System Management Flashcards

Question

DirectX Diagnostic Tool (DxDiag)

Answer 1

DxDiag is a tool that shows information related to DirectX operation. DirectX is a set of programming interfaces for multimedia (video and audio). DxDiag displays information such as: * Operating system version * Processor and memory information * DirectX version * Settings and drivers used by display devices * Audio drivers * Input devices (mouse, keyboard, USB)

Answer 2

Use the Command Prompt to execute command-line commands. To open a command prompt, * On the taskbar, type CMD into the Search box. * From the Start menu, go to Windows System and select Command Prompt. Some commands launched from the command line require elevated privileges to run. If this is the case, run Command Prompt as Administrator

Answer 3

A service is a program that processes requests from other applications or users. Services can start automatically and stay constantly running in the background, waiting for service requests. Use the Services snap-in to view and manage running services. The service startup behavior determines how the service is started. * When set to Automatic, the service is started automatically by Windows when the system boots. * When set to Manual, the service must be manually started. * When Disabled, the service will not run.

Answer 4

The Microsoft Terminal Services Client is a remote management service. Mstsc.exe is the executable file that opens the Microsoft Terminal Services Client. The Microsoft Terminal Services Client, which is Remote Desktop Services, is a component of Microsoft Windows that allows users to take control of remote computers over a network connection. The three Windows components that use RDS are Windows Remote Assistance, Remote Desktop Connection, and Fast User Switching

Answer 5

Notepad is a simple text editor for Microsoft Windows and a basic text-editing program which enables computer users to create documents. Notepad can be launched from the Start button, Windows Accessories, and selecting Notepad

Answer 6

Explorer, or called File Explorer and formerly Windows Explorer, is a file manager application that comes with Microsoft Windows. File Explorer's main purpose is to let you view, open, copy, move, and otherwise manage your files and folders

Answer 7

Disk Defragmenter is a utility in Microsoft Windows designed to increase access speed by rearranging files stored on a disk to occupy contiguous storage locations. The process of doing this is called defragmentation

Answer 8

System Restore is a recovery tool for Microsoft Windows that allows you to reverse certain changes made to the operating system. System Restore is used to return important Windows files and settings which might include drivers, registry keys, system files, and installed programs back to previous settings and versions.

Answer 9

Windows Update is a Microsoft service for Windows. It automates downloading and installing software updates over a network or the internet

Answer 10

Microsoft Register Server is a command-line tool that registers .dll files as command components in the registry.

Answer 11

You use the ODBC (Open Database Connectivity) Data Source Administrator to create and manage ODBC data sources. To open the ODBC Data Source Administrator in Windows 10, do the following: 1. Select Start. 2. Select Windows System. 3. Select Control Panel. 4. In Control Panel, select System and Security. 5. Select Administrative Tools. 6. In Administrative Tools, select Data Sources (ODBC).

Answer 12

Everyday configuration tasks for the Windows Firewall are completed using the Windows Firewall applet in Control Panel. However, advanced firewall configuration tasks can be performed using an MMC snap-in called Windows Firewall with Advanced Security. Windows Firewall with Advanced Security supports a more granular firewall configuration than can be created using the Windows Firewall applet in Control Panel. For example, it can filter traffic based on parameters such as: * Source IP address * Destination IP address * Port number * ICMP protocol

Answer 13

The expand command is used to expand compressed .cab files. * **expand -d [source\_file]** displays the contents of the specified .cab file. * **expand [source\_file] [destination]** expands all the files in the specified .cab file to the chosen destination. * **expand [source\_file] f:[filename] [destination]** extracts a single file from the specified .cab file to the chosen destination

Answer 14

The tasklist command displays a list of the processes that are currently running on the system. The output of the tasklist command includes a process ID (PID) that can be used to end the process

Answer 15

The taskkill command is used to end running processes. * **taskkill /im [image\_name]** kills the specified process by using its image name (e.g., mspaint.exe). * **taskkill /PID [pid\_number]** kills the specified process by using its PID (e.g., 3572). Sometimes a process will not respond the taskkill command. If this is the case, use the /f option with the command, which forces the process to close

Answer 16

The mstsc command is used to establish a remote desktop session with another computer. To run the mstsc command, use the following syntax: * mstsc /v:[server\_ip]

Answer 17

The gpupdate command refreshes local and Active Directory-based Group Policy settings, including security settings. * **/target: { computer | user }** processes only the computer settings or the current user settings. By default, both the computer settings and the user settings are processed. * **/force** ignores all processing optimizations and reapplies all settings. * **/wait**: value identifies the number of seconds that policy processing waits to finish. The default is 600 seconds. 0 means "no wait"; -1 means "wait indefinitely." * **/logoff** logs off after the refresh has completed. This is required for those Group Policy client-side extensions that do not process on a background refresh cycle but that do process when the user logs on, such as user software installation and folder redirection. This option has no effect if there are no extensions called that require the user to log off. * **/boot** restarts the computer after the refresh has completed. This is required for those Group Policy client-side extensions that do not process on a background refresh cycle but that do process when the computer starts up, such as computer software installation. This option has no effect if there are no extensions called that require the computer to be restarted. * **/?** displays help at the command prompt. To run the gpupdate command, use the following syntax: * **gpupdate [/target:{computer|user}] [/force] [/wait:value] [/logoff] [/boot]**

