System Management

Question 1

Task Manager

Answer 1

Task Manager is a utility that comes with Microsoft Windows to allow users and administrators to do various tasks and perform system administration. With Task Manager you are able to perform tasks such as shut down applications that are not responding, view processes, view what applications are using system resources, view network usage, connected users, and other system functions. Open Task Manager by using any of the following methods:

• Press Ctrl+Shift+-Esc • Right-click an empty area of the taskbar and select Task Manager
• Press Ctrl+Alt+Delete and select Task Manager

Question 2

Task Manager Tabs

Answer 2

Processes: The Processes tab is used to view the status of all current applications running on the computer. Use this tab to terminate unresponsive applications.

Performance: The Performance tab is used to view system-wide processor, memory, disk, and network statistics.

App History: The App History tab is used to monitor Windows Store apps running on the system.

Startup: The Startup tab is used to enable or disable applications that start automatically when the system boots.

Users: The Users tab is used to monitor users currently logged on to the system. Details: The Details tab is used to view the status of all current processes running on the computer, and the CPU and memory resources they use. Use this tab to modify the priority of a process or terminate unwanted processes. Services: The Services tab is used to view a list of services running on the computer. You can use this tab to start and stop a particular service.

Question 3

Control panel applet: System and Security

Answer 3

• Security and Maintenance is used to review recent error messages and options for resolving issues.
• Windows Defender Firewall is used to check firewall status and allow apps through the Windows Firewall.
• System allows you to view RAM and processor speed, remote access, remote assistance, or to see the computer name.
• Power Options is used to change battery settings, change what the power buttons do, or change when the computer sleeps.
• File History is used to save backup copies of your files and to restore your files.
• Backup and Restore (Windows 7) is used to backup and restore with the legacy Windows 7 backup utility and to restore files using the legacy Windows 7 backup utility.
• BitLocker Drive Encryption is used to manage BitLocker settings and protect your files and folders from unauthorized access.
• Storage Spaces is used to save files to two or more drives to help protect you from drive failure.
• Work Folders is used to make your work files available on all devices you use, even when offline.
• Administrative Tools is used to clean up hard disk space, run defragmenter, optimize drives, format disks, view event logs, and schedule tasks

Question 4

Control Panel Applet: Network and Internet

Answer 4

• Network and Sharing Center is used to view network status, connect to a network, and to view network computers and devices.
• Internet Options in Network & Internet contain the following tabs and they are used to:
  
  • General tab to modify your browser home page, startup window, tabs, history, and appearance.
  • Security tab to determine your security zone and security level
  • Privacy tab to manage website privacy and enable and disable pop-ups and InPrivate Browsing.
  • Content tab to view certificate, AutoComplete, and Feeds and Web Slices settings.
  • Connections tab to set up an Internet connection.
  • Programs tab to manage your default browser, add-ons, and other internet programs and file associations.
  • Advanced tab to set and reset advanced browser settings.

Question 5

Control panel applet: Hardware and Sound

Answer 5

Hardware and Sound is used to view and configure the current system sound settings, installed audio devices, sound cards, printer settings, and other hardware settings

Question 6

Control panel applet: Programs

Answer 6

Programs is used to uninstall programs, turn Windows features on or off, view installed updates, run programs from previous versions of Windows, get additional programs, and change default settings for media and devices

Question 7

Control panel applet: User accounts

Answer 7

User Accounts is used to view and modify user accounts, give users access to the computer, change account types, manage web credentials, and manage windows credentials

Question 8

Control panel applet: Appearance and Personalization

Answer 8

Appearance and Personalization is used to configure navigation properties, modify the behavior of input and display devices to accommodate users with special needs, specify single or double click options, show or hide hidden files, and add or remove fonts on the computer

Question 9

Control panel applet: Clock, Language, and Region

Answer 9

Clock, Language, and Region contains settings to configure various items such as language preference, default currency symbols, and date and time notation

Question 10

Control panel applet: Ease of Access

Answer 10

Ease of Access is used to optimize visual display, modify sound and visual cues, change mouse and keyboard settings, and set up speech recognition or a microphone

Question 11

With Sync Center, you are able to:

Answer 11

• Check the results of your recent sync activity.
• Have access to copies of your network files even when your computer isn’t connected to the network.
• Keep information in sync between your computer and files stored in folders on network servers, which are called Offline Files.
• Sync files between your PC and mobile devices that are compatible with Windows 10 Sync Center

Question 12

Computer Management

Answer 12

Computer Management is a saved MMC console that includes common snap-ins used to manage your computer. Some common ways to start Computer Management include:

• Right-click Start and select Computer Management.
• Search for Computer Management

Question 13

Microsoft Management Console (MMC)

Answer 13

The Microsoft Management Console (MMC) is a framework that provides a common user interface for performing system administration tasks. Management of a set of related features is done by adding snap-ins to the console. The MMC provides the shell for running these snap-ins, while the snap-ins provide the details for performing specific management tasks. Microsoft provides snap-ins for managing:

• Local Users and Groups
• Device Manager • Disk Management
• Print Management
• Component Services
• Windows Firewall with Advanced Security

To open a blank console, type mmc in the Run box (Press Windows+R). You can then add snap-ins to work with the configuration of your system. The console consists of three panes:

• The tree pane (on the left) organizes objects in a hierarchy.
• The results pane (in the middle) shows objects and configuration options.
• The actions pane (on the right) lists the actions you can take on objects.

You can save a console that includes the snap-ins you use most (saved consoles have the .msc extension). Microsoft provides a number of preconfigured consoles that include snap-ins for common tasks

Question 14

System Information (Msinfo32.exe)

Answer 14

Use System Information to view hardware and configuration information for your computer. While much of this information is available through other tools, System Information provides a single location for viewing information such as:

• Operating system version
• Computer manufacturer, processor type, available memory
• Installed devices and drivers used
• Running tasks
• Applications that run at system startup

You can only view, not modify, configuration settings in System Information

Question 15

Event Viewer

Answer 15

Use Event Viewer to view logs about programs, system events, and security. Each entry is listed as a warning, error, or information event. Events are added to the following logs:

• The Application log contains a list of all application-related events such as application installations, un-installations, and application errors.
• The System log contains a list of all system-related events such as system modifications, malfunctions, and errors.
• The Security log contains a list of all security-related events such as security modifications and user login events. Additional logs might be added by applications or services

Question 16

Performance Monitor

Answer 16

Performance Monitor displays statistics that tell you about the operation of your computer.

• A counter identifies a specific statistic, such as % Processor Time or % Disk Free Space.
• You can add or remove counters to customize the statistics you can see.
• Real-time data are displayed in a graph
• Performance Monitor by itself does not save any data. To save statistics over time, use a data collector set

Question 17

Reliability Monitor

Answer 17

Reliability Monitor maintains historical data that describe the operating system’s stability.

• Overall system stability is given a stability index that ranges from 1 to 10 (10 being the most stable). The stability rating is affected by application, hardware, Windows, and other failures.
• Reliability Monitor shows an historical chart that identifies when software installs/uninstalls and failures have occurred. By clicking on a day, you can view the changes to the system that have affected its stability

Question 18

Windows Memory Diagnostics

Answer 18

The Windows Memory Diagnostic tests the Random Access Memory (RAM) on your computer for errors. This utility is not included with Windows and must be downloaded from Microsoft’s Online Crash Analysis website

Question 19

General tab in Msconfig

Answer 19

The General tab is displayed by default when the System Configuration Utility is opened. There are three options under the General tab:

• Normal Startup is used to load all device drivers and services when Windows starts up
• Diagnostic Startup will load only the basic devices and services and is similar to starting Windows in safe mode
• Selective Startup allows the user to choose in more detail what should start with Windows

Question 20

Boot tab in Msconfig

Answer 20

The Boot tab will show you the operating system that is installed on the computer. The tab contains some of the following options:

• Boot Options allow the user to select options such as Safe boot along with some additional options
• Timeout specifies the amount of seconds that Windows will wait in the Boot menu before loading the operating system, with the default being 30 seconds

Question 21

Services tab in Msconfig

Answer 21

The Services tab displays all the Services configured to start up, when the operating system boots up. Uncheck services that you do not want Windows to start.

