CSCI 2150
Windows XP Troubleshooting

The purpose of this lab is to try out some of the features offered by Windows XP for maintenance and trouble shooting. They include:

Device Drivers

A device driver is a file stored to your hard drive that contains the information the O/S needs in order to properly communicate with a device. Devices include just about every peripheral component of a PC such as displays, hard drives, CDROMs, and printers. Every operating system requires them, but they differ in how they are loaded and the interfaces they use.

Typically, when you purchase a peripheral for your computer, it comes with a device driver. If the device driver is out of date, e.g., it's for an older O/S or newer versions of the device driver have been released, or if the device driver that came with the peripheral has been lost, a new device driver can typically be downloaded from the Internet either through the Download Center of the Microsoft web site (www.microsoft.com) or the manufacturer's web site.

In the old days, i.e., long before Windows XP, device drivers could be loaded using a text file named CONFIG.SYS. This file was stored in the root directory of C:\, and upon boot up, it was examined for a list of devices to load. It was designed to work with the command line O/S DOS and is only applicable to 16-bit operation. Below is a sample of a CONFIG.SYS file:

DEVICE=C:\DRVRFILE.SYS /D:DEV_NAME

The "DEVICE=" part tells the processor when it's reading the CONFIG.SYS file that we're about to load a driver. The "C:\DRVRFILE.SYS" tells the processor that the driver file is named DRVRFILE.SYS and it is located in the root directory (\) of the C drive. The "/D:DEV_NAME" names the driver so that the O/S can identify it later once the driver has been loaded in memory.

With the onset of expanded and extended memory, the keyword "DEVICE" could be replaced with "DEVICEHIGH" in order to have the driver loaded into higher memory. CONFIG.SYS can be accessed in WinXP with the following steps. In the case of XP, it is more than likely that the CONFIG.SYS file is empty.

  1. From the Start menu, select Run.
  2. Type "sysedit" at the text cursor.
  3. Pressing Enter or clicking on OK should open a window presenting at least four text files. One of these should be CONFIG.SYS.

With the advent of Windows 3.1 and the 32-bit architecture, Microsoft began using a text file named SYSTEM.INI to list drivers. It too had a special syntax that told the O/S what drivers to load and where they could be found. In general, an INI file is divided into sections using a section name enclosed in square brackets. The section name is followed by a line defining an element using the format "keyname=value".

[SectionName]
keyname=value
;comment

Note that the section names and each device listed must be on separate lines.

Device drivers can be loaded here by using the device's name as the keyname and the device driver file for the value. Typically, the default directory for these driver files is "C:\WINDOWS\system32".

[drivers]
wave=mmdrv.dll
timer=timer.drv

One of the other files that came up with SYSEDIT was the SYSTEM.INI file.

  1. Select the SYSTEM.INI file from SYSEDIT in order to bring it to the front.
  2. Identify the driver section and see which drivers are loaded using SYSTEM.INI.

SYSTEM.INI files are still included in XP for backwards compatibility with older Windows applications. In addition, a number of other applications use INI files of the format described above to set their parameters. There are classes available in VB and C++ that allow the program to quickly access information from an INI file making it possible to use INI files for your own application configurations.

The last method for loading drivers that we are going to look at is the Registry. Actually, the Windows Registry does a lot more than simply load drivers -- it is a database that includes things such as user options and last window size for applications in addition to device driver information. Like the INI files, classes are available to applications that allow them to modify the Registry.

Editing the Registry can be done in a number of ways. The easiest way is to use the applications found in "Control Panel". The following steps represent one of the many ways to access a device driver's information in the Registry:

  1. From the Start menu, select "Control Panel."
    1. From the XP style Start menu, this is done by selecting the option "Control Panel."
    2. From the classic Start menu, this is done by going first to the "Settings" sub-menu, then selecting "Control Panel."
  2. From Control Panel, there should be an icon titled "System." Double-clicking on this icon brings up a small window with tabs across the top.
  3. Select the tab labeled "Hardware."
  4. A third of the way down the hardware tab is a button labeled "Device Manager." Click on this button.
  5. The Device Manager window should open showing a tree structure similar to that used to represent directories in Windows Explorer. At the root is the computer's name. Below the computer's name are the subsystems such as disk drives, display adaptors, and network adaptors.

