Chapter 4: Using Windows-Based Troubleshooting Utilities

Exam Objectives

Managing Registry data with regedit.exe and regedt32.exe

Working with system and disk management tools

This chapter is all about Windows-based troubleshooting utilities. These utilities fall into categories such as disk maintenance, configuration, diagnostic, and the ever-popular miscellaneous category. One major utility topic covered in this chapter is Registry-editing utilities. I examine this component thoroughly because this topic is often neglected. The content that you examine for Registry editing is more detailed than what you need for the exam; when you finish this book, you’ll have a great grasp on the capabilities of the Registry editing tools.

As a CompTIA A+ Certified Professional, you will be called on from time to time to use the tools that are discussed in this chapter. So, in addition to knowing this content for the exam, you need to understand these tools to do your job as a support professional.

Understanding Operating System Utilities for Disk Maintenance

In this section, you examine different utilities that you can use to perform disk maintenance on your system. These utilities include fdisk and Disk Management, defrag, and chkdsk. Each of these utilities serves a specific purpose for your operating system.

diskpart.exe and Disk Management

Before you can store any data on your disk, you need to prepare the disk for use. You can use the diskpart.exe utility to prepare your disk to hold data if you are using the Windows Recovery Console or in Windows, but you will likely want to use Disk Management (diskmgmt.msc) if you are in Windows.

Data is stored on a disk in a partition, and that partition is assigned a drive letter. Because of decisions made when early computer disks were created, you are allowed to create only four partitions on a disk, and a table was created in the disk’s BIOS to hold the partitioning information. The partition table has only four entries in it. The solution to the four-partition limit was to create a special partition, which is always stored in the last partition. This special partition is an extended partition, and it is designed to extend the number of drive letters you can associate with a drive. Remember that this is four, the same as the number of partitions. The extended partition does not have a drive letter associated with it, but rather allows you to create any number of logical drives within it, each of which do have drive letters.

Windows allows you to use either tool to manage your drives, either diskpart.exe or Disk Management, which is a snap-in, or a tool component for the Microsoft Management Console (MMC). Disk Management is fully covered in Book II, Chapter 6.

Knowing your way around diskpart.exe is still important because you may have to resort to using diskpart.exe to prepare a drive to store data during a Recovery Console session or to perform certain tasks that Disk Management does not support, such as extending a primary partition on a drive. In order to boot, a hard drive requires that one of its primary partitions be made active. Each partition that you create can then be formatted with a file system. Each file system has a maximum partition size, and Windows may have some imposed limits on top of that.

Starting with Windows Vista, you are able to use Disk Management to both extend and shrink partitions on a disk.

Each primary partition or logical drive that appears on your computer is still limited to the size specified by the file system that you use on it. FAT16 drives are limited to 2GB, and FAT32 drives are limited to 2TB.

You can boot only from an active partition, so if you don’t set up an active partition on a new drive, you will not be able to boot from that drive.

If you use Disk Management, you can create up to four primary partitions on each drive. If you want to create an extended partition, you can create only three primary partitions. You also have the option of updating your disk to a Dynamic Disk, which eliminates the traditional limits to partition table entries by maintaining its own partitioning information in a separate location on the disk.

Dynamic Disks do not have as many recovery tools as traditional Basic Disks and are compatible only with Windows 2000 and newer Microsoft operating systems (OSes). Because of this recoverability aspect, you should avoid using Dynamic Disks unless they are necessary for your disk configurations.

In the Disk Management utility (see Figure 4-1), the entire contents of the disk partitioning scheme are visible in the display, and you are given control over the drive letters that are assigned.

defrag.exe and dfrg.msc

In this section, I discuss only the defragmentation options available to you in Windows because you will be tested only on the concepts of defragmentation or on the methods used to defragment disks within Windows.

As you write data to your hard drive, it is always written into the largest area of available free space. When you delete files, though, areas of free space become broken up and scattered around your drive. Sometimes the largest area of free space is not large enough to hold the data being written. When this happens, the file is broken up into pieces — fragmented — to the areas of free space.

To “repair” the disk fragmentation, you can use dfrg.msc or defrag.exe:

dfrg.msc is the graphical defragmentation tool for Windows XP.

dfrgui.exe is the graphical defragmentation tool for Windows Vista and Windows 7.

defrag.exe is a command line front end for the same tool.

Both tools for Windows XP are shown in Figure 4-2. dfrgui.exe for Windows Vista and Windows 7 offers a simplified user interface. If you want to create a batch file or script to defragment your hard drive, you want to look at defrag.exe.

Defragmentation requires free space to do its job because it copies the files to new locations before removing them from the old locations. In addition to making all files contiguous, defragmentation attempts to consolidate most free space into a single unit, reducing how often new files are fragmented.

While the defragmentation process takes place, all files on your drive are read, and the system is checked for errors, in the same manner as chkdsk.exe (discussed in the next section).

Because the disk fragmentation utility rearranges the data on your drive and can therefore improve performance, it should be run periodically to ensure maximum performance of your computer. How you define “periodically” depends upon your system and how you use it. If your hard drive is extremely full (containing perhaps only a few gigabytes of free space), you should run defrag.exe as often as every few days. Comparatively, if you have a large amount of free space on your drive, files will take longer to become fragmented on your disk, and you might need to defragment your drive only once every month or two.