Question 22

Startup tab in Msconfig

Answer 22

With Windows 10, the Startup tab in System Configuration Utility displays a shortcut to the Startup tab in Task Manager

Question 23

Tools tab in Msconfig

Answer 23

The Tools tab will show you various utilities and tools that you can launch directly from the System Configuration Utility to the various tools available in Windows

Question 24

Microsoft Registry Editor (Regedit.exe)

Answer 24

Microsoft Registry Editor is a tool for modifying entries in the Windows registry. The registry is a database that holds hardware, software, and user configuration settings.

• Whenever a change is made to preferences, software, hardware, and user-settings, those changes are stored and reflected in the registry.
• The preferred method of modifying the registry is to use the applications or management tools that write to the registry. For example, many Control Panel applets make changes to registry settings.
• There will be some advanced settings that can be made only by directly editing the registry

Question 25

DirectX Diagnostic Tool (DxDiag)

Answer 25

DxDiag is a tool that shows information related to DirectX operation. DirectX is a set of programming interfaces for multimedia (video and audio). DxDiag displays information such as:

• Operating system version
• Processor and memory information
• DirectX version
• Settings and drivers used by display devices
• Audio drivers
• Input devices (mouse, keyboard, USB)

Question 26

Command Prompt

Answer 26

Use the Command Prompt to execute command-line commands. To open a command prompt,

• On the taskbar, type CMD into the Search box.
• From the Start menu, go to Windows System and select Command Prompt.

Some commands launched from the command line require elevated privileges to run. If this is the case, run Command Prompt as Administrator

Question 27

Services

Answer 27

A service is a program that processes requests from other applications or users. Services can start automatically and stay constantly running in the background, waiting for service requests. Use the Services snap-in to view and manage running services. The service startup behavior determines how the service is started.

• When set to Automatic, the service is started automatically by Windows when the system boots.
• When set to Manual, the service must be manually started.
• When Disabled, the service will not run.

Question 28

MSTSC

Answer 28

The Microsoft Terminal Services Client is a remote management service. Mstsc.exe is the executable file that opens the Microsoft Terminal Services Client. The Microsoft Terminal Services Client, which is Remote Desktop Services, is a component of Microsoft Windows that allows users to take control of remote computers over a network connection. The three Windows components that use RDS are Windows Remote Assistance, Remote Desktop Connection, and Fast User Switching

Question 29

Notepad

Answer 29

Notepad is a simple text editor for Microsoft Windows and a basic text-editing program which enables computer users to create documents. Notepad can be launched from the Start button, Windows Accessories, and selecting Notepad

Question 30

Explorer

Answer 30

Explorer, or called File Explorer and formerly Windows Explorer, is a file manager application that comes with Microsoft Windows. File Explorer’s main purpose is to let you view, open, copy, move, and otherwise manage your files and folders

Question 31

Disk Defragmenter

Answer 31

Disk Defragmenter is a utility in Microsoft Windows designed to increase access speed by rearranging files stored on a disk to occupy contiguous storage locations. The process of doing this is called defragmentation

Question 32

System Restore

Answer 32

System Restore is a recovery tool for Microsoft Windows that allows you to reverse certain changes made to the operating system. System Restore is used to return important Windows files and settings which might include drivers, registry keys, system files, and installed programs back to previous settings and versions.

Question 33

Windows Update

Answer 33

Windows Update is a Microsoft service for Windows. It automates downloading and installing software updates over a network or the internet

Question 34

Microsoft Register Server (Regsvr32.exe)

Answer 34

Microsoft Register Server is a command-line tool that registers .dll files as command components in the registry.

Question 35

Data Sources

Answer 35

You use the ODBC (Open Database Connectivity) Data Source Administrator to create and manage ODBC data sources. To open the ODBC Data Source Administrator in Windows 10, do the following:

1. Select Start.
2. Select Windows System.
3. Select Control Panel.
4. In Control Panel, select System and Security.
5. Select Administrative Tools.
6. In Administrative Tools, select Data Sources (ODBC).

Question 36

Advanced Security

Answer 36

Everyday configuration tasks for the Windows Firewall are completed using the Windows Firewall applet in Control Panel. However, advanced firewall configuration tasks can be performed using an MMC snap-in called Windows Firewall with Advanced Security. Windows Firewall with Advanced Security supports a more granular firewall configuration than can be created using the Windows Firewall applet in Control Panel. For example, it can filter traffic based on parameters such as:

• Source IP address
• Destination IP address
• Port number
• ICMP protocol

Question 37

“expand” command

Answer 37

The expand command is used to expand compressed .cab files.

• expand -d [source_file] displays the contents of the specified .cab file.
• expand [source_file] [destination] expands all the files in the specified .cab file to the chosen destination.
• expand [source_file] f:[filename] [destination] extracts a single file from the specified .cab file to the chosen destination

Question 38

“tasklist” command

Answer 38

The tasklist command displays a list of the processes that are currently running on the system. The output of the tasklist command includes a process ID (PID) that can be used to end the process

Question 39

“taskkill” command

Answer 39

The taskkill command is used to end running processes.

• taskkill /im [image_name] kills the specified process by using its image name (e.g., mspaint.exe).
• taskkill /PID [pid_number] kills the specified process by using its PID (e.g., 3572).

Sometimes a process will not respond the taskkill command. If this is the case, use the /f option with the command, which forces the process to close

Question 40

“mstsc” command

Answer 40

The mstsc command is used to establish a remote desktop session with another computer. To run the mstsc command, use the following syntax:

• mstsc /v:[server_ip]

Question 41

“gpupdate” command

Answer 41

The gpupdate command refreshes local and Active Directory-based Group Policy settings, including security settings.

• /target: { computer | user } processes only the computer settings or the current user settings. By default, both the computer settings and the user settings are processed.
• /force ignores all processing optimizations and reapplies all settings.
• /wait: value identifies the number of seconds that policy processing waits to finish. The default is 600 seconds. 0 means “no wait”; -1 means “wait indefinitely.”
• /logoff logs off after the refresh has completed. This is required for those Group Policy client-side extensions that do not process on a background refresh cycle but that do process when the user logs on, such as user software installation and folder redirection. This option has no effect if there are no extensions called that require the user to log off.
• /boot restarts the computer after the refresh has completed. This is required for those Group Policy client-side extensions that do not process on a background refresh cycle but that do process when the computer starts up, such as computer software installation. This option has no effect if there are no extensions called that require the computer to be restarted.
• /? displays help at the command prompt. To run the gpupdate command, use the following syntax:
  
  • gpupdate [/target:{computer|user}] [/force] [/wait:value] [/logoff] [/boot]

Question 42

“gpresult” command

Answer 42

The gpresult command displays Group Policy settings and Resultant Set of Policy (RSOP) for a user or a computer.

