Today when I tried creating a New Folder in Windows Vista, I saw that the option was missing from the right click “New” menu. I tried creating it through the explorer by going to “Organize – New Folder”. This option was there but it was doing nothing. I was able to successfully able to create a folder through DOS but that is not something you prefer.
I thought that it might be due to a virus but a scan by my anti virus and anti spyware didn’t find anything. So after searching, I was able to find a solution to this problem. Apparently, the reason why this is happening is unknown. to fix the problem, download this file (folderfix_vista.zip) , extract it to your desktop, you will get a .reg file . Right click on that file and select “Merge” in administrator mode and add it to your registry.
After that, simply refresh the desktop 2-3 times and the entry will be back and working.
Sunday, January 11, 2009
Friday, January 2, 2009
Computer Troubleshooting
The first step in troubleshooting is to get as much information as possible. I don't care if you think it's relevant or not. The more information you have, the better you'll be able to narrow the problem down, and the more you can narrow the problem down, the faster you can fix it.
One of the first questions you need to ask is, "has this ever worked"? If it worked in the past but not now, then the question is "what has changed"? Was anything added to the computer recently, hardware or software? Any changes made to software recently? What software was being used or what function was being performed when the failure occurred?
Standalone PC
• Hardware
o Connections
External - When performing hardware troubleshooting always and I mean always start with the obvious. I don't care how stupid you think it is, start with the obvious. If the computer is dead, check and see, is the computer plugged into the wall? Is the computer turned on? Is the monitor turned on? In my 15 years of computer troubleshooting I couldn't begin to tell you how many dead computer problems I fixed by plugging it in, turning it on, or turning on the monitor. This is especially important if you're working in a help desk type environment were you can't actually get your hands on the hardware yourself. Remember, that client on the other end of the phone may not, and probably isn't as computer savy as you. They could easily be missing the obvious.
Internal - Pop the cover and check all internal connections. Remember, unless you are a trained professional, do not open the power supply. They're is enough power in there to kill you even if it's unplugged. Check all your ribbon cable connections and make sure they are snug. Check all pins and make sure none are bent. Check all your cards and make sure they are seated properly.
Cards inside a computer have a tendency to work their way out of their slots. When things heat up, they expand, when they cool down, they contract. When you turn your computer on, the hardware heats up. When you turn your computer off, the hardware contracts. This constant heating up and cooling down, expanding and contracting, tends to make cards work their way up out of their slots. Also in recent history, I've seen chassis manufacturers who are getting a little sloppy about staying within specs when they manufacture the computer chassis. This causes extra pressure to be placed on the card at the front end where it screws into the chassis and tends to make the back end of the card pop out over time.
Take the memory out and reseat it. Check your CPU fan. If the CPU fan is dead, a CPU can overhead in less time than it takes to boot up. If the CPU does overheat, serious damage can occur. Not only look for a dead CPU fan, look for a CPU fan that is barely turning or is spinning irregularly. This can be a sign it's wearing out and if the fan isn't turning fast enough, the CPU can overheat.
o Modems
o DVD - Troubleshooting DVD problems is like troubleshooting any other kind of problem. First you must determine what is causing the problem. DVD problems can be caused by hardware, software, and/or bad discs.
Disks Skip - Try cleaning the discs. Use a soft cloth and wipe back and forth, not around and around.
Tray Does Not Open - If this only happens occasionally and with the same disk, the disk is probably defective. If it happens regularly the drive is probably defective. If the tray will not open at all, turn off the system and look for a tiny hole in the front of the DVD tray. Straighten out a paper clip and insert it into the hole. This should manually eject the tray.
o Hard Drives
• Software
o Operating Systems
Troubleshooting Windows ME
Troubleshooting Windows 95
Troubleshooting Windows 98
o Applications
Printers
Networks
• Hardware
o Printers
o DVD - Troubleshooting DVD problems is like troubleshooting any other kind of problem. First you must determine what is causing the problem. DVD problems can be caused by hardware, software, and/or bad discs.
Disks Skip
Tray Does Not Open
o Hard Drives
• Software
o Operating Systems
Troubleshooting Windows NT
Troubleshooting Windows 2000
o Applications
o TCP/IP
Utilities for Troubleshooting TCP/IP
Testing the TCP/IP Configuration
Finding Computer Names
Finding the MAC Address
Troubleshooting Windows 98
Unless otherwise noted all troubleshooting proceedures in this section apply to both Windows 98 and Windows 98 Second Edition. If any proceedure is specific to only Windows 98 Second Edition it will be noted.
What Kind of Problem?
• Hangs during Shutdown Troubleshooting
I. Computer hangs when shutting down Windows 98.
A. Display adapter or driver may not be compatible with Windows 98 or may not be working correctly.
To check this:
1. Click on Start/Run.
2. Type msconfig, then click OK.
3. Click Advanced.
4. Select VGA 640 x 480 x 16.
5. Click OK.
6. Click OK to restart computer.
B. Corrupted Shutdown Sound File
1. Go to Control Panel.
2. Doule click the Sound icon.
3. Change the sound you are using for Shutdown.
C. Disable Fast Shutdown
1. Click Start/Run
2. Type msconfig
3. Click OK.
4. Click Advanced.
5. Select Disable fast shutdown.
6. Click OK.
7. Restart Computer
D. Advanced Power Management (APM) could be the problem
To determine if APM is causing the problem.
1. Click Start/Settings/Control Panel
2. Double-click System.
3. Click on the Device Manager.
4. Double-click System Devices.
5. Double-click Advanced Power Management.
6. Click the Settings tab.
7. Click Enable Power Management to clear it.
8. Click OK.
9. Click Close.
10. Restart the computer
II. Dangerously Low on System Resources - Slow performance, error messages when you start a program, applications hanging, or the entire system locking up or crashing can all be symptoms of low system resources. This is most likely caused by a poorly programmed application not releasing memory like it's suppose to. The short-term fix is to reboot. When you reboot, all system resources are cleared. The long term fix is to upgrade to Windows 2000 or Windows XP. Windows 2000 and Windows XP use a much more sophisticated method of controlling memory.
III. Troubleshooting Corrupted Desktop Icons - To fix corrupted desktop icons, delete the hidden file "ShellIconCache".
IV. Windows 98 Second Edition Hangs during Suspend
Cause: Bug that happens when the path specified for the swapfile includes a lowercase drive letter in the [386Enh] section of the System.ini.
Fix:
Windows 98 Second Edition Hangs During Suspend Fix
1. Open System.ini in notepad
2. Go to the [386Enh] section
3. Find "PagingFile="
4. Change the lowercase drive letter to uppercase
Troubleshooting Windows NT
Troubleshooting Email
• Outlook
o 2000
Can't Copy or Open a File - When you can't copy or open a file in Outlook 2000, the first thing to try is recreate the user's NT Profile.
Troubleshooting Network Printing
• The Spooler
o Spooler Service will not Start - When the spooler service does not start, it is usually caused by a corrupt job in the spooler. Delete the corrupt job.
Troubleshooting Windows 2000
Troubleshooting with Device Manager
Device Manager is one of the tools you can use when troubleshooting Windows 2000. Device Manager is one of the snap-ins located under System Tools in Computer Management. Device Manager provides you with a view of the hardware installed on your computer, in a graphical format. You use Device Manager to disable, uninstall, and update device drivers.
Finding Your IP Address
Click on Start/Programs/Accessories/Command Prompt and type in "ipconfig", without the quotes. For more information type "ipconfig /all", without the quotes.
Troubleshooting Internet Communications Problems
Any of the following reasons could cause a problem communicating with an internet server:
1. The server is not functioning
2. Improper configuration of your internet browser
3. Incorrect TCP/IP configuration for your dial-up connection
4. Your ISP's Domain Name Service (DNS) server is not working
• Try a Known Good Server - If you can't get to a specific server on the internet, try connecting to http://www.barnettcomputerservices.com or http://www.karenscountrykitchen.com. If you can connect to any one of these servers but can't connect to the original server you were trying, chances are the first server you were trying is down. Your TCP/IP configuration is ok.
Server Won't Boot
Providing the problem isn't hardware you can always reformat the hard drive and reload the operating system. But let's face it, that's rarely going to be the practical solution. Always start by working from the simplest solutions to the more complex solutions.
The first question you should be asking is "what changed recently". If everything was working fine, someone changed something and now the server won't boot up, chances are whatever the changes were, killed the server.
Server Boots to a Blank Screen
If the server boots to a blank screen, you have a video driver problem. The video driver has become corrupt, an incorrect video driver is being used, or the video driver is set to the wrong resolution.
Utilites for Troubleshooting TCP/IP
• Ping: Tests connections
• ARP: Displays locally resolved IP addresses as physical addresses
• Ipconfig: Displays the current TCP/IP configuration
• Nbtstat: Displays statistics and connections using NetBIOS over TCP/IP
• Netstat: Displays TCP/IP protocol statistics and connections
• Route: Displays or modifies local routing table
• Hostname: Returns the local computer's host name
• Tracert: Checks the route to a remote system
All of the above utilities are executed from a command prompt. For more information on any of these commands, except Hostname and Tracert, go to a command prompt and type the command followed by /? then press Enter. For example Ping /? then press Enter.
Testing the TCP/IP Configuration
Use ipconfig and ping command-prompt utilities to test configuration and connections to other TCP/IP hosts and networks.
• Using Ipconfig - Use the ipconfig utility to verify the TCP/IP configuration on a host. This helps determine whether the configuration is initialized, or whether a duplicate IP address exists. Use ipconfig with the /all switch.
Type ipconfig /all | more to prevent scolling off of the screen.
The following is the result of the ipconfig /all command.
o If a configuration has initialized, the ipconfig utility displays the IP address and subnet mask, and, if it is assigned, the default gateway.
o If a duplicate IP address exists, the subnet mask is 0.0.0.0
Finding Computer Names
If you know the IP address of a workstation but don't know the computer name, you can find out the computer name two ways. The first is to run tracert. From a DOS prompt, type tracert (space) and then the ip address. Hit enter and it should resolve the computer name for you.
The other way is to ping it with the "-a" flag. In other words, ping (space) -a (space) ip address. This should also resolve the computer name for you
Introduction to Computer Cases
The case is the foundation of your computer. Build your foundation on a rock. Don't plan on building a great computer by starting with a cheap case.
Classifications of Computer Cases
Computer cases come in three basic classifications:
• Desktop - Available in AT, ATX, Flex ATX, and NLX form factors.
• Mini Tower - Available in Micro ATX and Flex ATX form factors.
• Medium/Mid Tower - Available in AT, Flex/Micro ATX, ATX, and Extended ATX form factors.
The full tower cases have 4 or 5 drive bays you can fill however you like. Because of its' size, a full tower case is designed to sit on the floor. They're the perfect height to set your coffee on. (That's a joke; don't try it.)
There are some sub-categories of cases. For the most part you should steer clear of these if you're building your own pc. Two of these sub-categories are "slim line" and "micro towers". Many times these cases use non-standard boards. Finding these boards and/or replacement parts could be difficult.
Computer Case Form Factor
Computer cases are built to use a specific type of motherboard. Two examples of types of motherboards are "ATX" and "Baby AT". The term used for describing the type of motherboard is "form factor". You'll see statements like "form factor ATX", which simply means the motherboard is an ATX motherboard.
ATX Computer Cases
The ATX computer case form factor was invented by Intel® in 1995.
ATX computer cases rotate the processor and the expansion slots 90 degrees. This gives more room to add cards.
Power supply's on an ATX computer case have a side mounted fan which does a better job cooling the computer system.
An ATX computer case has a double height aperture in the back where the keyboard, mouse, parallel and serial ports are located. These ports are stacked on top of each other.
A Baby AT computer motherboard will not necessarily fit in an ATX form factor case. An ATX motherboard will not necessarily fit in a Baby AT form factor case and so on, and so on.
Choosing a Computer Case
When choosing a computer case, make sure the power supply is mounted on the top. Remember, hot air rises, so let's drag as little hot air across the computer's components as possible. Make sure the frame that houses the hard drive is removable. This is important. Believe it or not, there was a design a few years ago that required all the boards be removed from the motherboard and the motherboard be tilted back in order to remove the hard drive.
When choosing which computer case you want to buy, think about the future. Do you want to be able to expand your computer in the future? Will you want to be able to upgrade this computer in the future? Your answer will most likely be "yes". If you're the type of person who is ambitious enough to build your own pc, then you're the type of person who will want to expand on your computer system somewhere down the road. So if expansion is in your future, you can forget about a desktop case right now. You want a mid tower or a full tower case. In order to save space, desktop cases just aren't built for expandability. And let's be honest here, they just plain look whimpy.
If you're limited on desktop space, (and hey, who isn't), a tower case can fit conveniently on the floor, freeing up precious desk space.
One of the first questions you need to ask is, "has this ever worked"? If it worked in the past but not now, then the question is "what has changed"? Was anything added to the computer recently, hardware or software? Any changes made to software recently? What software was being used or what function was being performed when the failure occurred?
Standalone PC
• Hardware
o Connections
External - When performing hardware troubleshooting always and I mean always start with the obvious. I don't care how stupid you think it is, start with the obvious. If the computer is dead, check and see, is the computer plugged into the wall? Is the computer turned on? Is the monitor turned on? In my 15 years of computer troubleshooting I couldn't begin to tell you how many dead computer problems I fixed by plugging it in, turning it on, or turning on the monitor. This is especially important if you're working in a help desk type environment were you can't actually get your hands on the hardware yourself. Remember, that client on the other end of the phone may not, and probably isn't as computer savy as you. They could easily be missing the obvious.
