In this chapter, you will learn how to
• Troubleshoot boot problems
• Troubleshoot GUI problems
• Troubleshoot application problems
This chapter looks at operating system problems from the ground up. It starts with catastrophic failure—a personal computer that won’t boot—and then discusses ways to get past that problem. The next section covers the causes and workarounds when the GUI fails to load. Once you can access the GUI, the many diagnostic and troubleshooting tools that you’ve spent so much time learning about come to your fingertips. The chapter finishes with a discussion on application problems.
The CompTIA A+ 902 exam focuses primarily on troubleshooting in Windows, so the basic structure of this chapter follows that example. We’ll look first at various issues through the prism of a PC tech working on modern Windows versions, then, when applicable, discuss the symptom, tools, and techniques in Mac OS X and Linux.
Mac OS X and Linux systems have the same problems you’ll find in Windows, such as hardware failure, system and driver flaws, and buggy applications. The differences among the three OS families when troubleshooting are stark.
A ton of companies manufacture hardware and write software for Windows. The resulting heterogeneous ecosystem (that is, a lot of variety) of Windows greatly expands on the number of possibilities for what could be causing problems in any system.
Because Apple has always sharply controlled the hardware and drivers used with Mac OS X, hardware flaws are easier to diagnose. The same can be said with OS X and application problems. Mac OS X has a more homogeneous ecosystem (that is, not a lot of variety) than Windows. Aside from upgrading RAM, most Mac OS X machines get few hardware updates and thus dodge problems that dog Windows machines. Likewise, Apple provides a lot of excellent productivity software with the basic OS X system, so most users have little incentive to add much additional software. This avoids problems too.
Linux production machines—generally servers—often lack the excess complexity of Windows or Mac OS X systems and just work solidly. When you switch to the enthusiast or dabbler systems that most of us use, on the other hand, they have all kinds of problems. That’s because the most common of those systems use random spare parts from old Windows machines. You get what you pay for, I suppose.
Let’s dive into troubleshooting now.
When a computer fails to boot, you need to determine whether the problem relates to hardware or software. You’ll recall from Chapter 10, “Implementing Hard Drives,” that a hard drive needs proper connectivity and power, and that CMOS must be configured correctly. If not, you’ll get an error like the one in Figure 17-1. We’ll look more closely at these sorts of scenarios in the first part of this section as a refresher.
Figure 17-1 If you see this screen, the problem is with hardware. Windows hasn’t even started trying to boot.
But after the drive powers on and the POST completes successfully, the computer tries to boot to an OS. Failure at this point gives you an entirely different set of errors, such as BOOTMGR is missing (see Figure 17-2). You need a totally different set of tools from the ones used to troubleshoot hardware or CMOS issues.
Figure 17-2 Scary error
Most failed-boot scenarios require you to determine where the fault occurred: with the hardware and configuration, or in Windows. This is a pretty straightforward problem. Imagine that a user calls and says “My PC won’t boot” or “My computer is dead.” At this point, your best tools are knowledge of the boot process and asking lots of questions. Here are some I use regularly:
“What displays on the screen—if anything—after you press the power button on the case?”
“What do you hear—if anything—after you press the power button on the case?”
“Is the PC plugged in?”
“Do you smell anything weird?”
Hardware problems can give you a blank screen on boot-up, so you follow the tried-and-true troubleshooting methodology for hardware. Make sure everything is plugged in and turned on. If the PC is new, as in less than 30 days old, you know it might have suffered a burn-in failure. If the customer smells something, one of the components might have fried. Try replacing with known good devices: RAM, power supply, CPU, hard drive, motherboard.
If the user says that the screen says “No boot device detected” and the system worked fine before, it could mean something as simple as the computer has attempted to boot to an incorrect device, such as to something other than the primary hard drive. This scenario happens all the time. Someone plugs a thumb drive into a USB port and the CMOS is configured to boot to removable media before hard drives—boom! “No boot device detected” error. The first few times it happened to me, I nearly took my machine apart before experiencing that head-slapping moment. I removed the thumb drive and then watched Windows boot normally.
For some reason known only to CompTIA, they left very specific Windows XP references in the 902 exam objectives, specifically about boot error messages and tools for fixing those errors. Rather than just having you memorize a string of exam questions—that CompTIA undoubtedly will change after getting pushback from companies, customers, and technologies—here’s a short scoop on Windows XP failure-to-boot moments.
EXAM TIP When you reach this section of the book, check the latest CompTIA 902 exam objectives (download from www.comptia.org). Search for these five terms:
• Missing NTLDR
• Missing Boot.ini
• Recovery console
• Automated system recovery
• Emergency repair disk (this one refers only to Windows NT/2000 computers from last century)
If the terms are thankfully missing, then just skip this section and go on about your business prepping for the exam.
[Imagine yourself in a different age, a different time, in a simpler world …]
Windows XP boot errors take place in those short moments between the time POST ends and the Loading Windows screen begins. For Windows XP to start loading the main operating system, the critical system files ntldr, ntdetect.com, and boot.ini must reside in the root directory of the C: drive, and boot.ini must point to the Windows boot files. In a scenario where any of these requirements isn’t in place, the system won’t get past this step. Here are some of the common error messages you see at this point:
No Boot Device Present
NTLDR Bad or Missing
Invalid BOOT.INI
These text errors take place very early in the startup process. That’s your big clue that you have a boot issue. If you get to the Windows splash screen and then the computer locks up, that’s a whole different game, so know the difference.
EXAM TIP The CompTIA A+ 902 exam objectives describe these error messages as “Missing NTLDR” and “Missing Boot.ini.” The intent is the same, so don’t be surprised by the slight difference in wording.
If you are in a failure-to-boot scenario where you get one of the catastrophic error messages with a Windows XP system, you have a three-level process to get back up and running. You first should attempt to repair. If that fails, attempt to restore from a backup copy of Windows. If restore either is not available or fails, your only recourse is to rebuild. You will lose data at the restore and rebuild phases, so you definitely want to spend a lot of energy on the repair effort first! Follow this process when faced with a corrupted system files or a missing operating system.
To begin troubleshooting one of these errors, boot from the installation CD-ROM. You have three options from the initial screen: set up Windows XP, repair using the Recovery Console, and quit Setup (see Figure 17-3). The Recovery Console provides a command-line interface for working with Windows before the GUI starts. Press R to start the Recovery Console.