To open the graphical disk defragmenter, choose Start⇒All Programs⇒Accessories⇒System Tools⇒Disk Defragmenter. When you select a drive and then click the Analyze button, the defragmenter recommends whether you need to defragment your drive. If you have noticed a degradation in performance, though, go ahead and defragment your drive. (Select a drive and click the Defragment button.) There is no harm in defragmenting your drive even if the computer says you don’t need to; you might still increase the computer’s performance.

You can use Scheduled Tasks to regularly run disk defragmentation in Windows XP; Windows Vista and Windows 7 have scheduling built right into dfrgui.exe. I cover scheduling tasks in the “Miscellaneous Utilities” section of this chapter.

Free space and disk performance should be monitored to achieve an optimal level of performance.

chkdsk.exe (Check Disk)

The chkdsk.exe utility can identify potential problems with either your file system’s allocation table or index, or the physical hard drive. chkdsk.exe can be run from the command line or from the Tools tab of your disk drives’ Properties. It has several options, of which the most important are

/F: Fixes errors found on the disk, rather than just identifying them

/R: Relocates bad sectors and recovers readable information

/X: Forces a dismount of the volume, which closes all open files

If you suspect that you have a disk problem, you should run a scan of your disk. However, because fixing errors requires exclusive access to the disk, you want to run chkdsk.exe in scan-only mode, which is the default. If errors are detected, then you would want to specify /F and /X to correct any errors that are identified.

The system volume (C:) cannot be dismounted, so chkdsk.exe offers to schedule the scan during the next reboot of the system. On a system with a large C: drive, and depending on the number of errors, this scan can be very time consuming. The results of a scan can be seen Figure 4-3.

In addition to issues with directory index entries and Master File Table (MFT) problems, chkdsk.exe looks for cross-linked files and orphaned directory entries or lost file fragments. The File Allocation Table (FAT) contains a pointer to the starting cluster for each file. As the file is read, a pointer at the end of each cluster identifies where the next cluster of the file can be found, with the last cluster of the file not containing a further pointer. From time to time, the pointer at the end of a cluster becomes corrupted and starts pointing to the wrong location for the next bit of data. If the new location already contains file data (which contains a pointer to the next bit of data for a second file), you end up with two files using the same set of clusters.

When two files point to the same cluster (and clusters that follow), the situation is known as a cross-linked file. Depending on your outlook, you may choose to make copies of these files or to ignore them altogether. If you are a pessimist, you probably believe that both of these files are corrupt and probably garbage. If you are an optimist, you probably believe that one or both of these files are still readable and usable. There is no harm in having Check Disk create the files because your worst case scenario will be that the files are of no use.

File fragments or lost chains, on the other hand, tend to be the leftover portions of cross-linked files (the portions of a file that would have belonged to a file had its clusters not been corrupted or lost). You have the option of either deleting these file fragments or converting them to files. If you choose to convert them to files, each chain is saved to the root directory with a name following the format filennnn.chk with an incremental number in place of the nnnn.

Although you have the option to convert lost file fragments to files, I have yet to see useful data recovered from file fragments, so you might as well delete them and free the space.

chkdsk.exe serves an important purpose on your system by ensuring data integrity of the files on your disk, and it should be scheduled to run periodically on important volumes because some disk corruption can be prevented if identified early.

Configuration Utilities

This section discusses many of the configuration utilities that ship with the Windows OS. These utilities provide easy ways to modify configuration files and the Registry.

System Configuration utility

The System Configuration utility (see Figure 4-4) is one of the newer utilities for maintaining settings on your Windows computer. To launch System Configuration, run msconfig.exe. This utility can change many aspects of your system startup. To use this utility, you need to be a member of the computer’s Administrators group.

The six tabs in the Windows XP version of this utility allow you to launch the System Restore utility, expand files, perform selective boots, modify the loaded drivers in system.ini and win.ini, change the boot options in boot.ini, and change the services and applications that are loaded at boot time.

Even though the Windows Vista and Windows 7 versions have only five tabs (General, Boot, Services, Startup, and Tools), they offer similar functionality to the Windows XP version.

Use System Configuration to do the following:

Create custom startup configurations (for troubleshooting)

Perform a selective startup, which processes only some of the system files

Edit boot.ini, system.ini and win.ini files

Expand operating system files from the OS CD

Disable services or programs that have been added to the Run key of the Registry

All the changes in the preceding bulleted list can be accomplished from within a simple Windows user interface, making System Configuration an easy configuration tool to work with.

If you suspect that a computer problem is related to one of the components loaded at startup, this is the tool you want to use. If you can boot into Safe Mode but not perform a normal boot, you can use this tool to select which components you want to load on reboot. By disabling components, you should be able to narrow down which component is causing the problem, by performing multiple boots with different combinations of the items selected.

regedit.exe

If you have ever talked to anybody about the system Registry, you have probably been given a stern warning that this is not a place for the timid. The reason for this warning is that the Registry stores system-wide configuration information for almost all services on your computer. If you experience major problems with the Registry, you will likely have major problems with your entire computer.

In Windows 3.1, the Registry only held information about file associations. With the creation of Windows 9x, Windows NT, and more recent Windows OSes, the Registry now stores key information about all system services.

The Windows Registry has five major subtrees, as shown in Figure 4-5:

HKEY_CLASSES_ROOT contains information about all the file associations and registered file types that exist in your computer. This information is actually a copy of the information stored in the HKEY_Local_Machinesoftwareclasses key.

HKEY_CURRENT_USER contains a subset of the information that is found in HKEY_USERS key, but contains only the information related to the current user. This key contains configuration information for the currently logged-on user. This information includes items such as Control Panel settings (including mouse acceleration and screensaver preferences) and user-related software settings for installed applications.