Internal - Pop the cover and check all internal connections. Remember, unless you are a trained professional, do not open the power supply. They're is enough power in there to kill you even if it's unplugged. Check all your ribbon cable connections and make sure they are snug. Check all pins and make sure none are bent. Check all your cards and make sure they are seated properly.
Cards inside a computer have a tendency to work their way out of their slots. When things heat up, they expand, when they cool down, they contract. When you turn your computer on, the hardware heats up. When you turn your computer off, the hardware contracts. This constant heating up and cooling down, expanding and contracting, tends to make cards work their way up out of their slots. Also in recent history, I've seen chassis manufacturers who are getting a little sloppy about staying within specs when they manufacture the computer chassis. This causes extra pressure to be placed on the card at the front end where it screws into the chassis and tends to make the back end of the card pop out over time.
Take the memory out and reseat it. Check your CPU fan. If the CPU fan is dead, a CPU can overhead in less time than it takes to boot up. If the CPU does overheat, serious damage can occur. Not only look for a dead CPU fan, look for a CPU fan that is barely turning or is spinning irregularly. This can be a sign it's wearing out and if the fan isn't turning fast enough, the CPU can overheat.
o Modems
o DVD - Troubleshooting DVD problems is like troubleshooting any other kind of problem. First you must determine what is causing the problem. DVD problems can be caused by hardware, software, and/or bad discs.
Disks Skip - Try cleaning the discs. Use a soft cloth and wipe back and forth, not around and around.
Tray Does Not Open - If this only happens occasionally and with the same disk, the disk is probably defective. If it happens regularly the drive is probably defective. If the tray will not open at all, turn off the system and look for a tiny hole in the front of the DVD tray. Straighten out a paper clip and insert it into the hole. This should manually eject the tray.
o Hard Drives
• Software
o Operating Systems
Troubleshooting Windows ME
Troubleshooting Windows 95
Troubleshooting Windows 98
o Applications
Printers
Networks
• Hardware
o Printers
o DVD - Troubleshooting DVD problems is like troubleshooting any other kind of problem. First you must determine what is causing the problem. DVD problems can be caused by hardware, software, and/or bad discs.
Disks Skip
Tray Does Not Open
o Hard Drives
• Software
o Operating Systems
Troubleshooting Windows NT
Troubleshooting Windows 2000
o Applications
o TCP/IP
Utilities for Troubleshooting TCP/IP
Testing the TCP/IP Configuration
Finding Computer Names
Finding the MAC Address
Troubleshooting Windows 98
Unless otherwise noted all troubleshooting proceedures in this section apply to both Windows 98 and Windows 98 Second Edition. If any proceedure is specific to only Windows 98 Second Edition it will be noted.
What Kind of Problem?
• Hangs during Shutdown Troubleshooting
I. Computer hangs when shutting down Windows 98.
A. Display adapter or driver may not be compatible with Windows 98 or may not be working correctly.
To check this:
1. Click on Start/Run.
2. Type msconfig, then click OK.
3. Click Advanced.
4. Select VGA 640 x 480 x 16.
5. Click OK.
6. Click OK to restart computer.
B. Corrupted Shutdown Sound File
1. Go to Control Panel.
2. Doule click the Sound icon.
3. Change the sound you are using for Shutdown.
C. Disable Fast Shutdown
1. Click Start/Run
2. Type msconfig
3. Click OK.
4. Click Advanced.
5. Select Disable fast shutdown.
6. Click OK.
7. Restart Computer
D. Advanced Power Management (APM) could be the problem
To determine if APM is causing the problem.
1. Click Start/Settings/Control Panel
2. Double-click System.
3. Click on the Device Manager.
4. Double-click System Devices.
5. Double-click Advanced Power Management.
6. Click the Settings tab.
7. Click Enable Power Management to clear it.
8. Click OK.
9. Click Close.
10. Restart the computer
II. Dangerously Low on System Resources - Slow performance, error messages when you start a program, applications hanging, or the entire system locking up or crashing can all be symptoms of low system resources. This is most likely caused by a poorly programmed application not releasing memory like it's suppose to. The short-term fix is to reboot. When you reboot, all system resources are cleared. The long term fix is to upgrade to Windows 2000 or Windows XP. Windows 2000 and Windows XP use a much more sophisticated method of controlling memory.
III. Troubleshooting Corrupted Desktop Icons - To fix corrupted desktop icons, delete the hidden file "ShellIconCache".
IV. Windows 98 Second Edition Hangs during Suspend
Cause: Bug that happens when the path specified for the swapfile includes a lowercase drive letter in the [386Enh] section of the System.ini.
Fix:
Windows 98 Second Edition Hangs During Suspend Fix
1. Open System.ini in notepad
2. Go to the [386Enh] section
3. Find "PagingFile="
4. Change the lowercase drive letter to uppercase
Troubleshooting Windows NT
Troubleshooting Email
• Outlook
o 2000
Can't Copy or Open a File - When you can't copy or open a file in Outlook 2000, the first thing to try is recreate the user's NT Profile.
Troubleshooting Network Printing
• The Spooler
o Spooler Service will not Start - When the spooler service does not start, it is usually caused by a corrupt job in the spooler. Delete the corrupt job.
Troubleshooting Windows 2000
Troubleshooting with Device Manager
Device Manager is one of the tools you can use when troubleshooting Windows 2000. Device Manager is one of the snap-ins located under System Tools in Computer Management. Device Manager provides you with a view of the hardware installed on your computer, in a graphical format. You use Device Manager to disable, uninstall, and update device drivers.
Finding Your IP Address
Click on Start/Programs/Accessories/Command Prompt and type in "ipconfig", without the quotes. For more information type "ipconfig /all", without the quotes.
Troubleshooting Internet Communications Problems
Any of the following reasons could cause a problem communicating with an internet server:
1. The server is not functioning
2. Improper configuration of your internet browser
3. Incorrect TCP/IP configuration for your dial-up connection
4. Your ISP's Domain Name Service (DNS) server is not working
• Try a Known Good Server - If you can't get to a specific server on the internet, try connecting to http://www.barnettcomputerservices.com or http://www.karenscountrykitchen.com. If you can connect to any one of these servers but can't connect to the original server you were trying, chances are the first server you were trying is down. Your TCP/IP configuration is ok.
Server Won't Boot
Providing the problem isn't hardware you can always reformat the hard drive and reload the operating system. But let's face it, that's rarely going to be the practical solution. Always start by working from the simplest solutions to the more complex solutions.
The first question you should be asking is "what changed recently". If everything was working fine, someone changed something and now the server won't boot up, chances are whatever the changes were, killed the server.
Server Boots to a Blank Screen
If the server boots to a blank screen, you have a video driver problem. The video driver has become corrupt, an incorrect video driver is being used, or the video driver is set to the wrong resolution.
Utilites for Troubleshooting TCP/IP
• Ping: Tests connections
• ARP: Displays locally resolved IP addresses as physical addresses
• Ipconfig: Displays the current TCP/IP configuration
• Nbtstat: Displays statistics and connections using NetBIOS over TCP/IP
• Netstat: Displays TCP/IP protocol statistics and connections
• Route: Displays or modifies local routing table
• Hostname: Returns the local computer's host name
• Tracert: Checks the route to a remote system
All of the above utilities are executed from a command prompt. For more information on any of these commands, except Hostname and Tracert, go to a command prompt and type the command followed by /? then press Enter. For example Ping /? then press Enter.
Testing the TCP/IP Configuration
Use ipconfig and ping command-prompt utilities to test configuration and connections to other TCP/IP hosts and networks.
• Using Ipconfig - Use the ipconfig utility to verify the TCP/IP configuration on a host. This helps determine whether the configuration is initialized, or whether a duplicate IP address exists. Use ipconfig with the /all switch.
Type ipconfig /all | more to prevent scolling off of the screen.
The following is the result of the ipconfig /all command.
o If a configuration has initialized, the ipconfig utility displays the IP address and subnet mask, and, if it is assigned, the default gateway.
o If a duplicate IP address exists, the subnet mask is 0.0.0.0
Finding Computer Names
If you know the IP address of a workstation but don't know the computer name, you can find out the computer name two ways. The first is to run tracert. From a DOS prompt, type tracert (space) and then the ip address. Hit enter and it should resolve the computer name for you.
The other way is to ping it with the "-a" flag. In other words, ping (space) -a (space) ip address. This should also resolve the computer name for you
Introduction to Computer Cases
The case is the foundation of your computer. Build your foundation on a rock. Don't plan on building a great computer by starting with a cheap case.
Classifications of Computer Cases
Computer cases come in three basic classifications:
• Desktop - Available in AT, ATX, Flex ATX, and NLX form factors.
• Mini Tower - Available in Micro ATX and Flex ATX form factors.
• Medium/Mid Tower - Available in AT, Flex/Micro ATX, ATX, and Extended ATX form factors.
The full tower cases have 4 or 5 drive bays you can fill however you like. Because of its' size, a full tower case is designed to sit on the floor. They're the perfect height to set your coffee on. (That's a joke; don't try it.)
There are some sub-categories of cases. For the most part you should steer clear of these if you're building your own pc. Two of these sub-categories are "slim line" and "micro towers". Many times these cases use non-standard boards. Finding these boards and/or replacement parts could be difficult.
Computer Case Form Factor
Computer cases are built to use a specific type of motherboard. Two examples of types of motherboards are "ATX" and "Baby AT". The term used for describing the type of motherboard is "form factor". You'll see statements like "form factor ATX", which simply means the motherboard is an ATX motherboard.
ATX Computer Cases
The ATX computer case form factor was invented by Intel® in 1995.
ATX computer cases rotate the processor and the expansion slots 90 degrees. This gives more room to add cards.
Power supply's on an ATX computer case have a side mounted fan which does a better job cooling the computer system.
An ATX computer case has a double height aperture in the back where the keyboard, mouse, parallel and serial ports are located. These ports are stacked on top of each other.
A Baby AT computer motherboard will not necessarily fit in an ATX form factor case. An ATX motherboard will not necessarily fit in a Baby AT form factor case and so on, and so on.
Choosing a Computer Case
When choosing a computer case, make sure the power supply is mounted on the top. Remember, hot air rises, so let's drag as little hot air across the computer's components as possible. Make sure the frame that houses the hard drive is removable. This is important. Believe it or not, there was a design a few years ago that required all the boards be removed from the motherboard and the motherboard be tilted back in order to remove the hard drive.
When choosing which computer case you want to buy, think about the future. Do you want to be able to expand your computer in the future? Will you want to be able to upgrade this computer in the future? Your answer will most likely be "yes". If you're the type of person who is ambitious enough to build your own pc, then you're the type of person who will want to expand on your computer system somewhere down the road. So if expansion is in your future, you can forget about a desktop case right now. You want a mid tower or a full tower case. In order to save space, desktop cases just aren't built for expandability. And let's be honest here, they just plain look whimpy.
If you're limited on desktop space, (and hey, who isn't), a tower case can fit conveniently on the floor, freeing up precious desk space.
Shut down issues in Windows 98
If you are currently running an anti-virus program on the computer it may interfere with the shutdown procedure. If so disable the floppy drive scan on shutdown.
For Norton AV: Go to Start, Programs, Norton AntiVirus, Norton Anti Virus. Click the Options button, and then go to the AutoProtect tab. Click the Advanced button in the lower right corner and remove the check mark in "Check floppies when Rebooting computer" Hit Ok and close the Antivirus program.
For McAfee: Double click the Shield Icon in your System tray. On the Detection tab, uncheck Scan Floppies on Shutdown.
This is a common problem between Win98 and many antivirus programs. You may also want to make sure that you have any patches or updates for the program installed that may fix the problem.
If you still have the problem try removing any background programs. Follow these instructions to do this:
Click Start and select Run.
Delete the contents of the box if there is text present and type msconfig
Then click OK.
Select the Startup tab at the top right.
Remove checks from all items excpet the following:
Scan Registry
System Tray
2 Load Power Profiles
Then click OK. Windows will ask you to reboot click YES.
These are the only items needed to run windows efficiently. All other programs will continue to function when the applications are started.
If you use any PCMCIA card on the unit you may want to stop the card before you shut down.
To do this follow these instructions:
Click on Start go to Settings, and click on Control Panel.
Double click on the PC cards (PCMCIA) icon.
In the list it will show the cards you have inserted in the sockets. Highlight the card and click on the Stop button.
It will then tell you it is safe to remove the card. You do not have to remove it just make sure it is stopped.
Do this for all PCMCIA cards before you shut down.
Lastly you can try one more thing.
NOTE: This involves changing settings in the Windows registry. If any incorrect changes are made the computer may not boot back to Windows. Follow these instructions carefully and at your own risk.
Click on Start, click on Run.
Type in MSCONFIG. Click on the Advanced button.
Remove the check from disable fast shutdown. Click OK, and the click OK again. It will want to restart, tell it YES to restart.
Once it gets into Windows we want to make some changes to the registry. Click on Start go to Run
Type REGEDIT and click OK. It will bring up the registry editor.
On the left there are some folders listed. Click the plus(+) symbol next to HKEY_LOCAL_MACHINE, in the list of folders below double click on System, then on CurrentControlSet, then Control,
Click and highlight the Shutdown folder.