Answer 18

The gpresult command displays Group Policy settings and Resultant Set of Policy (RSOP) for a user or a computer. * **/s computer** specifies the name or IP address of a remote computer. (Do not use backslashes.) The default is the local computer. * **/u domain \ user** runs the command with the account permissions of the user that is specified by user or domain\user. The default is the permissions of the current logged-on user on the computer that issues the command. * **/p password** specifies the password of the user account that is specified in the /u parameter. * **/user target\_user name** specifies the user name of the user whose RSOP data is to be displayed. * **/scope { user | computer }** displays either user or computer results. Valid values for the /scope parameter are user or computer. If you omit the /scope parameter, gpresult displays both user and computer settings. * **/v** specifies that the output display verbose policy information. * **/z** specifies that the output display all available information about Group Policy. Because this parameter produces more information than the /v parameter, redirect output to a text file when you use this parameter (for example, gpresult /z \>policy.txt). * **/?** displays help at the command prompt. To run the gpresult command, use the following syntax: * **gpresult [/s computer [/u domain\user /p password]] [/user target\_user name] [/scope {user|computer}] [/v] [/z]**

Answer 19

The shutdown command is used to shutdown local and remote systems. The following options can be used with the shutdown command: * **/i** opens the Remote Shutdown Dialog graphical interface window. * **/l** logs off the current user from the local system. * **/r** shuts down and restarts the local computer. * **/h** causes the computer to hibernate. * **/t [xx]** sets a delay time (in seconds) before the computer shuts down

Answer 20

The exit command ends the current command prompt session and closes the Command Prompt window

Answer 21

A counter is a specific statistic you can monitor (such as the amount of free memory or the number of bytes sent on a network card).

Answer 22

An object is a statistic group, often corresponding to a specific type of hardware device or software process (such as the processor or memory).

Answer 23

Processor utilization is the amount (percentage) of time the processor spends doing non-idle tasks. * Processor utilization should be relatively low, up to 40% on average. * Processor utilization will spike (85 - 90% or higher) when a major task is launched or a significant task is performed. * Utilization is reported for each processor in a multi-processor or multi-core system. A CPU that supports Hyper-Threading will show two utilization graphs for each processor. * If the processor utilization is consistently high (over 90%), then the CPU is likely the bottleneck. * Check the running processes to see the CPU use of each process. If possible, delay or pause non-critical processes or run them during off hours. * A process that has hung could show 100% CPU use. If the process does not complete after a period of time and does not respond, end the process to return CPU use to normal. * A computer with a virus might show an unknown process consuming most of the processor time. Use the internet to identify the function of unknown processes * Configure the processor affinity to specify that a specific process use a certain processor in a multi-processor system. * Upgrade to a faster CPU or add more cores to the system.

Answer 24

The % Disk Time statistic identifies the percentage of time that the disk subsystem is busy reading from and writing to disk. If this value is consistently over 90%, check the following other statistics to identify the source of the high disk activity: * Average Disk Queue Length * Memory statistics

Answer 25

The disk queue holds read and write requests that are waiting to be processed by the disk controller. The average disk queue length tells you the number of read and write requests that are typically waiting to be processed. * A high number indicates that the system has requested data from the hard disk, or has tried to save data to the hard disk, but that request could not be fulfilled immediately (i.e. it has to wait). * This number should be below 2 times the number of disk spindles. Most physical hard disks have a single spindle (although some newer drives have 2 or 3). RAID arrays will have at least one spindle per physical disk. If this statistic shows consistently waiting read/write requests, you might need to upgrade your disks. * Choose a faster disk (higher RPM and faster access time). * Use a RAID-0 configuration to improve disk access

Answer 26

You can use Task Manager to quickly identify the use of physical memory in your system. * The total installed memory value reflects the amount of memory available to the operating system. On a 32-bit system, this value will be less than 4 GB, even if you have 4 GB of memory installed. This value could also be slightly less than the amount of installed physical RAM if the video adapter shares the system memory. The amount of memory used for this purpose is displayed under hardware reserved. * The cached value identifies memory that is being used for a disk cache to improve read/write operations from the hard disk. * The available value identifies how much memory is unassigned. If the amount of memory in use is close to the amount of RAM installed, you might need to add RAM or quit some running programs to free up memory

Answer 27

When a process runs, the operating system assigns memory to the process. The amount of committed memory identifies how much memory has been assigned to running processes. Be aware of the following conditions indicated by this statistic: * If the value exceeds the amount of physical RAM, then the page file is being used instead of physical RAM. At some point, this will start to cause a bottleneck. * To temporarily make more memory available, quit running programs or increase the page file size. However, the only permanent solution is to add more physical memory

Answer 28

The page file usage identifies the amount or percentage of the page file that is being used. * A common recommendation is for the page file to be 1.5 to 2 times larger than the physical memory. In most cases, you will let the system manage the page file size. * It is normal for the page file to show some use, even when the system has sufficient physical memory. * When the page file use percentage is near 100%, you can increase the page file size as a temporary measure. Adding more memory is the best permanent solution

Answer 29

The operating system allocates memory to processes in 4,096 KB blocks called pages. * Instead of assigning physical memory addresses, the operating system assigns virtual memory addresses to shield the process from the details of the physical memory storage system. * The paging supervisor is a process that maintains a table that correlates virtual memory addresses with the actual physical memory locations. When physical memory is low, data in RAM that is currently not being used by the CPU can be moved to the hard disk in order to free up memory for other processes. * The area on the hard disk used for storing the contents of RAM is called the page file. * When the CPU needs to access data in RAM, a page fault (also called a hard fault) occurs when that data does not exist in RAM but is instead in the page file. * Paging is the process of moving data from RAM to disk and back. Before the CPU can work with data required by a process, that data must be placed into RAM The memory pages per second statistic identifies the number of hard faults that occur each second. A high number for this statistic accompanied by high disk activity (% Disk Time or the disk activity light constantly flashing) could indicate a condition known as thrashing. * With thrashing, the demand for memory and the low amount of physical RAM means that the system must be constantly moving data from RAM, to disk, and back. * The negative effects associated with paging increases as the amount of memory increases past the amount of physical RAM. While some paging is normal, as the demands on memory increase, the amount of paging will at some point reach a point where thrashing occurs and the effect on performance is noticeable--even to the point of making the system unusable. * As a temporary solution, you can quit some running programs in order to decrease the demand for RAM. The only long-term solution is to add more physical RAM. * Increasing the page file size will have no effect unless you are also experiencing out of memory errors. The problem is not that there isn't sufficient combined memory, but that the amount of physical memory is insufficient