Figure 17-3 Initial Windows XP Setup screen
When you select the Recovery Console, you will see a message about ntdetect, another message that the Recovery Console is starting up, and then you are greeted with the following message and command prompt:
The cursor is a small, white rectangle sitting to the right of the question mark on the last line. If you are not accustomed to working at the command prompt, this may be disorienting. If there is only one installation of Windows XP on your computer, type the number 1 at the prompt and press the ENTER key. If you press ENTER before typing in a valid selection, the Recovery Console will cancel and the computer will reboot. The only choice you can make in this example is 1. Having made that choice, the screen displays a new line, followed by the cursor:
Enter the Administrator password for that computer and press ENTER. The password does not display on the screen; you see asterisks in place of the password. The screen still shows everything that has happened so far, unless something has happened to cause an error message. It now looks like this:
By now, you’ve caught on and know that there is a rectangular prompt immediately after the last line. Now what do you do? Use the Recovery Console commands, of course. The Recovery Console uses many of the commands that work in the Windows command-line interface that you explored in Chapter 16, “Working with the Command-Line Interface,” as well as some commands uniquely its own. Table 17-1 lists common Recovery Console commands.
Table 17-1 Common Recovery Console commands
The Recovery Console shines in the business of manually restoring Registries, stopping problem services, rebuilding partitions (other than the system partition), and using the expand program to extract copies of corrupted files from an optical disc or floppy disk.
Using the Recovery Console, you can reconfigure a service so that it starts with different settings, format partitions on the hard drive, read and write on local FAT or NTFS partitions, and copy replacement files from a floppy disk or optical disc. The Recovery Console enables you to access the file system and is still constrained by the file and folder security of NTFS, which makes it a more secure tool to use than some third-party solutions.
The Recovery Console also works great for fixing three items: repairing the MBR, reinstalling the boot files, and rebuilding boot.ini. Let’s look at each of these.
A bad boot sector usually shows up as a No Boot Device error. If it turns out that this isn’t the problem, using the Recovery Console command to fix it won’t hurt anything. At the Recovery Console prompt, just type
This fixes the master boot record.
Missing system files are usually indicated by the error NTLDR bad or missing. Odds are good that if ntdlr is missing, so are the rest of the system files. To fix this, get to the root directory (cd\—remember that from Chapter 16?) and type the following line (substituting the drive letter of the optical drive for d: in the example):
Then type this line:
This takes care of two of the big three and leads us to the last issue, rebuilding boot.ini. If the boot.ini file is gone or corrupted, run this command from the Recovery Console:
The Recovery Console will try to locate all installed copies of Windows and ask you if you want to add them to the new boot.ini file it’s about to create. Say yes to the ones you want.
If all goes well with the Recovery Console, do a thorough backup as soon as possible (just in case something else goes wrong). If the Recovery Console does not do the trick, the next step is to restore Windows XP.
If you’ve been diligent about backing up, you can attempt to restore to an earlier, working copy of Windows. Assuming you made an Automated System Recovery (ASR) backup, this will restore your system to a previously installed state, but you should use it as a last resort. You lose everything on the system that was installed or added after you created the ASR disk. If that’s the best option, though, follow the steps in the ASR wizard.
NOTE To use the Windows XP System Restore, you need to be able to get into Windows. In this context, “restore” means it gives you a way to get into Windows.
If faced with a full system rebuild, you have several options, depending on the particular system. You could simply reboot to the Windows CD-ROM and install right on top of the existing system, but that’s usually not the optimal solution. To avoid losing anything important, you’d be better off swapping the C: drive for a blank hard drive and installing a clean version of Windows.
Most OEM systems come with a misleadingly named Recovery CD or recovery partition. The Recovery CD is a CD-ROM that you boot to and run. The recovery partition is a hidden partition on the hard drive that you activate at boot by holding down a key combination specific to the manufacturer of that system. (See the motherboard manual or users’ guide for the key combination and other details.) Both “recovery” options do the same thing—restore your computer to the factory-installed state. If you run one of these tools, you will wipe everything off your system—all personal files, folders, and programs will go away! Before running either tool, make sure all important files and folders are backed up on an optical disc or spare hard drive.
[Let us return now to the present. Cue Modern Windows on camera 2.]
Two critical boot files risk corruption in Windows, bootmgr and bcd, both of which you can fix with one tool, bcdedit. You can use this tool in the Windows Recovery Environment.
With Windows Vista, Microsoft upgraded the installation environment from the 16-bit text mode environment used in every previous version of Windows to 32- and 64-bit. This upgrade enabled the Windows installation process to go graphical and support features such as a mouse pointer and clickable elements, rather than relying on command-line tools. Microsoft calls the installation environment the Windows Preinstallation Environment (WinPE or Windows PE).
With Windows PE, you boot directly to the Windows DVD. This loads a limited-function graphical operating system that contains both troubleshooting and diagnostic tools, along with installation options. The Windows installation media is called a Live DVD because WinPE loads directly from disc into memory and doesn’t access or modify the hard drive.
NOTE Although here I discuss only how WinPE helps boot repair, know that WinPE goes much further. WinPE can assist unattended installations, network installations, and even booting diskless workstations on a network.
When you access Windows PE and opt for the troubleshooting and repair features, you open a special set of tools called the Windows Recovery Environment (WinRE or Windows RE). The terms can get a little confusing because of the similarity of letters, so mark this: Windows RE is the repair tools that run within Windows PE. WinPE powers WinRE. Got it? Let’s tackle WinRE.
EXAM TIP Microsoft also refers to the Windows Recovery Environment as the System Recovery Options menu.
It would be unfair to say that the Windows Recovery Environment only replaces the Recovery Console. WinRE includes an impressive, powerful set of both automated and manual utilities that collectively diagnose and fix all but the most serious of Windows boot problems. Although WinRE does all the hard work for you, you still need to know how to access and use it. When faced with a failure-to-boot scenario in modern versions of Windows, WinRE is one of your primary tools.
In Windows 7, you can access WinRE in three ways (See next Exam Tip for Windows Vista options). First, you can boot from the Windows installation media and select Repair. Second, you can use the Repair Your Computer option on the Advanced Boot Options (F8) menu (see Figure 17-4). Third, you can create a system repair disc or system image before you have problems. Go to Control Panel | System and Security | Backup and Restore and select Create a system repair disc or select Create a system image.
Figure 17-4 Selecting Repair Your Computer in the Advanced Boot Options menu
Windows 8/8.1 do not have the F8 Advanced Boot Options by default, nor a Backup and Restore applet. Instead, you create a recovery drive on a 16 GB+ USB flash drive by accessing the Recovery applet in Control Panel (see Figure 17-5). Advanced Boot Options is still there, mind you, but Microsoft removed the easy access via the F8 key. Boot to the recovery drive to access WinRE. (You can get to WinRE in several ways once you have access to the Windows Desktop, but this section assumes you can’t get there yet.)
Figure 17-5 Making a recovery drive in Windows 8.1
EXAM TIP Windows Vista does not have the Repair Your Computer option on the Advanced Boot Options menu. You can either use Windows installation media or, if you have SP1 or later, make a bootable system repair disc.