• /s computer specifies the name or IP address of a remote computer. (Do not use backslashes.) The default is the local computer.
• /u domain \ user runs the command with the account permissions of the user that is specified by user or domain\user. The default is the permissions of the current logged-on user on the computer that issues the command.
• /p password specifies the password of the user account that is specified in the /u parameter.
• /user target_user name specifies the user name of the user whose RSOP data is to be displayed.
• /scope { user | computer } displays either user or computer results. Valid values for the /scope parameter are user or computer. If you omit the /scope parameter, gpresult displays both user and computer settings.
• /v specifies that the output display verbose policy information.
• /z specifies that the output display all available information about Group Policy. Because this parameter produces more information than the /v parameter, redirect output to a text file when you use this parameter (for example, gpresult /z >policy.txt).
• /? displays help at the command prompt. To run the gpresult command, use the following syntax:
  
  • gpresult [/s computer [/u domain\user /p password]] [/user target_user name] [/scope {user|computer}] [/v] [/z]

Question 43

“shutdown” command

Answer 43

The shutdown command is used to shutdown local and remote systems. The following options can be used with the shutdown command:

• /i opens the Remote Shutdown Dialog graphical interface window.
• /l logs off the current user from the local system.
• /r shuts down and restarts the local computer.
• /h causes the computer to hibernate.
• /t [xx] sets a delay time (in seconds) before the computer shuts down

Question 44

“exit” command

Answer 44

The exit command ends the current command prompt session and closes the Command Prompt window

Question 45

counter

Answer 45

A counter is a specific statistic you can monitor (such as the amount of free memory or the number of bytes sent on a network card).

Question 46

object

Answer 46

An object is a statistic group, often corresponding to a specific type of hardware device or software process (such as the processor or memory).

Question 47

% Processor Time (Processor Utilization)

Answer 47

Processor utilization is the amount (percentage) of time the processor spends doing non-idle tasks.

• Processor utilization should be relatively low, up to 40% on average.
• Processor utilization will spike (85 - 90% or higher) when a major task is launched or a significant task is performed.
• Utilization is reported for each processor in a multi-processor or multi-core system. A CPU that supports Hyper-Threading will show two utilization graphs for each processor.
• If the processor utilization is consistently high (over 90%), then the CPU is likely the bottleneck.
  
  • Check the running processes to see the CPU use of each process. If possible, delay or pause non-critical processes or run them during off hours.
  • A process that has hung could show 100% CPU use. If the process does not complete after a period of time and does not respond, end the process to return CPU use to normal.
  • A computer with a virus might show an unknown process consuming most of the processor time. Use the internet to identify the function of unknown processes
  • Configure the processor affinity to specify that a specific process use a certain processor in a multi-processor system.
  • Upgrade to a faster CPU or add more cores to the system.

Question 48

% Disk Time (Highest Active Time)

Answer 48

The % Disk Time statistic identifies the percentage of time that the disk subsystem is busy reading from and writing to disk. If this value is consistently over 90%, check the following other statistics to identify the source of the high disk activity:

• Average Disk Queue Length
• Memory statistics

Question 49

Average Disk Queue Length

Answer 49

The disk queue holds read and write requests that are waiting to be processed by the disk controller. The average disk queue length tells you the number of read and write requests that are typically waiting to be processed.

• A high number indicates that the system has requested data from the hard disk, or has tried to save data to the hard disk, but that request could not be fulfilled immediately (i.e. it has to wait).
• This number should be below 2 times the number of disk spindles. Most physical hard disks have a single spindle (although some newer drives have 2 or 3). RAID arrays will have at least one spindle per physical disk. If this statistic shows consistently waiting read/write requests, you might need to upgrade your disks.
• Choose a faster disk (higher RPM and faster access time).
• Use a RAID-0 configuration to improve disk access

Question 50

Available, Used, and Free Physical Memory

Answer 50

You can use Task Manager to quickly identify the use of physical memory in your system.

• The total installed memory value reflects the amount of memory available to the operating system. On a 32-bit system, this value will be less than 4 GB, even if you have 4 GB of memory installed. This value could also be slightly less than the amount of installed physical RAM if the video adapter shares the system memory. The amount of memory used for this purpose is displayed under hardware reserved.
• The cached value identifies memory that is being used for a disk cache to improve read/write operations from the hard disk.
• The available value identifies how much memory is unassigned. If the amount of memory in use is close to the amount of RAM installed, you might need to add RAM or quit some running programs to free up memory

Question 51

Memory Committed Bytes (Commit Charge)

Answer 51

When a process runs, the operating system assigns memory to the process. The amount of committed memory identifies how much memory has been assigned to running processes. Be aware of the following conditions indicated by this statistic:

• If the value exceeds the amount of physical RAM, then the page file is being used instead of physical RAM. At some point, this will start to cause a bottleneck.
• To temporarily make more memory available, quit running programs or increase the page file size. However, the only permanent solution is to add more physical memory

Question 52

Page File Usage

Answer 52

The page file usage identifies the amount or percentage of the page file that is being used.

• A common recommendation is for the page file to be 1.5 to 2 times larger than the physical memory. In most cases, you will let the system manage the page file size.
• It is normal for the page file to show some use, even when the system has sufficient physical memory.
• When the page file use percentage is near 100%, you can increase the page file size as a temporary measure. Adding more memory is the best permanent solution

Question 53

Memory Pages per Second

Answer 53

The operating system allocates memory to processes in 4,096 KB blocks called pages.

• Instead of assigning physical memory addresses, the operating system assigns virtual memory addresses to shield the process from the details of the physical memory storage system.
• The paging supervisor is a process that maintains a table that correlates virtual memory addresses with the actual physical memory locations. When physical memory is low, data in RAM that is currently not being used by the CPU can be moved to the hard disk in order to free up memory for other processes.
• The area on the hard disk used for storing the contents of RAM is called the page file.
• When the CPU needs to access data in RAM, a page fault (also called a hard fault) occurs when that data does not exist in RAM but is instead in the page file.
• Paging is the process of moving data from RAM to disk and back. Before the CPU can work with data required by a process, that data must be placed into RAM The memory pages per second statistic identifies the number of hard faults that occur each second. A high number for this statistic accompanied by high disk activity (% Disk Time or the disk activity light constantly flashing) could indicate a condition known as thrashing.
• With thrashing, the demand for memory and the low amount of physical RAM means that the system must be constantly moving data from RAM, to disk, and back.
• The negative effects associated with paging increases as the amount of memory increases past the amount of physical RAM. While some paging is normal, as the demands on memory increase, the amount of paging will at some point reach a point where thrashing occurs and the effect on performance is noticeable–even to the point of making the system unusable.
• As a temporary solution, you can quit some running programs in order to decrease the demand for RAM. The only long-term solution is to add more physical RAM.
• Increasing the page file size will have no effect unless you are also experiencing out of memory errors. The problem is not that there isn’t sufficient combined memory, but that the amount of physical memory is insufficient

Question 54

Network Utilization

Answer 54

Network utilization identifies the amount of traffic sent and received by a network connection.

• Utilization is listed as a percentage of the total available theoretical bandwidth (such as 100 Mbps for a Fast Ethernet connection).
• Poor performance that has low CPU, disk, and memory statistics but high network utilization could indicate a bottleneck at the network adapter

Question 55

Active Directory

Answer 55

Active Directory is a centralized database that contains user account and security information. In a workgroup environment, authentication, security, and management all take place on each individual computer, with each device independently storing information about users and configuration settings. Using Active Directory, all computers share the same central authentication and configuration database

Question 56

Trees and Forests (Active Directory)

Answer 56

Multiple domains are grouped together in the following relationship:

• A tree is a group of related domains that share the same contiguous DNS namespace.
• A forest is a collection of related domain trees. The forest establishes the relationship between trees that have different DNS name spaces

Question 57

Domain (Active Directory)

Answer 57

A domain is an administratively-defined collection of network resources that share a common directory database and security policies. The domain is the basic administrative unit of an Active Directory structure.