HKEY_LOCAL_MACHINE contains information about your computer. This information includes configuration information for hardware components and system settings for all software on the computer.

HKEY_USERS contains information for the currently logged-on user, as well as information for the default user and all other users who are logged onto the computer.

HKEY_CURRENT_CONFIG contains settings that are dynamically rebuilt on every boot of the computer, which is mainly composed of Plug and Play information.

Of these subtrees, you really need to worry about only two: HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. The information in the other subtrees is either duplicated within these two subtrees or the data cannot be modified.

All Registry entries are stored in a hierarchical tree. This tree contains several subfolders: keys. If you want to create new keys within the Registry, use the Edit⇒New⇒Key command. Every key within the Registry can store values. The Registry Editor contains six different types of values (as shown in Figure 4-6):

String

Binary

DWORD (32-bit)

QWORD (64-bit)

Multi-String

Expandable String

Some hardware components or software components that you can install on your computer may create entries inside both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER. This makes sense if you think about applications like Microsoft Office. Microsoft Office creates entries in HKEY_LOCAL_MACHINE that relate to the location of Office components on the particular computer, such as the spell checker that can be found within C:Program FilesMicrosoft OfficeTools. At the same time, Microsoft Office installs entries in HKEY_CURRENT_USER that relate to the user configuration on the system. User-related settings are items such as the default Save As file type in Microsoft Word.

The Registry is an important part of your computer, and great care should be taken not to corrupt this database. Before you start doing any procedure that involves the Registry, make sure you have a clean backup of the Registry. You can create this backup in a variety of ways, such as by exporting the Registry, by creating a System State backup, or by physically copying the files that make up the Registry.

To copy the files that make up the Registry, you need to know where the files actually are. HKEY_CURRENT_USER, the user portion of the Registry, can be found in your user profile directory. It will be named NTuser.dat. HKEY_LOCAL_MACHINE is actually composed of several files that are found in the Winnt or Windows directory. These files should be backed up and restored by using the Windows backup program. With Windows XP and Windows Vista, you can perform a System State backup or a Full backup.

Rather than backing up the entire Registry, though, you can be more selective and back up and restore individual keys within the Registry by using the Registry Editor.

To back up individual keys, follow these steps:

1. Choose Start⇒Run (or Search).

2. Type regedit in the Run dialog box that appears.

3. Click the key that you want to back up.

This highlights the key.

4. Choose File⇒Export.

The Export Registry File dialog box appears, as shown in Figure 4-7. This dialog box looks similar to a standard Save As dialog box, with the addition of the Export Range panel at the bottom. The Export Range panel contains your selected branch within the Registry by default.

5. Type a name for the file and choose a location for regedit to save it.

6. Click Save.

The file is given the default .reg extension.

Files that end in the .reg extension are Registry export files that you can edit with a text editor (as shown in Figure 4-8). REG files share the same basic structure as an INI file, which are sections defined by names in square brackets, containing value names and value data on either side of an equal sign. To import a REG file into the Registry, just double-click the file. To help prevent accidental importing of Registry files, Windows has added a safety feature: Windows prompts you to confirm that you would like to import the settings into your Registry, as shown in Figure 4-9. After you import the settings, a dialog box confirms that a file has been successfully merged into your Registry.

On Windows computers, REG files are automatically imported into your Registry if you double-click them. Rather than using the .reg extension on your files, you may choose to use TXT files. Files with the .txt extension can also be imported into your Registry by using regedit.exe filename.txt at the command line.

Periodically, REG files become corrupted from being edited with certain text editors, such as WordPad. This corruption occurs because some text editors add extended (invisible) characters into the text file that are not compatible with regedit.exe. The only editor that does not exhibit this behavior is Notepad. If you have a corrupted file, you can fix it by opening the file through Notepad, resaving the file, and closing it. When saving the file, ensure there is a blank line at the end of the file. Even if the file is corrupt, you still receive a dialog box stating the information has been successfully entered into your Registry, as shown in Figure 4-10.

When you work with Windows computers, you can use regedit.exe to connect to a remote Registry, which allows you to change the Registry settings on a remote computer without having to leave your own computer. To connect to a remote Registry from across the network, choose File⇒Connect Network Registry.

Another advantage of the Registry Editor is that you can load Registry hives. This capability becomes useful when you want to modify the entries for the default ntuser.dat. The default ntuser.dat is used as a template to create new user profiles for users who do not yet have a profile. You can find the ntuser.dat file for this default template account in C:Documents and SettingsDefault UserNTUSER.DAT or C:UsersDefault UserNTUSER.DAT, and you can load this subtree or hive into regedit.exe and edit the settings for this default template.

Do not confuse this default user template with the default user in use prior to a user logging on to your computer. The Registry settings for the pre-logon default user are actually found in the Registry under HKEY_USERS.DEFAULT.

Another thing that you do with the Registry Editor is manage the security on Registry keys. To view or modify the security settings on a Registry key, first select the key and then choose Edit⇒Permissions. You can work with permissions on Registry keys only — not on Registry values.

To allow for command line editing of the Registry, Microsoft introduced reg.exe as a standard component of Windows; this was introduced with Windows XP. This allows for loading and unloading of Registry hives as well as editing Registry keys and values.