Answer 30

Network utilization identifies the amount of traffic sent and received by a network connection. * Utilization is listed as a percentage of the total available theoretical bandwidth (such as 100 Mbps for a Fast Ethernet connection). * Poor performance that has low CPU, disk, and memory statistics but high network utilization could indicate a bottleneck at the network adapter

Answer 31

Active Directory is a centralized database that contains user account and security information. In a workgroup environment, authentication, security, and management all take place on each individual computer, with each device independently storing information about users and configuration settings. Using Active Directory, all computers share the same central authentication and configuration database

Answer 32

Multiple domains are grouped together in the following relationship: * A tree is a group of related domains that share the same contiguous DNS namespace. * A forest is a collection of related domain trees. The forest establishes the relationship between trees that have different DNS name spaces

Answer 33

A domain is an administratively-defined collection of network resources that share a common directory database and security policies. The domain is the basic administrative unit of an Active Directory structure. * Database information is replicated (shared or copied) within a domain. * Security settings are not shared between domains. * Each domain maintains its own set of relationships with other domains. * Domains are identified using DNS names. * The common name is the domain name itself. * The distinguished name includes the DNS context or additional portions of the name. Depending on the network structure and requirements, the entire network might be represented by a single domain with millions of objects, or the network might require multiple domains

Answer 34

An organizational unit is like a folder that subdivides and organizes network resources within a domain. An organizational unit: * Is a container object * Can contain other OUs or any type of leaf object (e.g., users, computers, and printers) * Can be used to logically organize network resources * Simplifies security administration

Answer 35

Like OUs, generic built-in containers are used to organize Active Directory objects. However, built-in container objects have several differences: * They are created by default. * They cannot be created, moved, renamed, or deleted. * They have very few editable properties

Answer 36

Within Active Directory, each resource is identified as an object. Common objects include: * Users * Groups * Computers You should know the following about objects: * Each object contains attributes (i.e., information about the object, such as a user's name, phone number, and email address) which are used for locating and securing resources. * Active Directory uses DNS for locating and naming objects. * Container objects hold other objects, either other containers or leaf objects

Answer 37

A domain controller is a Windows server that holds a copy of the Active Directory database. * A domain controller is a member of only one domain. * A domain can contain multiple domain controllers. Each domain controller holds a copy of the Active Directory database. * Any domain controller can make changes to the Active Directory database. * Replication is the process of copying changes made to the Active Directory database between all of the domain controllers in the domain

Answer 38

A policy is a set of configuration settings applied to users or computers. Group policies allow the administrator to apply multiple settings to multiple objects within the Active Directory domain at one time. Collections of policy settings are stored in a Group Policy Object (GPO). The GPO includes registry settings, scripts, templates, and software-specific configuration values

Answer 39

1. The Local Group Policy on the computer. 2. GPOs linked to the domain that contains the user or computer object. 3. GPOs linked to the organizational unit(s) that contains the object (from the highest-level OU to the lowest-level OU).

Answer 40

Computer policies (also called machine policies) are enforced for the entire computer and are applied when the computer boots. Computer policies are in effect regardless of the user logging into the computer. Computer policies include: * Software that should be installed on a specific computer * Scripts that should run at startup or shutdown • Password restrictions that must be met for all user accounts * Network communication security settings * Registry settings that apply to the computer (the HKEY\_LOCAL\_MACHINE subtree) Computer policies are initially applied as the computer boots and are enforced before any user logs on.

Answer 41

User policies are enforced for specific users. User policy settings include: * Software that should be installed for a specific user * Scripts that should run at logon or logoff * Internet Explorer user settings (such as favorites and security settings) * Registry settings that apply to the current user (the HKEY\_CURRENT\_USER subtree) User policies are initially applied as the user logs on and often customize Windows-based user preferences

Answer 42

Use Account Policies to control the following: * Password settings * Account lockout settings * Kerberos settings Account policies are in effect only when configured in a GPO linked to a domain.

Answer 43

Use Audit Policy settings to configure auditing for events such as log on, account management, or privilege use

Answer 44

Computer policies include a special category of policies called user rights. User rights identify system maintenance tasks and the users or groups who can perform these actions. Examples of user rights include: * Access this computer from the network (the ability to access resources on the computer through a network connection) * Load and unload device drivers * Allow logon locally (the ability to log on to the computer console) * Allow logon through Terminal Services (the ability to log on using a Remote Desktop connection) * Back up files and directories (does not include restoring files and directories) * Shut down the system * Remove a computer from a docking station

Answer 45

Security Options allow you to apply or disable rights for all users the Group Policy applies to. Examples of Security Options policies include: * Computer shutdown when the Security event log reaches capacity * Unsigned driver installation * Ctrl+Alt+Del required for log on

Answer 46

You can use registry policies to: * Configure specific registry keys and values. * Specify if a user can view and/or change a registry value, view sub-keys, or modify key permissions

Answer 47

Use File System policies to configure file and folder permissions that apply to multiple computers. For example, you can limit access to specific files that appear on all client computers

Answer 48

Use software restrictions policies to define the software permitted to run on any computer in the domain. These policies can be applied to specific users or all users. You can use software restrictions to: * Identify allowed or blocked software. * Allow users to run only the files you specify on multi-user computers. * Determine who can add trusted publishers. * Apply restrictions to specific users or all users

Answer 49

Administrative templates are registry-based settings that can be configured within a GPO to control the computer and the overall user experience, such as: * Use of Windows features such as BitLocker, Offline files and Parental Controls. * Customize the Start menu, taskbar, or desktop environment. * Control notifications. * Restrict access to Control Panel features. * Configure Internet Explorer features and options