• Database information is replicated (shared or copied) within a domain.
• Security settings are not shared between domains.
• Each domain maintains its own set of relationships with other domains.
• Domains are identified using DNS names.
  
  • The common name is the domain name itself.
  • The distinguished name includes the DNS context or additional portions of the name.

Depending on the network structure and requirements, the entire network might be represented by a single domain with millions of objects, or the network might require multiple domains

Question 58

Organizational Unit (OU) (Active Directory)

Answer 58

An organizational unit is like a folder that subdivides and organizes network resources within a domain. An organizational unit:

• Is a container object
• Can contain other OUs or any type of leaf object (e.g., users, computers, and printers)
• Can be used to logically organize network resources
• Simplifies security administration

Question 59

Built-in Containers (Active Directory)

Answer 59

Like OUs, generic built-in containers are used to organize Active Directory objects. However, built-in container objects have several differences:

• They are created by default.
• They cannot be created, moved, renamed, or deleted.
• They have very few editable properties

Question 60

Objects (Active Directory)

Answer 60

Within Active Directory, each resource is identified as an object. Common objects include:

• Users
• Groups
• Computers

You should know the following about objects:

• Each object contains attributes (i.e., information about the object, such as a user’s name, phone number, and email address) which are used for locating and securing resources.
• Active Directory uses DNS for locating and naming objects.
• Container objects hold other objects, either other containers or leaf objects

Question 61

Domain Controller (Active Directory)

Answer 61

A domain controller is a Windows server that holds a copy of the Active Directory database.

• A domain controller is a member of only one domain.
• A domain can contain multiple domain controllers. Each domain controller holds a copy of the Active Directory database.
• Any domain controller can make changes to the Active Directory database.
• Replication is the process of copying changes made to the Active Directory database between all of the domain controllers in the domain

Question 62

Policy

Answer 62

A policy is a set of configuration settings applied to users or computers. Group policies allow the administrator to apply multiple settings to multiple objects within the Active Directory domain at one time. Collections of policy settings are stored in a Group Policy Object (GPO). The GPO includes registry settings, scripts, templates, and software-specific configuration values

Question 63

GPOs are applied in what order?

Answer 63

1. The Local Group Policy on the computer.
2. GPOs linked to the domain that contains the user or computer object.
3. GPOs linked to the organizational unit(s) that contains the object (from the highest-level OU to the lowest-level OU).

Question 64

Computer Configuration (GPO Category)

Answer 64

Computer policies (also called machine policies) are enforced for the entire computer and are applied when the computer boots. Computer policies are in effect regardless of the user logging into the computer. Computer policies include:

• Software that should be installed on a specific computer
• Scripts that should run at startup or shutdown • Password restrictions that must be met for all user accounts
• Network communication security settings
• Registry settings that apply to the computer (the HKEY_LOCAL_MACHINE subtree) Computer policies are initially applied as the computer boots and are enforced before any user logs on.

Question 65

User Configuration (GPO Category)

Answer 65

User policies are enforced for specific users. User policy settings include:

• Software that should be installed for a specific user
• Scripts that should run at logon or logoff
• Internet Explorer user settings (such as favorites and security settings)
• Registry settings that apply to the current user (the HKEY_CURRENT_USER subtree) User policies are initially applied as the user logs on and often customize Windows-based user preferences

Question 66

Account Policies (GPO configuration setting)

Answer 66

Use Account Policies to control the following:

• Password settings
• Account lockout settings
• Kerberos settings

Account policies are in effect only when configured in a GPO linked to a domain.

Question 67

Local Policies/Audit Policy (GPO configuration setting)

Answer 67

Use Audit Policy settings to configure auditing for events such as log on, account management, or privilege use

Question 68

Local Policies/User Rights Assignment (GPO configuration setting)

Answer 68

Computer policies include a special category of policies called user rights. User rights identify system maintenance tasks and the users or groups who can perform these actions. Examples of user rights include:

• Access this computer from the network (the ability to access resources on the computer through a network connection)
• Load and unload device drivers
• Allow logon locally (the ability to log on to the computer console)
• Allow logon through Terminal Services (the ability to log on using a Remote Desktop connection)
• Back up files and directories (does not include restoring files and directories)
• Shut down the system
• Remove a computer from a docking station

Question 69

Local Policies/Security Options (GPO configuration setting)

Answer 69

Security Options allow you to apply or disable rights for all users the Group Policy applies to. Examples of Security Options policies include:

• Computer shutdown when the Security event log reaches capacity
• Unsigned driver installation
• Ctrl+Alt+Del required for log on

Question 70

Registry (GPO configuration setting)

Answer 70

You can use registry policies to:

• Configure specific registry keys and values.
• Specify if a user can view and/or change a registry value, view sub-keys, or modify key permissions

Question 71

File System (GPO configuration setting)

Answer 71

Use File System policies to configure file and folder permissions that apply to multiple computers. For example, you can limit access to specific files that appear on all client computers

Question 72

Software Restriction Policies (GPO configuration setting)

Answer 72

Use software restrictions policies to define the software permitted to run on any computer in the domain. These policies can be applied to specific users or all users. You can use software restrictions to:

• Identify allowed or blocked software.
• Allow users to run only the files you specify on multi-user computers.
• Determine who can add trusted publishers.
• Apply restrictions to specific users or all users

Question 73

Administrative Templates (GPO configuration setting)

Answer 73

Administrative templates are registry-based settings that can be configured within a GPO to control the computer and the overall user experience, such as:

• Use of Windows features such as BitLocker, Offline files and Parental Controls.
• Customize the Start menu, taskbar, or desktop environment.
• Control notifications.
• Restrict access to Control Panel features.
• Configure Internet Explorer features and options

Question 74

Built-in Administrator Account Capabilities

Answer 74

The Administrator account has all rights and permissions on the computer. This account is hidden from normal view. It doesn’t show up on the usual login screen

Question 75

User Accounts with Administrative Privileges Capabilities

Answer 75

User accounts with administrative privileges. This is the account that most users typical use when they think of an Administrator account

Question 76

Standard Account Capabilities

Answer 76

This account is hidden from normal view. It doesn’t show up on the usual login screen

Question 77

Guest Account Capabilities

Answer 77

The has very limited capabilities, usually restricted to logging on, viewing files, and running some programs. As a security measure, Windows XP and later automatically disable the Guest account in order to prevent unauthorized logon to the system

Question 78

Microsoft Accounts Capabilities

Answer 78

Take advantage of many of the newest Windows 10 features. To set up a Microsoft account, you must use a valid e-mail address. A Microsoft account provides the following features:

• Allows you to log in to a computer on which you haven’t previously set up a local user account.
• Provides access to Office 365, Windows Phone accounts, and OneDrive.
• Allows you to download apps from the Windows Store.
• Syncs your settings across multiple computers

Question 79

On a Windows system, users and groups are stored in one of three locations. What are they?

Answer 79

• Local accounts are stored on each computer and control access to resources on that computer.
• Domain accounts are stored in a central database called Active Directory. A domain controller is a special server that stores user accounts, groups, and the rights and permissions assigned to them.
• Online accounts are stored online by Microsoft

Question 80

Administrators Group Capabilities

Answer 80

Members of the Administrators group have complete and unrestricted access to the computer, including every system right. The Administrator user account and any other account designated as a “computer administrator” is a member of this group

Question 81

Backup Operators Group Capabilities

Answer 81

Members of the Backup Operators group can back up and restore files (regardless of permissions), log on locally, and shut down the system. Members of this group cannot change security settings

Question 82

Power Users Group Capabilities

Answer 82

Modern versions of Windows no longer use the Power Users group, although it still exists for backwards compatibility. This group was originally used in Windows XP and earlier. Its members can:

• Create user accounts
• Modify or delete accounts they created
• Create local groups
• Modify group membership for groups they created
• Modify group membership for the Power Users, Users, and Guests groups
• Change the system date and time
• Install applications

Power Users were not allowed to:

• Change membership of the Administrators or Backup Operators group
• Take ownership of files
• Back up or restore files
• Load or unload device drivers
• Manage security and auditing logs

In modern versions of Windows, you should avoid assigning users to be members of the Power Users group unless an application or service specifically requires it.