In the right side of the registry editor window it will show you the contents of the Shutdown folder. You will see an entry that says FastReboot.
Right click on Fast Reboot and then click on Modify.
In the new window there will be a box that says Data Value. Erase whatever is in that box and type in the number 0.
Click OK.
Close the registry editor out.
Restart the computer.
Once it gets back into windows try to shut it down. Remember to stop your PCMCIA cards first. See if that helps it.
If you are still having problems refer to Microsoft's Knowledge Base(http://search.support.microsoft.com/kb/c.asp?fr=0&SD=GN&LN=EN-US) and refer to the following article:Q202633 - How to Troubleshoot Windows 98 Shutdown Problems
If you continue to have problems you will want to contact Technical Support directly by phone. You can contact WinBook Technical Support at 800-468-1225 or 614-334-1497 from 8am to 9pm Mon-Fri and 9am to 4pm Sat Eastern Time.
For Norton AV: Go to Start, Programs, Norton AntiVirus, Norton Anti Virus. Click the Options button, and then go to the AutoProtect tab. Click the Advanced button in the lower right corner and remove the check mark in "Check floppies when Rebooting computer" Hit Ok and close the Antivirus program.
For McAfee: Double click the Shield Icon in your System tray. On the Detection tab, uncheck Scan Floppies on Shutdown.
This is a common problem between Win98 and many antivirus programs. You may also want to make sure that you have any patches or updates for the program installed that may fix the problem.
If you still have the problem try removing any background programs. Follow these instructions to do this:
Click Start and select Run.
Delete the contents of the box if there is text present and type msconfig
Then click OK.
Select the Startup tab at the top right.
Remove checks from all items excpet the following:
Scan Registry
System Tray
2 Load Power Profiles
Then click OK. Windows will ask you to reboot click YES.
These are the only items needed to run windows efficiently. All other programs will continue to function when the applications are started.
If you use any PCMCIA card on the unit you may want to stop the card before you shut down.
To do this follow these instructions:
Click on Start go to Settings, and click on Control Panel.
Double click on the PC cards (PCMCIA) icon.
In the list it will show the cards you have inserted in the sockets. Highlight the card and click on the Stop button.
It will then tell you it is safe to remove the card. You do not have to remove it just make sure it is stopped.
Do this for all PCMCIA cards before you shut down.
Lastly you can try one more thing.
NOTE: This involves changing settings in the Windows registry. If any incorrect changes are made the computer may not boot back to Windows. Follow these instructions carefully and at your own risk.
Click on Start, click on Run.
Type in MSCONFIG. Click on the Advanced button.
Remove the check from disable fast shutdown. Click OK, and the click OK again. It will want to restart, tell it YES to restart.
Once it gets into Windows we want to make some changes to the registry. Click on Start go to Run
Type REGEDIT and click OK. It will bring up the registry editor.
On the left there are some folders listed. Click the plus(+) symbol next to HKEY_LOCAL_MACHINE, in the list of folders below double click on System, then on CurrentControlSet, then Control,
Click and highlight the Shutdown folder.
In the right side of the registry editor window it will show you the contents of the Shutdown folder. You will see an entry that says FastReboot.
Right click on Fast Reboot and then click on Modify.
In the new window there will be a box that says Data Value. Erase whatever is in that box and type in the number 0.
Click OK.
Close the registry editor out.
Restart the computer.
Once it gets back into windows try to shut it down. Remember to stop your PCMCIA cards first. See if that helps it.
If you are still having problems refer to Microsoft's Knowledge Base(http://search.support.microsoft.com/kb/c.asp?fr=0&SD=GN&LN=EN-US) and refer to the following article:Q202633 - How to Troubleshoot Windows 98 Shutdown Problems
If you continue to have problems you will want to contact Technical Support directly by phone. You can contact WinBook Technical Support at 800-468-1225 or 614-334-1497 from 8am to 9pm Mon-Fri and 9am to 4pm Sat Eastern Time.
Build ur own home network
Ethernet Choice
The first thing you want to do when attempting to build your own home network, is choose what you want to use for cabling. For ease of use, and easy expansion, I suggest using 10/t or 100/TX. 10/T and 100/TX both use Cat5 Cabling. If you look at it, it looks like a phone wire, but has twice as many wires both on the plug and in the wire. Because I'm suggesting 10/T (which it will not be referred as) I'm also going to write this tutorial as though 10/T is the only choice, because, in my mine, it is. All other types are inferior in too many ways.
Get some NICs
Now that you've settled on what type of Ethernet to use, (thanks to me) you'll want to get some Network Interface Cards for each computer you plan to put on your network. Network Interface Cards, are just that, they are a card that interfaces your computer with the rest of the network. If you can, get cards that will fit into a PCI slot in your computer, if your computer has such slots. PCI Network cards are much easier to use than any other type of card.. If you can't get PCI, I recommend ISA cards made by 3COM. They are just as easy to use, and require no jumper configuration. If you can't get either, it's time to shop around, or save up your money. Another thing to consider when buying NICs is the speed of your network. You can choose from either 10Mbps (10/T) or 100Mbps(100/TX.) If you only get 10/T cards, the speed that computer on the network will only be 10Mbps, but if you get both 100/TX cards, and a 100/TX, along with a hub, which I'll talk about later, you will increase your speed ten-fold. Don't expect your speed increase to come without cost. Generally, 100/TX components cost from two to five times a much, depending on the component. While on the subject of speed, another important thing to take into account is duplex. By this time, we should all know how duplex works. In half-duplex, or normal mode, one card talks, while the other listens, and vice-versa. In full-duplex mode, both cards can talk and listen at the same time, which means a 2x speed increase. Which means on a 100/TX network, full-duplex will bring throughput up to 200Mbps, under the right conditions. Full-Duplex equipment will also cost more.
Every Good Network Needs a Hub!
There are two ways to run a Network using 10/T. Computer to Computer, or Computer to Hub (the Hub connects to all other computers.) Obviously, a Hub must then be used when 3 or more computers need to be networked. When only 2 computers need to be networked, a special type of cable, called cross-over cable can be used. The only problem with that, is further expansion. When you get a 3rd computer, you have to also buy a hub. Just like the NICs, the Hub can be a bottleneck in your network speed. If you have 100/TX cards, and a 10/T hub, your WHOLE network (not just a segment as with NICs) will run at 10Mbps. If you get 100/TX cards, it's suggested to get a 100/TX hub to go along with it, unless you plan on upgrading in the future due to money constraints. The number of ports (places you plug the cable in) is also important. Usually, you'll want to make room for further expansion. I like to buy hubs that will have 25% more capacity (or more depending on the situation) than is needed. So, if you have 3 computers, buy a 4 port hub. If you have 6, buy an 8 port, and so on. Don't forget that an uplink port is also nice. If you run out of spaces, you can use the uplink port to link that hub with another hub. There is a problem with that though. All the computers from the first half only have one line to access the computers in the other half of the segment. That really isn't a major concern in homes, but it's a major concern in upstart businesses. The positioning of the hub also plays an important role. Some people, like myself, like to have the hub close to the central computer of the network. In some cases, that might be the server. In other's, it might be the computer that is used most by the "Computer Guy/Gal" of the house. It's your choice where you place it, because it's your hub. Just remember, you'll need to buy enough cable to reach the hub from all computers that are being networked.
Cable Concerns
Cable is VERY important. If it weren't for the cable, we'd have no network. The first concern is cable quality. Quality, in effect, is rated using the Cat System. The higher the Cat Rating, the faster your cable will travel. Being Cat cable also rates phone lines, there are only two Cat ratings used for Ethernet cable. They are Cat3 and Cat5. For 10/t networks, that WILL NOT be upgrading in the future, Cat3 is fine. But, as soon as you want to upgrade to 100/TX, all Cat3 cable must be replaced to Cat5, which can handle that speed.
Physical cable placement is another concern. For liability and safety reasons, I'm sure you don't want cable running all over the ground. For the home user, that might be fine, but in a business, it's a hazard waiting to happen. Cabling can be run though the walls, and attached to a port that fixes to your wall just like the phone cable port. They are called "Data Drops." These plastic outlets only cost a buck or two, depending on where you buy them, and are very worth while. One final note, just remember to buy the right amount of cable needed to run where you want it to go. Having left over cable is better than having not enough.
Topology
Topology is a pretty tricky thing. Exactly where are your cables going to go and how are they going to connect? As said before, you want more ports on your hub than you do on computers. In my home, I have 3 computers, (soon to be 4) with a 4 port hub. There is a slight problem though. All 3 computers are next to walls that are totally finished off, and filled with insulation. What I ended up doing in my home, is drilling a hole in the room upstairs with the 1 computer in it, and running the cable though the rafters, to the utility room, which is on the floor below, and on the other side of the house. From the utility room, I ran the cable behind the molding between the wall and the carpet, all the way to my hub, which is by the other 2 computers, one being a Home Server, and another being the PC I am typing this one. If I were to directly connect the computers "as the crow flies" I would only need 15' of cable. But, with the setup I currently have, which is the easiest to do with this house, I needed 50' of cable. Your home may be different. You my choose to preinstall a RJ-45 wall jacks in every bedroom, den, and living room in your home, which eventually lead to a central hub, so all you have to do is plug the computer in the wall jack, and plug the hub into the wall jack near it that corresponds with the wall jack the computer is plugged into.
Running out of hub ports is also a major problem. If you run out of hub ports, you have to buy another hub, which will severely hurt your performance (I am mentioning this again because it is very important!!) If you are running a small office which will expand a lot, you will thank yourself in the long run in buying a 32port Mega hub, instead of changing four 8 port hubs together. If you end up having to chain ports together, the computers on one hub will only have 1 line to talk to each other, instead of having "free" communication like they were all on 1 hub. So, if you have a proxy server on one of your hubs sharing the internet connection, the PCs furthest away from the server will get the least data if it's on a busy network. If you have to use multiple hubs, there are 2 ways to do it. The wrong way, and the "if you have to..." way.
The Two Ways to do Things
As you can tell from the graphic on the top (What not to do!), that the PCs on the top of the graphic will get the least amount of data from the server during busy times, because it has to share it has the most hubs between it and the server. On the bottom graphic (If you have to...Do this.) Every PCs has the same amount of hubs between it and the server, two. If you got to use more than 1 hub, do it that way. Otherwise, you'll be sorry!
The first thing you want to do when attempting to build your own home network, is choose what you want to use for cabling. For ease of use, and easy expansion, I suggest using 10/t or 100/TX. 10/T and 100/TX both use Cat5 Cabling. If you look at it, it looks like a phone wire, but has twice as many wires both on the plug and in the wire. Because I'm suggesting 10/T (which it will not be referred as) I'm also going to write this tutorial as though 10/T is the only choice, because, in my mine, it is. All other types are inferior in too many ways.
Get some NICs
Now that you've settled on what type of Ethernet to use, (thanks to me) you'll want to get some Network Interface Cards for each computer you plan to put on your network. Network Interface Cards, are just that, they are a card that interfaces your computer with the rest of the network. If you can, get cards that will fit into a PCI slot in your computer, if your computer has such slots. PCI Network cards are much easier to use than any other type of card.. If you can't get PCI, I recommend ISA cards made by 3COM. They are just as easy to use, and require no jumper configuration. If you can't get either, it's time to shop around, or save up your money. Another thing to consider when buying NICs is the speed of your network. You can choose from either 10Mbps (10/T) or 100Mbps(100/TX.) If you only get 10/T cards, the speed that computer on the network will only be 10Mbps, but if you get both 100/TX cards, and a 100/TX, along with a hub, which I'll talk about later, you will increase your speed ten-fold. Don't expect your speed increase to come without cost. Generally, 100/TX components cost from two to five times a much, depending on the component. While on the subject of speed, another important thing to take into account is duplex. By this time, we should all know how duplex works. In half-duplex, or normal mode, one card talks, while the other listens, and vice-versa. In full-duplex mode, both cards can talk and listen at the same time, which means a 2x speed increase. Which means on a 100/TX network, full-duplex will bring throughput up to 200Mbps, under the right conditions. Full-Duplex equipment will also cost more.
Every Good Network Needs a Hub!
There are two ways to run a Network using 10/T. Computer to Computer, or Computer to Hub (the Hub connects to all other computers.) Obviously, a Hub must then be used when 3 or more computers need to be networked. When only 2 computers need to be networked, a special type of cable, called cross-over cable can be used. The only problem with that, is further expansion. When you get a 3rd computer, you have to also buy a hub. Just like the NICs, the Hub can be a bottleneck in your network speed. If you have 100/TX cards, and a 10/T hub, your WHOLE network (not just a segment as with NICs) will run at 10Mbps. If you get 100/TX cards, it's suggested to get a 100/TX hub to go along with it, unless you plan on upgrading in the future due to money constraints. The number of ports (places you plug the cable in) is also important. Usually, you'll want to make room for further expansion. I like to buy hubs that will have 25% more capacity (or more depending on the situation) than is needed. So, if you have 3 computers, buy a 4 port hub. If you have 6, buy an 8 port, and so on. Don't forget that an uplink port is also nice. If you run out of spaces, you can use the uplink port to link that hub with another hub. There is a problem with that though. All the computers from the first half only have one line to access the computers in the other half of the segment. That really isn't a major concern in homes, but it's a major concern in upstart businesses. The positioning of the hub also plays an important role. Some people, like myself, like to have the hub close to the central computer of the network. In some cases, that might be the server. In other's, it might be the computer that is used most by the "Computer Guy/Gal" of the house. It's your choice where you place it, because it's your hub. Just remember, you'll need to buy enough cable to reach the hub from all computers that are being networked.