Lab 4-1 will have you export your current desktop settings into a file, and create a Registry file that is used to change wallpaper settings. Lab 4-2 will modify desktop settings for the user environment that is in effect when no users are logged on. This is the wallpaper and color scheme that you see behind the logon screen. The labs can be downloaded from the website www.dummies.com/go/aplusaio

regsvr32

regsvr32 is short for register service and is a tool that is used to register and unregister Object Linking and Embedding (OLE) controls on your computer. These files can be contained in Dynamic Link Libraries (DLLs) or ActiveX Control (OCX) files.

When most applications run installation programs that include DLLs or other files that need to be registered, this is usually done as part of the installation process. However, when a problem occurs with the installation of a program, or if the developer has not created an installation package, you may find yourself registering and unregistering files by hand.

The easiest way to execute regsvr32.exe is to provide the name of the file that you want to register, such as regsvr32 sample.ocx. regsvr32 does support switches, of which the two most common are

/u: Unregisters the service or server

/s: Performs a silent installation and suppresses all message boxes

Device Manager

Device Manager (devmgmt.msc) is covered in more depth in Book VI, Chapter 1. The primary job of Device Manager is, appropriately enough, managing devices. You can access Device Manager by clicking the Device Manager button on the Hardware tab of the System Properties window. Use Device Manager to remove devices from your system, configure drivers, configure hardware resources, and manage hardware profile settings.

In Device Manager, you can easily pick out the devices with hardware problems because they sport a red X in XP or a small downward arrow on the icon in the device tree. The red X or arrow identifies devices that are in conflict or are disabled. A yellow exclamation mark identifies devices that are not properly configured (as shown in Figure 4-11). You can use Device Manager to identify problems with your hardware; configure the drivers for the devices; and configure hardware resources, such as IRQs and I/O addresses.

Computer Management

Windows includes the Computer Management utility, shown in Figure 4-12. Computer Management is actually more of a user interface to a number of other utilities than an actual utility. Computer Management is a MMC settings file that contains the following utilities or snap-ins:

Event Viewer: Shows the contents of event log files

Shared Folders: Shows the status of shared or published folders on the computer

Local Users and Groups: Manages the local account database

Performance Logs and Alerts or Reliability and Performance: Records system status and health based on measurable counters and generates alerts when the counters exceed threshold values

Device Manager: Displays hardware status and configuration information in a format that can be edited, unlike the System Information Tool

See the upcoming section, “The System Information Tool.”

Disk Management: Manages disk partitions

Disk Defragmenter: Optimizes disk performance by defragmenting files

Removable Storage Management: Manages and tracks removable media on your computer, such as CD-ROMs and magnetic tapes

Task Scheduler: Manages and schedules tasks or applications to run automatically

Services: Manages system services (such as the Server and Workstation services) on the local computer

Other administration utilities: Other tools are included with this tool, including Telephony, WMI Control, Indexing Service, DNS, Internet Information Services, and Routing and Remote Access

Computer Management is an MMC snap-in that acts as a container for other MMC snap-ins. Its only offering or benefit over the individual tools is that you have to add only one snap-in to the MMC, rather than a whole series.

By putting all these utilities together in one location, system management is made substantially easier for most users.

In addition to using Computer Management to view and manage your computer, you can manage a remote computer:

1. Right-click Computer Management (Local) at the top of the tree in the left-hand pane.

2. Choose Connect to Another Computer.

This opens the Select Computer dialog box, from which you can type the name of another computer on the network.

3. Click OK.

After you are connected to that other computer, you can use all the management tools, with the exception of the Disk Defragmenter, which operates only on the local computer.

Lab 4-3 walks you through creating a custom Computer Management MMC. The labs can be downloaded from the website www.dummies.com/go/aplusaio.

Component Services

The first question you might ask about Component Services is what are they? Component Services are made up of Component Object Model (COM) components, COM+ applications, and the Distributed Transaction Coordinator (DTC) components. All these objects represent programming code that is registered on your computer. Programs on your computer use these components through system level calls to them.

The programming code used by these components is typically found in .dll files, and the components themselves are registered using regsvr32.exe. Once the .dll files containing these components are registered, you will find the object contained in Component Services MMC snap-in. The easiest way to access the Component Services management tool is to use ­dcomcnfg.exe. The main purpose of the Component Services tool is to adjust application launch and security settings for the small programs that make up COM, COM+, and DTC objects.

Getting a Handle on Diagnostic Utilities

To figure out what is wrong with a faulty computer, you need to first find out everything it is doing, both right and wrong. The tools in the following sections are designed to provide you with information on a variety of areas of your computer.

The System Information tool

The System Information tool (msinfo32.exe) is available in recent versions of Windows. This tool was designed to provide information about as many components in the OS as possible. Figure 4-13 should give you a good feel for the type of information that is available within this tool. If it’s part of the OS, the System Information tool can give you information about it.

To open the System Information tool, choose Start⇒All Programs⇒Accessories⇒System Tools⇒System Information Tools.

Microsoft used to use a tool called WinMSD.exe, which showed similar information to that displayed in the System Information tool. If you run WinMSD.exe on a Windows XP computer, you will find that it launches the System Information tool. If you spend a few minutes investigating the data found in this tool, you will get a feel for the very detailed information it can provide. Very few areas of your system’s hardware are not covered by this tool. It is well worth your time to get to know this tool to see what information it can gather.

If you want to save the current system information for archiving or to use as a baseline, choose File⇒Save to save the information into an NFO file, which can later be opened and viewed with the System Information tool.