Question 83

Users Group Capabilities

Answer 83

Members of the Users group can use the computer but cannot perform system administration tasks and might not be able to run some legacy applications.

• Members cannot share folders.
• Members cannot install printers if the driver isn’t already installed on the system.
• Members cannot view or modify system files.
• Any user created with Local Users and Groups is automatically a member of this group.
• User accounts designated as “standard” or “limited use” accounts are members of this group.
• A user account created as a “computer administrator” is made a member of this group (in addition to being a member of the Administrators group)

Question 84

Guest Group Capabilities

Answer 84

Members of the Guests group have limited rights (similar to members of the Users group). Members can shut down the system

Question 85

Cryptographic Operators Group Capabilities

Answer 85

Members of the Cryptographic Operators group are allowed to perform cryptographic operations

Question 86

Event Log Readers Group Capabilities

Answer 86

Members of the Event Log Readers group are allowed to use Event Viewer to read the system’s event logs

Question 87

Network Configuration Operators Group Capabilities

Answer 87

Members of the Network Configuration Operators group have limited administrative privileges to allow them to manage the system’s network configuration

Question 88

Remote Desktop Users Group Capabilities

Answer 88

Members of the Remote Desktop Users group are allowed to access the system remotely using the Remote Desktop Client

Question 89

Performance Monitor Users Group Capabilities

Answer 89

Members of the Performance Monitor Users group can access performance counter data on the system

Question 90

Performance Log Users Group Capabilities

Answer 90

Members of the Performance Log Users group are allowed to schedule logging of performance counters, enable trace providers, and collect event traces on the system

Question 91

Hyper-V Administrators Group Capabilities

Answer 91

Members of the Hyper-V Administrators group are allowed to use Hyper-V on the system to create and manage virtual machines

Question 92

“yum” command

Answer 92

The yum command installs packages on Linux systems that use the Red Hat Package Manager (RPM). The yum command can automatically locate and download RPM packages for you by searching one or more repositories on the internet. It can install the package and all of its dependencies at the same time. The syntax for using yum is as follows:

• yum install package_name installs the specified package.
• yum remove package_name uninstalls the specified package.
• yum list installed lists all packages installed.
• yum list installed package_name checks to see if the specified package is installed.
• yum list available displays a list of all packages available for installation within the internet repositories yum is configured to use.
• yum list updates generates a list of updates available for all installed packages.
• yum update package_name installs updates for the specified package.
• yum info package_name displays information about the specified package, including its version and dependencies.
• yum search keyword searches for any packages that contain the specified keyword in the description, summary, or package name fields within the internet repositories yum is configured to use.

Question 93

“apt-get” command

Answer 93

The apt-get command installs packages on Linux systems that use the Debian Package Manager (dpkg). The apt-get command can automatically locate and download Debian packages for you by searching one or more repositories on the internet. It installs the package and all of its dependencies at the same time. The syntax for using apt-get is as follows:

• apt-get install package_name installs the specified package.
• apt-get remove package_name uninstalls the specified package.
• apt-get update displays information about all packages available within the internet repositories apt-get is configured to use.
• apt-get dist-upgrade upgrades all installed packages to the newest version

Question 94

“ps” command

Answer 94

The ps utility is used to display running processes on a Linux system. Many options can be used with the ps command. Several commonly used options include:

• ps displays only those processes associated with the current shell session.
• ps -e displays all processes running on the system.
• ps -f displays extended information about processes. This option can be combined with the -e option to display extended information about all of the processes running on the system.
• ps -l displays information about processes in long format. This option can be combined with the -e and -f options to display extended process information in long format.

The following fields can be displayed in the output of the ps command, depending upon which options are included with the command:

• PID displays the process ID of the process.
• TTY displays the name of the shell session the process is running within.
• TIME displays the amount of CPU time used by the process.
• CMD displays the name of the command that was run to create the process.
• UID displays the user ID that owns the process.
• PPID displays the PID of the process’s parent.
• C displays the amount of CPU utilization consumed by the process.
• STIME displays the time that the process started.
• F displays any flags associated with the process.
• S displays the current state of the process.
• PRI displays the priority of the process.
• NI displays the nice value of the process.
• SZ displays the size of the process in RAM.

Question 95

“man utility_name” command

Answer 95

Use the man utility_name command at the shell prompt to view the syntax along with all of the options that can be used with these commands

Question 96

Proprietary licensing model

Answer 96

The proprietary licensing model is used by many software vendors. Each vendor you purchase a proprietary license from should provide an End User License Agreement (EULA) that dictates the specific terms for that particular software title. There are several key facts that you need to remember about proprietary software licensing: • When you purchase this type of software, you are not purchasing the software itself. Instead, you are purchasing a license to use the software.

• You are not allowed to access the software’s source code and make modifications. Usually, the source code is not made available to customers. A EULA does not typically allow you to reverse engineer the software to recreate the source code.
• The license usually permits you to install the software only on a fixed number of computers. Installation limits are commonly enforced by the software vendor using online software activation. If you try to use the same activation code too many times, the software will not activate and can’t be used.

Two different, general types of licenses are usually offered by software vendors:

• Personal licenses are intended for home and small business customers. Usually, they allow the software to be installed on only one to three systems. Because they are limited in the number of allowed installs, personal licenses are usually less expensive than other alternatives. However, personal licenses many not be the best choice for large organizations, which may need to purchase hundreds or even thousands of licenses for a given software title.
• Enterprise licenses (which are also sometimes called volume licenses) are intended for medium and large organizations. Enterprise licenses allow the customer to install the software without restriction using the same activation code (typically until a maximum cap is reached). Because of the volume involved, the customer is usually able to purchase an enterprise license for much less than the cost of purchasing individual personal licenses. Enterprise licenses are usually too expensive for most home or small business users.

Question 97

Open Source licensing model

Answer 97

Open source software used to be exclusive to Linux and Unix operating systems. However, many open source applications are now available for Windows and Mac operating systems. Open source licensing is very different from proprietary licensing:

• Open source software is usually freely distributed. You can typically download, install, and use the software without paying a license fee.
• Most open source software is distributed under the GNU General Public License (GPL), which requires that the source code for the software to be freely distributable to anyone who wants it. This means you can download the source code for an application, modify it, recompile it, and then use the modified version of the software. In fact, you could even post it for others to use as long as you make your source code freely available as well.

Organizations that release open source applications typically use a variety of means to generate revenue so they can keep developing new products:

• Contributions. Some open source projects ask you to contribute financially if you use their software.
• Added functionality. Some open source projects release a base version of their software for free, but then charge a fee for highly desirable add-ons.
• Support contracts. Some open source projects release their software for free, but then charge a fee for technical support. • Training contracts. Like support contracts, some open source projects also provide training for a fee.
• Partnerships. Sometimes an open source project will partner with a commercial organization. In this situation, two versions of an application will be created, one that is proprietary and one that is open source. The proprietary version is typically used to finance the development of the free version.
• Subscriptions. Sometimes an open source project will sell subscriptions for online accounts or server access

Question 98

Hotfix update type

Answer 98

A hotfix is an operating system patch that fixes bugs and other vulnerabilities in the software.