Cable Concerns
Cable is VERY important. If it weren't for the cable, we'd have no network. The first concern is cable quality. Quality, in effect, is rated using the Cat System. The higher the Cat Rating, the faster your cable will travel. Being Cat cable also rates phone lines, there are only two Cat ratings used for Ethernet cable. They are Cat3 and Cat5. For 10/t networks, that WILL NOT be upgrading in the future, Cat3 is fine. But, as soon as you want to upgrade to 100/TX, all Cat3 cable must be replaced to Cat5, which can handle that speed.
Physical cable placement is another concern. For liability and safety reasons, I'm sure you don't want cable running all over the ground. For the home user, that might be fine, but in a business, it's a hazard waiting to happen. Cabling can be run though the walls, and attached to a port that fixes to your wall just like the phone cable port. They are called "Data Drops." These plastic outlets only cost a buck or two, depending on where you buy them, and are very worth while. One final note, just remember to buy the right amount of cable needed to run where you want it to go. Having left over cable is better than having not enough.
Topology
Topology is a pretty tricky thing. Exactly where are your cables going to go and how are they going to connect? As said before, you want more ports on your hub than you do on computers. In my home, I have 3 computers, (soon to be 4) with a 4 port hub. There is a slight problem though. All 3 computers are next to walls that are totally finished off, and filled with insulation. What I ended up doing in my home, is drilling a hole in the room upstairs with the 1 computer in it, and running the cable though the rafters, to the utility room, which is on the floor below, and on the other side of the house. From the utility room, I ran the cable behind the molding between the wall and the carpet, all the way to my hub, which is by the other 2 computers, one being a Home Server, and another being the PC I am typing this one. If I were to directly connect the computers "as the crow flies" I would only need 15' of cable. But, with the setup I currently have, which is the easiest to do with this house, I needed 50' of cable. Your home may be different. You my choose to preinstall a RJ-45 wall jacks in every bedroom, den, and living room in your home, which eventually lead to a central hub, so all you have to do is plug the computer in the wall jack, and plug the hub into the wall jack near it that corresponds with the wall jack the computer is plugged into.
Running out of hub ports is also a major problem. If you run out of hub ports, you have to buy another hub, which will severely hurt your performance (I am mentioning this again because it is very important!!) If you are running a small office which will expand a lot, you will thank yourself in the long run in buying a 32port Mega hub, instead of changing four 8 port hubs together. If you end up having to chain ports together, the computers on one hub will only have 1 line to talk to each other, instead of having "free" communication like they were all on 1 hub. So, if you have a proxy server on one of your hubs sharing the internet connection, the PCs furthest away from the server will get the least data if it's on a busy network. If you have to use multiple hubs, there are 2 ways to do it. The wrong way, and the "if you have to..." way.
The Two Ways to do Things
As you can tell from the graphic on the top (What not to do!), that the PCs on the top of the graphic will get the least amount of data from the server during busy times, because it has to share it has the most hubs between it and the server. On the bottom graphic (If you have to...Do this.) Every PCs has the same amount of hubs between it and the server, two. If you got to use more than 1 hub, do it that way. Otherwise, you'll be sorry!
Did you know... Windows Tips
Did you know... How to disable the original Administrator account
In Windows Server 2003, for the first time, you CAN disable the Administrator account. My point is that every hacker knows that Windows has a username called Administrator, so defend it by disabling the account. (Right Click the Administrator, Disable) Obviously you must create another account with administrative privileges.
Did you know... How to view Advanced features
As you are an expert, display all those hidden menus and folders. a) Go to the Active Directory Users and Computers, Select View (Menu) then check: Advanced Features. Now you should see the 'LostAndFound' folder and so be able to check for any orphaned users. b) Select the DNS Icon, View (Menu), Advanced. c) Device Manager, Show Hidden Devices.
Did you know... The easiest way to bring up the System Icon
(Windows Key) + Pause/Break (Key)
Did you know... How to Identify unused accounts
Use the DSQUERY computer -inactive NumberOfWeeks command to identify all machines that were not logged on to Active Directory during the specified NumberOfweeks.
Note that the command above should be used if your domain is running at the Windows Server 2003 functional level. If your domain still has Windows 2000 computers in it and is running in the mixed-mode functional level, use DSQUERY computer -stalepwd NumberOfDays instead.
Deploying a Windows XP Embedded Runtime
Deploying a Windows XP Embedded runtime to your device can be very easy, but there are a few tips to help you avoid the pitfalls. For clarity, I'm using "deploying an image" to mean moving the runtime image to the device and booting the runtime on that device; and for simplicity, I'll use a standard integrated device electronics (IDE) hard drive as our boot media.
In Windows Server 2003, for the first time, you CAN disable the Administrator account. My point is that every hacker knows that Windows has a username called Administrator, so defend it by disabling the account. (Right Click the Administrator, Disable) Obviously you must create another account with administrative privileges.
Did you know... How to view Advanced features
As you are an expert, display all those hidden menus and folders. a) Go to the Active Directory Users and Computers, Select View (Menu) then check: Advanced Features. Now you should see the 'LostAndFound' folder and so be able to check for any orphaned users. b) Select the DNS Icon, View (Menu), Advanced. c) Device Manager, Show Hidden Devices.
Did you know... The easiest way to bring up the System Icon
(Windows Key) + Pause/Break (Key)
Did you know... How to Identify unused accounts
Use the DSQUERY computer -inactive NumberOfWeeks command to identify all machines that were not logged on to Active Directory during the specified NumberOfweeks.
Note that the command above should be used if your domain is running at the Windows Server 2003 functional level. If your domain still has Windows 2000 computers in it and is running in the mixed-mode functional level, use DSQUERY computer -stalepwd NumberOfDays instead.
Deploying a Windows XP Embedded Runtime
Deploying a Windows XP Embedded runtime to your device can be very easy, but there are a few tips to help you avoid the pitfalls. For clarity, I'm using "deploying an image" to mean moving the runtime image to the device and booting the runtime on that device; and for simplicity, I'll use a standard integrated device electronics (IDE) hard drive as our boot media.
ReInstalling WindowsXP Without loosing your settings!
If you need to reinstall WindowsXP and want to keep all your current installed applications and settings:
1. Start WindowsXP
2. Go to the location of your source files
3. Run WINNT32 /unattend
I’ve often need to do this to repair something that had gotten corrupted and didn’t want to do a clean install.
Other Cool XP tips:
Adding SafeBoot to the Boot Menu:
You can add Safeboot as an option to the normal XP boot screen
1. Open a command prompt
2. Copy the current c:\boot.ini to another name (just in case)
3. With your favorite text editor, edit c:\boot.ini
4. Copy then edit the current boot line to another line. For example:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect
might copy and then change to:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional Safeboot” /fastdetect
5. Start MSCONFIG
6. Click on the BOOT.INI tab
7. Highlight the second line with the additional name of Safeboot
8. Check the /SAFEBOOT box with option you want
Minimal - Minimal set of drivers
Network - With Network Support
Dsrepair - Directory Services Repair
Minimal (Alternate Shell) - Standard Explorer Desktop
9. You will now have this option every time you start XP
Changing the Default DOS Window Properties:
If you want to change the default DOS windows properties like:
• Size
• Color
• Font
• Buffer Size
• Window / Full Screen
1. Open up a DOS window
2. Right click on the Title Bar
3. Select Defaults
4. Make any of the changes you like
5. All subsequent DOS windows will assume these defaults
Set the Online Registration as Being Completed
You can set WindowsXP to assume the online registration has been completed.
1. Run Regedit
2. Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion
3. Create a String Value called RegDone
4. Give it a value of 1
Download reg file
Rollback a Device Driver
If you install a device driver that does not work correctly,
you can restore the previous one fairly easily.
1. Log in with an administrator account
2. Right click on My Computer
3. Select Properties
4. Click on the Hardware tab
5. Click on the Device Manager button
6. Go to the device you want to reconfigure
7. Click on the Driver tab
8. Click on the Roll Back Drive button
WindowsXP Command Line Utilities
While there are a lot of command line utilities in WindowsXP, here are few good ones:
bootcfg - Configures, queries, or changes Boot.ini file settings.
driverquery - Displays a list of all installed device drivers and their properties.
getmac - Returns the media access control (MAC) address and list of network protocols associated with each address for all network cards in each computer
gpresult - Displays Group Policy settings and Resultant Set of Policy (RSOP) for a user or a computer
netsh - You can use commands in the Netsh Interface IP context to configure the TCP/IP protocol
schtasks - Schedules commands and programs to run periodically or at a specific time
systeminfo - Displays detailed configuration information about a computer and its operating system
* To get a quick help for all the commands you can enter from WindowsXP,
simply create a shortcut:
hh.exe ms-its:C:\WINDOWS\Help\ntcmds.chm::/ntcmds.htm
Creating an Automated Install of WindowsXP
On the WindowsXP CP, in the SUPPORT\TOOLS directory,
there is a file called DEPLOY.CAB.
1. Extract the programs DEPLOY.CHM (help file) and SETUPMGR.EXE (main program)
2. Run SETUPMGR and answer the prompts.
3. This will create both a unattend.bat and unattend.txt file you can use for automated installs.
4. Note: The batch file might need some minor modification for file locations but it is fairly basic.
Using the System File Checker
You can run the System File Checker to verify protected system files.Command line switches are:
sfc [/scannow] [/scanonce] [/scanboot] [/revert] [/purgecache] [/cachesize=x]
• /scannow - Scans all protected system files immediately.
• /scanonce - Scans all protected system files once.
• /scanboot - Scans all protected system files every time the computer is restarted.
• /revert - Returns the scan to its default operation.
• /purgecache - Purges the Windows File Protection file cache and scans all protected system files immediately.
• /cachesize=x - Sets the size, in MB, of the Windows File Protection file cache.
Speeding Up the Display of Start Menu Items
An easy way to speed up the display of the Start Menu Items is to turn off the menu shadow.
1. Right click on an open area of the Desktop
2. Select Properties
3. Click on the Appearance tab
4. Click on the Effects button
5. Uncheck Show shadows under menus
Changing the Default Search Settings
By default, when you start a search,
you are prompted for what you want to search for.
(e.g. Pictures, Documents, Files, Computers)
To change the preferences, simply click on Change preferences
From here you can:
1. Turn off the animated screen character
2. Change files and folders search behavior (setting it to Advanced changes the default search screen to be for simply files)
3. Internet search settings
4. Turn off balloon tips
Adding / Removing Additional Programs
By default, WindowsXP does not display all the programs you can add or remove.
To show this list:
Edit the \Windows\Inf\sysoc.inf file
In the Components section, simply remove the word hide.
This will leave two commas together (like on the rest of the items).
Then you can go to the Control Panel / Add or Remove Programs / Add/Remove Windows Components and the new items will be displayed.
[Components]
NtComponents=ntoc.dll,NtOcSetupProc,,4
WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7
Display=desk.cpl,DisplayOcSetupProc,,7
Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7
NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7
iis=iis.dll,OcEntry,iis.inf,,7
com=comsetup.dll,OcEntry,comnt5.inf,hide,7
dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7
IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7
TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2
msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6
ims=imsinsnt.dll,OcEntry,ims.inf,,7
fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7
AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
msnexplr=ocmsn.dll,OcEntry,msnmsn.inf,,7
smarttgs=ocgen.dll,OcEntry,msnsl.inf,,7
RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7
Games=ocgen.dll,OcEntry,games.inf,,7
AccessUtil=ocgen.dll,OcEntry,accessor.inf,,7
CommApps=ocgen.dll,OcEntry,communic.inf,HIDE,7
MultiM=ocgen.dll,OcEntry,multimed.inf,HIDE,7
AccessOpt=ocgen.dll,OcEntry,optional.inf,HIDE,7
Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7
MSWordPad=ocgen.dll,OcEntry,wordpad.inf,HIDE,7
ZoneGames=zoneoc.dll,ZoneSetupProc,igames.inf,,7
Changing Drive Letters
If you want to change the letters assigned to your fixed or removable drives:
1. Right Click on My Computer
2. Select Manage
3. Select Disk Management
For a Fixed Disk:
1. Select it
2. Right click
3. Select Change Drive Letter and Path
4. Click on the Edit button
5. Enter in the letter you want to use
For a Removable Disk:
1. In the lower, right hand panel, right click on the Disk or CD ROM #
2. Select Change Drive Letter and Path
3. Click on the Edit button
4. Enter in the letter you want to use
Note: This can only be done for drives that do not have the Operating System Installed or you are booting to.
Adding SafeBoot to the Boot Menu
You can add Safeboot as an option to the normal XP boot screen
1. Open a command prompt
2. Copy the current c:\boot.ini to another name (just in case)
3. With your favorite text editor, edit c:\boot.ini
4. Copy then edit the current boot line to another line. For example:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect
might copy and then change to:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional Safeboot” /fastdetect
5. Start MSCONFIG
6. Click on the BOOT.INI tab
7. Highlight the second line with the additional name of Safeboot
8. Check the /SAFEBOOT box with option you want
Minimal - Minimal set of drivers
Network - With Network Support
Dsrepair - Directory Services Repair
Minimal (Alternate Shell) - Standard Explorer Desktop
9. You will now have this option every time you start XP
Enable / Disable the Task Manager
1. Start Regedit
2. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
3. Create the Dword value DisableTaskMgr
4. Give it a value of 0 to enable it
5. Give it a vaule of 1 to disable it
Download Reg File
NTLDR or NTDETECT.COM Not Found
If you get an error that NTLDR is not found during bootup,
If you have FAT32 partitions, it is much simpler than with NTFS.