Although any of these methods works fine, I recommend that you access WinRE from the Windows installation media or the dedicated recovery drive for three reasons:
• The hard drive can be so messed up that you won’t make it to the Advanced Boot Options menu.
• Accessing WinRE using the Repair Your Computer option in the Advanced Boot Options menu requires a local administrator password.
• Using a bootable disc/USB flash drive enables you to avoid any malware that might be on the system.
The look and feel of Windows RE differs a lot between Windows Vista/7 and Windows 8/8.1/10, although you’ll find similar options in both. Windows Vista/7 WinRE has a simple interface (see Figure 17-6) with five options:
Figure 17-6 Recovery Environment main screen in Windows 7
• Startup Repair
• System Restore
• System Image Recovery (Windows 7) or Windows Complete PC Restore (Vista)
• Windows Memory Diagnostic or Windows Memory Diagnostic Tool (Vista)
• Command Prompt
The name of the third option differs between Windows 7 and Windows Vista, though the intent—rebuilding from a backup—is the same. I’ll talk about how these options differ a little later in the chapter.
Windows 8/8.1/10 WinRE offers fewer choices initially. The first screen requires you to choose a language, and then you get to the main menu (see Figure 17-7) with two options:
Figure 17-7 Recovery Environment main screen in Windows 8.1
• Troubleshoot
• Turn off your PC
Click on the Troubleshoot option to see three more options (see Figure 17-8):
Figure 17-8 WinRE Troubleshoot screen in Windows 8.1
• Refresh your PC
• Reset your PC
• Advanced options
Understanding Refresh and Reset is critically important for troubleshooting and rebuilding a Windows 8/8.1/10 PC. We’ll discuss these options in a moment.
Clicking on Advanced options reveals another menu (see Figure 17-9) that shows a lot of the same options you see in Windows Vista/7:
Figure 17-9 WinRE Advanced options screen in Windows 8.1
• System Restore
• System Image Recovery
• Startup Repair
• Command Prompt
• UEFI Firmware Settings (available if your motherboard uses UEFI rather than classic BIOS)
EXAM TIP Make sure you know how to access the Windows Recovery Environment and what each of the available tools does.
Startup Repair The Startup Repair utility serves as a one-stop, do-it-all option (see Figure 17-10). When run, it performs a number of repairs, including:
Figure 17-10 Startup Repair in action
• Repairs a corrupted Registry by accessing the backup copy on your hard drive
• Restores critical boot files
• Restores critical system and driver files
• Rolls back any non-working drivers
• Uninstalls any incompatible service packs and patches
• Runs chkdsk
• Runs a memory test to check your RAM
Startup Repair fixes almost any Windows boot problem. In fact, if you have a system with one hard drive containing a single partition with Windows Vista or Windows 7 installed, you’d have trouble finding something Startup Repair couldn’t fix. Upon completion, Startup Repair shows the screen shown in Figure 17-11.
Figure 17-11 Startup Repair complete; no problems found
Note the link in Figure 17-11 that says View diagnostic and repair details. This opens a text file called srttrail.txt that lists exactly what the program found, what it fixed, and what it failed to do. It may look cryptic, but you can type anything you find into Google for more information. I’ve reproduced the beginning of the (very long) srttrail.txt file here:
NOTE The View advanced options for system recovery and support link simply returns you to the main screen.
In Windows 7 and later, Startup Repair starts automatically if your system detects a boot problem. If you power up a Windows system and see the screen shown in Figure 17-12, Windows has detected a problem in the startup process.
Figure 17-12 Windows Error Recovery
Personally, I think this menu pops up way too often. If you fail to shut down your computer properly, for example, this menu appears. In this case, you can save time by booting normally. When in doubt, however, go ahead and run Startup Repair. It can’t hurt anything.
A powerful tool like Startup Repair still doesn’t cover everything. You may have specific needs that require more finesse than a single, do-it-all approach. In many cases, you’ve already discovered the problem and simply want to make a single fix. You might want to perform a system restoration or check the memory. For this, we’ll need to explore the other four options available in WinRE.
EXAM TIP If you have trouble booting your computer, you should try Startup Repair first.
System Restore System Restore does the same job here it has done since Microsoft first introduced it in Windows Me, enabling you to go back to a time when your computer worked properly. Placing this option in Windows RE gives those of us who make many restore points—snapshots of a system at a given point of time—a quick and handy way to return our systems to a previous state (see Figure 17-13).
Figure 17-13 System Restore point
System Image Recovery/Windows Complete PC Restore Windows 7 and later backup tools differ from tools in Windows Vista. Note Figure 17-14, which shows the Windows Vista Recovery Environment menu on the left next to the Windows 7 Recovery Environment menu on the right. The third WinRE option differs. Windows Vista uses the Windows Complete PC Restore utility, whereas Windows 7 and later include the System Image Recovery tool.
Figure 17-14 The WinRE options in Windows Vista (left) and Windows 7 (right)
With an image in hand, you can use the Windows Complete PC Restore/System Image Recovery tool to restore your system after a catastrophe.
If you have the drive containing the system image plugged in when you first run the wizard, it should detect your latest backup and present you with the dialog box shown in Figure 17-15. If it doesn’t list a system image or it lists the wrong one, you can select an image from another date on the same disk or even a remote network share.
Figure 17-15 Selecting a system image
After you select the image you want to restore, the utility presents you with a few more options, as shown in Figure 17-16. Most importantly, you can choose to format and repartition disks. With this option selected, the utility wipes out the existing partitions and data on all disks so the restored system will get the same partitions that the backed-up system had.
Figure 17-16 Additional restore options
After you click Finish on the confirmation screen (see Figure 17-17), which also contains a final warning, the restore process begins (see Figure 17-18). The utility removes the old system data and then copies the backed-up system image to the hard drive(s). Once the process completes, your system reboots and should start up again with all of your data and programs just where you left them when you last backed up.
Figure 17-17 Confirming your settings
Figure 17-18 Restoring your computer
Windows Memory Diagnostic (Tool) Bad RAM causes huge problems for any operating system, creating scenarios where computers get Blue Screens of Death (BSoDs), system lockups, and continuous reboots. Starting with Windows Vista, Microsoft added a memory tester to the Windows Recovery Environment. When you click the Windows Memory Diagnostic (Tool) link from the main WinRE screen, it prompts you to Restart now and check for problems (recommended) or Check for problems the next time I start my computer (see Figure 17-19). It doesn’t really matter which option you choose, but if you think you need to test the system’s RAM, that probably means you should do it now.
Figure 17-19 Windows Memory Diagnostic screen
Once you restart, your system immediately starts running the Windows Memory Diagnostic Tool, as shown in Figure 17-20. While the program runs, you can press F1 to see the Memory Tester options (see Figure 17-21).