Answer 50

The Administrator account has all rights and permissions on the computer. This account is hidden from normal view. It doesn't show up on the usual login screen

Answer 51

User accounts with administrative privileges. This is the account that most users typical use when they think of an Administrator account

Answer 52

This account is hidden from normal view. It doesn't show up on the usual login screen

Answer 53

The has very limited capabilities, usually restricted to logging on, viewing files, and running some programs. As a security measure, Windows XP and later automatically disable the Guest account in order to prevent unauthorized logon to the system

Answer 54

Take advantage of many of the newest Windows 10 features. To set up a Microsoft account, you must use a valid e-mail address. A Microsoft account provides the following features: * Allows you to log in to a computer on which you haven't previously set up a local user account. * Provides access to Office 365, Windows Phone accounts, and OneDrive. * Allows you to download apps from the Windows Store. * Syncs your settings across multiple computers

Answer 55

* Local accounts are stored on each computer and control access to resources on that computer. * Domain accounts are stored in a central database called Active Directory. A domain controller is a special server that stores user accounts, groups, and the rights and permissions assigned to them. * Online accounts are stored online by Microsoft

Answer 56

Members of the Administrators group have complete and unrestricted access to the computer, including every system right. The Administrator user account and any other account designated as a "computer administrator" is a member of this group

Answer 57

Members of the Backup Operators group can back up and restore files (regardless of permissions), log on locally, and shut down the system. Members of this group cannot change security settings

Answer 58

Modern versions of Windows no longer use the Power Users group, although it still exists for backwards compatibility. This group was originally used in Windows XP and earlier. Its members can: * Create user accounts * Modify or delete accounts they created * Create local groups * Modify group membership for groups they created * Modify group membership for the Power Users, Users, and Guests groups * Change the system date and time * Install applications Power Users were not allowed to: * Change membership of the Administrators or Backup Operators group * Take ownership of files * Back up or restore files * Load or unload device drivers * Manage security and auditing logs In modern versions of Windows, you should avoid assigning users to be members of the Power Users group unless an application or service specifically requires it.

Answer 59

Members of the Users group can use the computer but cannot perform system administration tasks and might not be able to run some legacy applications. * Members cannot share folders. * Members cannot install printers if the driver isn't already installed on the system. * Members cannot view or modify system files. * Any user created with Local Users and Groups is automatically a member of this group. * User accounts designated as "standard" or "limited use" accounts are members of this group. * A user account created as a "computer administrator" is made a member of this group (in addition to being a member of the Administrators group)

Answer 60

Members of the Guests group have limited rights (similar to members of the Users group). Members can shut down the system

Answer 61

Members of the Cryptographic Operators group are allowed to perform cryptographic operations

Answer 62

Members of the Event Log Readers group are allowed to use Event Viewer to read the system's event logs

Answer 63

Members of the Network Configuration Operators group have limited administrative privileges to allow them to manage the system's network configuration

Answer 64

Members of the Remote Desktop Users group are allowed to access the system remotely using the Remote Desktop Client

Answer 65

Members of the Performance Monitor Users group can access performance counter data on the system

Answer 66

Members of the Performance Log Users group are allowed to schedule logging of performance counters, enable trace providers, and collect event traces on the system

Answer 67

Members of the Hyper-V Administrators group are allowed to use Hyper-V on the system to create and manage virtual machines

Answer 68

The yum command installs packages on Linux systems that use the Red Hat Package Manager (RPM). The yum command can automatically locate and download RPM packages for you by searching one or more repositories on the internet. It can install the package and all of its dependencies at the same time. The syntax for using yum is as follows: * **yum install package\_name** installs the specified package. * **yum remove package\_name** uninstalls the specified package. * **yum list installed** lists all packages installed. * **yum list installed package\_name** checks to see if the specified package is installed. * **yum list available** displays a list of all packages available for installation within the internet repositories yum is configured to use. * **yum list updates** generates a list of updates available for all installed packages. * **yum update package\_name** installs updates for the specified package. * **yum info package\_name** displays information about the specified package, including its version and dependencies. * **yum search keyword** searches for any packages that contain the specified keyword in the description, summary, or package name fields within the internet repositories yum is configured to use.

Answer 69

The apt-get command installs packages on Linux systems that use the Debian Package Manager (dpkg). The apt-get command can automatically locate and download Debian packages for you by searching one or more repositories on the internet. It installs the package and all of its dependencies at the same time. The syntax for using apt-get is as follows: * **apt-get install package\_name** installs the specified package. * **apt-get remove package\_name** uninstalls the specified package. * **apt-get update** displays information about all packages available within the internet repositories apt-get is configured to use. * **apt-get dist-upgrade** upgrades all installed packages to the newest version

Answer 70

The ps utility is used to display running processes on a Linux system. Many options can be used with the ps command. Several commonly used options include: * **ps** displays only those processes associated with the current shell session. * **ps -e** displays all processes running on the system. * **ps -f** displays extended information about processes. This option can be combined with the -e option to display extended information about all of the processes running on the system. * **ps -l** displays information about processes in long format. This option can be combined with the -e and -f options to display extended process information in long format. The following fields can be displayed in the output of the ps command, depending upon which options are included with the command: * **PID** displays the process ID of the process. * **TTY** displays the name of the shell session the process is running within. * **TIME** displays the amount of CPU time used by the process. * **CMD** displays the name of the command that was run to create the process. * **UID** displays the user ID that owns the process. * **PPID** displays the PID of the process's parent. * **C** displays the amount of CPU utilization consumed by the process. * **STIME** displays the time that the process started. * **F** displays any flags associated with the process. * **S** displays the current state of the process. * **PRI** displays the priority of the process. * **NI** displays the nice value of the process. * **SZ** displays the size of the process in RAM.