Just boot with a Win98 floppy and copy the NTLDR or NTDETECT.COM files
from the i386 directory to the root of the C:\ drive.
For NTFS:
1. Insert and boot from your WindowsXP CD.
2. At the first R=Repair option, press the R key
3. Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4. Enter in the administrator password when requested
5. Enter in the following commands (X: is replaced by the actual drive letter that is assigned to the CD ROM drive.
COPY X:\i386\NTLDR C\:
COPY X:\i386\NTDETECT.COM C:\
6. Take out the CD ROM and type exit
Corrupted or Missing \WINDOWS\SYSTEM32\CONFIG
If you get the error:
Windows could not start because the following files is missing or corrupt
\WINDOWS\SYSTEM32\CONFIG\SYSTEM or \WINDOWS\SYSTEM32\CONFIG\SOFTWARE
1. Insert and boot from your WindowsXP CD.
2. At the first R=Repair option, press the R key
3. Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4. Enter in the administrator password when requested
5. cd \windows\system32\config
6. Depending on which section was corrupted:
ren software software.bad or ren system system.bad
7. Depending on which section was corrupted
copy \windows\repair\system
copy \windows\repair\software
8. Take out the CD ROM and type exit
HAL.DLL Missing or Corrupt
If you get an error regarding a missing or corrupt hal.dll file, it might simply be the BOOT.INI file on the root of the C: drive that is misconfigured
1. Insert and boot from your WindowsXP CD.
2. At the first R=Repair option, press the R key
3. Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4. Type bootcfg /list to show the current entries in the BOOT.INI file
5. Type bootcfg /rebuild to repair it
6. Take out the CD ROM and type exit
NTOSKRNL Missing or Corrupt
If you get an error that NTOSKRNL not found:
1. Insert and boot from your WindowsXP CD.
2. At the first R=Repair option, press the R key
3. Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4. Change to the drive that has the CD ROM.
5. CD i386
6. expand ntkrnlmp.ex_ C:\Windows\System32\ntoskrnl.exe
7. If WindowsXP is installed in a different location, just make the necessary change to C:\Windows
8. Take out the CD ROM and type exit
Repair Install
If XP is corrupted to the point where none of the previous solutions get it to boot,
you can do a Repair Install that might work as well as keep the current settings.
Make sure you have your valid WindowsXP key.
The whole process takes about half an hour depending on your computer
If you are being prompted for the administrator’s password, you need to choose the 2nd repair option, not the first.
1. Insert and boot from your WindowsXP CD
2. At the second R=Repair option, press the R key
3. This will start the repair
4. Press F8 for I Agree at the Licensing Agreement
5. Press R when the directory where WindowsXP is installed is shown. Typically this is C:\WINDOWS
6. It will then check the C: drive and start copying files
7. It will automatically reboot when needed. Keep the CD in the drive.
8. You will then see the graphic part of the repair that is like during a normal install of XP (Collecting Information, Dynamic Update, Preparing Installation, Installing Windows, Finalizing Installation)
9. When prompted, click on the Next button
10. When prompted, enter your XP key
11. Normally you will want to keep the same Workgroup or Domain name
12. The computer will reboot
13. Then you will have the same screens as a normal XP Install
14. Activate if you want (usually a good idea)
15. Register if you want (but not necessary)
16. Finish
17. At this point you should be able to log in with any existing accounts.
Services You Can Disable
There are quite a few services you can disable from starting automatically.
This would be to speed up your boot time and free resources.
They are only suggestions so I suggestion you read the description of each one when you run Services
and that you turn them off one at a time.
Some possibilities are:
• Alerter - Sends alert messages to specified users that are connected to the server computer.
• Application Management - Allows software to tap directly into the Add/Remove Programs feature via the Windows Installer technology.
• Background Intelligent Transfer Service - The Background Intelligent Transfer service is used by programs (such as Windows AutoUpdate) to download files by using spare bandwidth.
• Clipbook - ClipBook permits you to cut and paste text and graphics over the network.
• Error Reporting Service - Allows applications to send error reports to Microsoft in the event of an application fault.
• Fast User Switching - Windows XP allows users to switch quickly between accounts, without requiring them to log off.
• Help and Support - Allows the XP Built-in Help and Support Center to run.
• IMAPI CD-Burning COM Service - You don’t need this if you have other software to create CDs.
• Indexing Service - Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
• IP SEC - Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. If you are not on a domain, you likely don’t need this running.
• Messenger - Transmits net send and Alerter service messages between clients and servers. This is how a lot of pop-up windows start appearing on your desktop.
• Net Logon - Supports pass-through authentication of account logon events for computers in a domain. If you are not on a domain, you don’t need this running
• Network DDE - Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers.
• NT LM Security Support Provider - Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
• Performance Logs and Alerts - Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If you don’t need to monitor your performance logs, then you don’t need this service.
• Portable Media Serial Number - Retrieves the serial number of any portable music player connected to your computer
• QOS RSVP - Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
• Remote Desktop Help Session Manager - Manages and controls Remote Assistance. If you are not using Remote Desktop you don’t need this service.
• Remote Registry - Enables remote users to modify registry settings on this computer.
• Routing & Remote Access - Offers routing services to businesses in local area and wide area network environments. Allows dial-in access.
• Secondary Login - Enables starting processes under alternate credentials. This is what allows you to run an application as another user.
• Smart Card - Manages access to smart cards read by this computer.
• Smart Card Helper - Enables support for legacy non-plug and play smart-card readers used by this computer.
• SSDP Discovery Service - Enables discovery of UPnP devices on your home network.
• TCP/IP NetBIOS Helper - Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. This should not be needed in today’s network environment.
• Telnet - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients.
• Uninterruptible Power Supply Service - Manages an uninterruptible power supply (UPS) connected to the computer.
• Universal Plug and Play Device Host - Provides support to host Universal Plug and Play devices
• Upload Manager - Manages synchronous and asynchronous file transfers between clients and servers on the network.
• Volume Shadow Copy Service - Manages and implements Volume Shadow Copies used for backup and other purposes.
• Web Client - Enables Windows-based programs to create, access, and modify non-local files across the Internet.
• Wireless Zero Configuration - Provides automatic configuration for the 802.11 adapters
• WMI Performance Adapter - Provides performance library information from WMI HiPerf providers.
Running Network Diagnostics
Network Diagnostics scans your system to gather information about your hardware, software, and network connections.
Start / Run / NETSH DIAG GUI
The following is the type of information that can be displayed:
• Ping
• Connect
• Show
• Verbose
• Save to Desktop
• Mail Service
• News Service
• Internet Proxy Server
• Computer Information
• Operating System
• Windows Version
• Modems
• Network Clients
• Network Adapters
• Domain Name System (DNS)
• Dynamic Host Configuration Protocol (DHCP)
• Default Gateways
• Internet Protocol Address
• Windows Internet Naming Service (WINS)
Not Viewing Zip Files as Folders
If you want to turn of WindowsXP showing Zip files as folders,
just run:
regsvr32 /u zipfldr.dll
Hiding a XP Computer from Network Neighborhood
If you want to share files from a XP computer,
yet want to remove it from showing up in the Network Neighborhood,
Run net config server /hidden:yes
Viewing Installed Drivers
If you want to see a list of installed drivers, you can run the driverquery program
There are a lot of available switches to view different types of information.
On use can be to export to a CSV file for viewing in Excel
An example would then be:
Driverquery /v /fo csv > drivers.csv
Identify Faulty Device Drivers
If you are having problems with lockups, blue screens, or can only get to safe mode,
often the problem is due to a faulty device driver.
One way to help identify them is through the use of the Verfier program
1. Start / Run / Verifier
2. Keep the default of Create Standard Settings
3. Select the type of drivers you want to confirm
4. A list of drivers to be verified on the next boot will be shown.
5. Reboot
6. If your computer stops with a blue screen, you should get an error message with the problem driver
7. To turn off the Verifier, run verifier /reset
Determining Which Services are Associated with SVCHOST
Since so many critical services are run with each svchost,
You can see which ones are being used by opening a cmd prompt and running:
tasklist /svc /fi “imagename eq svchost.exe”
Opening Shared Folders Snap-In
To manage all your shared folders, you can run the snap-in directly
Start / Run / fsmgmt.msc
This will show you all your shared folders in a single window
You can also see what other computers are connected and what files they have open
Running CHKDSK
One way to run a chkdsk (this is like Scandisk that was with Win9X), is to
1. Double click on My Computer
2. Right click on the drive you want to check
3. Select Properties
4. Click on the Tools tab
5. Click on the Check Now button
6. Check to Automatically fix file system errors - This is the same as running chkdsk /f
7. If you want to Scan for and attempt recovery of bad sectors, check that box - This is the same as running chkdsk /R. It can also add a lot of time to the scan
8. Reboot if necessary
You can also run chkdsk from the command line with will give you more options.
The following switches are available:
/F - fix any errors
/R - identifies bad sectors
/V - with FAT32, displays a verbose output
With NTFS Volumes:
/I - Performs simpler check (stage 2)
/C - Skips the checking of cycles within folder structures
/X - Forces the volume to dismount if necessary. Intended for server administrators and should be avoided for normal use
Repairing Damaged Winsock2
The symptoms when Winsock2 is damaged shows when you try to release and renew the IP address using IPCONFIG.
And you get the following error message:
An error occurred while renewing interface ‘Internet’: An operation was attempted on something that is not a socket.
Also Internet Explorer may give the following error message:
The page cannot be displayed Additionally, you may have no IP address or no Automatic Private IP Addressing (APIPA) address, and you may be receiving IP packets but not sending them.
—–
If you have WindowsXP with Service Pack 2, there is a one line command you can run to reset the winsock2 registry entries
netsh winsock reset catalog
——
There are two easy ways to determine if Winsock2 is damaged:
From the XP source files, go to the Support / Tools directory
Winsock Test Method 1
Run netdiag /test:winsock
The end should say Winsock test ….. passed
Winsock Test Method 2
1. Run Msinfo32
2. Click on the + by Components
3. Click on the by Network
4. Click on Protocol
5. There should be 10 sections if the Winsock2 key is ok
MSAFD Tcpip [TCP/IP]
MSAFD Tcpip [UDP/IP]
RSVP UDP Service Provider
RSVP TCP Service Provider
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
If the names are anything different from those in this list, then likely Winsock2 is corrupted and needs to be repaired.
If you have any 3rd party software installed, the name MSAFD may be changed.
There should be no fewer than 10 sections.
To repair Winsock2
1. Run Regedit
2. Delete the following two registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2
Download Reg file to delete these entries
1. Restart the computer
2. Go to Network Connections
3. Right click and select Properties
4. Click on the Install button
5. Select Protocol
6. Click on the Add button
7. Click on the Have Disk button
8. Browse to the \Windows\inf directory
9. Click on the Open button
10. Click on the OK button
11. Highlight Internet Protocol (TCP/IP)
12. Click on the OK button
13. Reboot
1. Start WindowsXP
2. Go to the location of your source files
3. Run WINNT32 /unattend
I’ve often need to do this to repair something that had gotten corrupted and didn’t want to do a clean install.
Other Cool XP tips:
Adding SafeBoot to the Boot Menu:
You can add Safeboot as an option to the normal XP boot screen
1. Open a command prompt
2. Copy the current c:\boot.ini to another name (just in case)
3. With your favorite text editor, edit c:\boot.ini
4. Copy then edit the current boot line to another line. For example:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect
might copy and then change to:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional Safeboot” /fastdetect
5. Start MSCONFIG
6. Click on the BOOT.INI tab
7. Highlight the second line with the additional name of Safeboot
8. Check the /SAFEBOOT box with option you want
Minimal - Minimal set of drivers
Network - With Network Support
Dsrepair - Directory Services Repair
Minimal (Alternate Shell) - Standard Explorer Desktop
9. You will now have this option every time you start XP
Changing the Default DOS Window Properties:
If you want to change the default DOS windows properties like:
• Size
• Color
• Font
• Buffer Size
• Window / Full Screen
1. Open up a DOS window
2. Right click on the Title Bar
3. Select Defaults
4. Make any of the changes you like
5. All subsequent DOS windows will assume these defaults
Set the Online Registration as Being Completed
You can set WindowsXP to assume the online registration has been completed.
1. Run Regedit
2. Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion
3. Create a String Value called RegDone
4. Give it a value of 1
Download reg file
Rollback a Device Driver
If you install a device driver that does not work correctly,
you can restore the previous one fairly easily.
1. Log in with an administrator account
2. Right click on My Computer
3. Select Properties
4. Click on the Hardware tab
5. Click on the Device Manager button
6. Go to the device you want to reconfigure
7. Click on the Driver tab
8. Click on the Roll Back Drive button
WindowsXP Command Line Utilities
While there are a lot of command line utilities in WindowsXP, here are few good ones:
bootcfg - Configures, queries, or changes Boot.ini file settings.
driverquery - Displays a list of all installed device drivers and their properties.
getmac - Returns the media access control (MAC) address and list of network protocols associated with each address for all network cards in each computer
gpresult - Displays Group Policy settings and Resultant Set of Policy (RSOP) for a user or a computer
netsh - You can use commands in the Netsh Interface IP context to configure the TCP/IP protocol
schtasks - Schedules commands and programs to run periodically or at a specific time
systeminfo - Displays detailed configuration information about a computer and its operating system
* To get a quick help for all the commands you can enter from WindowsXP,
simply create a shortcut:
hh.exe ms-its:C:\WINDOWS\Help\ntcmds.chm::/ntcmds.htm
Creating an Automated Install of WindowsXP
On the WindowsXP CP, in the SUPPORT\TOOLS directory,
there is a file called DEPLOY.CAB.