  1. Clicking on the '+' next to one of the subsystems expands the tree to reveal the devices installed in that category.

It is important to note here that this view not only presents users with information about the installed devices; it also shows if any errors have occurred. In general, there are two types of errors. An exclamation point on a yellow circle means that the device is experiencing a problem.

A red 'X' means that the device has been disabled. The red 'X' appears whether the O/S has disabled the device due to a problem or if the user has manually disabled the device.

  1. By right-clicking on the device in question, a contextual menu should appear.

  1. Clicking on each of the menu items reveals their purpose. (Note: Feel free to click on each option, but cancel the operation before modifying the driver.)
    1. "Update Driver..." prompts the user to select a method by which to search for a more up-to-date driver, then takes the user through the driver installation process. It can use either the Internet or a local CDROM or diskette.



    2. "Disable driver" disables the driver and places a red 'X' across the device's icon to indicate it has been disabled. The driver, however, is still available if the user wishes to enable it.
    3. "Uninstall driver" removes the driver from the system.
    4. "Scan for hardware changes" simply rescans the system to see if any hardware has been added or removed. One way to reinstall a device is to uninstall it, then select "Scan for hardware changes."
    5. "Properties" opens the properties window for that particular device. This new window has tabs along the top identifying general information, information and options for the device driver, details of the device, and the processor resources used by the device.
  2. From this menu, select "Properties."
  3. In the window that appears, select the driver tab. This should present the following window.

At the top of the device properties window is information on the driver provider, date, version, and digital signer. The digital signer identifies a device driver as having been tested and approved by Microsoft's Windows Hardware Quality Lab. Drivers without a signature can still be used as long as the user understands that there is a risk involved in doing so. The system may become unstable or unusable.

There are four buttons on this driver window that perform the following functions:

  1. Click on each of the buttons on the driver window to see what they do. Be sure to cancel the operation before making any modifications.
  2. Click "Cancel" to close the properties window.

Windows Event Viewer

The Windows Event Viewer provides access to various log files that are maintained by the O/S. It is a useful tool when it comes to checking on the health of the O/S.

  1. To open the Event Viewer, select "Administrative Tools" from the Control Panel and double-click on the Event Viewer shortcut.

The window that appears is similar in arrangement to Windows Explorer except that the directory tree is replaced with a list of the available log files and the files window is replaced with the events from the selected log file.

There are three log files: Application, Security, and System.

For the application and system logs, there are three types of events: information events, warning events, and error events.

The next step is to open a log file and view it.

  1. To open the system log file, click on the word "System" beneath the Event Viewer (Local) icon in the left window of the Event Viewer. The figure below shows a sample of the events that might be available from the system log file.

Typically, a system that is working well should have mostly information events in the event viewer and very few warnings or errors.

  1. The details of each event in the log file can be viewed by right-clicking on the event, then selecting "Properties" from the contextual menu. Do this now for one of the events in your log.

The security log works a little differently than the system and application logs. Specifically, there are only two types of events for a security log: Success audit and Failure audit.

The large number of events that usually are contained in a log can sometimes make it difficult to find the event that you are looking for. In this case, filters can be applied to make it so that only specific events are presented to the user.

  1. From the View menu, select "Filter." The following window should appear.



  2. From the filter window, examine the elements you can edit. These include the types of events, the source of the events (this list can be quite long), the category of events, the event ID, the user logged on at the time, the computer the event occurred on (used for monitoring computers over a network), and the date and time range for the events.

Any of the logs can be cleared by right clicking on the desired log name in the left window and selecting the option "Clear all Events."

Creating a Boot Diskette

When you turn on a PC, there is a process that the processor goes through in order to run an operating system such as Microsoft WindowsTM.