Answer 71

Use the man utility\_name command at the shell prompt to view the syntax along with all of the options that can be used with these commands

Answer 72

The proprietary licensing model is used by many software vendors. Each vendor you purchase a proprietary license from should provide an End User License Agreement (EULA) that dictates the specific terms for that particular software title. There are several key facts that you need to remember about proprietary software licensing: • When you purchase this type of software, you are not purchasing the software itself. Instead, you are purchasing a license to use the software. * You are not allowed to access the software's source code and make modifications. Usually, the source code is not made available to customers. A EULA does not typically allow you to reverse engineer the software to recreate the source code. * The license usually permits you to install the software only on a fixed number of computers. Installation limits are commonly enforced by the software vendor using online software activation. If you try to use the same activation code too many times, the software will not activate and can't be used. Two different, general types of licenses are usually offered by software vendors: * Personal licenses are intended for home and small business customers. Usually, they allow the software to be installed on only one to three systems. Because they are limited in the number of allowed installs, personal licenses are usually less expensive than other alternatives. However, personal licenses many not be the best choice for large organizations, which may need to purchase hundreds or even thousands of licenses for a given software title. * Enterprise licenses (which are also sometimes called volume licenses) are intended for medium and large organizations. Enterprise licenses allow the customer to install the software without restriction using the same activation code (typically until a maximum cap is reached). Because of the volume involved, the customer is usually able to purchase an enterprise license for much less than the cost of purchasing individual personal licenses. Enterprise licenses are usually too expensive for most home or small business users.

Answer 73

Open source software used to be exclusive to Linux and Unix operating systems. However, many open source applications are now available for Windows and Mac operating systems. Open source licensing is very different from proprietary licensing: * Open source software is usually freely distributed. You can typically download, install, and use the software without paying a license fee. * Most open source software is distributed under the GNU General Public License (GPL), which requires that the source code for the software to be freely distributable to anyone who wants it. This means you can download the source code for an application, modify it, recompile it, and then use the modified version of the software. In fact, you could even post it for others to use as long as you make your source code freely available as well. Organizations that release open source applications typically use a variety of means to generate revenue so they can keep developing new products: * Contributions. Some open source projects ask you to contribute financially if you use their software. * Added functionality. Some open source projects release a base version of their software for free, but then charge a fee for highly desirable add-ons. * Support contracts. Some open source projects release their software for free, but then charge a fee for technical support. • Training contracts. Like support contracts, some open source projects also provide training for a fee. * Partnerships. Sometimes an open source project will partner with a commercial organization. In this situation, two versions of an application will be created, one that is proprietary and one that is open source. The proprietary version is typically used to finance the development of the free version. * Subscriptions. Sometimes an open source project will sell subscriptions for online accounts or server access

Answer 74

A hotfix is an operating system patch that fixes bugs and other vulnerabilities in the software. * Hotfixes may be released on a regular basis as fixes are created. * For the highest level of security, apply hotfixes as they are released (after you use a test computer to verify that the hotfix will not cause additional problems). * Microsoft identifies each hotfix by a number. This number also identifies a knowledge base (KB) article that describes the issues addressed by the hotfix.

Answer 75

A service pack (SP) is a collection of hotfixes and other system enhancements. * A service pack includes all hotfixes released to that time. If you install the service pack, you do not need to install individual hotfixes. Installing a service pack also includes all previous service packs. * Service packs might include additional functionality beyond simple bug fixes

Answer 76

A backup is a copy of data that is archived and which can be used to restore corrupt or lost data in the event of a hardware or system failure. Backups must be performed while the system is in good working order. In other words, you must plan for disasters ahead of time and take the necessary actions to protect your system before there is a problem

Answer 77

System state data includes all of the files required to boot and run the computer. System state data includes the operating system files, the registry, drivers, and any configuration files

Answer 78

User data includes all data files saved and modified by users or applications that users run. The user data is the most important data for a company. Because user data changes constantly, back up the user data frequently and on a regular schedule

Answer 79

Application data includes files installed by an application and application configuration files. Application data changes only following the installation of an application or following a configuration change. Depending on the system you are using, a backup of system state data might include backing up all application files as well

Answer 80

Virtual memory is simulated memory that is implemented as a page file on a hard drive. Virtual memory is used by operating systems to simulate physical RAM using hard disk space. The process of moving data from RAM to disk (and back) is known as swapping or paging. The Virtual Memory Manager (VMM) is in charge of swapping data between physical memory and the hard disk

Answer 81

1. The VMM assigns virtual addressing to an application. This is known as logical segmentation. 2. The application is then loaded into physical RAM (absolute address space). The process doesn't recognize its location in physical RAM; it only recognizes its virtual space. 3. As the user launches other applications, the VMM will allocate space to those applications in true physical RAM. 4. When there is no more space in physical RAM, the VMM will take the application that hasn't been used for the longest period of time and place it in the page file on the hard drive. This is known as paging out. Likewise, when an application is moved from the page file back into physical RAM, it is known as paging in. 5. If the system needs access to an application that has been paged out from physical RAM, this causes a problem known as a page fault. When this happens, the VMM will page out the program in the physical RAM that hasn't been used for the longest period of time to the page file on the hard drive, and will page in the application currently being accessed back to the physical RAM.

Answer 82

Installation of an application may create a shortcut on the desktop. The shortcut is a pointer file that identifies the location of the executable file that runs the application. * During install you can often choose to add shortcuts for only the current user or all users. * Shortcuts will cease to work if the file to which they point is moved or altered, or if a drive has been remapped to a different drive letter (which can happen when working with removable media). * Some issues can be resolved by fixing the shortcut instead of re-installing the application. * Edit the properties of the shortcut to correct many application-related issues: * Use the Target field to point to the executable location. * Use the Start in field to identify a working directory for the application.