1. Extract the programs DEPLOY.CHM (help file) and SETUPMGR.EXE (main program)
2. Run SETUPMGR and answer the prompts.
3. This will create both a unattend.bat and unattend.txt file you can use for automated installs.
4. Note: The batch file might need some minor modification for file locations but it is fairly basic.
Using the System File Checker
You can run the System File Checker to verify protected system files.Command line switches are:
sfc [/scannow] [/scanonce] [/scanboot] [/revert] [/purgecache] [/cachesize=x]
• /scannow - Scans all protected system files immediately.
• /scanonce - Scans all protected system files once.
• /scanboot - Scans all protected system files every time the computer is restarted.
• /revert - Returns the scan to its default operation.
• /purgecache - Purges the Windows File Protection file cache and scans all protected system files immediately.
• /cachesize=x - Sets the size, in MB, of the Windows File Protection file cache.
Speeding Up the Display of Start Menu Items
An easy way to speed up the display of the Start Menu Items is to turn off the menu shadow.
1. Right click on an open area of the Desktop
2. Select Properties
3. Click on the Appearance tab
4. Click on the Effects button
5. Uncheck Show shadows under menus
Changing the Default Search Settings
By default, when you start a search,
you are prompted for what you want to search for.
(e.g. Pictures, Documents, Files, Computers)
To change the preferences, simply click on Change preferences
From here you can:
1. Turn off the animated screen character
2. Change files and folders search behavior (setting it to Advanced changes the default search screen to be for simply files)
3. Internet search settings
4. Turn off balloon tips
Adding / Removing Additional Programs
By default, WindowsXP does not display all the programs you can add or remove.
To show this list:
Edit the \Windows\Inf\sysoc.inf file
In the Components section, simply remove the word hide.
This will leave two commas together (like on the rest of the items).
Then you can go to the Control Panel / Add or Remove Programs / Add/Remove Windows Components and the new items will be displayed.
[Components]
NtComponents=ntoc.dll,NtOcSetupProc,,4
WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7
Display=desk.cpl,DisplayOcSetupProc,,7
Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7
NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7
iis=iis.dll,OcEntry,iis.inf,,7
com=comsetup.dll,OcEntry,comnt5.inf,hide,7
dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7
IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7
TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2
msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6
ims=imsinsnt.dll,OcEntry,ims.inf,,7
fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7
AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
msnexplr=ocmsn.dll,OcEntry,msnmsn.inf,,7
smarttgs=ocgen.dll,OcEntry,msnsl.inf,,7
RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7
Games=ocgen.dll,OcEntry,games.inf,,7
AccessUtil=ocgen.dll,OcEntry,accessor.inf,,7
CommApps=ocgen.dll,OcEntry,communic.inf,HIDE,7
MultiM=ocgen.dll,OcEntry,multimed.inf,HIDE,7
AccessOpt=ocgen.dll,OcEntry,optional.inf,HIDE,7
Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7
MSWordPad=ocgen.dll,OcEntry,wordpad.inf,HIDE,7
ZoneGames=zoneoc.dll,ZoneSetupProc,igames.inf,,7
Changing Drive Letters
If you want to change the letters assigned to your fixed or removable drives:
1. Right Click on My Computer
2. Select Manage
3. Select Disk Management
For a Fixed Disk:
1. Select it
2. Right click
3. Select Change Drive Letter and Path
4. Click on the Edit button
5. Enter in the letter you want to use
For a Removable Disk:
1. In the lower, right hand panel, right click on the Disk or CD ROM #
2. Select Change Drive Letter and Path
3. Click on the Edit button
4. Enter in the letter you want to use
Note: This can only be done for drives that do not have the Operating System Installed or you are booting to.
Adding SafeBoot to the Boot Menu
You can add Safeboot as an option to the normal XP boot screen
1. Open a command prompt
2. Copy the current c:\boot.ini to another name (just in case)
3. With your favorite text editor, edit c:\boot.ini
4. Copy then edit the current boot line to another line. For example:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect
might copy and then change to:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional Safeboot” /fastdetect
5. Start MSCONFIG
6. Click on the BOOT.INI tab
7. Highlight the second line with the additional name of Safeboot
8. Check the /SAFEBOOT box with option you want
Minimal - Minimal set of drivers
Network - With Network Support
Dsrepair - Directory Services Repair
Minimal (Alternate Shell) - Standard Explorer Desktop
9. You will now have this option every time you start XP
Enable / Disable the Task Manager
1. Start Regedit
2. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
3. Create the Dword value DisableTaskMgr
4. Give it a value of 0 to enable it
5. Give it a vaule of 1 to disable it
Download Reg File
NTLDR or NTDETECT.COM Not Found
If you get an error that NTLDR is not found during bootup,
If you have FAT32 partitions, it is much simpler than with NTFS.
Just boot with a Win98 floppy and copy the NTLDR or NTDETECT.COM files
from the i386 directory to the root of the C:\ drive.
For NTFS:
1. Insert and boot from your WindowsXP CD.
2. At the first R=Repair option, press the R key
3. Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4. Enter in the administrator password when requested
5. Enter in the following commands (X: is replaced by the actual drive letter that is assigned to the CD ROM drive.
COPY X:\i386\NTLDR C\:
COPY X:\i386\NTDETECT.COM C:\
6. Take out the CD ROM and type exit
Corrupted or Missing \WINDOWS\SYSTEM32\CONFIG
If you get the error:
Windows could not start because the following files is missing or corrupt
\WINDOWS\SYSTEM32\CONFIG\SYSTEM or \WINDOWS\SYSTEM32\CONFIG\SOFTWARE
1. Insert and boot from your WindowsXP CD.
2. At the first R=Repair option, press the R key
3. Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4. Enter in the administrator password when requested
5. cd \windows\system32\config
6. Depending on which section was corrupted:
ren software software.bad or ren system system.bad
7. Depending on which section was corrupted
copy \windows\repair\system
copy \windows\repair\software
8. Take out the CD ROM and type exit
HAL.DLL Missing or Corrupt
If you get an error regarding a missing or corrupt hal.dll file, it might simply be the BOOT.INI file on the root of the C: drive that is misconfigured
1. Insert and boot from your WindowsXP CD.
2. At the first R=Repair option, press the R key
3. Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4. Type bootcfg /list to show the current entries in the BOOT.INI file
5. Type bootcfg /rebuild to repair it
6. Take out the CD ROM and type exit
NTOSKRNL Missing or Corrupt
If you get an error that NTOSKRNL not found:
1. Insert and boot from your WindowsXP CD.
2. At the first R=Repair option, press the R key
3. Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4. Change to the drive that has the CD ROM.
5. CD i386
6. expand ntkrnlmp.ex_ C:\Windows\System32\ntoskrnl.exe
7. If WindowsXP is installed in a different location, just make the necessary change to C:\Windows
8. Take out the CD ROM and type exit
Repair Install
If XP is corrupted to the point where none of the previous solutions get it to boot,
you can do a Repair Install that might work as well as keep the current settings.
Make sure you have your valid WindowsXP key.
The whole process takes about half an hour depending on your computer
If you are being prompted for the administrator’s password, you need to choose the 2nd repair option, not the first.
1. Insert and boot from your WindowsXP CD
2. At the second R=Repair option, press the R key
3. This will start the repair
4. Press F8 for I Agree at the Licensing Agreement
5. Press R when the directory where WindowsXP is installed is shown. Typically this is C:\WINDOWS
6. It will then check the C: drive and start copying files
7. It will automatically reboot when needed. Keep the CD in the drive.
8. You will then see the graphic part of the repair that is like during a normal install of XP (Collecting Information, Dynamic Update, Preparing Installation, Installing Windows, Finalizing Installation)
9. When prompted, click on the Next button
10. When prompted, enter your XP key
11. Normally you will want to keep the same Workgroup or Domain name
12. The computer will reboot
13. Then you will have the same screens as a normal XP Install
14. Activate if you want (usually a good idea)
15. Register if you want (but not necessary)
16. Finish
17. At this point you should be able to log in with any existing accounts.
Services You Can Disable
There are quite a few services you can disable from starting automatically.
This would be to speed up your boot time and free resources.
They are only suggestions so I suggestion you read the description of each one when you run Services
and that you turn them off one at a time.
Some possibilities are:
• Alerter - Sends alert messages to specified users that are connected to the server computer.
• Application Management - Allows software to tap directly into the Add/Remove Programs feature via the Windows Installer technology.
• Background Intelligent Transfer Service - The Background Intelligent Transfer service is used by programs (such as Windows AutoUpdate) to download files by using spare bandwidth.
• Clipbook - ClipBook permits you to cut and paste text and graphics over the network.
• Error Reporting Service - Allows applications to send error reports to Microsoft in the event of an application fault.
• Fast User Switching - Windows XP allows users to switch quickly between accounts, without requiring them to log off.
• Help and Support - Allows the XP Built-in Help and Support Center to run.
• IMAPI CD-Burning COM Service - You don’t need this if you have other software to create CDs.
• Indexing Service - Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
• IP SEC - Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. If you are not on a domain, you likely don’t need this running.
• Messenger - Transmits net send and Alerter service messages between clients and servers. This is how a lot of pop-up windows start appearing on your desktop.
• Net Logon - Supports pass-through authentication of account logon events for computers in a domain. If you are not on a domain, you don’t need this running
• Network DDE - Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers.
• NT LM Security Support Provider - Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
• Performance Logs and Alerts - Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If you don’t need to monitor your performance logs, then you don’t need this service.
• Portable Media Serial Number - Retrieves the serial number of any portable music player connected to your computer
• QOS RSVP - Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
• Remote Desktop Help Session Manager - Manages and controls Remote Assistance. If you are not using Remote Desktop you don’t need this service.
• Remote Registry - Enables remote users to modify registry settings on this computer.
• Routing & Remote Access - Offers routing services to businesses in local area and wide area network environments. Allows dial-in access.
• Secondary Login - Enables starting processes under alternate credentials. This is what allows you to run an application as another user.
• Smart Card - Manages access to smart cards read by this computer.
• Smart Card Helper - Enables support for legacy non-plug and play smart-card readers used by this computer.
• SSDP Discovery Service - Enables discovery of UPnP devices on your home network.
• TCP/IP NetBIOS Helper - Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. This should not be needed in today’s network environment.
• Telnet - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients.
• Uninterruptible Power Supply Service - Manages an uninterruptible power supply (UPS) connected to the computer.
• Universal Plug and Play Device Host - Provides support to host Universal Plug and Play devices
• Upload Manager - Manages synchronous and asynchronous file transfers between clients and servers on the network.
• Volume Shadow Copy Service - Manages and implements Volume Shadow Copies used for backup and other purposes.
• Web Client - Enables Windows-based programs to create, access, and modify non-local files across the Internet.
• Wireless Zero Configuration - Provides automatic configuration for the 802.11 adapters
• WMI Performance Adapter - Provides performance library information from WMI HiPerf providers.
Running Network Diagnostics
Network Diagnostics scans your system to gather information about your hardware, software, and network connections.
Start / Run / NETSH DIAG GUI
The following is the type of information that can be displayed:
• Ping
• Connect
• Show
• Verbose
• Save to Desktop
• Mail Service
• News Service
• Internet Proxy Server
• Computer Information
• Operating System
• Windows Version
• Modems
• Network Clients
• Network Adapters
• Domain Name System (DNS)
• Dynamic Host Configuration Protocol (DHCP)
• Default Gateways
• Internet Protocol Address
• Windows Internet Naming Service (WINS)
Not Viewing Zip Files as Folders
If you want to turn of WindowsXP showing Zip files as folders,
just run:
regsvr32 /u zipfldr.dll
Hiding a XP Computer from Network Neighborhood
If you want to share files from a XP computer,
yet want to remove it from showing up in the Network Neighborhood,
Run net config server /hidden:yes
Viewing Installed Drivers
If you want to see a list of installed drivers, you can run the driverquery program
There are a lot of available switches to view different types of information.
On use can be to export to a CSV file for viewing in Excel
An example would then be:
Driverquery /v /fo csv > drivers.csv
Identify Faulty Device Drivers
If you are having problems with lockups, blue screens, or can only get to safe mode,
often the problem is due to a faulty device driver.
One way to help identify them is through the use of the Verfier program
1. Start / Run / Verifier
2. Keep the default of Create Standard Settings
3. Select the type of drivers you want to confirm
4. A list of drivers to be verified on the next boot will be shown.
5. Reboot
6. If your computer stops with a blue screen, you should get an error message with the problem driver
7. To turn off the Verifier, run verifier /reset
Determining Which Services are Associated with SVCHOST
Since so many critical services are run with each svchost,
You can see which ones are being used by opening a cmd prompt and running:
tasklist /svc /fi “imagename eq svchost.exe”
Opening Shared Folders Snap-In
To manage all your shared folders, you can run the snap-in directly
Start / Run / fsmgmt.msc
This will show you all your shared folders in a single window
You can also see what other computers are connected and what files they have open
Running CHKDSK
One way to run a chkdsk (this is like Scandisk that was with Win9X), is to
1. Double click on My Computer
2. Right click on the drive you want to check
3. Select Properties
4. Click on the Tools tab
5. Click on the Check Now button
6. Check to Automatically fix file system errors - This is the same as running chkdsk /f
7. If you want to Scan for and attempt recovery of bad sectors, check that box - This is the same as running chkdsk /R. It can also add a lot of time to the scan
8. Reboot if necessary
You can also run chkdsk from the command line with will give you more options.