• Hotfixes may be released on a regular basis as fixes are created.
• For the highest level of security, apply hotfixes as they are released (after you use a test computer to verify that the hotfix will not cause additional problems).
• Microsoft identifies each hotfix by a number. This number also identifies a knowledge base (KB) article that describes the issues addressed by the hotfix.

Question 99

Service Pack (SP) update type

Answer 99

A service pack (SP) is a collection of hotfixes and other system enhancements.

• A service pack includes all hotfixes released to that time. If you install the service pack, you do not need to install individual hotfixes. Installing a service pack also includes all previous service packs.
• Service packs might include additional functionality beyond simple bug fixes

Question 100

Backup

Answer 100

A backup is a copy of data that is archived and which can be used to restore corrupt or lost data in the event of a hardware or system failure. Backups must be performed while the system is in good working order. In other words, you must plan for disasters ahead of time and take the necessary actions to protect your system before there is a problem

Question 101

System state data

Answer 101

System state data includes all of the files required to boot and run the computer. System state data includes the operating system files, the registry, drivers, and any configuration files

Question 102

User data

Answer 102

User data includes all data files saved and modified by users or applications that users run. The user data is the most important data for a company. Because user data changes constantly, back up the user data frequently and on a regular schedule

Question 103

Application data

Answer 103

Application data includes files installed by an application and application configuration files. Application data changes only following the installation of an application or following a configuration change. Depending on the system you are using, a backup of system state data might include backing up all application files as well

Question 104

Virtual memory

Answer 104

Virtual memory is simulated memory that is implemented as a page file on a hard drive. Virtual memory is used by operating systems to simulate physical RAM using hard disk space. The process of moving data from RAM to disk (and back) is known as swapping or paging. The Virtual Memory Manager (VMM) is in charge of swapping data between physical memory and the hard disk

Question 105

The VMM follows these steps to manage applications

Answer 105

1. The VMM assigns virtual addressing to an application. This is known as logical segmentation.
2. The application is then loaded into physical RAM (absolute address space). The process doesn’t recognize its location in physical RAM; it only recognizes its virtual space.
3. As the user launches other applications, the VMM will allocate space to those applications in true physical RAM.
4. When there is no more space in physical RAM, the VMM will take the application that hasn’t been used for the longest period of time and place it in the page file on the hard drive. This is known as paging out. Likewise, when an application is moved from the page file back into physical RAM, it is known as paging in.
5. If the system needs access to an application that has been paged out from physical RAM, this causes a problem known as a page fault. When this happens, the VMM will page out the program in the physical RAM that hasn’t been used for the longest period of time to the page file on the hard drive, and will page in the application currently being accessed back to the physical RAM.

Question 106

Shortcut Malfunction troubleshooting steps

Answer 106

Installation of an application may create a shortcut on the desktop. The shortcut is a pointer file that identifies the location of the executable file that runs the application.

• During install you can often choose to add shortcuts for only the current user or all users.
• Shortcuts will cease to work if the file to which they point is moved or altered, or if a drive has been remapped to a different drive letter (which can happen when working with removable media).
• Some issues can be resolved by fixing the shortcut instead of re-installing the application.
• Edit the properties of the shortcut to correct many application-related issues:
  
  • Use the Target field to point to the executable location.
  • Use the Start in field to identify a working directory for the application.

Question 107

Installation Issues troubleshooting steps

Answer 107

Application installation involves more than just copying the executable files to the computer. Installation typically modifies the registry, creates shortcuts, creates Start menu tiles, and configures other settings required by the application. Users must have the appropriate permissions to install applications. The ability to install applications depends on the user’s group membership and the operating system:

• Users who are members of just the Users group are not allowed to install applications.
• Users who are members of the Administrators group can install applications.

If an application’s files get deleted or become corrupted after installation, they can be repaired by doing one of the following:

• Some applications provide the Repair option in Programs and Features. When selected, the Repair option inspects all of the application’s files and replaces files that are missing or corrupt.
• If an application does not provide the Repair option in Programs and Features, it must be first uninstalled and then reinstalled to repair missing or corrupt application files.

Question 108

Windows Compatibility troubleshooting steps

Answer 108

Because some applications use elements that are specific to a certain version of an operating system, you may run into problems when trying to use these same programs on newer operating systems. Windows Compatibility Mode is designed to correct this problem by creating an environment that emulates the operating system for which the application was originally intended. In compatibility mode, you choose a target operating system (such as Windows 7). When the application runs, it appears as if the application is running on the target operating system. To configure Compatibility Mode for an application, edit the properties of its shortcut or executable file. On the Compatibility tab, configure the following as appropriate:

• Operating system compatibility mode
• Reduced color mode
• Run in 640x480 screen resolution
• Disable display scaling on high DPI settings
• Disable full screen optimizations
• Run the program as an administrator

If you’re not sure which settings to use, you can run the Compatibility Troubleshooter from the Compatibility tab. This utility will probe the application and automatically determine the correct compatibility settings.

Question 109

Permissions troubleshooting steps

Answer 109

On older versions of Windows, applications ran with the privileges associated with the user who ran the application. But on modern versions of Windows, applications run by default as a standard user, even if the user who launches the application is an administrator. This is done to contain damage that could potentially result if the end user launches a poorly-written or malicious application. However, some applications need to run with administrative privileges to be able to complete necessary tasks. Be aware of the following permission-related issues when running applications:

• Using UAC in modern versions of Windows, applications run with standard user privileges by default. The user will be prompted if the application requires elevated permissions.
• Older applications written for previous versions of Windows may not be compatible with UAC. They may assume that they can run with administrator-level privileges.
• Applications with insufficient permissions might not run, or they might run but not function correctly (some features might not be available). If this happens, you can run the application: o In compatibility mode. You can enable Run this program as an administrator on the Compatibility tab to automatically elevate privileges when the application is run.
  
  • As administrator. To do this, right-click the application shortcut or executable file and choose Run as administrator.
• Many applications create data files as they run. They may also create temporary files. The user running the application must have sufficient file system permissions to the directories where these files will be created.

Question 110

Error Reporting

Answer 110

Windows Error Reporting is a feature of Windows that enables Microsoft to be notified of application faults, system unresponsiveness, and kernel defects. Microsoft uses these error reports to diagnose the cause for common problems, then, if possible, improve upon their product or supply troubleshooting techniques. Each time an error occurs, a dialog box will appear that prompts you to report the problem to Microsoft. If you are connected to the internet and you choose to report the problem, technical information about the problem is sent to Microsoft. If known information about the problem you have experienced is available, you will receive a link to a web page that contains information about the problem.

Question 111

Service Fails to Start troubleshooting steps

Answer 111

During or shortly after startup, you might see an error message stating that a service has failed to start.

• Check the Event Viewer for additional information about which service failed to start and the reason why it did not load.
• Try using the Services console or the net start command to manually start the service.
• If the service is not required, you can change its startup type to Manual in the Services console to prevent it from trying to load during startup.
• If the service is necessary, use the Services console to make sure that any dependent services are configured to start and have started successfully.
• Verify that the service is configured with a valid user account and that the password has not changed.

If an account other than the Local System account is used, make sure that the service is configured with the correct password (when you change the user account password, you must also change the password configured by the services that use that account).