Answer 83

Application installation involves more than just copying the executable files to the computer. Installation typically modifies the registry, creates shortcuts, creates Start menu tiles, and configures other settings required by the application. Users must have the appropriate permissions to install applications. The ability to install applications depends on the user's group membership and the operating system: * Users who are members of just the Users group are not allowed to install applications. * Users who are members of the Administrators group can install applications. If an application's files get deleted or become corrupted after installation, they can be repaired by doing one of the following: * Some applications provide the Repair option in Programs and Features. When selected, the Repair option inspects all of the application's files and replaces files that are missing or corrupt. * If an application does not provide the Repair option in Programs and Features, it must be first uninstalled and then reinstalled to repair missing or corrupt application files.

Answer 84

Because some applications use elements that are specific to a certain version of an operating system, you may run into problems when trying to use these same programs on newer operating systems. Windows Compatibility Mode is designed to correct this problem by creating an environment that emulates the operating system for which the application was originally intended. In compatibility mode, you choose a target operating system (such as Windows 7). When the application runs, it appears as if the application is running on the target operating system. To configure Compatibility Mode for an application, edit the properties of its shortcut or executable file. On the Compatibility tab, configure the following as appropriate: * Operating system compatibility mode * Reduced color mode * Run in 640x480 screen resolution * Disable display scaling on high DPI settings * Disable full screen optimizations * Run the program as an administrator If you're not sure which settings to use, you can run the Compatibility Troubleshooter from the Compatibility tab. This utility will probe the application and automatically determine the correct compatibility settings.

Answer 85

On older versions of Windows, applications ran with the privileges associated with the user who ran the application. But on modern versions of Windows, applications run by default as a standard user, even if the user who launches the application is an administrator. This is done to contain damage that could potentially result if the end user launches a poorly-written or malicious application. However, some applications need to run with administrative privileges to be able to complete necessary tasks. Be aware of the following permission-related issues when running applications: * Using UAC in modern versions of Windows, applications run with standard user privileges by default. The user will be prompted if the application requires elevated permissions. * Older applications written for previous versions of Windows may not be compatible with UAC. They may assume that they can run with administrator-level privileges. * Applications with insufficient permissions might not run, or they might run but not function correctly (some features might not be available). If this happens, you can run the application: o In compatibility mode. You can enable Run this program as an administrator on the Compatibility tab to automatically elevate privileges when the application is run. * As administrator. To do this, right-click the application shortcut or executable file and choose Run as administrator. * Many applications create data files as they run. They may also create temporary files. The user running the application must have sufficient file system permissions to the directories where these files will be created.

Answer 86

Windows Error Reporting is a feature of Windows that enables Microsoft to be notified of application faults, system unresponsiveness, and kernel defects. Microsoft uses these error reports to diagnose the cause for common problems, then, if possible, improve upon their product or supply troubleshooting techniques. Each time an error occurs, a dialog box will appear that prompts you to report the problem to Microsoft. If you are connected to the internet and you choose to report the problem, technical information about the problem is sent to Microsoft. If known information about the problem you have experienced is available, you will receive a link to a web page that contains information about the problem.

Answer 87

During or shortly after startup, you might see an error message stating that a service has failed to start. * Check the Event Viewer for additional information about which service failed to start and the reason why it did not load. * Try using the Services console or the net start command to manually start the service. * If the service is not required, you can change its startup type to Manual in the Services console to prevent it from trying to load during startup. * If the service is necessary, use the Services console to make sure that any dependent services are configured to start and have started successfully. * Verify that the service is configured with a valid user account and that the password has not changed. If an account other than the Local System account is used, make sure that the service is configured with the correct password (when you change the user account password, you must also change the password configured by the services that use that account).

Answer 88

If an application hangs and won't exit properly, you can use Task Manager to force it to close. This can be done in two ways: * Select the hung application on the Processes tab and select End Task. * Right-click the hung application on the Processes tab and select Go to Details. Then, with the application's process selected on the Details tab, select End Task

Answer 89

By default, the Windows operating system kernel tries to evenly distribute access to system resources to all processes running on the system. However, if a process needs to run with a higher priority than the other processes on the system, its priority can be manually configured. From the Details tab in Task Manager, right-click the process, select Set Priority, and then select a priority level

Answer 90

In a multi-core or multiprocessor system, the Windows operating system kernel will automatically distribute processes across all available processes. However, a process can be constrained to run only on certain processors. Right-click the process in Task Manager, select Set Affinity, and then mark the processors that the process is allowed to run on

Answer 91

Over time, after an update, or installation of new program, operating systems can become very slow to load a user's profile. Check the following as troubleshooting steps. * Check programs that start with Windows in Task Manager under the Startup tab. Disable any programs that are not required to start with Windows. * Check for updates for device drivers. * Check to see if the profile is a Roaming User Profile that is being pulled down from the network. * Check Event Viewer for information for any errors

Answer 92

If the system does not power on: * Make sure the system is plugged in and the power strip or UPS is turned on. * Check the power switch and the power type (110 or 220 volts) on the back of the power supply. * If your computer is a notebook or tablet, make sure the battery is installed. Ensure that the AC adapter is plugged in. * If you have just installed a new system, make sure the system case power switch is connected to the motherboard. When you turn on the computer, you should hear both the power supply fan and the CPU fan start to spin.

Answer 93

If the system powers on but there is nothing on the display, check the following: * Verify that the monitor is connected to the computer, plugged in, and turned on. * Verify that the BIOS/UEFI is configured to use the correct video adapter. Most motherboards can be configured to use either the integrated video adapter or a PCIe video adapter installed in an expansion slot. * To display startup information on the screen, the computer needs at a minimum the CPU, memory, and a video card. Other components are not necessary. Verify that these three components are properly installed. * If necessary, reduce the system to the three components listed above and try starting the system. If that does not work, swap out components to identify the failed component. Some computers will use a series of beeps to indicate specific problems when those messages cannot be shown on the screen. In this case, consult the motherboard documentation for the meaning of the audible messages.