The following switches are available:
/F - fix any errors
/R - identifies bad sectors
/V - with FAT32, displays a verbose output
With NTFS Volumes:
/I - Performs simpler check (stage 2)
/C - Skips the checking of cycles within folder structures
/X - Forces the volume to dismount if necessary. Intended for server administrators and should be avoided for normal use
Repairing Damaged Winsock2
The symptoms when Winsock2 is damaged shows when you try to release and renew the IP address using IPCONFIG.
And you get the following error message:
An error occurred while renewing interface ‘Internet’: An operation was attempted on something that is not a socket.
Also Internet Explorer may give the following error message:
The page cannot be displayed Additionally, you may have no IP address or no Automatic Private IP Addressing (APIPA) address, and you may be receiving IP packets but not sending them.
—–
If you have WindowsXP with Service Pack 2, there is a one line command you can run to reset the winsock2 registry entries
netsh winsock reset catalog
——
There are two easy ways to determine if Winsock2 is damaged:
From the XP source files, go to the Support / Tools directory
Winsock Test Method 1
Run netdiag /test:winsock
The end should say Winsock test ….. passed
Winsock Test Method 2
1. Run Msinfo32
2. Click on the + by Components
3. Click on the by Network
4. Click on Protocol
5. There should be 10 sections if the Winsock2 key is ok
MSAFD Tcpip [TCP/IP]
MSAFD Tcpip [UDP/IP]
RSVP UDP Service Provider
RSVP TCP Service Provider
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
If the names are anything different from those in this list, then likely Winsock2 is corrupted and needs to be repaired.
If you have any 3rd party software installed, the name MSAFD may be changed.
There should be no fewer than 10 sections.
To repair Winsock2
1. Run Regedit
2. Delete the following two registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2
Download Reg file to delete these entries
1. Restart the computer
2. Go to Network Connections
3. Right click and select Properties
4. Click on the Install button
5. Select Protocol
6. Click on the Add button
7. Click on the Have Disk button
8. Browse to the \Windows\inf directory
9. Click on the Open button
10. Click on the OK button
11. Highlight Internet Protocol (TCP/IP)
12. Click on the OK button
13. Reboot
Configure the Server for Remote Desktop
In this exercise, you will enable Remote Desktop connections, change the number of simultaneous connections allowed to the server, and configure the disconnection settings for the connection.
1. Logon to Server01 as Administrator.
2. Open the System properties from Control Panel.
3. On the Remote tab, enable Remote Desktop. Close System Properties.
4. Open the Terminal Services Configuration console from the Administrative Tools folder.
5. In the tscc (Terminal Services Configuration\Connections) MMC, right-click the RDP-tcp connection in the details pane, and then click Properties.
6. On the Network Adapter tab, change the Maximum Connections to 1.
7. On the Sessions tab, select both of the Override User Settings check boxes, and make setting changes so that any user session that is disconnected, by any means, or for any reason, will be closed in 15 minutes, that has no Active session time limit, and that will be disconnected after 15 minutes of inactivity.
❑ End a disconnected session: 15 minutes
❑ Active session limit: never
❑ Idle session limit: 15 minutes
❑ When session limit is reached or connection is broken: Disconnect from session
This configuration will ensure that only one person at a time can be connected to the Terminal Server, that any disconnected session will be closed in 15 minutes, and that an idle session will be disconnected in 15 minutes. These settings are useful so as to not have a session that is disconnected or idle making the Remote Desktop for Administration connection unavailable.
Exercise 2: Connect to the Server with the Remote Desktop Client
1. On Server02 (or another remote computer, or from Server01 itself if a remote computer is not available), open Remote Desktop Connection (from the Accessories, Communications program group) and connect to and log to Server01.
2. On Server01, open the tscc (Terminal Services Configuration\Connections) MMC. You should see the remote session connected to Server01.
3. Leave the session idle for 15 minutes, or close the Remote Desktop client without logging off the Terminal Server session, and the session should be disconnected automatically in 15 minutes.
You have now logged on to Server01 remotely, and can perform any tasks on the Server01 computer that you could accomplish while logged on interactively at the console.
1. Logon to Server01 as Administrator.
2. Open the System properties from Control Panel.
3. On the Remote tab, enable Remote Desktop. Close System Properties.
4. Open the Terminal Services Configuration console from the Administrative Tools folder.
5. In the tscc (Terminal Services Configuration\Connections) MMC, right-click the RDP-tcp connection in the details pane, and then click Properties.
6. On the Network Adapter tab, change the Maximum Connections to 1.
7. On the Sessions tab, select both of the Override User Settings check boxes, and make setting changes so that any user session that is disconnected, by any means, or for any reason, will be closed in 15 minutes, that has no Active session time limit, and that will be disconnected after 15 minutes of inactivity.
❑ End a disconnected session: 15 minutes
❑ Active session limit: never
❑ Idle session limit: 15 minutes
❑ When session limit is reached or connection is broken: Disconnect from session
This configuration will ensure that only one person at a time can be connected to the Terminal Server, that any disconnected session will be closed in 15 minutes, and that an idle session will be disconnected in 15 minutes. These settings are useful so as to not have a session that is disconnected or idle making the Remote Desktop for Administration connection unavailable.
Exercise 2: Connect to the Server with the Remote Desktop Client
1. On Server02 (or another remote computer, or from Server01 itself if a remote computer is not available), open Remote Desktop Connection (from the Accessories, Communications program group) and connect to and log to Server01.
2. On Server01, open the tscc (Terminal Services Configuration\Connections) MMC. You should see the remote session connected to Server01.
3. Leave the session idle for 15 minutes, or close the Remote Desktop client without logging off the Terminal Server session, and the session should be disconnected automatically in 15 minutes.
You have now logged on to Server01 remotely, and can perform any tasks on the Server01 computer that you could accomplish while logged on interactively at the console.
How to Disable Notification Area Balloon Tips in Windows XP
Purpose:
The purpose of this article is to teach you the way to disable notification area balloon tips in windows XP.
Notification Area Balloon Tips:
Balloon tips are displayed to notify the user of occurrences such as low disk space, the installation of new programs, and the fact that notification area icons have been hidden.
To disable notification area balloon tips
Follow these steps
This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs.
1. Click Start, click Run, in the open box type regedit and then click OK.
2. The Registry Editor console will open. Expand the following key:
HKEY_CURRENT_USER Software Microsoft Windows
CurrentVersion Explorer Advanced
3. In the details pane right click, point to New and then click DWORD value and name it EnableBalloonTips.
4. Double-click this new entry and then give it a hexadecimal value of 0.
5. Exit the registry editor.
The purpose of this article is to teach you the way to disable notification area balloon tips in windows XP.
Notification Area Balloon Tips:
Balloon tips are displayed to notify the user of occurrences such as low disk space, the installation of new programs, and the fact that notification area icons have been hidden.
To disable notification area balloon tips
Follow these steps
This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs.
1. Click Start, click Run, in the open box type regedit and then click OK.
2. The Registry Editor console will open. Expand the following key:
HKEY_CURRENT_USER Software Microsoft Windows
CurrentVersion Explorer Advanced
3. In the details pane right click, point to New and then click DWORD value and name it EnableBalloonTips.
4. Double-click this new entry and then give it a hexadecimal value of 0.
5. Exit the registry editor.
System Administrator Checklist
Daily
Review Audit logs
Tasks
Check application log for warning and error messages for service startup
errors, application or database errors and unauthorized application installs
Check security log for warning and error messages for invalid logons,
unauthorized user creating, opening or deleting files
Check system log for warning and error messages for hardware and network failures
Check web/database/application logs for warning and error messages
Check directory services log on domain controllers
Report suspicious activity to IAO
Tools – Windows Event Viewer
Perform/verify daily backup
Tasks
Run and/or verify that a successful backup of system and data files has completed
Run and/or verify that a successful backup of Active Directory files has
completed on at least one Domain Controller
Tools
Windows Backup Tool
Track/monitor system performance and activity
Tasks
Check for memory usage, Check for system paging, Check CPU usage
Tools – Windows Microsoft Management Console
Performance Log and Alerts, Task Manager, System Monitor
Microsoft Operations Manager
Check free hard-drive space
Tasks
Check all drives for adequate free space take appropriate action as specified by site's Standard Operating
Procedures
Tools – Windows Disk Defragmenter, Disk Management , Disk Quotas
Physical checks of system
Tasks
Visually check the equipment for amber lights, alarms, etc.
Take appropriate action as specified by site's Standard Operating Procedures
Weekly
Archive Audit logs
Tasks
Archive audit logs to a media device with one year retention
Perform/verify weekly backup
Tasks
Run or verify that a successful backup of system and data files has been completed
Tools
Windows Backup Tool
Update Anti-Virus signature file
Tasks
Download and install current Anti-Virus signature files
Run Anti-Virus scan on all hard-drives
Tasks
Scan all hard-drives using current Anti-Virus signature files
Check Vendor Websites for Patch Information
Tasks
Check vendor websites such as Microsoft, Sun, HP, Oracle, etc for
new vulnerability information including patches and hotfixes
Run file system integrity diagnostics
Tasks
Run diagnostic tools to detect any system problems
Tools – Windows
Disk Defragmenter
Error-checking tool
Device Manager
Verify Retina Vulnerability Scan Performed (SCCVI)
Tasks
Verify system scanned by IAO or NSO using Retina tool to detect for
vulnerabilities
Remediate with Citadel Hercules remediation Tool (SCRI)
Tasks
Verify Hercules remediation tool is used on system to correct
vulnerabilities
Check for Password Files
Tasks
Perform file search on system checking for documents containing words such as 'password', 'passwd', 'pwd', etc
Check for Unnecessary Services
Tasks
Check system services for any unnecessary services running
Monthly
Perform Self-Assessment Security Review
Tasks
Review technology checklist for any changes
Run current security review tool
Import results into Vulnerability Management System (VMS)
Tools – Windows
DISA FSO Gold Disk and Scripts
eEye Retina Scanner
Citadel Hercules Remediation Tool
Perform Hardware/Software Inventory
Tasks
Review hardware and compare to inventory list
Review software and compare to inventory list
Update VMS, where applicable
Run Password-Cracking Tool (Domain Controller only)
Tasks
Run (or verify IAO team has run) a password-cracking tool to detect
weak passwords
Provide output to IAO team
Tools – Windows
John-the-Ripper
L0phtCrack
Tools available on DISA FSO Gold Disk (Windows) and
DISA FSO Scripts (UNIX)
Perform/verify monthly backup
Tasks
Run or verify that a successful backup of system and data files has been
completed
Tools
Windows Backup Tool
Veritas Backup Software
Verify User Account Configuration
Tasks
Run DumpSec tool to verify user account configuration
Verify and/or delete dormant accounts with IAO approval
Provide output to IAO team
Tool available on DISA FSO Gold Disk (Windows)
Quarterly
Test backup/restore procedures
Tasks
Restore backup files to a test system to verify procedures and files
Tools
Windows Backup and Recovery Tool
Veritas Backup Software
Annually
Change Service-Account passwords
Tasks
Work with appropriate application administrator to ensure password changes for service accounts such as database accounts, application accounts and other service accounts are implemented
Review appropriate Security Technical Implementation Guides (STIG)
Tasks
Review appropriate STIGs which are updated annually
Participate in STIG Technical Interchange Meetings (TIM), when possible
Tasks
Participate in TIMs to exchange information about updated STIGs, etc.
Review training requirements
Tasks
Review training requirements according to DoD Directive 8570.1
As Required
Test Patches and Hotfixes
Install Patches and Hotfixes
Schedule Downtime for Reboots
Apply OS upgrades and service packs
Create/maintain user and groups accounts
Set user and group security
Subscribe to STIG News
After system configuration changes:
Create Emergency System Recovery Data
Create new system configuration baseline
Document System Configuration Changes
Review and update SSAA
Update VMS for Asset Changes
Update VMS for IAVMs
I didn't want to spend as many hours patching machines with KB824146 exploit
as I did with KB823980, so I tried out mbsafu.
Mbsafu is an automatic remote patching tool that applies Security updates
based on Microsoft Baseline Security Analyzer output.
This will patch NT4, WIN2k, WINXP, WIN2003 machines.
I patched 200-250 machines in our domain in 1Mbsafu. It works! We ran this against desktops and domain controllers.
Before deploying this, TEST IT on a few machines.