Figure 17-20 Windows Memory Diagnostic Tool running
Figure 17-21 Windows Memory Diagnostic Tool options
The tool lists three important Test Mix options at the top of the screen: Basic, Standard, and Extended. Basic runs quickly (about one minute) but performs only light testing. Standard, the default choice, takes a few minutes and tests more aggressively. Extended takes hours (you should let it run overnight), but it will very aggressively test your RAM.
NOTE You can also find the Windows Memory Diagnostic Tool in the Control Panel under System and Security | Administrative Tools, or start it from an administrative command prompt using the mdsched command.
This tool includes two other options: Cache and Pass Count. The Cache option enables you to set whether the tests use the CPU’s built-in cache as well as override the default cache settings for each test type. Simply leave Cache set at Default and never touch it. Pass Count sets the number of times each set of tests will run. This option defaults to 2.
After the tool runs, your computer reboots normally. You can open Event Viewer to see the results (see Figure 17-22).
Figure 17-22 Event Viewer results
Sadly, I’ve had rather poor results with the Windows Memory Diagnostic Tool. We keep lots of bad RAM around the labs here at Total Seminars, and, when put to the test, we were unable to get this tool do anything other than give us a BSoD or lock up the system. We still turn to tried-and-tested tools such as the free Memtest86+ when we’re worried about bad RAM.
NOTE You can find out more about Memtest86+ at www.memtest.org.
Command Prompt and bootrec The last, most interesting, and easily nerdiest option in the WinRE menu is Command Prompt. The WinRE command prompt is a true 32- or 64-bit prompt that functions similarly to the regular cmd.exe shell in Windows. WinRE’s command prompt, however, includes an important utility (bootrec) that you can’t find in the regular command prompt. The WinRE command prompt also lacks a large number of the command-prompt tools you’d have in a regular Windows command prompt (though all the important ones remain). Let’s begin by looking at the bootrec command. After that, we’ll look at some other utilities that the WinRE command prompt offers.
NOTE The Startup Repair tool runs many of these command-prompt utilities automatically. You need to use the WinRE command prompt only for unique situations where the Startup Repair tool fails.
It’s important for you to understand that the CompTIA A+ exams do not expect you to know everything about all these command-prompt utilities. The CompTIA A+ exams expect that you do know these things, however:
• Which utilities are available and their names
• How to access these utilities (WinRE in particular)
• What these utilities basically do
• Some of the basic switches used for these utilities
• With higher-level support, that you can fix computers using these tools (being led by a specialist tech over the phone, for example)
With that attitude in mind, let’s take a look at probably the most important command to use in WinRE’s command prompt, bootrec.
The bootrec command is a Windows Recovery Environment troubleshooting and repair tool that repairs the master boot record, boot sector, or BCD store. It replaced the old fixboot and fixmbr Recovery Console commands and adds two more repair features:
• bootrec /fixboot Rebuilds the boot sector for the active system partition
• bootrec /fixmbr Rebuilds the master boot record for the system partition
• bootrec /scanos Looks for Windows installations not currently in the BCD store and shows you the results without doing anything
• bootrec /rebuildmbr Looks for Windows installations not currently in the BCD store and gives you the choice to add them to the BCD store
NOTE Boot configuration data (BCD) files contain information about operating systems installed on a computer. In Microsoft speak, that information is called a store or BCD store.
You use a tool called bcdedit to see how Windows boots. Running bcdedit by itself (without switches) shows the boot options. The following boot information comes from a system with a single copy of Windows installed. Note there are two sections: the Windows Boot Manager section describes the location of bootmgr, and the Windows Boot Loader section describes the location of the winload.exe file.
To make changes to the BCD store, you need to use switches:
• bcdedit /export <filename> exports a copy of the BCD store to a file. This is a very good idea whenever you use bcdedit!
• bcdedit /import <filename> imports a copy of the BCD store back into the store.
If you look carefully at the previous bcdedit output, you’ll notice that each section has an identifier such as {bootmgr} or {current}. You can use these identifiers to make changes to the BCD store using the /set switch. Here’s an example:
This changes the path of the {current} identifier to point to an alternative winload.exe.
The bcdedit command supports multiple OSs. Notice how this BCD store has three identifiers: {bootmgr}, {current}, and {ntldr}—a fairly common dual-boot scenario.
A BCD store like this will cause the menu shown in Figure 17-23 to pop up at boot.
Figure 17-23 bootmgr showing available versions of Windows
The command prompt also includes diskpart, a fully featured partitioning tool. This tool lacks many of the safety features built into Disk Management, so proceed with caution. You can, for example, delete any partition of any type at any time. Starting diskpart opens a special command prompt as shown here:
You can list volumes (or partitions on Basic disks):
Select a volume to manipulate (you may also select an entire drive):
You can run commands at the diskpart prompt to add, change, or delete volumes and partitions on drives, mount or dismount volumes, and even manipulate software-level RAID arrays.
Refresh Your PC The Windows RE option to Refresh your PC in Windows 8 and later rebuilds Windows, but preserves all user files and settings and any applications purchased from the Windows Store. Note well: Refresh deletes every other application on your system.
Reset Your PC The Reset your PC option nukes your system—all apps, programs, user files, user settings—and presents a fresh installation of Windows. Use Reset as the last resort when troubleshooting a PC. And back up your data first.
Mac OS X offers a power recovery tool called OS X Recovery that enables you rebuild a Mac with a reboot and key combination. Hold down command + R at boot to access the Recovery environment. This enables a full Reset, but also gives options for other tools for troubleshooting. Note that CompTIA refers to the feature as Image recovery.
Linux offers two common boot managers: GRUB and LILO. Everyone uses GRUB these days; LILO is older, simpler, and doesn’t support UEFI BIOS systems.
If GRUB gets corrupted or deleted, Linux won’t start and you’ll get a “Missing GRUB” error message at boot. Similarly, on older systems you’d get a “Missing LILO” error message.
You have a couple of options to fix this problem. For GRUB2-based systems, boot to the OS media disc (the Live DVD) and let it “install” into memory. In other words, don’t install it to the hard drive. From there, you can access the Terminal and run the sudo grub-install command (along with the location of the boot drive) to repair.
Assuming that Windows gets past the boot part of the startup, it continues to load the graphical Windows OS. You will see the Windows startup image on the screen, hiding everything until Windows gets to the Login screen (see Figure 17-24). Once you log in, you’ll get the Windows Desktop or the Start screen, depending on which version of Windows you have.
Figure 17-24 Login screen
Several issues can create a scenario where Windows fails to start normally. Windows can hang because of buggy device drivers or Registry problems. Even autoloading programs can cause Windows to hang on load. The first step in troubleshooting these sorts of scenarios is to use one of the Advanced Startup options (covered later in the chapter) to try to get past the hang spot and into Windows.
EXAM TIP If faced with a scenario where the GUI files have become corrupted, what CompTIA calls a “Missing Graphical Interface” problem, your only choices are to restore from backup or rebuild from the installation media or a recovery drive.