Answer 94

The master boot record (MBR) is responsible for locating the system (active) partition and loading the volume boot record (VBR). A corrupt or missing master boot record or a corrupt partition table prevents the system from loading the boot record code, finding the volume boot record, and loading the boot loader program. Symptoms of a corrupt MBR or partition table include: * The system hangs immediately after the BIOS information is shown. * Any of the following errors: * MBR corrupt * Invalid partition table * Error loading operating system * Missing operating system To fix the problem, boot the system from the installation disc and repair the system. 1. Boot from the installation DVD (or the recovery USB). 2. At the Welcome screen, select Repair your computer. 3. Select Troubleshoot. 4. Select Command Prompt. 5. When the Command Prompt loads, type the following command: bootrec /FixMbr (The /FixMbr option causes the bootrec command to rewrite the master boot record without overwriting the existing partition table on the disk.)

Answer 95

The boot sector (also called the volume boot record or volume boot code) is responsible for loading the operating system boot loader program (BOOTMGR). At this point in the process, the MBR has loaded, located an active partition, but there is a problem in loading the VBR, the VBR does not specify a boot loader program, or the boot loader specified in the VBR is missing or corrupt. Symptoms of a corrupt or missing boot sector include: * System hangs following the BIOS information screen. * Any of the following errors: * Non-system disk or disk error * Remove disks or other media * Invalid system disk * Invalid media type * Disk Boot failure * A disk read error occurred * BOOTMGR is missing * Missing GRUB/LILO To correct the problem you can check the following: * Check the boot order in the BIOS/UEFI to make sure the system is booting from the correct storage device. If the device is a removable media device, the drive should be empty (so the drive is skipped when checking for a boot disk), or the drive must have media that includes a bootable partition (for the system to boot from that drive). For example, leaving a USB device plugged in is a common cause of the non-system disk error. These errors can be avoided by disabling the USB Device option in the boot sequence or to set the integrated USB controller to No Boot. Boot the system from the installation disc and repair the system. 1. Boot from the installation DVD (or the recovery USB). 2. At the Welcome screen, select Repair your computer. 3. Select Troubleshoot. 4. Select Command Prompt. 5. When the Command Prompt loads, type the following command: bootrec /FixMbr (The /FixBoot option causes the bootrec command to write a new boot sector in the system partition.)

Answer 96

The boot loader program uses the boot configuration database (BCD) to locate valid Windows installations to start. If the database points to a location that does not include any operating system files, you will see a message similar to the following: Windows could not start because of a computer disk hardware configuration problem. Could not read from the selected boot disk. Check boot path and disk hardware. To correct the problem, boot the system from the installation disc and repair the system. 1. Boot from the installation DVD (or the recovery USB). 2. At the Welcome screen, select Repair your computer. 3. Select Troubleshoot. 4. Select Command Prompt. 5. When the Command Prompt loads, type the following command: bootrec /RebuildBcd (The /RebuildBcd option causes the bootrec command to scan all storage devices for operating systems and add them to the BCD database.)

Answer 97

If the boot manager cannot locate needed operating system files on the selected boot partition, you might see the following errors occur: * Windows could not start because the following file is missing or corrupt: Please re-install a copy of the above file. * A blue screen error that describes a corrupt or missing file. This problem is caused either by a corrupt disk, corrupt files, or missing files To correct the problem, boot the system from the installation disc and repair the system. 1. Boot from the installation DVD (or the recovery USB). 2. At the Welcome screen, select Repair your computer. 3. Select Troubleshoot. 4. Select Advanced Options. 5. Select Startup Repair. Alternatively, you can select the Command Prompt option and then use the copy command to replace the file referenced by the error message with a known good copy.

Answer 98

The most common cause of the errors at this stage are bad drivers or corrupt registry settings. To correct the problem, try the following (in this order): * If the error includes any error codes or messages, check the Microsoft website for troubleshooting information. * Boot the system into Safe Mode. In Safe Mode, rollback drivers, remove drivers, or restore to a restore point. * To identify which driver is causing the problem, enable boot logging, then read the Ntbtlog.txt file to identify the last driver that the system tried to load. * If you cannot boot into Safe Mode, boot into the Recovery Environment and use System Restore to restore to a restore point that was created when the system was working correctly

Answer 99

If a service fails to start, you will see a message such as: At least one service or driver failed during system startup. Use Event Viewer to examine the event log for details. Use Event Viewer to view details about the service that did not start, then try starting the service manually. If necessary, re-enable or re-install the service

Answer 100

If you see errors about corrupt or missing DLLs or system files, either during startup or after Windows starts, boot the system from the installation disc and repair the system. To do this: 1. Boot from the installation DVD (or the recovery USB). 2. At the Welcome screen, select Repair your computer. 3. Select Troubleshoot. 4. Select Advanced Options. 5. Select Startup Repair. Alternatively, you can select Command Prompt and use the sfc command to run the System File Checker utility. The syntax to use with sfc is as follows: * Use sfc /scannow to scan the integrity of all protected system files and repair any file that has problems. * Use sfc /verifyonly to scan the integrity of all protected system files, but not repair them. * Use sfc /scanfile to scan the integrity of a specific file and repair it if it has problems. * Use sfc /verifyfile to scan the integrity of a specific file, but not repair it.