In addition to the information that this tool provides, the Tools menu gives you links to other common tools that you might want to run, such as Net Diagnostics, System Restore, File Signature Verification Utility, DirectX Diagnostics Tool, and Dr. Watson.

Event Viewer

On some computers, you can check log files to look for errors with the system, applications, or hardware. Microsoft created a central logging and reporting tool that many components in the OS and many applications use. Any application can log events to the event logs or even create its own event logs to be viewed with the Event Viewer (the tool you use to view all this logged information) as well as configure log settings or clear the logs.

To view information, choose Start⇒Control Panel⇒System and Security⇒Administrative Tools⇒Event Viewer or run eventvwr.msc. The interface has the log files on the left of the screen and the log data on the right. There are five different log entry types and three default logs: System, Application, and Security.

The Security log has two event types: either a lock or a key for Failures or Successes. The other two logs have three different entry types — Information, Warning, and Error — identifiable by symbol or color (blue, yellow, and red, respectively). To view log files on another computer, right-click Event Viewer (Local) in the left pane, and choose Connect to Another Computer from the shortcut menu. This opens the Select Computer dialog box, where you can type another computer name and then click OK.

Figure 4-14 shows a typical System log. The Security log has audit information about your system if you have enabled auditing of system events or file system access. The System log records major system events, such as service failures, system startup or shutdown, and Stop events. The Application log records events from applications although you might find that some applications record their events in the System log, and some items thought of as system events are recorded in the Application log.

To see detailed information about the log entries, double-click any line item to bring up something that resembles Figure 4-15, listing date and time, source (system area or application), type of event, event ID (the error code returned by the application), user (if related to a user account), computer (if related to a computer account), a text-based description of the error, and data (which might show raw data related to the event as hexadecimal and ASCII data).

Read the Description section carefully because many developers put trouble­shooting steps right into their error events.

To navigate to the next or previous events, use the arrows in the right side of the dialog box; to copy all event information to the Clipboard, use the button with the sheet of paper on it (or the Copy button if you are using Windows Vista). You can then directly paste this information into a document or e-mail when reporting this event to other support people.

If you can’t decipher the event message, you can find additional help at www.eventid.net, which allows you to plug in the EventID and the source. Then you are able to view recorded events and descriptions of both the errors and the fixes. This site also contains links to the Microsoft Knowledge Base for articles related to the errors. To follow the links, you need to register on the EventID site, but because the site provides the Q article numbers (Microsoft’s knowledge base has all articles number, with a Q as the initial character in the filename), you can go directly to http://support. microsoft.com and locate the articles yourself.

When you right-click a log file, you have the option to save the event log as different types of text files or an EVT file (now an EVTX file), which can be loaded back into Event Viewer, or to clear or empty the event log. The View submenu has options to allow you to find specific entries or filter the log file to show certain events. You can filter the log by any of the field values.

To change how long the log files are kept, right-click a log file and choose Properties. The default log file size in Windows XP was 512KB and is now 20MB, but it can be set all the way up to 4194240K (4GB) or 16EB (exabyes) in Windows 7, and settings are available on what to do when the log reaches its maximum size. When it reaches its maximum size, you can overwrite events as needed, overwrite events older than a number of days (the default is seven days), or not clear the events at all (in which case, you stop logging new events).

In most cases, you should use Overwrite Events Older Than X Days and choose a number of days for which normal activity will not fill the log file. This system means that you can ignore the logging activity, but you will be notified when the log file fills up, and you can start your investigation into the activity that filled it prematurely. I typically leave this setting between 7 and 14 days, and make the size of the log file larger if necessary.

Network Diagnostics

The Network Diagnostics tool is a Windows XP tool used to test and report on overall system health, with specific focus on the network. This tool is only part the Windows XP Help and Support Center, but the easiest way to access it is through the System Information tool. Choose Start⇒All Programs⇒Accessories⇒System Tools⇒System Information. When the System Information window opens, choose Tools⇒Net Diagnostics. After you run a scan of your computer, the reported results are broken into three categories:

Internet Services section: Reports on Outlook Express and Internet Explorer settings

Computer Information section: Reports on the same general information that is reported via the System Information tool

Modems and Network Adapters section: Reports on the settings and status of your modems, network adapters, and network clients after a series of tests

To save a copy of the findings, click the Save to File button. The report will be saved to both your desktop and here:

C:Windowspchealthhelpctrsystem etdiagNetdiag <Date> <Time>.htm

This is just another tool that you can use to gather information to diagnose problems.

Dr. Watson

Dr. Watson is used to gather information about application crashes, which can be used by application developers to help diagnose errors, so you will use this information only when you’re working with an application developer. To launch Dr. Watson’s GUI in Windows XP, choose Start⇒Run and type drwtsn32.exe. If you have been using another debugger for your applications, you can make Dr. Watson the default debugger by running drwtsn32 –i.

Within Dr. Watson, you can specify the locations for log files and crash dump files. Crash dump files are similar to the binary log files that are created during a Stop error, but they capture only the memory data related to the crashed application. The capture configuration for Dr. Watson includes the number of instructions and errors to save that defines the range of data around the error that is captured. Just like Stop errors, you have the option to save full or mini logs, and the choice here depends on which debugging tools the developer is planning to use.

Full logs are larger and contain all the information that the developer could want captured. However, if the developer is using only a small amount of that data, the mini dump might include enough data to resolve the problems with the application. Mini dump files are much smaller in size, which will make them easier to send the developer.