Device driver problems that stop Windows from loading look pretty sad. Figure 17-25 shows a Windows Stop error, better known as the Blue Screen of Death (BSoD). The BSoD only appears when something causes an error from which Windows cannot recover. The BSoD is not limited to device driver problems, but device drivers are one of the reasons you’ll see the BSoD.
Figure 17-25 BSoD in Windows 8.1
Whenever faced with a scenario where you get a BSoD, read what it says. Windows BSoDs tell you the name of the file that caused the problem and usually suggests a course of action. Once in a while these are helpful.
BSoD problems due to device drivers almost always take place immediately after you’ve installed a new device and rebooted. Take out the device and reboot. If Windows loads properly, head over to the manufacturer’s Web site. A new device producing this type of problem is a serious issue that should have been caught before the device was released. In many cases, the manufacturer will have updated drivers available for download or will recommend a replacement device.
EXAM TIP Viruses can cause Windows to fail to start normally or make it appear to be missing. A nasty one running around recently, for example, caused what appeared to be a BSoD warning of imminent hard drive controller failure. Even after getting rid of the virus, Windows appeared devoid of any graphical elements at all: no Start button, icons, or files even in Computer. That’s because the virus had changed the attributes of every file and folder on the hard drive to hidden! See Chapter 28, “Securing Computers,” for recovery techniques for virus-attacked computers.
The second indication of a device problem that manifests during the final part of startup is a freeze-up: the Windows startup screen just stays there and you never get a chance to log on. If this happens, try one of the Advanced Startup Options, covered following the Registry.
Device drivers can trip up Linux systems too, causing their own form of BSoD, called a kernel panic. The fix follows along the same lines as for Windows—go to the manufacturer’s Web site and find updated drivers or kernel modules (code that gets inserted directly into the kernel).
Note that failing hardware can create kernel panic in Mac OS X and Linux and bring the system down. Kernel panic in Mac OS X is demonstrated by a black or gray screen of death and is, I assure you, a terrifying moment to experience.
EXAM TIP The spinning pinwheel of death that you see on Mac OS X systems indicates an unresponsive system. These often get lumped into the same discussion as BSoDs and kernel panic, but the pinwheel is not nearly as bad.
The Registry files load every time the computer boots. Windows does a pretty good job of protecting your Registry files from corruption, but from time to time something may slip by Windows and it will attempt to load a bad Registry. These errors may show up as BSoDs that say “Registry File Failure” or text errors that say “Windows could not start.” Whatever the case, when you run into these sorts of scenarios, you need to restore a good Registry copy. Depending on your Windows version, the best way to do this is the Last Known Good Configuration boot option (see the upcoming section). If that fails, you can restore an earlier version of the Registry through Windows RE.
Windows keeps a regular backup of the Registry handy in case you need to overwrite a corrupted Registry. By default, the task runs every 10 days, so that’s as far back as you would lose if you replaced the current Registry with the automatically backed-up files. Of course, it would be better if you kept regular backups too, but at least the damage would be limited. You can find the backed-up Registry files in \Windows\System32\config\ RegBack (see Figure 17-26).
Figure 17-26 The backed-up Registry files located in the RegBack folder
To replace the Registry, boot to the Windows installation media to access Windows RE and get to the Command Prompt shell. Run the reg command to get to a reg prompt. From there, you have numerous commands to deal with the Registry. The simplest is probably the copy command. You know the location of the backed-up Registry files. Just copy the files to the location of the main Registry files—up one level in the tree under the \config folder.
If Windows fails to start up normally, press F5 at boot-up to boot directly to Safe Mode. Or, in Windows Vista or Windows 7, you can use the Windows Advanced Startup Options menu to discover the cause. To get to this menu, restart the computer and press F8 after the POST messages but before the Windows logo screen appears.
NOTE Windows 8/8.1/10 have the Advanced Startup Options, but to get there requires weird steps that will never happen in normal computing. For all intents and purposes, therefore, ignore Advanced Startup Options in Windows versions beyond Windows 7. Work with other tools.
Safe Mode starts up Windows but loads only very basic, non-vendor-specific drivers for mouse, 800 × 600 (Vista/7) or 1024 × 768 (8/8.1) resolution monitor, keyboard, mass storage, and system services (see Figure 17-27).
Figure 17-27 Safe Mode
Once in Safe Mode, you can use tools such as Device Manager to locate and correct the source of the problem. When you use Device Manager in Safe Mode, you can access the properties for all the devices, even those that are not working in Safe Mode. The status displayed for the device is the status for a normal startup. Even the network card will show as enabled. You can disable any suspect device or perform other tasks, such as removing or updating drivers. If a problem with a device driver is preventing the operating system from starting normally, check Device Manager for warning icons that indicate an unknown device.
There is no safety or repair feature in any version of Windows that makes the OS boot to Safe Mode automatically. In most cases, Windows automatically booting to Safe Mode indicates that someone has set the System Configuration utility to force Windows to do so. Type msconfig at the Start | Search or Start | Run option and press ENTER to open the System Configuration utility, and then deselect the Safe boot or Boot to Safe Mode check box (see Figure 17-28).
Figure 17-28 Uncheck Safe boot
EXAM TIP The CompTIA A+ 902 exam objectives mention a scenario where Windows boots directly to Safe Mode. This can only happen if a tech specifically makes a change to the System Configuration utility.
This mode is identical to plain Safe Mode except that you get network support. I use this mode to test for a problem with network drivers. If Windows won’t start up normally but does start up in Safe Mode, I reboot into Safe Mode with Networking. If it fails to start up with Networking, the problem is a network driver. I reboot back to Safe Mode, open Device Manager, and start disabling network components, beginning with the network adapter.
When you start Windows in this mode, rather than loading the GUI desktop, it loads the command prompt (cmd.exe) as the shell to the operating system after you log on. From here you can run any of the commands you learned about in Chapter 16, plus a lot of utilities as well. Error-checking runs fine as chkdsk, for example. Disk Defragmenter probably runs even faster when you type defrag followed by a drive letter at the command prompt than it does from the graphical version of the tool.
Safe Mode with Command Prompt is a handy option to remember if the desktop does not display at all, which, after you have eliminated video drivers, can be caused by corruption of the explorer.exe program. From the command prompt, you can delete the corrupted version of explorer.exe and copy in an undamaged version. This requires knowing the command-line commands for navigating the directory structure, as well as knowing the location of the file you are replacing. Although Explorer is not loaded, you can load other GUI tools that don’t depend on Explorer. All you have to do is enter the correct command. For instance, to load Event Viewer, type eventvwr.msc at the command line and press ENTER.
This option starts Windows normally and creates a log file of the drivers as they load into memory. The file is named Ntbtlog.txt and is saved in the %SystemRoot% folder. If the startup failed because of a bad driver, the last entry in this file may be the driver the OS was initializing when it failed.