Review Audit logs
Tasks
Check application log for warning and error messages for service startup
errors, application or database errors and unauthorized application installs
Check security log for warning and error messages for invalid logons,
unauthorized user creating, opening or deleting files
Check system log for warning and error messages for hardware and network failures
Check web/database/application logs for warning and error messages
Check directory services log on domain controllers
Report suspicious activity to IAO
Tools – Windows Event Viewer
Perform/verify daily backup
Tasks
Run and/or verify that a successful backup of system and data files has completed
Run and/or verify that a successful backup of Active Directory files has
completed on at least one Domain Controller
Tools
Windows Backup Tool
Track/monitor system performance and activity
Tasks
Check for memory usage, Check for system paging, Check CPU usage
Tools – Windows Microsoft Management Console
Performance Log and Alerts, Task Manager, System Monitor
Microsoft Operations Manager
Check free hard-drive space
Tasks
Check all drives for adequate free space take appropriate action as specified by site's Standard Operating
Procedures
Tools – Windows Disk Defragmenter, Disk Management , Disk Quotas
Physical checks of system
Tasks
Visually check the equipment for amber lights, alarms, etc.
Take appropriate action as specified by site's Standard Operating Procedures
Weekly
Archive Audit logs
Tasks
Archive audit logs to a media device with one year retention
Perform/verify weekly backup
Tasks
Run or verify that a successful backup of system and data files has been completed
Tools
Windows Backup Tool
Update Anti-Virus signature file
Tasks
Download and install current Anti-Virus signature files
Run Anti-Virus scan on all hard-drives
Tasks
Scan all hard-drives using current Anti-Virus signature files
Check Vendor Websites for Patch Information
Tasks
Check vendor websites such as Microsoft, Sun, HP, Oracle, etc for
new vulnerability information including patches and hotfixes
Run file system integrity diagnostics
Tasks
Run diagnostic tools to detect any system problems
Tools – Windows
Disk Defragmenter
Error-checking tool
Device Manager
Verify Retina Vulnerability Scan Performed (SCCVI)
Tasks
Verify system scanned by IAO or NSO using Retina tool to detect for
vulnerabilities
Remediate with Citadel Hercules remediation Tool (SCRI)
Tasks
Verify Hercules remediation tool is used on system to correct
vulnerabilities
Check for Password Files
Tasks
Perform file search on system checking for documents containing words such as 'password', 'passwd', 'pwd', etc
Check for Unnecessary Services
Tasks
Check system services for any unnecessary services running
Monthly
Perform Self-Assessment Security Review
Tasks
Review technology checklist for any changes
Run current security review tool
Import results into Vulnerability Management System (VMS)
Tools – Windows
DISA FSO Gold Disk and Scripts
eEye Retina Scanner
Citadel Hercules Remediation Tool
Perform Hardware/Software Inventory
Tasks
Review hardware and compare to inventory list
Review software and compare to inventory list
Update VMS, where applicable
Run Password-Cracking Tool (Domain Controller only)
Tasks
Run (or verify IAO team has run) a password-cracking tool to detect
weak passwords
Provide output to IAO team
Tools – Windows
John-the-Ripper
L0phtCrack
Tools available on DISA FSO Gold Disk (Windows) and
DISA FSO Scripts (UNIX)
Perform/verify monthly backup
Tasks
Run or verify that a successful backup of system and data files has been
completed
Tools
Windows Backup Tool
Veritas Backup Software
Verify User Account Configuration
Tasks
Run DumpSec tool to verify user account configuration
Verify and/or delete dormant accounts with IAO approval
Provide output to IAO team
Tool available on DISA FSO Gold Disk (Windows)
Quarterly
Test backup/restore procedures
Tasks
Restore backup files to a test system to verify procedures and files
Tools
Windows Backup and Recovery Tool
Veritas Backup Software
Annually
Change Service-Account passwords
Tasks
Work with appropriate application administrator to ensure password changes for service accounts such as database accounts, application accounts and other service accounts are implemented
Review appropriate Security Technical Implementation Guides (STIG)
Tasks
Review appropriate STIGs which are updated annually
Participate in STIG Technical Interchange Meetings (TIM), when possible
Tasks
Participate in TIMs to exchange information about updated STIGs, etc.
Review training requirements
Tasks
Review training requirements according to DoD Directive 8570.1
As Required
Test Patches and Hotfixes
Install Patches and Hotfixes
Schedule Downtime for Reboots
Apply OS upgrades and service packs
Create/maintain user and groups accounts
Set user and group security
Subscribe to STIG News
After system configuration changes:
Create Emergency System Recovery Data
Create new system configuration baseline
Document System Configuration Changes
Review and update SSAA
Update VMS for Asset Changes
Update VMS for IAVMs
I didn't want to spend as many hours patching machines with KB824146 exploit
as I did with KB823980, so I tried out mbsafu.
Mbsafu is an automatic remote patching tool that applies Security updates
based on Microsoft Baseline Security Analyzer output.
This will patch NT4, WIN2k, WINXP, WIN2003 machines.
I patched 200-250 machines in our domain in 1
Before deploying this, TEST IT on a few machines.
Monitor Operating Systems
Use
This monitor monitors operating system data for any application servers and host systems. The values are collected by the 
operating system collector SAPOSCOL. You can also monitor this data with the operating system monitor, which is assigned as the analysis method for most of the nodes of this monitor.
Prerequisites
To be able to display operating system data for a particular host with this monitor, the operating system collector SAPOSCOL must be installed on that server (see Installing the Operating System Collector SAPOSCOL).
Features
The monitor contains the following monitoring tree elements (MTEs):
| MTE Name
| Meaning |
|
| CPU
| Information about the CPU of a host system |
|
| CPU_Utilization
| Average usage of the CPU in a host system; the value shows how intensively the CPU is used and how much processing capacity is still available |
|
| 5minLoadAverage
| Average number of processes in a host system that are ready for execution but must wait to be processed by the CPU |
|
| Idle
| Idle time for all CPUs in the system |
|
| Paging
| Exchange of data pages between the main memory of a host system and the overflow store in a paging file on the hard disk; paging occurs if the main memory is not large enough for the contexts of all running processes |
|
| Page_In
| Average number of page-ins per second; a page-in occurs if a process must access a data page that is not available in the main memory. Before the process can be continued, the operating system must retrieve the page from the paging file |
|
| Page_Out
| Average number of page-outs per second (page-out occurs if a page is stored out of the main memory to make room for the pages required by other processes) |
|
| Commit_Charge
| Total physical and virtual memory used by the operating system and programs (only for Microsoft Windows) | |
| Commit_ChargeFree
| Available commit charge: difference between the maximum available and the currently used commit charge (only for Microsoft Windows) |
|
| Commit_Percent
| Proportion of the maximum available commit charge currently used (only for Microsoft Windows) |
|
| Swap_Space
| Storage space on the hard disk on which data that is not currently required is stored out of the main memory, so that there is space in the main memory for the program currently being executed (only for UNIX platforms) | |
| Freespace
| Free swap space (only for UNIX platforms) | |
| Percentage_Used
| Percentage usage of the swap space (only for UNIX platforms) | |
| OS_Collector
| Status of the operating system collector SAPOSCOL |
|
| State
|
| |
| Lan
| Information about a Local Area Network (LAN), broken down by the LANs installed on this host |
|
| Packets_In
| Incoming packets per second in a LAN at the interface of a host system |
|
| Packets_Out
| Outgoing packets per second in a LAN at the interface of a host system |
|
| Collisions
| Collisions in the LAN, in which two stations transport a packet at the same time on the same channel; this leads to the destruction of both packets and means that they must be sent again |
|
| Monitored Processes
| Monitored processes on this host (see Monitoring Selected Processes with SAPOSCOL) |
|
Activities
To start the monitor, follow the procedure below:
...
1. Start the Alert Monitor using transaction RZ20 or choose CCMS ® Control/Monitoring ® Alert Monitor.
2. On the CCMS Monitor Sets screen, expand the SAP CCMS Monitor Templates set.
3. Start the Operating System monitor from the list by double clicking it.
Procedure if an Alert Is Triggered
The following table provides information about what to do if an alert is triggered in this monitor:
| MTE Name | Procedure |
|
| CPU CPU_Utilization | Many factors could lead to an excessively high CPU utilization, and you should therefore perform a detailed analysis. If the problem was caused by too many active processes in the host system, you could, for example, transfer CPU-intensive programs to times when there is a lower system workload, or to other host systems. You could also increase the number of CPUs or upgrade the CPU(s). |
|
| 5minLoadAverage | If an average of more than two processes are waiting, this indicates that the CPU is reducing the performance of the entire system. · A high value for 5minLoadAverage and a high value for CPU_Utilization can indicate that too many processes are active on this server. · A high value for 5minLoadAverage and a low value for CPU_Utilization can indicate that the main memory is too small. The processes are then waiting due to excessive paging. |
|
| Paging Page_In Page_Out | Alerts for paging suggest that too many processes are being run in a host system, or that the main memory is too small for the number of running processes. Measures that you can take are to extend the main memory, to move processes to other host systems, and to delay memory-intensive program runs to times of lower system workload.
On Windows platforms (unlike UNIX platforms), a page-out is performed as a precaution even without space being required. An alert in this MTE therefore has not meaning; under Microsoft Windows, you should only take Page_In into account. Under UNIX, on the other hand, Page_Out is the critical value for evaluating the paging. |
|
| Commit_Charge Commit_ChargeFree Commit_Percent | If the available commit charge falls under the threshold value, you should increase the value of the entire commit charge in the operating system. Note, however, that a larger virtual memory causes more paging if there is not enough main memory available (see also | |
| Swap_Space Freespace Percentage_Used | If an alert is generated in this subtree, you should increase the available swap space. For guidelines about the size of the swap space, see | |
| OS_Collector/State | If the operating system collector is not running on a system, you should | |
An SAP instance runs within an operating system. The operating system provides the instance with the following resources:
- Virtual memory
- Physical memory
- CPU
- File system management
- Physical disk
- Network
Bottlenecks in these areas can significantly affect the performance of the SAP system. You can monitor these resources using the CCMS operating system monitor.
The operating system monitor helps you locate the cause of a performance problem. If the source of the problem is in the operating system, you can analyze it further and resolve it using external tools or other external means.
Performance indicators are:
- Average load of and utilization of the CPU
- Memory utilization
- Paging in and out of data to and from the memory (replaced by pool data in the OS/400 operating system monitor)
- Disk utilization information
- LAN activity
- Operating system configuration parameters
Operating System Monitor Data: File System and LAN 
Definition
The operating system monitor displays the following data for hard disks, LAN, and file systems:
- For all physical hard disks on a host:
- Device name of the hard disk
- Hard disk usage – percentage of the time in which the hard disk is being used
- Average wait queue length of an input/output request
- Wait time in milliseconds during which a request waits in the wait queue
- Service time in milliseconds for an input/output
- Transferred kilobytes per second
- Number of disk operations per second
- For all file systems on a host:
- Name of the file system
- Capacity of the file system in megabytes
- Free storage space in the file system in megabytes
- For all LAN interfaces on a host:
- Name of the LAN interface
- Data packets received per second
- Data packets sent per second
- Errors for received packets per second
- Errors for sent packets per second
- Collisions per second, in which two stations transport a packet at the same time on the same channel; this leads to the destruction of both packets and means that they must be sent again
Some values are not specified in some network interfaces; for example, there may not be a value for collisions per second in a token ring architecture. The values specified here do not describe the actual network traffic. They describe the transfers performed with this interface. This means that the errors displayed here refer to the interface and not to the actual network segment.
Operating System Monitor Data: Memory Management
Definition
The data that you can check in the operating system monitor for memory management includes data for the swap space and paging as well as the physically available memory. The following values are measured:
- Physically available and free main memory in Kilobyte; the minimum and maximum free main memory are also measured hourly.
As a rule of thumb, if CPU bottlenecks occur if there is less than 10 MB of free physical memory for a small hardware configuration. This value can vary depending on operating system and system size.
- Paging is the exchange of data pages between the main memory of a host system and the overflow store in a paging file on the hard disk; paging occurs if the main memory is not large enough for the contexts of all running processes SAPOSCOL measures the number of pages paged in and paged out per second with the quantities of memory paged in and paged out in kilobytes.
High paging rates indicate that the main memory is too small for the running processes. Measures that you can take are to extend the main memory, to move processes to other host systems, and to delay memory-intensive program runs to times of lower system workload.
On Windows platforms (unlike UNIX platforms), the system performs paging out as a precautionary measure even when space is not required in the working memory, meaning that this value is irrelevant and you should only consider the paging in rate. Under UNIX, on the other hand, Page_Out is the critical value for evaluating the paging.
- Swap Space is storage space on the hard disk to which data that is not required is written from the main memory, so that there is space in the main memory for the program currently being executed. SAPOSCOL measures the configured and free swap space in kilobytes and the actual and maximum size of the swap space in kilobytes.
In addition, the maximum and minimum sizes of the free swap space is measured hourly. The most important values are the free and the actual swap space.
Not all types of swap space are available on all operating systems. For this reason, in some cases, the actual swap space size corresponds to the configured and maximum swap space.
Use
The system displays the specified data when you call the operating system monitor.
In the detail data, the system also displays the performance history for the last 24 hours and 30 days (see also Detail Data of the Operating System Monitor).
To call the individual functions in the table, choose the Detail Analysis menu in the operating system monitor.
| Function | Menu Path |
| Check memory usage for the last 24 hours | ® Goto ® Current Data ® Previous hours ® Memory |
| Check the swap space usage for the last 24 hours | ® Goto ® Current Data ® Previous hours ® Swap |
| Check paging and swap space for the previous days for one server | ® Goto ® Performance Database ® Compare recent days |
| Check paging and swap space for the previous days for various servers | ® Goto ® Performance Database ® Compare all servers |
See also:
Subscribe to:
Posts (Atom)
