size from 64KB to 4GB with a default size of 512KB.

  • When the log files  reach their size limitation you can either overwrite the events as needed, overwrite the events older then a certain number of days, or clear the logs manually .

Security  Log Events

  • Success Audit : a security audit event that was successful by the audited client

  • Failure Audit : a security audit event that was resulted in failure by the audited client.

Creating The Setup Boot Disks

  • Windows NT  is provided with 3 startup  disks, which can be used during installation .

  • These disks can be created using the installation  CDROM  by viewing the contents of the CDROM.

  • Change  directories in to the I386  folder by typing cd I386

  • You need type the command Winnt.exe/ox in a DOS  based environment or Winnt32.exe/ox in Windows NT  environment.

  • You must provide the location of the installation  files  which is D:\I386

  • You are finally prompted to insert three disks starting from disk 3 to disk1.

Introduction to the Emergency Repair Disk (ERD )

  • IF your windows NT or windows 2000 system runs in to serious problems booting up. One method of recovering your system might be to use the ERD .

  • The ERD  contains minimal information  that can be used to recover  your system including the some registry  information and some files  location information etc.

  • The backup of the registry  can be found in the %SYSTEMROOT%\Repair directory  that can also be used to recover  your system.

What Is The Best ERD

  • You must try and generate ERD  when your system is functioning correctly so that when we recover  the system after using the ERD we will attain the best working system.

  • The ERD  is not a substitute for making regular backups because it only stores registry  and system configuration information  and not personal data.

When To Create An ERD

  • It is advised that the ERD  should be generated after the installation , after any upgrades such as service packs, and finally after any major hardware configuration  changes such as add new devices  etc.

Generating The ERD

  • To generate or update an ERD  you can use the RDISK.EXE  file located in the system32 folder.

  • This utility has two options:

  • Update the repair information .

  • Create a new repair disk.

Updating the ERD

  • The update information  option of RDISK.EXE  copies the following files  into the repair directory  of Windows NT .

·        The system hive

·        The software  hive

·        The security hive

·        The default hive 

·        The system SAM

·        CONFIG.NT  and AUTOEXEC.NT  

 

 

Creating an ERD

  • The option to create an ERD  basically formats the floppy diskette and copies the repair directory  in to the floppy Disk.

Exercise (Creating an emergency repair disk ERD  in windows NT)

    1. Click on startàrunà then type command and press enter

    2. In the command prompt  window type the command CD  C:\WINNT\SYSTEM32

    3. Make sure you have a formatted floppy disk in the A: drive.

    4. After the change in directory  type the command RDISK/s and press enter

    5. Using the S option ensures the SAM , the Registry, and the system security is updated before the creation of ERD  

 

 

Exercise (Recovering Windows NT  using the ERD )

  1. Use either the three-startup  disk of Windows NT  or the installation  CD  of Windows NT at the boot process.

  2. On the second disk the system will provide you with a repair option

  3. Press R to select the repair option

  4. The system will perform the following tasks that can be deselected.

  5. a) Inspect the registry  files , b) Inspect the startup  environment, c) verify windows NT system files and finally d) inspect the boot sector and then press enter.

 

CONFIG.NT  And AUTOEXEC.NT  Files

  • The ERD  contains only three files  used to recover  the system that are AUTOEXEC.NT , CONFIG.NT  and finally Setup.Log .

  • The AUTOEXEC.NT  file and the CONFIG.NT  file can be used to bring up the DOS  environment and are copied from the %SYSTEMROOT%\SYSTEM32\ directory  where the original files  exist.

Using The ERD  To Recover Windows NT

  • To recover  your system you must use the boot disks starting from disk 1.

  • The second disk will prompt you with a menu where you can use the R option to repair the system.

  • You will now be able to perform certain recovery  tasks including

  • Verify Windows NT  system files , Inspect registry  files

  • Inspect startup  environment, Inspect boot sector

  • The system will replace the hives in the registry  from the repair directory , replace the SAM , and finally replaces all non-original files .