Question 112

Hung Applications troubleshooting steps

Answer 112

If an application hangs and won’t exit properly, you can use Task Manager to force it to close. This can be done in two ways:

• Select the hung application on the Processes tab and select End Task.
• Right-click the hung application on the Processes tab and select Go to Details. Then, with the application’s process selected on the Details tab, select End Task

Question 113

Process Priority

Answer 113

By default, the Windows operating system kernel tries to evenly distribute access to system resources to all processes running on the system. However, if a process needs to run with a higher priority than the other processes on the system, its priority can be manually configured. From the Details tab in Task Manager, right-click the process, select Set Priority, and then select a priority level

Question 114

Processor Affinity

Answer 114

In a multi-core or multiprocessor system, the Windows operating system kernel will automatically distribute processes across all available processes. However, a process can be constrained to run only on certain processors. Right-click the process in Task Manager, select Set Affinity, and then mark the processors that the process is allowed to run on

Question 115

Slow Loading Profile troubleshooting steps

Answer 115

Over time, after an update, or installation of new program, operating systems can become very slow to load a user’s profile. Check the following as troubleshooting steps.

• Check programs that start with Windows in Task Manager under the Startup tab. Disable any programs that are not required to start with Windows.
• Check for updates for device drivers.
• Check to see if the profile is a Roaming User Profile that is being pulled down from the network.
• Check Event Viewer for information for any errors

Question 116

System Does not Power on troubleshooting

Answer 116

If the system does not power on:

• Make sure the system is plugged in and the power strip or UPS is turned on.
• Check the power switch and the power type (110 or 220 volts) on the back of the power supply.
• If your computer is a notebook or tablet, make sure the battery is installed. Ensure that the AC adapter is plugged in.
• If you have just installed a new system, make sure the system case power switch is connected to the motherboard. When you turn on the computer, you should hear both the power supply fan and the CPU fan start to spin.

Question 117

System Powers on, but No Display Is Visible troubleshooting

Answer 117

If the system powers on but there is nothing on the display, check the following:

• Verify that the monitor is connected to the computer, plugged in, and turned on.
• Verify that the BIOS/UEFI is configured to use the correct video adapter. Most motherboards can be configured to use either the integrated video adapter or a PCIe video adapter installed in an expansion slot.
• To display startup information on the screen, the computer needs at a minimum the CPU, memory, and a video card. Other components are not necessary. Verify that these three components are properly installed.
• If necessary, reduce the system to the three components listed above and try starting the system. If that does not work, swap out components to identify the failed component. Some computers will use a series of beeps to indicate specific problems when those messages cannot be shown on the screen. In this case, consult the motherboard documentation for the meaning of the audible messages.

Question 118

Corrupt MBR or Partition Table troubleshooting

Answer 118

The master boot record (MBR) is responsible for locating the system (active) partition and loading the volume boot record (VBR). A corrupt or missing master boot record or a corrupt partition table prevents the system from loading the boot record code, finding the volume boot record, and loading the boot loader program. Symptoms of a corrupt MBR or partition table include:

• The system hangs immediately after the BIOS information is shown.
• Any of the following errors:
  
  • MBR corrupt
  • Invalid partition table
  • Error loading operating system
  • Missing operating system

To fix the problem, boot the system from the installation disc and repair the system.

1. Boot from the installation DVD (or the recovery USB).
2. At the Welcome screen, select Repair your computer.
3. Select Troubleshoot.
4. Select Command Prompt.
5. When the Command Prompt loads, type the following command: bootrec /FixMbr (The /FixMbr option causes the bootrec command to rewrite the master boot record without overwriting the existing partition table on the disk.)

Question 119

Corrupt Boot Sector troubleshooting

Answer 119

The boot sector (also called the volume boot record or volume boot code) is responsible for loading the operating system boot loader program (BOOTMGR). At this point in the process, the MBR has loaded, located an active partition, but there is a problem in loading the VBR, the VBR does not specify a boot loader program, or the boot loader specified in the VBR is missing or corrupt. Symptoms of a corrupt or missing boot sector include:

• System hangs following the BIOS information screen.
• Any of the following errors:
  
  • Non-system disk or disk error
  • Remove disks or other media
  • Invalid system disk
  • Invalid media type
  • Disk Boot failure
  • A disk read error occurred
  • BOOTMGR is missing
  • Missing GRUB/LILO To correct the problem you can check the following:
    
    • Check the boot order in the BIOS/UEFI to make sure the system is booting from the correct storage device. If the device is a removable media device, the drive should be empty (so the drive is skipped when checking for a boot disk), or the drive must have media that includes a bootable partition (for the system to boot from that drive). For example, leaving a USB device plugged in is a common cause of the non-system disk error. These errors can be avoided by disabling the USB Device option in the boot sequence or to set the integrated USB controller to No Boot. Boot the system from the installation disc and repair the system.
    1. Boot from the installation DVD (or the recovery USB).
    2. At the Welcome screen, select Repair your computer.
    3. Select Troubleshoot.
    4. Select Command Prompt.
    5. When the Command Prompt loads, type the following command: bootrec /FixMbr (The /FixBoot option causes the bootrec command to write a new boot sector in the system partition.)

Question 120

Inaccessible Boot Disk troubleshooting

Answer 120

The boot loader program uses the boot configuration database (BCD) to locate valid Windows installations to start. If the database points to a location that does not include any operating system files, you will see a message similar to the following: Windows could not start because of a computer disk hardware configuration problem. Could not read from the selected boot disk. Check boot path and disk hardware. To correct the problem, boot the system from the installation disc and repair the system.

1. Boot from the installation DVD (or the recovery USB).
2. At the Welcome screen, select Repair your computer.
3. Select Troubleshoot.
4. Select Command Prompt.
5. When the Command Prompt loads, type the following command: bootrec /RebuildBcd (The /RebuildBcd option causes the bootrec command to scan all storage devices for operating systems and add them to the BCD database.)

Question 121

Missing or Corrupt File troubleshooting

Answer 121

If the boot manager cannot locate needed operating system files on the selected boot partition, you might see the following errors occur:

• Windows could not start because the following file is missing or corrupt: Please re-install a copy of the above file.
• A blue screen error that describes a corrupt or missing file. This problem is caused either by a corrupt disk, corrupt files, or missing files

To correct the problem, boot the system from the installation disc and repair the system.

1. Boot from the installation DVD (or the recovery USB).
2. At the Welcome screen, select Repair your computer.
3. Select Troubleshoot.
4. Select Advanced Options.
5. Select Startup Repair. Alternatively, you can select the Command Prompt option and then use the copy command to replace the file referenced by the error message with a known good copy.

Question 122

Blue Screen or System Hangs After Windows Splash Screen is Displayed troubleshooting

Answer 122

The most common cause of the errors at this stage are bad drivers or corrupt registry settings. To correct the problem, try the following (in this order):

• If the error includes any error codes or messages, check the Microsoft website for troubleshooting information.
• Boot the system into Safe Mode. In Safe Mode, rollback drivers, remove drivers, or restore to a restore point.
• To identify which driver is causing the problem, enable boot logging, then read the Ntbtlog.txt file to identify the last driver that the system tried to load.
• If you cannot boot into Safe Mode, boot into the Recovery Environment and use System Restore to restore to a restore point that was created when the system was working correctly

Question 123

Service Fails to Start troubleshooting

Answer 123

If a service fails to start, you will see a message such as: At least one service or driver failed during system startup. Use Event Viewer to examine the event log for details. Use Event Viewer to view details about the service that did not start, then try starting the service manually. If necessary, re-enable or re-install the service

Question 124

Corrupt or Missing DLL or System File troubleshooting

Answer 124

If you see errors about corrupt or missing DLLs or system files, either during startup or after Windows starts, boot the system from the installation disc and repair the system. To do this:

1. Boot from the installation DVD (or the recovery USB).
2. At the Welcome screen, select Repair your computer.
3. Select Troubleshoot.
4. Select Advanced Options.
5. Select Startup Repair.