  1. Internal processor initialization
  2. BIOS or bootstrap
  3. Loading of operating system
  4. Loading of higher level drivers

When a microprocessor first boots up, it has no clue. I'm serious. It's dumb as a rock. The first thing it needs to do is bring up its internal circuitry and initialize its internal components. It does this as soon as it senses that the appropriate power is available from the motherboard.

Once the processor has "come to", it needs to get some basic information such as how to access the hard drive or the floppy drive in order to load an operating system. This may seem trivial to you, but remember, it's dumb as a rock. Without code to execute, the processor is not capable of doing anything.

The processor finds this basic code to do simple input and output from its BIOS. BIOS stands for Basic Input/Output System, and it contains primitive software that shows the processor how to read from or write to devices such as the hard drive. Later BIOS's were capable of reading from CDROMs or a network adaptor.

Once the BIOS has shown the processor how to access the hard drive or other media where the operating system is contained, the operating system can be loaded. The operating system contains the higher level software that allows the user to do things like:

Once the operating system is running, you need to load the "details." This would include things like device drivers.

Since a computer cannot run without an operating system, how does a computer with a blank hard drive start so that you can load an operating system? Well, in the lab we used bootable CDROMs, but there is an easier way to create a bootable device. Back in the old days, an entire O/S could be contained on a single floppy diskette. Although the O/S that was loaded from a diskette was only capable of command line operation, it could be very useful when trying to recover from an error in an O/S installed on a hard drive.

A floppy disk containing a bootable O/S is called a boot diskette, and they are still useful for things such as partitioning hard drives or initiating a network boot on a machine with a BIOS that is not capable of a network boot.

Due to the size of the operating system even for command line operation, Windows NT and Windows 2000 did not allow users to make a bootable diskette. Windows XP, however, has brought back the option.

Warning: All of the data on the diskette you will be using for this part of the lab will be destroyed.

  1. Place your diskette into the floppy disk drive.
  2. Open Windows Explorer.
  3. In Explorer, right-click on the drive labeled "3½ Floppy (A:)".
  4. From the contextual menu that appears, select "Format." This should bring up a small window for formatting the A: drive.



  5. Click on the checkbox to "Create an MS-DOS startup disk."
  6. Click on the button labeled "Start" to create the diskette.
  7. After a minute or two of grinding, the formatting should be complete and a window similar to the one below should appear.



  8. Close all three windows once you are finished formatting the diskette.
  9. To test your diskette (this is optional), reboot the machine with the diskette in the A: drive. If the machine does not boot to a command line, verify that the A: drive comes before the hard drive in the boot sequence option of the BIOS setup.

Using system restore

A typical cause of O/S failure occurs when a modification is made to the system such as installing new software or installing a new driver. Microsoft has created an "undo" feature called "System Restore" that allows the user to revert the condition of their system back to an earlier state without damaging documents or other files that have been saved since that time. This is done by creating "restore points". A restore point is like a bookmark identifying the full state of the O/S and its installed applications at a specific time.

Restore points are created automatically for the user at least once a day and any time a significant change is made to the system such as installing an application or driver. The user can also create restore points manually.

  1. From the Start menu, select All Programs --> Accessories --> System Tools --> System Restore. This should bring up a window like that shown below.



  2. Select "Create a restore point."
  3. Click "Next >."
  4. At this point, you will be prompted for a name to give to the restore point. Any name will do so long as it uniquely identifies the point at which you are trying to identify.
  5. Once you've entered the name, click on "Create" to save the restore point.

Now that a restore point has been created, it can be used later to restore the system.

  1. Return to the System Restore application by selecting All Programs --> Accessories --> System Tools --> System Restore from the Start menu.
  2. Select "Restore my computer to an earlier time."
  3. Click "Next >."
  4. At this point, a window will appear with a calendar prompting you to select a date containing a restore point and a second window identifying all of the restore points for that day.



  5. (Note: You don't need to do this step.) Clicking "Next >" will restore the system to the restore point.

Once you've performed a system restore, the opening screen for System Restore adds a new option, "Undo my last restoration."

Developed by David Tarnoff for CSCI 2150 -- Computer Organization at ETSU