 

Questions

 

  1. What are features of the BOOT.INI  file? (Choose all that apply)

    1. It is a text file

    2. It contains boot order information

    3. It contains the location of the Windows NT  boot files

    4. It generates a boot menu

    5. It is a binary  file

  2. What are the names of the windows NT boot files  located on the root directory? (Choose all that apply)

    1. AUTOEXEC.BAT

    2. NTLDR

    3. CONFIG.SYS

    4. NTDETECT .COM

    5. COMMAND.COM

  3. What are the names of the Windows NT boot files  located on the root directory? (Choose all that apply)

    1. BOOTSECT .SYS

    2. NTLDR

    3. CONFIG.SYS

    4. NTBOOTDD .SYS

    5. COMMAND.COM

  4. What are features of the last known good configuration? (Choose all that apply)

    1. It contains a backup of the registry

    2. It contains a backup of the last 5 registries

    3. It is the configuration of the last time your system loaded without problems

    4. Its options can be edited in the safe mode .

    5. It is overwritten every time your system load normally

  5. What are the features of the memory  dump file MEMORY.DMP? (Choose all that apply)

    1. Generated after the blue screen of death

    2. Generated as virtual memory

    3. Slow compared to normal RAM

    4. Contains information  regarding system failure

    5. Can be examined using Dumpchk.exe

    6. Can be examined using Dumpexam.exe

  6. What are the features of the Dr Watson  utility? (Choose all that apply)

    1. Automatically activated by system errors

    2. Generates a coded dump file

    3. Can be run from the control panel

    4. Generates the Drwtsn32.log file

    5. Its options can be changed from the Drwatson window

    6. It options can be changed from the registry

  7. What are the features of the event viewer? (Choose all that apply)

    1. Generates log of system events

    2. Generates a log file of system crash

    3. Generates log of application events

    4. Generates log of Security  events

    5. Allows the user to monitor and tweak running applications

  8. What are the features of the event viewer? (Choose all that apply)

    1. Produces an information  response

    2. Produces an event response

    3. Produces a data response

    4. Produces a warning response

    5. Produces an error response

  9. What are the features of the event viewer? (Choose all that apply)

    1. The security log needs to be activated before logging begins

    2. The system log need to be activated before logging begins

    3. Log files  can reach a maximum size of 4MB

    4. Log files  can reach a maximum size of 4GB

    5. The event viewer  is automatically activated by windows NT at startup

  10. How are the features of an ERD? (Choose all that apply)

    1. Used to recover  your windows NT OS

    2. Repairs the user personal files

    3. Must be generated when the system is functioning without problems

    4. Must be updated after any major hardware changes

    5. Can be generated by the installation  CD

  11.  How are the features of an ERD? (Choose all that apply)

    1. Must be generated by the administrator

    2. Can be generated using the RDISK command

    3. Can be generated using the FDISK command

    4. Makes a backup of important system information  %SYSTEMROOT/Repair directory

    5. Must be updated after a service pack

  12. What information  does the ERD  backup? (Choose all that apply)

    1. Dos hive

    2. System hive

    3. Files hive

    4. Software hive

    5. Default hive

  13. What information  does the ERD  backup? (Choose all that apply)

    1. Folder hive

    2. Data hive

    3. Graphics hive

    4. Security  hive

    5. System SAM

  14. What is contained inside the ERD? (Choose all that apply)

    1. AUTOEXEC.NT

    2. CONFIG.NT

    3. COMMAND.NT

    4. NTLDR

    5. SETUP.LOG

Answers

1.      A,B,C,D

2.      B.D

3.      A,B,D

4.      A,C,E

5.      A,D,E,F

6.      A,B,D,F

7.      A,C,D

8.      A,D,E

9.      A,C,E

10.  A,C,D,E

11.  A,B,D,E

12.  B,D,E

13.  D,E

14.  A,B,E

 

Google
 
Web web site