CSCI 2150
Windows XP Troubleshooting

The purpose of this lab is to try out some of the features offered by Windows XP for maintenance and trouble shooting. They include:

• Installing, upgrading, and rolling back device drivers
• Examining the Windows event viewer
• Creating a boot diskette
• Using system restore

Device Drivers

A device driver is a file stored to your hard drive that contains the information the O/S needs in order to properly communicate with a device. Devices include just about every peripheral component of a PC such as displays, hard drives, CDROMs, and printers. Every operating system requires them, but they differ in how they are loaded and the interfaces they use.

Typically, when you purchase a peripheral for your computer, it comes with a device driver. If the device driver is out of date, e.g., it's for an older O/S or newer versions of the device driver have been released, or if the device driver that came with the peripheral has been lost, a new device driver can typically be downloaded from the Internet either through the Download Center of the Microsoft web site (www.microsoft.com) or the manufacturer's web site.

In the old days, i.e., long before Windows XP, device drivers could be loaded using a text file named CONFIG.SYS. This file was stored in the root directory of C:\, and upon boot up, it was examined for a list of devices to load. It was designed to work with the command line O/S DOS and is only applicable to 16-bit operation. Below is a sample of a CONFIG.SYS file:

DEVICE=C:\DRVRFILE.SYS /D:DEV_NAME

The "DEVICE=" part tells the processor when it's reading the CONFIG.SYS file that we're about to load a driver. The "C:\DRVRFILE.SYS" tells the processor that the driver file is named DRVRFILE.SYS and it is located in the root directory (\) of the C drive. The "/D:DEV_NAME" names the driver so that the O/S can identify it later once the driver has been loaded in memory.

With the onset of expanded and extended memory, the keyword "DEVICE" could be replaced with "DEVICEHIGH" in order to have the driver loaded into higher memory. CONFIG.SYS can be accessed in WinXP with the following steps. In the case of XP, it is more than likely that the CONFIG.SYS file is empty.

1. From the Start menu, select Run.
2. Type "sysedit" at the text cursor.
3. Pressing Enter or clicking on OK should open a window presenting at least four text files. One of these should be CONFIG.SYS.

With the advent of Windows 3.1 and the 32-bit architecture, Microsoft began using a text file named SYSTEM.INI to list drivers. It too had a special syntax that told the O/S what drivers to load and where they could be found. In general, an INI file is divided into sections using a section name enclosed in square brackets. The section name is followed by a line defining an element using the format "keyname=value".

[SectionName]
keyname=value
;comment

Note that the section names and each device listed must be on separate lines.

Device drivers can be loaded here by using the device's name as the keyname and the device driver file for the value. Typically, the default directory for these driver files is "C:\WINDOWS\system32".

[drivers]
wave=mmdrv.dll
timer=timer.drv

One of the other files that came up with SYSEDIT was the SYSTEM.INI file.

4. Select the SYSTEM.INI file from SYSEDIT in order to bring it to the front.
5. Identify the driver section and see which drivers are loaded using SYSTEM.INI.

SYSTEM.INI files are still included in XP for backwards compatibility with older Windows applications. In addition, a number of other applications use INI files of the format described above to set their parameters. There are classes available in VB and C++ that allow the program to quickly access information from an INI file making it possible to use INI files for your own application configurations.

The last method for loading drivers that we are going to look at is the Registry. Actually, the Windows Registry does a lot more than simply load drivers -- it is a database that includes things such as user options and last window size for applications in addition to device driver information. Like the INI files, classes are available to applications that allow them to modify the Registry.

Editing the Registry can be done in a number of ways. The easiest way is to use the applications found in "Control Panel". The following steps represent one of the many ways to access a device driver's information in the Registry:

6. From the Start menu, select "Control Panel."
   1. From the XP style Start menu, this is done by selecting the option "Control Panel."
   2. From the classic Start menu, this is done by going first to the "Settings" sub-menu, then selecting "Control Panel."
7. From Control Panel, there should be an icon titled "System." Double-clicking on this icon brings up a small window with tabs across the top.
8. Select the tab labeled "Hardware."
9. A third of the way down the hardware tab is a button labeled "Device Manager." Click on this button.
10. The Device Manager window should open showing a tree structure similar to that used to represent directories in Windows Explorer. At the root is the computer's name. Below the computer's name are the subsystems such as disk drives, display adaptors, and network adaptors.

11. Clicking on the '+' next to one of the subsystems expands the tree to reveal the devices installed in that category.

It is important to note here that this view not only presents users with information about the installed devices; it also shows if any errors have occurred. In general, there are two types of errors. An exclamation point on a yellow circle means that the device is experiencing a problem.

A red 'X' means that the device has been disabled. The red 'X' appears whether the O/S has disabled the device due to a problem or if the user has manually disabled the device.

12. By right-clicking on the device in question, a contextual menu should appear.

13. Clicking on each of the menu items reveals their purpose. (Note: Feel free to click on each option, but cancel the operation before modifying the driver.)
    1. "Update Driver..." prompts the user to select a method by which to search for a more up-to-date driver, then takes the user through the driver installation process. It can use either the Internet or a local CDROM or diskette.
       