Answer 101

This message indicates that a hardware device could not be started. Begin by checking Device Manager for information about the device. If necessary, update the driver or disable the device

Answer 102

On a system using BIOS, the following steps take place: 1. Power is supplied to the CPU. The CPU is hard-coded to look at a special memory address that contains a pointer (or jump program), that instructs the CPU where to find the BIOS program. 2. The CPU loads the BIOS program. The first BIOS process to run is the POST, which performs the following tasks: 1. Verifies the integrity of the BIOS code. 2. Tests and initializes the following hardware devices one by one: 1. Locates, sizes, and verifies system memory 2. Verifies and initializes video card (output displayed on monitor) 3. Identifies available hard disks 3. After POST tests complete, the BIOS identifies other system devices. It uses CMOS settings and information supplied by the devices themselves to identify and configure hardware devices. Plug-and-play devices are allocated system resources. The system typically displays information about the keyboard, mouse, and SATA drives in the system. Following this summary, you will also see information about devices and system resources. 4. The BIOS then searches for a boot drive (using the boot order specified in the CMOS). During this sequence, system information is displayed on the screen and the option to enter the CMOS setup to configure system parameters is available

Answer 103

During the boot loader stage, the following process occurs: 1. On the boot device, the BIOS searches for and loads the boot code in the master boot record (MBR). The MBR is located in the first sector on the disk. 2. The MBR boot code uses the partition table to identify the active disk partition. 3. On the active partition, it looks for and loads the bootmgr.exe program. 4. The bootmgr.exe program looks for the BCD store in either the C:\ directory or the System Reserved partition. The BCD store contains a list of all Windows installations on the disk. 5. If only one installation exists, bootmgr.exe automatically loads the OS. If multiple installations exist, a list of bootable operating systems is displayed. This stage occurs after the BIOS information screen disappears, but before the Windows loading screen is shown

Answer 104

During this stage, the operating system is started. The operating system configures system devices and loads necessary files. The following process occurs: 1. The operating system loader winload.exe is started. At this stage, advanced startup options (e.g., Safe Mode) can be accessed by pressing the F8 key 2. Winload.exe then loads the following: 1. System registry 2. Ntoskrnl.exe 3. Essential device drivers 3. Control of the system is passed to ntoskrnl.exe. 4. At this point, the Windows logo is displayed and ntoskrnl.exe: 1. Loads device drivers. 2. Starts services. 3. Configures the OS environment

Answer 105

After the operating system and devices are configured, the system waits for user logon. Following logon, the operating system is configured with user-specific settings. 1. The wininit and winlogon programs run to allow user logon. At this point, the Welcome or user logon screen is displayed. 2. Following logon, all remaining device drivers and user settings are loaded. In addition, the current configuration profile is copied to the Last Known Good Configuration registry

Answer 106

The Unified Extensible Firmware Interface (UEFI) is a newer specification that defines the software interface between an operating system and the computer's firmware. The following diagram and table describe the different stages of the UEFI boot sequence:

Answer 107

Immediately after the system is powered on, the SEC sequence begins. 1. Power is supplied to the CPU. 2. The CPU switches from 16-bit Real Mode to 64-bit Protected Mode. The CPU executes a specific set of instructions to prepare the system for PEI to run

Answer 108

PEI initializes the system and prepares for the DXE. 1. The CPU and chipset are verified and fully initialized. 2. System memory is initialized, verified, and allocated. 3. PEI modules are loaded to allocate system resources. The DXE is initialized and the system is prepared to transition to DXE

Answer 109

DXE initializes configured devices, mounts drives, and prepares to boot the OS. 1. Device drivers are loaded into memory. 2. Hardware devices are initialized simultaneously (e.g., video card, network card, USB controllers). 3. System drives are mounted and initialized. The EFI boot manager is initialized

Answer 110

The BDS stage runs the EFI boot manager, which identifies the system's boot configuration settings and decides how to boot the system. 1. If an EFI System Partition (ESP) exists, the following process occurs: 1. On the ESP in the \EFI\Microsoft directory, the boot manager looks for and runs the bootmgfw.efi file. 2. The bootmgfw.efi looks for the BCD store in the same directory that contains a list of all Windows installations. 3. If only one installation exists, UEFI automatically loads it. If multiple installations exist, a list of bootable operating systems is displayed. 2. If no ESP exists, the boot manager uses Legacy BIOS mode to complete the boot sequence: 1. The MBR looks for and loads the bootmgr.exe program. 2. The bootmgr.exe program looks for the BCD store in either the C:\ directory or the System Reserved partition. 3. If only one installation exists, bootmgr.exe automatically loads the OS. If multiple installations exist, a list of bootable operating systems is displayed. At the beginning of the BDS stage, the UEFI interface is executed and the option to load the EFI Shell or enter the UEFI configuration is available

Answer 111

During TSL stage, the operating system loader is located and booted. 1. The BCD store is used to identify the location of the operating system loader (for Windows, the default location is C:\Windows\system32\winload.efi). 2. The operating system loader winload.efi is started. 3. Winload.efi then loads the following elements: 1. System registry 2. Ntoskrnl.exe Essential device drivers

Answer 112

After the operating system and devices are configured, the system waits for user logon. Following logon, the operating system is configured with user-specific settings. 1. Control of the system is passed to ntoskrnl.exe. 2. At this point, the Windows logo is displayed and ntoskrnl.exe: * Loads device drivers. * Starts services. * Configures the OS environment. 3. The wininit and winlogon programs run to allow user logon (at this point, the Welcome screen is displayed). Following logon, all remaining device drivers and user settings are loaded. In addition, the current configuration profile is copied to the Last Known Good Configuration registry

Answer 113

* Software bugs (errors in an application, the operating system, or driver code) * Corrupt or missing operating system files * Incorrect, corrupt, or incompatible device drivers * Overheated hardware * Failing hardware (memory, hard disk, or other component)

Answer 114

A Blue Screen of Death (BSOD), also called a stop error, is an error that is so severe that Windows can no longer continue to function. When this type of error occurs, the system will stop and display a blue screen with information related to the error. On Mac OS, you may see the cursor turn into a pinwheel and you can't do anything. This is sometimes called the Pinwheel of Death