Reboot and go into the WinRE. Use the tools there to read the boot log and disable or enable problematic devices or services.
Enable Low-resolution Mode starts Windows normally, but only loads a default VGA driver. If this mode works, it may mean you have a bad driver, or it may mean you are using the correct video driver but it is configured incorrectly (perhaps with the wrong refresh rate and/or resolution). Whereas Safe Mode loads a generic VGA driver, this mode loads the driver Windows is configured to use but starts it up in standard VGA mode rather than using the settings for which it is configured. After successfully starting in this mode, open the Display applet and change the settings.
When Windows’ startup fails immediately after installing a new driver but before you have logged on again, try the Last Known Good Configuration option. This option applies specifically to new device drivers that cause failures on reboot.
The title says it all here; this option only applies to Active Directory domain controllers, and only Windows Server versions can be domain controllers. I have no idea why Microsoft includes this option. If you choose it, you simply boot into Safe Mode.
If you select this choice, Windows starts in kernel debug mode. It’s a super-techie thing to do, and I doubt that even über techs do debug mode anymore. To do this, you have to connect the computer you are debugging to another computer via a serial connection, and as Windows starts up, a debug of the kernel is sent to the second computer, which must also be running a debugger program.
Sometimes a BSoD will appear at startup, causing your computer to spontaneously reboot. That’s all well and good, but if it happens too quickly, you might not be able to read the BSoD to see what caused the problem. Selecting Disable automatic restart on system failure from the Advanced Startup Options menu stops the computer from rebooting on Stop errors. This gives you the opportunity to write down the error and hopefully find a fix.
Windows requires that all very low-level drivers (kernel drivers) must have a Microsoft driver signature. If you are using an older driver to connect to your hard drive controller or some other low-level feature, you must use this option to get Windows to load the driver. Hopefully you will always check your motherboard and hard drives for Windows compatibility and never have to use this option.
This choice will simply start Windows normally, without rebooting. You already rebooted to get to this menu. Select this if you changed your mind about using any of the other exotic choices.
This choice will actually do a soft reboot of the computer.
On computers with multiple operating systems, you get an OS Choices menu to select which OS to load. If you load Windows and press F8 to get the Advanced Startup Options menu, you’ll see this option. Choosing it returns you to the OS Choices menu, from which you can select the operating system to load.
Once you’re able to load into Windows, whether through Safe Mode or one of the other options, the whole gamut of Windows tools is available for you. In the previous scenario where a bad device driver caused the startup problems, for example, you can open Device Manager and begin troubleshooting just as you’ve learned in previous chapters. If you suspect some service or Registry issue caused the problem, head on over to Event Viewer and see what sort of logon events have happened recently. Let’s go there first.
When you get to the Desktop, one of the first tools you should use is Event Viewer to see what’s causing the problems on your computer. Event Viewer is Windows’ default tattletale program, spilling the beans about a number of interesting happenings on the system. With a little tweaking, Event Viewer turns into a virtual recording of anything you might ever want to know about on your system.
Keep in mind that Event Viewer is a powerful tool for more than just troubleshooting Windows—it’s a powerful tool for security as well, as you’ll see in Chapter 28. But for now let’s examine Event Viewer to see what we can do with this amazing utility.
Opening Event Viewer (System and Security | Administrative Tools | Event Viewer) shows you the default interface (see Figure 17-29).
Figure 17-29 Windows 7 Event Viewer default screen
Note the four main bars in the center pane: Overview, Summary of Administrative Events, Recently Viewed Nodes, and Log Summary. Pay special attention to the Summary of Administrative Events. It breaks down the events into different levels: Critical, Error, Warning, Information, Audit Success, and Audit Failure. Figure 17-30 shows a typical Summary with the Warning Events opened. You can then click any event to see a dialog box describing the event in detail. Microsoft refers to these as Views.
Figure 17-30 Warning Events open
Windows Event Viewer still includes the classic logs (Application, Security, and System) but leans heavily on Views to show you the contents of the logs. Views filter existing log files, making them great for custom reports using beginning/end times, levels of errors, and more. You can use the built-in Views or easily create custom Views, as shown in Figure 17-31.
Figure 17-31 Created custom Views
NOTE By default, Event Viewer stores logs as .evtx files in the C:\Windows\ System32\winevt\Logs folder.
You record all data to logs. Logs in Windows have limitations, such as a maximum size, a location, and a behavior for when they get too big (such as overwrite the log or make an error). Figure 17-32 shows a typical Log Properties dialog box in Windows 7. Note that only users with Administrator privileges can make changes to log files in Event Viewer.
Figure 17-32 Log Properties dialog box in Windows 7
EXAM TIP If you run into a scenario where a device has failed and this created problems with Windows’ startup, you would turn to the primary Windows tool for hardware issues: Device Manager. We’ve covered Device Manager in chapters specific to hardware, so there’s no need to go into it yet again here.
Windows loves to autoload programs so they start at boot. Most of the time this is an incredibly handy option, used by every Windows PC in existence. The problem with autoloading programs is that when one of them starts behaving badly, you need to shut off that program! Use the System Configuration utility (Windows Vista/7) or Task Manager (8/8.1/10) to temporarily stop programs from autoloading. If you want to make the program stop forever, go into the program and find a load on startup option (see Figure 17-33).
Figure 17-33 Typical load on startup option
NOTE If you can’t find a load on startup option in your application, run the Registry Editor and go to where most applications autoload:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows loads a number of services as it starts. In a scenario where any critical service fails to load, Windows tells you at this point with an error message. The important word here is critical. Windows will not report all service failures at this point. If a service that is less than critical to Windows doesn’t start, the OS usually waits until you try to use a program that needs that service before it prompts you with an error message (see Figure 17-34).
Figure 17-34 Service error
To work with your system’s services, go to the Control Panel | Administrative Tools | Services and verify that the service you need is running. If not, turn it on. Also notice that each service has a Startup Type—Automatic, Manual, or Disabled—that defines when it starts. It’s very common to find that a service has been set to Manual when it needs to be set to Automatic so that it starts when Windows boots (see Figure 17-35).
Figure 17-35 Autostarting a service
Task Manager is a great place to go to shut down errant processes that won’t otherwise close properly. You can quickly close a program that is hogging CPU resources, for example, by right-clicking on the program under the Processes tab and selecting End Process. Task Manager enables you to see all applications or programs currently running or to close an application that has stopped working. You remember how to get to it, right? Press CTRL-SHIFT-ESC to open it directly or CTRL-ALT-DELETE to get to a list of action items, one of which opens Task Manager.