       
       
       
    2. "Disable driver" disables the driver and places a red 'X' across the device's icon to indicate it has been disabled. The driver, however, is still available if the user wishes to enable it.
    3. "Uninstall driver" removes the driver from the system.
    4. "Scan for hardware changes" simply rescans the system to see if any hardware has been added or removed. One way to reinstall a device is to uninstall it, then select "Scan for hardware changes."
    5. "Properties" opens the properties window for that particular device. This new window has tabs along the top identifying general information, information and options for the device driver, details of the device, and the processor resources used by the device.
14. From this menu, select "Properties."
15. In the window that appears, select the driver tab. This should present the following window.

At the top of the device properties window is information on the driver provider, date, version, and digital signer. The digital signer identifies a device driver as having been tested and approved by Microsoft's Windows Hardware Quality Lab. Drivers without a signature can still be used as long as the user understands that there is a risk involved in doing so. The system may become unstable or unusable.

There are four buttons on this driver window that perform the following functions:

• "Driver Details" allows the user to see a list of the driver files used to access the device.
• "Update Driver" works just like the "Update Driver" menu selection described in step 13.
• "Roll Back Driver" allows the user to go back to a previously installed version of the device driver in case an update makes the system unusable.
• "Uninstall" works just like the "Uninstall driver" menu selection described in step 13.

16. Click on each of the buttons on the driver window to see what they do. Be sure to cancel the operation before making any modifications.
17. Click "Cancel" to close the properties window.

Windows Event Viewer

The Windows Event Viewer provides access to various log files that are maintained by the O/S. It is a useful tool when it comes to checking on the health of the O/S.

1. To open the Event Viewer, select "Administrative Tools" from the Control Panel and double-click on the Event Viewer shortcut.

The window that appears is similar in arrangement to Windows Explorer except that the directory tree is replaced with a list of the available log files and the files window is replaced with the events from the selected log file.

There are three log files: Application, Security, and System.

• Application -- a record of events regarding the operation of all applications running on the machine.
• Security -- a record of events regarding security features such as network services, firewall operation, and logon authentication.
• System -- a record of events regarding O/S services.

For the application and system logs, there are three types of events: information events, warning events, and error events.

• Information events identify the completion of successful operations.
• Warning events identify situations that may be of concern to the user such as running out of disk space.
• Error events identify critical situations that require attention. These usually take the form of an application that is locked up or a service that has failed.

The next step is to open a log file and view it.

2. To open the system log file, click on the word "System" beneath the Event Viewer (Local) icon in the left window of the Event Viewer. The figure below shows a sample of the events that might be available from the system log file.

Typically, a system that is working well should have mostly information events in the event viewer and very few warnings or errors.

3. The details of each event in the log file can be viewed by right-clicking on the event, then selecting "Properties" from the contextual menu. Do this now for one of the events in your log.

The security log works a little differently than the system and application logs. Specifically, there are only two types of events for a security log: Success audit and Failure audit.

• Success audit events indicate that a network or authentication operation was successful.
• Failure audit events indicate that a network or authentication operation failed.

The large number of events that usually are contained in a log can sometimes make it difficult to find the event that you are looking for. In this case, filters can be applied to make it so that only specific events are presented to the user.

4. From the View menu, select "Filter." The following window should appear.
   
   
   
   
5. From the filter window, examine the elements you can edit. These include the types of events, the source of the events (this list can be quite long), the category of events, the event ID, the user logged on at the time, the computer the event occurred on (used for monitoring computers over a network), and the date and time range for the events.

Any of the logs can be cleared by right clicking on the desired log name in the left window and selecting the option "Clear all Events."

Using system restore

A typical cause of O/S failure occurs when a modification is made to the system such as installing new software or installing a new driver. Microsoft has created an "undo" feature called "System Restore" that allows the user to revert the condition of their system back to an earlier state without damaging documents or other files that have been saved since that time. This is done by creating "restore points". A restore point is like a bookmark identifying the full state of the O/S and its installed applications at a specific time.

Restore points are created automatically for the user at least once a day and any time a significant change is made to the system such as installing an application or driver. The user can also create restore points manually.

1. From the Start menu, select All Programs --> Accessories --> System Tools --> System Restore. This should bring up a window like that shown below.
   
   
   
   
2. Select "Create a restore point."
3. Click "Next >."
4. At this point, you will be prompted for a name to give to the restore point. Any name will do so long as it uniquely identifies the point at which you are trying to identify.
5. Once you've entered the name, click on "Create" to save the restore point.

Now that a restore point has been created, it can be used later to restore the system.

6. Return to the System Restore application by selecting All Programs --> Accessories --> System Tools --> System Restore from the Start menu.
7. Select "Restore my computer to an earlier time."
8. Click "Next >."
9. At this point, a window will appear with a calendar prompting you to select a date containing a restore point and a second window identifying all of the restore points for that day.
   
   
   
   
10. (Note: You don't need to do this step.) Clicking "Next >" will restore the system to the restore point.

Once you've performed a system restore, the opening screen for System Restore adds a new option, "Undo my last restoration."

Developed by David Tarnoff for CSCI 2150 -- Computer Organization at ETSU