Alternatively, you can select Command Prompt and use the sfc command to run the System File Checker utility. The syntax to use with sfc is as follows:

• Use sfc /scannow to scan the integrity of all protected system files and repair any file that has problems.
• Use sfc /verifyonly to scan the integrity of all protected system files, but not repair them.
• Use sfc /scanfile to scan the integrity of a specific file and repair it if it has problems.
• Use sfc /verifyfile to scan the integrity of a specific file, but not repair it.

Question 125

Device Fails to Start troubleshooting

Answer 125

This message indicates that a hardware device could not be started. Begin by checking Device Manager for information about the device. If necessary, update the driver or disable the device

Question 126

What happens during the POST (power-on self-test) stage of BIOS boot?

Answer 126

On a system using BIOS, the following steps take place:

1. Power is supplied to the CPU. The CPU is hard-coded to look at a special memory address that contains a pointer (or jump program), that instructs the CPU where to find the BIOS program.
2. The CPU loads the BIOS program. The first BIOS process to run is the POST, which performs the following tasks:
   
   1. Verifies the integrity of the BIOS code.
   2. Tests and initializes the following hardware devices one by one:
      
      1. Locates, sizes, and verifies system memory
      2. Verifies and initializes video card (output displayed on monitor)
      3. Identifies available hard disks
3. After POST tests complete, the BIOS identifies other system devices. It uses CMOS settings and information supplied by the devices themselves to identify and configure hardware devices. Plug-and-play devices are allocated system resources. The system typically displays information about the keyboard, mouse, and SATA drives in the system. Following this summary, you will also see information about devices and system resources.
4. The BIOS then searches for a boot drive (using the boot order specified in the CMOS). During this sequence, system information is displayed on the screen and the option to enter the CMOS setup to configure system parameters is available

Question 127

What happens during the Boot loader stage of BIOS boot?

Answer 127

During the boot loader stage, the following process occurs:

1. On the boot device, the BIOS searches for and loads the boot code in the master boot record (MBR). The MBR is located in the first sector on the disk.
2. The MBR boot code uses the partition table to identify the active disk partition.
3. On the active partition, it looks for and loads the bootmgr.exe program.
4. The bootmgr.exe program looks for the BCD store in either the C:\ directory or the System Reserved partition. The BCD store contains a list of all Windows installations on the disk.
5. If only one installation exists, bootmgr.exe automatically loads the OS. If multiple installations exist, a list of bootable operating systems is displayed. This stage occurs after the BIOS information screen disappears, but before the Windows loading screen is shown

Question 128

What happens during the OS startup stage of BIOS boot?

Answer 128

During this stage, the operating system is started. The operating system configures system devices and loads necessary files. The following process occurs:

1. The operating system loader winload.exe is started. At this stage, advanced startup options (e.g., Safe Mode) can be accessed by pressing the F8 key
2. Winload.exe then loads the following:
   
   1. System registry
   2. Ntoskrnl.exe
   3. Essential device drivers
3. Control of the system is passed to ntoskrnl.exe.
4. At this point, the Windows logo is displayed and ntoskrnl.exe:
   
   1. Loads device drivers.
   2. Starts services.
   3. Configures the OS environment

Question 129

What happens during the Logon and user configuration stage of BIOS boot?

Answer 129

After the operating system and devices are configured, the system waits for user logon. Following logon, the operating system is configured with user-specific settings.

1. The wininit and winlogon programs run to allow user logon. At this point, the Welcome or user logon screen is displayed.
2. Following logon, all remaining device drivers and user settings are loaded. In addition, the current configuration profile is copied to the Last Known Good Configuration registry

Question 130

UEFI Boot

Answer 130

The Unified Extensible Firmware Interface (UEFI) is a newer specification that defines the software interface between an operating system and the computer’s firmware. The following diagram and table describe the different stages of the UEFI boot sequence:

Question 131

What happens during the SEC (Security) stage of the UEFI boot?

Answer 131

Immediately after the system is powered on, the SEC sequence begins.

1. Power is supplied to the CPU.
2. The CPU switches from 16-bit Real Mode to 64-bit Protected Mode.

The CPU executes a specific set of instructions to prepare the system for PEI to run

Question 132

What happens during the PEI (Pre-EFI Initialization) stage of the UEFI boot?

Answer 132

PEI initializes the system and prepares for the DXE.

1. The CPU and chipset are verified and fully initialized.
2. System memory is initialized, verified, and allocated.
3. PEI modules are loaded to allocate system resources.

The DXE is initialized and the system is prepared to transition to DXE

Question 133

What happens during the DXE (Driver Execution Environment) stage of UEFI boot?

Answer 133

DXE initializes configured devices, mounts drives, and prepares to boot the OS.

1. Device drivers are loaded into memory.
2. Hardware devices are initialized simultaneously (e.g., video card, network card, USB controllers).
3. System drives are mounted and initialized.

The EFI boot manager is initialized

Question 134

What happens during the BDS (Boot Device Selection) stage of UEFI boot?

Answer 134

The BDS stage runs the EFI boot manager, which identifies the system’s boot configuration settings and decides how to boot the system.

1. If an EFI System Partition (ESP) exists, the following process occurs:
   
   1. On the ESP in the \EFI\Microsoft directory, the boot manager looks for and runs the bootmgfw.efi file.
   2. The bootmgfw.efi looks for the BCD store in the same directory that contains a list of all Windows installations.
   3. If only one installation exists, UEFI automatically loads it. If multiple installations exist, a list of bootable operating systems is displayed.
2. If no ESP exists, the boot manager uses Legacy BIOS mode to complete the boot sequence:
   
   1. The MBR looks for and loads the bootmgr.exe program.
   2. The bootmgr.exe program looks for the BCD store in either the C:\ directory or the System Reserved partition.
   3. If only one installation exists, bootmgr.exe automatically loads the OS. If multiple installations exist, a list of bootable operating systems is displayed.

At the beginning of the BDS stage, the UEFI interface is executed and the option to load the EFI Shell or enter the UEFI configuration is available

Question 135

What happens during the TSL (Transient System Load) stage of the UEFI boot?

Answer 135

During TSL stage, the operating system loader is located and booted.

1. The BCD store is used to identify the location of the operating system loader (for Windows, the default location is C:\Windows\system32\winload.efi).
2. The operating system loader winload.efi is started.
3. Winload.efi then loads the following elements:
   
   1. System registry
   2. Ntoskrnl.exe

Essential device drivers

Question 136

What happens during the RT (Run Time) stage of UEFI boot?

Answer 136

After the operating system and devices are configured, the system waits for user logon. Following logon, the operating system is configured with user-specific settings.

1. Control of the system is passed to ntoskrnl.exe.
2. At this point, the Windows logo is displayed and ntoskrnl.exe:
   
   • Loads device drivers.
   • Starts services.
   • Configures the OS environment.
3. The wininit and winlogon programs run to allow user logon (at this point, the Welcome screen is displayed).

Following logon, all remaining device drivers and user settings are loaded. In addition, the current configuration profile is copied to the Last Known Good Configuration registry

Question 137

Which boot is faster, BIOS or UEFI?

Answer 137

UEFI

Question 138

Errors, lockups, and system crashes are typically caused by what?

Answer 138

• Software bugs (errors in an application, the operating system, or driver code)
• Corrupt or missing operating system files
• Incorrect, corrupt, or incompatible device drivers
• Overheated hardware
• Failing hardware (memory, hard disk, or other component)

Question 139

What is a BSOD?

Answer 139

A Blue Screen of Death (BSOD), also called a stop error, is an error that is so severe that Windows can no longer continue to function. When this type of error occurs, the system will stop and display a blue screen with information related to the error. On Mac OS, you may see the cursor turn into a pinwheel and you can’t do anything. This is sometimes called the Pinwheel of Death