A Dr. Watson error log has information in the following categories:

Application error statement: Includes the date, application name, and exception number

System information: Related to the computer that was running the application

Task list: Includes all running processes, like the Task Manager would list

Module list: Includes the memory addresses of DLL files and drivers

Memory and state dump information: In a variety of formats for each referenced thread

System File Checker

The System File Checker (sfc.exe) is part of the Windows File Protection interface and must be run by an Administrator. With the proliferation of applications and with software developers replacing stock Microsoft DLL files with custom versions, there is a real need for Windows File Protection and the System File Checker.

DLL (Dynamic Link Library) files contain compiled application code that is the same type of code that makes up an application. By saving this code as a DLL, the developer makes the code available to many applications so that it can be reused, reducing application development time. One dialog box found in a system DLL is the common Save As dialog box.

Windows keeps the cached copies of these files for your use when corruption occurs in the original files. To illustrate this feature, you can delete both c:windowssystem32freecell.exe and c:windowssystem32cards.dll. By the time you have the second file deleted, you should see that the first file has already been replaced. The missing copy of the file has been replaced by the copy that was stored in the cache in %systemroot%system32dllcache. If the file was not in the cache, Windows would have prompted you for the OS CD.

When you run the System File Checker, you have a choice of switches that you can use (depending on your version of Windows):

/SCANNOW: Immediately scans all files for incorrect versions, verifies the versions that are stored in the cache, and repairs any files it locates with problems

/SCANONCE: Scans all files on the next boot (Windows XP)

/SCANBOOT: Scans all files at every boot (Windows XP)

/REVERT: Changes sfc.exe to its default settings (Windows XP)

/PURGECACHE: Purges the file cache to allow it to be rebuilt (Windows XP)

/CACHESIZE=x: Sets the size, in megabytes, of the file cache (Windows XP)

/VERIFYONLY: Only scans files and does not attempt to repair any issues it finds (Windows Vista and Windows 7)

/SCANFILE: Scans the integrity of a single file and repairs files it finds problems with (Windows Vista and Windows 7)

/VERIFYFILE: Verifies the file specified but does not repair the file (Windows Vista and Windows 7)

/OFFBOOTDIR: When performing offline repair (outside the current running copy of Windows), this specifies the boot directory to use

/OFFWINDIR: When performing offline repair (outside the current running copy of Windows), this specifies the Windows directory to use

Windows Memory Diagnostics

The Windows Memory Diagnostics tool does just what its name claims; it is a tool that can be used to test the memory on your computer. This tool is preinstalled on Windows Vista and Windows 7, but can be downloaded for Windows XP. Now, for it to test the memory, it is best if that memory is not being used for anything else. To allow almost all system memory to be free for the running of the diagnostic tests, Windows uses a special boot process to only load the test tool. So, to start the test tool, run %windir%system32MdSched.exe or choose Start⇒Search, type Windows Memory Diagnostics, and select the tool when it is presented in the search results.

When you run Windows Memory Diagnostics, it will present you with a simple window asking you to either restart now or to run the tool on your next start of Windows. The choice is yours. When it reboots, it will automatically launch the test tool.

The tool will automatically start running the default tests on memory, as seen in Figure 4-16. If you would like to change the settings, follow the onscreen commands and press F1. This will bring you to the configuration screen, where you can change three settings. The first is the Test Mix, where you can choose from Basic, Standard (default), or Extended. The test mix determines the exact tests that will be executed against the memory on the computer. The second option you can adjust is whether the system cache memory will be used for tests. A default setting exists for cache use on each test, but you can force it to be on or off for all tests. The third setting is how many times you want to run the tests, which the test calls passes. Most major memory errors will appear on the first pass, while others are sporadic; in the latter case, it may take several passes to see the error. The pass count can be set up to 99 passes.

If Windows Memory Diagnostics reports any errors, it is likely that you have a hardware error related to memory on your computer, and you will need to replace the defective memory. See Book II, Chapter 3 to review the process of replacing memory in a computer.

DirectX Diagnostic Tool

The last diagnostic tool that you will see in this chapter is the DirectX Diagnostic Tool, or dxdiag.exe. This tool will evaluate the high-performance audio and video systems on your computer. Some applications, primarily games, make use of the DirectX drivers on your computer to assist in rendering high-speed graphics.

The main purpose of dxdiag.exe is to evaluate these systems through an easy-to-view screen, as shown in Figure 4-17. To launch dxdiag.exe, choose Start⇒Search, type dxdiag.exe, and select dxdiag.exe from the results list. When the tool launches, it will first ask you whether you would like to test the drivers to ensure that the drivers are all signed and tested by the Windows Hardware Qualifying Labs. Upon opening the main tool, it will automatically start testing the drivers on the system. You will see detailed information about the drivers in use on the system from the System, Display, Sound, and Input tabs.

Miscellaneous Utilities

A number of miscellaneous utilities are also available within Windows. The following sections take a look at some of them.

Task Scheduler

The system Task Scheduler service is responsible for running scheduled tasks. This service (like all services) runs in the background — and in this case, making sure that your tasks are performed at the times you planned.

Your interface to this service is found via Start⇒All Programs⇒Accessories⇒System Tools⇒Scheduled Tasks (or Task Scheduler with Vista and Windows 7), which opens the Scheduled Tasks folder.

To schedule a task, follow these steps:

1. Double-click Add Schedule Task.

2. In the Scheduled Task Wizard that opens, click Next to continue.

You will be presented with a list of applications to choose from and a Browse button to find and to select applications not listed.