If you’re unable to get to Task Manager or are comfortable with the command line, you can get to a command prompt (like in the Windows Recovery Environment) and type the command tasklist to find the names and process IDs of all the running processes. You can then run taskkill to end any process either by filename or by process ID. If you’re in the Windows PowerShell, the commands are tasklist and kill.
Windows lives on dynamic link library (DLL) files. Almost every program used by Windows—and certainly all of the important ones—call to DLL files to do most of the heavy lifting that makes Windows work.
Windows protects all of the critical DLL files very carefully, but once in a while you may get an error saying Windows can’t load a particular DLL. Although rare, the core system files that make up Windows itself may become corrupted, preventing Windows from starting properly. You usually see something like “Error loading XXXX.DLL,” or sometimes a program you need simply won’t start when you double-click its icon. In these cases, the tool you need is the System File Checker that you learned about in Chapter 16. Use it to check and replace a number of critical files, including the ever-important DLL cache.
EXAM TIP Mac OS X offers a surprisingly powerful tool for application problems called Force Quit. Press the option + command + esc keyboard combination to access the Force Quit menu. It’ll show you every running application.
System Restore is the final step in recovering from a major Windows meltdown. Earlier in the chapter, you learned that you can use System Restore from the Windows Recovery Environment, but don’t forget that you can also use restore points from within Windows. Follow the process explained in Chapter 15, “Maintaining and Optimizing Operating Systems.”
Windows includes amazing utilities designed to help you support your system. Many of these tools first appeared in Windows Vista, but Windows 7 either refined them or made them easily accessible. Windows 8 and 8.1 support most of these tools as well. These Control Panel tools perform a number of different jobs, from telling you what’s happening on the system to showing you how well a system’s performance stacks up to other computers.
Problem Reports and Solutions (Windows Vista) and Action Center (Windows 7/8/8.1/10) centralize a lot of useful information about the status of your computer. The Performance and Information Tools applet tells you just how powerful your computer really is. Let’s take a look at this crazy mixture of utilities in alphabetical order and explore the scenarios appropriate for their use.
If a computer is having a problem, wouldn’t it be great to tell the people who are in charge of the program you’re having that problem so they can fix it? That’s the idea behind Windows Error Reporting. There’s a good chance that, like many users, you’ve run into errors that look something like Figure 17-36.
Figure 17-36 Crash.exe has stopped working.
The problem with these errors is that, while they might help Microsoft, they traditionally do little to help us fix the computer. Windows Error Reporting was a one-way tool, until Microsoft upgraded it with Vista to a much more powerful, two-way tool that gives developers a way to give you ways to fix computers.
The Problem Reports (called Problem Reports and Solutions in Vista) Control Panel applet in Windows lists all Windows Error Reporting issues (plus a few easy-to-check items like firewall and antimalware status), as shown in Figure 17-37. You click on the solution and, in many cases, the problem is fixed.
Figure 17-37 Problem Reports
Problem Reports and Solutions is a good tool with some rough edges. For example, once you fix a problem, you have to delete the problem from the list manually. Also, there are a number of issues that don’t have anything to do with Windows Error Reporting that just make sense to combine, such as Microsoft Troubleshooter and System Restore. Microsoft realized that they could organize the solutions to make it easier for you to choose what you wanted to do. Action Center in Windows 7/8/8.1 provides a one-page aggregation of event messages, warnings, and maintenance messages that, for many techs, might quickly replace Event Viewer as the first place to look for problems. Unlike Event Viewer, Action Center separates issues into two sections, Security and Maintenance, making it easier to review a system’s issues quickly (see Figure 17-38).
Figure 17-38 Action Center
Action Center only compiles the information, taking data from well-known utilities such as Event Viewer, Windows Update, Windows Firewall, and UAC and placing it into an easy-to-read format. If you wish, you can tell Action Center where to look for information by selecting Change Action Center settings (see Figure 17-39).
Figure 17-39 Change Action Center settings
If you see a problem, Action Center includes plenty of links to get you to the utility you need. From the Action Center applet, you get direct links to some or all of the following tools:
• UAC settings
• Performance Information and Tools
• Backup and Restore
• Windows Update
• Troubleshooting Wizard
• System Restore
• Recovery
Although Action Center does little more than reproduce information from other utilities, it makes finding problems quick and easy. Combined with quick links to most of the utilities you’ll need, Action Center should become your base of operations when something goes wrong on your Windows 7/8/8.1/10 PC.
Techs must often answer difficult questions like “Why is my machine running so slowly?” Before Windows Vista, we could only use Performance Monitor baselines or third-party tools. Neither of these options worked very well. Baselines required you to choose the right counters—choosing the wrong counters made useless and sometimes even distracting logs. Third-party tools often measured one aspect of a system (like video quality) very well but didn’t help much when you wanted an overview of your system.
This changed with Microsoft’s introduction of the Performance Information and Tools Control Panel applet (see Figure 17-40).
Figure 17-40 Performance Information and Tools
The Performance Information and Tools applet doesn’t fix anything. It just provides a relative feel for how your computer stacks up against other systems using the Windows Experience Index. Windows bases this on five components:
• Processor Calculations per second
• Memory (RAM) Memory operations per second
• Graphics Desktop performance for Windows Aero
• Gaming graphics 3-D business and gaming graphics performance
• Primary hard disk Disk data transfer rate
Each component generates a subscore. These values range from 1 to 5.9 for Windows Vista and 1 to 7.9 for Windows 7/8. Microsoft determines the calculations that generate these numbers, so I don’t know exactly what it takes to give, for example, a CPU a score of 6.1. Your system’s Base score is based on the lowest subscore. Microsoft removed the Windows Experience Index and its Control Panel applet with the release of Windows 8.1.
The Performance Information and Tools applet won’t fix anything, but it does tell you which component is the weakest link in overall performance.
EXAM TIP You can’t change a subscore in the Windows Experience Index without making some kind of hardware change.
Programmers want to write applications that work well, enable you to accomplish a specific task, and are good enough to earn your money. But PCs are complicated and programmers can’t get it right every time for every combination of hardware and software.
Application problems show up in several ways. The typical scenario has the application failing to install or uninstall. Operating system version issues can cause compatibility problems. Another typical scenario is where an application tries to access a file and that file is either missing or won’t open. The least common problems come from sloppy or poorly written code that causes the application or the operating system to crash. Finally, corrupted applications can corrupt data too, but Windows has tools for recovering previous versions of files and folders.
EXAM TIP Every once in a while you’ll get an application that reports an error if the clock settings in Windows don’t match. This can cause the application not to run. Likewise, if a computer has a failing battery and is offline for a while, the BIOS time and settings will be off. You’ll get a brief “error” noting the change when you connect that computer to a network timeserver. This is both a hardware issue (failing battery) and an application issue. When the Windows clock resets, so do the BIOS time and settings.