3. Select an application that you want to execute and then click Next.

4. Type a name for the task and then select the scheduled interval for the task, which includes

• Daily

• Weekly

• Monthly

• One Time Only

• When My Computer Starts

• When I Log On

5. Click Next.

Depending on your schedule interval, you will be presented with different scheduling times.

6. Specify the exact times you want the task to run; then click Next.

7. Type the user credentials that you want the Task Scheduler to use when running the task — the user credentials will require appropriate rights to perform the actions you want performed — then click Next.

You are now on the last screen of the wizard. You can choose to view the Advanced properties for the task, which include the settings already discussed for this wizard, as well as these:

• Do not run the task if you have a laptop running on batteries.

• Maximum duration for the task to run.

• Run the task only if the computer is idle, and stop the job when the computer is no longer idle.

8. If you do not want to view these settings, just click Finish; otherwise, select the Open Advanced Properties for the Task When I Click Finish check box, and then click Finish.

When you exit the wizard, you will see the new task in the Scheduled Tasks folder. To see the properties for any task, select the task and right-click Properties. From the properties window of the task, you can adjust the command line options for the application scheduled to run and also change the schedule or the advanced options that were mentioned during the wizard. If you do not want to wait for the schedule but rather have the task run immediately, select the task, right-click it, and choose Run from the shortcut menu. You will see the status of the job change to Running. The other information shown in the Scheduled Tasks folder includes

When the task is scheduled to run next

When the task last ran

The status or what error code was returned the last time the task was run

0x0 is the standard code for a successful execution.

Windows Script Host

Windows Script Host (wscript.exe and cscript.exe) is a utility that doesn’t fit easily into any other categories. Windows Script Host is used to execute Visual Basic Script (VBScript) or JavaScript. The tasks that you are able to accomplish by using VBScript are numerous and almost unlimited. Most Windows-based applications support ActiveX automation and can be controlled through VBScript. You can use Windows Script Host to execute such scripts.

Windows Script Host has two components that can execute script:

wscript.exe: Executes VBScript from within the Windows environment

cscript.exe: Executes scripts from the command prompt

Both utilities are interpreters for VBScript. If the scripts were converted into true Visual Basic and compiled into executables, you would achieve much better performance.

Windows Script Host was introduced to the OS with early versions of Windows and is included with all current versions of Windows. To get code samples or information about using Windows Script Host, visit http://msdn.microsoft.com/en-us/library/9bbdkx3k. You can also get scripting information from the Hey, Scripting Guy! site through www.microsoft.com/technet/scriptcenter/learnit.mspx or www.microsoft.com/technet/scriptcenter/default.mspx. To find out more about scripting, take a look at www.dummies.com/go/aplusaio.

Lab 4-4 has you create a few simple scripts using Windows Script Host. The labs can be downloaded from the website www.dummies.com/go/aplusaio.

expand.exe

You can use the command line expand.exe utility to expand individual source files shipped in a compressed format on your OS CD, for all Windows OSes. This utility can be used to replace corrupt files being used by the OS.

Files that have been compressed for expansion with expand.exe are found on your OS CD with the last letter of their filenames replaced with an underscore, or they are compressed as CAB files.

Common tasks you might use expand include

Viewing the names of all files in a CAB file, such as seeing the names of all GIF files contained in iis6.cab file on the Windows XP Installation CD, where D: is the drive letter of the CD drive that contains the Windows XP installation CD:

expand.exe –D D:i386iis6.cab –F:*.gif

Extracting a file from a CAB file, such as extracting the IIS_winxp.gif file from the iis6.cab file to the root of the C: drive:

expand.exe D:i386iis6.cab –F:IIS_winxp.gif C:

Expanding a compressed file — for example, extracting a fresh copy of the Freecell Help file to the root of the C: drive:

expand.exe D:i386freecell.ch_ c:freecell.chm

Lab 4-5 gives you some practice using this command line. The labs can be downloaded from the website www.dummies.com/go/aplusaio.

Data Sources

While it is not a troubleshooting tool by itself, the Data Sources (ODBC) control panel applet is a configuration tool for data sources. Data sources provide you with the ability to store or retrieve information from a database using a common interface. Databases are often used by troubleshooting and logging tools to store data, but you may also need to troubleshoot database connections for other applications. The configuration information found in this section should help you in identifying data source configuration issues.

The main user interface for these database connections is the Data Sources (ODBC) Administrative Tool, which can be launched by choosing Start⇒Control Panel⇒System and Security⇒Administrative Tools⇒Data Sources (ODBC) or by running odbcad32.exe.When Data Sources opens, you will see the seven tabs shown in Figure 4-18. The main tabs that you will focus on are

User DSN (Data Source Name): Used to manage user-based database connections. Connections created on this tab will only be available to the current user.

System DSN: Used to manage system-based database connections. Connections created on this tab will be available to all users of the ­computer.

File DSN: Used to manage file-based database connections. The files created by this process can be shared by any users who have the required database drivers installed on their computers.

The process to create a new DSN is fairly straightforward, and this process will show you how to create a new System DSN used to connect to a Microsoft SQL server:

1. Open the Data Sources (ODBC) Tool by choosing Start⇒Control Panel⇒System and Security⇒Administrative Tools⇒Data Sources (ODBC).

The ODBC Data Source Administrator should open.

2. Select the System DSN tab.

3. Click the Add button to create a new data source.

The Create New Data Source window should open.

4. Select SQL Server and click the Finish button.

The Create New Data Source to SQL Server window should open.

5. Type a descriptive name for the new data source and a description, and specify the server to which you want to connect. Then click the Next button.

6. Specify the type of authentication you would like to use; then choose Next.

You can use your current Windows logon credentials or credentials specific to the SQL server. You can override the default connection settings by clicking the Client Configuration button. Finally, you can make an initial connection to the SQL server to get server-specific information.

7. You can change to a different default database, which is otherwise assigned by the server, or manage other connection settings to the database.

The defaults are general settings, which work well for most applications, but you will want to check your application documentation to see if specific settings are required. Click Next to continue.

8. Select the needed logging and other advanced connection settings if necessary; then click Finish.

Again, the defaults are likely sufficient, unless application-specific documentation suggests otherwise.

This displays a summary page for the wizard. The summary page allows you to verify the settings that you are using, as well as allows you to test the connection to the data source.

9. Click the Test Data Source button to make a test connection to the server. When you are happy with the connection, click OK to complete the wizard.

With the data source creation completed, you should see the new connection listed on the System DSN tab.

Getting an A+

This chapter examines several Windows-based utilities. You find out about the following:

Disk maintenance programs, such as fdisk, defrag, and chkdsk, are used to improve performance and reliability of the disk subsystem.

Configuration utilities, such as the System Configuration utility, System Information tool, Registry editors, Registry scanners, Device Manager, and the Computer Management Console are used to view or change Windows configuration settings.

wordpad.exe or notepad.exe can be used to create or modify text files.

expand.exe can be used to decompress Windows XP source files.

Prep Test

1 defrag.exe does what for your computer?

A Rearranges memory so that access to it is improved

B Removes dust and fragments from your computer

C Rearranges data on your disk drive so that access to it is improved

D Recovers files that have been corrupted

2 chkdsk.exe can do which of the following?

A Rearrange data on your drive so that disk access is faster

B Consolidate free space on your hard drive

C Correct problems with file storage on your hard drive

D Change the partition table of the drive from FAT16 to FAT32

3 What programs can be used to edit the Registry on a Windows XP computer?

A registry.exe

B cfgedit.exe

C regedt32.exe

D regedit.exe

4 What command is used to export a section of your Registry while using regedit.exe?

A File⇒Export Registry File

B File⇒Extract to Recovery File

C Export⇒Set Restore Options

D File⇒Backup Key

5 What tool should you use to change an exported Registry file?

A sysedit.exe

B regedit.exe

C notepad.exe

D Microsoft Word

6 Which files on your hard drive make up the Windows XP Registry?

A system.dat and registry.dat

B user.dat and system.dat

C user.dat and hardware.dat

D system, sam, security, and ntuser.dat

7 Which operating system uses regedt32.exe?

A MS-DOS

B Windows 95

C Windows 98

D Windows 2000

8 You need to find out which memory addresses are being used by a driver. What tool will tell you what you need to know?

A memedit.exe

B System Resource Meter

C Device Manager

D System Driver Checker

9 You need to automate a procedure on your computer. What tools could you use?

A wscript.exe

B ScriptIt.exe

C config.sys

D Local ASP

10 You need to automate the process of copying information from a Microsoft Excel spreadsheet into a Microsoft Word document. What tools could you use?

A wscript.exe

B ScriptIt.exe

C config.sys

D Local ASP

11 What is the name of the command-line version of Windows Script Host?

A ComScript.exe

B wscript.exe

C cmscript.exe

D cscript.exe

12 You need to create a new Visual Basic script for Windows Script Host. What tool will you use?

A Script Developer

B Script Editor

C Notepad

D Visual Basic Script IDE

Answers

1 C. defrag.exe rearranges data on your disk so that access to files is faster. By allowing your disk to perform reads of data in contiguous blocks, it takes less time to read files. See “diskpart.exe and Disk Management.”

2 C. chkdsk.exe fixes minor problems with files that are stored on your hard drive and can also test and verify the clusters on your drive. Review “chkdsk.exe (Check Disk).”

3 D. regedit.exe is the editor for Windows XP computers. If you are using Windows 2000, you can use either regedit.exe or regedt32.exe, but with Windows XP, if you run regedt32.exe, you will actually open regedit.exe. Peruse “regedit.exe.”

4 A. Export Registry File from the Registry menu will export a section of your Registry. Take a look at “regedit.exe.”

5 C. Registry import files must be straight text. WordPad and many other programs that edit text files add different characters to handle carriage returns and line feeds. This can create files that will not be imported through regedit.exe. Peek at “regedit.exe.”

6 D. system, sam, security, and ntuser.dat, in addition to software, are the files that make up the Registry. All of the files are found in <%systemroot%>system32config, with the exception of ntuser.dat, which is found in each user’s profile directory. Look over “regedit.exe.”

7 D. Only Windows NT, Windows 2000, and Windows XP use regedt32.exe. Study “regedt32.exe.”

8 C. Device Manager will tell you what resources are being used by which devices. Refer to “Device Manager.”

9 A. wscript.exe, or Windows Script Host, can be used to automate processes. Examine “Windows Script Host.”

10 A. wscript.exe can control applications that support ActiveX automation, such as Microsoft Word and Microsoft Excel. See “Windows Script Host.”

11 D. cscript.exe is the command line script interpreter. Review “Windows Script Host.”

12 C. Notepad, WordPad, or another text editor can be used to create or edit your Visual Basic scripts. Check out “Windows Script Host.”