Almost all Windows programs come with some form of handy installer. When you insert the disc or USB drive, Windows knows to look for a text file called autorun.inf that tells it which file to run off the disc or USB drive, usually setup.exe. If you download the application, you’ll need to double-click it to start the installation. Either way, you run the installer and the program runs. It almost couldn’t be simpler.
EXAM TIP The fact that Windows looks for the autorun.inf file by default when you insert a disc or USB drive creates a security issue. Someone could put a malicious program on some form of media and write an autorun.inf file to point to the virus. Insert the media and boom! There goes your clean PC. Of course, if someone has access to your computer and is fully logged on with administrator privileges, then you’ve already lost everything, with or without a media-born program, so this “big” security issue is pretty much not an issue at all. Nevertheless, you should know that to turn off this behavior in Windows requires opening the Registry Editor and changing up to six different settings.
A well-behaved program should always make itself easy to uninstall as well. In most cases, you should see an uninstallation option in the program’s Start menu area; and in all cases (unless you have an application with a badly configured installer), the application should appear in either the Add/Remove Programs applet or the Programs and Features applet (see Figure 17-41) in the Control Panel.
Figure 17-41 Programs and Features Control Panel applet
NOTE Remember that you need local administrator privileges to install applications in all versions of Windows.
Programs that fail to install usually aren’t to blame in and of themselves. In most cases, a problem with Windows prevents them from installing, most notably the lack of some other program that the application needs so it can operate. One of the best examples of this is the popular Microsoft .NET Framework. .NET is an extension to the Windows operating system that includes support for a number of features, particularly powerful interface tools and flexible database access. If a program is written to take advantage of .NET, .NET must itself be installed. In most cases, if .NET is missing, the application should try to install it at the same time it is installed, but you can’t count on this. If .NET is missing or if the version of .NET you are using is too old (there have been a number of .NET versions since it came out in 2002), you can get some of the most indecipherable errors in the history of Windows applications.
Figure 17-42 shows one such example in Windows 7 where the VMware vSphere client fails due to the wrong .NET version. Too bad the error doesn’t give you any clues!
Figure 17-42 .NET error
These types of errors invariably require you to go online and do Web searches, using the application name and the error. No matter how bad the error, someone else has already suffered from the same problem. The trick is to find out what they did to get around it.
The single biggest problem with uninstalling is that people try to uninstall without administrator privileges. If you try to uninstall and get an error, log back on as an administrator and you should be fine. Don’t forget you can right-click on most uninstallation menu options on the Programs menu and select Run as administrator to switch to administrator privileges (see Figure 17-43).
Figure 17-43 Selecting Run as administrator from the context menu
Most applications are written with the most recent version of Windows in mind, but as Windows versions change over time, older programs have difficulty running in more recent Windows versions. In some cases, such as the jump from Windows 7 to Windows 8, the changes are generally minor enough to cause few if any compatibility problems. In other cases, say a program written back when Windows XP reigned supreme, the underpinnings of the OS differ enough that you have to perform certain steps to ensure that the older programs run. Windows provides various different forms of compatibility modes to support older applications.
Windows handles compatibility using the aptly named Compatibility tab (see Figure 17-44) in every executable program’s Properties dialog box (right-click on the executable file and click Properties). Select the version of Windows you want Windows to emulate and click OK; in many cases that is all you need to do to make that older program work (see Figure 17-45).
Figure 17-44 Windows 8.1 Compatibility tab
Figure 17-45 Compatibility mode options in Windows 8.1
You can also set other settings on the Compatibility tab, such as the following located under Display settings in the various versions of Windows:
• Reduced color mode Many old Windows programs were designed to run in 256 colors. Later versions of Windows that support more colors can confuse these older programs.
• Run in 640 × 480 screen resolution A few (badly written) older programs assume the screen to be at 640 × 480 resolution. This setting enables them to work.
• Disable desktop composition (Windows Vista/7) Disables all display features such as Aero. More advanced Windows display features often bog down older programs.
• Disable display scaling on high DPI settings Turns off automatic resizing of a program’s windows if you’re using any high DPI (dots per inch) font. This was added because many programs with large fonts would look bizarre if resized.
• Run this program as an administrator As stated, enables you to run the program as an administrator. If this option isn’t available, log on as an administrator to see it.
• Enable this program to work with OneDrive files (Windows 8/8.1/10) This option provides networking support for older applications that might not understand the cloud aspects of file storage.
• Change settings for all users Clicking this button applies compatibility changes made to a program to every user account on the machine. Otherwise, the settings are only for the current user.
If you need to make things 100 percent compatible with Windows XP and you have Windows 7 (Pro, Ultimate, or Enterprise) on your system, you can download Windows XP Mode. Windows XP Mode is nothing more than a premade Windows XP SP3 virtual machine that runs under Microsoft’s popular (and free) virtualization program, Windows Virtual PC (see Figure 17-46).
Figure 17-46 Windows XP Mode
NOTE In April 2014 Microsoft stopped providing technical support for Windows XP, including the Windows XP Mode VM. This means that Windows XP Mode no longer gets security patches; use with caution!
The secret to using compatibility mode isn’t much of a secret at all: if the program doesn’t run, try a compatibly mode. If you want to be really careful, do a Web search on your application before you try to run it. Compatibility mode is a handy tool to get older applications running.
An application may rely on other files—DLL files in particular—so sometimes the application’s installer will replace common DLLs with its own version. Later applications might look for the earlier version of the DLL and fail when it’s not found.
You’ll experience this sort of scenario with error messages such as “missing DLL” or “cannot open file xyz.” The easiest fix is to first try to reinstall the program, and check for any special instructions about versions of support files. Barring that, the usual second step for either issue is to perform an Internet search for the missing DLL or file that fails to open, along with the name of the program you’re trying to use.
Occasionally, a program gets released that isn’t ready for prime time and the error-prone code causes the application to crash or even causes the operating system to crash. I’ve seen this most often with games rushed to market near the winter holidays. The results of this rushed code can be pretty spectacular. You’re right in the middle of a thrilling fight with the bad guy and then what happens? A crash to desktop (CTD).
Poorly written or buggy programs can have awful effects on you and your clients. Some of the scenarios caused by such programs are the computer locking up or unexpectedly shutting down. The system might spontaneously shut down and restart. That kind of improper shutdown can cause problems, especially to open files and folders.
The problem here is that all this crashing can be caused by hardware and driver problems, not just application problems. You’ve got to keep in mind all of these things as you approach troubleshooting a crash.
Here’s a typical scenario where you need to troubleshoot broadly first. If you’re playing a graphically intensive game that happens to be huge and takes up a lot of RAM, what could the problem be if the screen locks up and Windows locks up too? It could be that the program ran a routine that clashed with some other application or used a Windows feature improperly. It could be that the video card was marginal and failed when taxed too much. It could be that the system accessed a section of RAM that had gone bad.
In that same scenario, though, where the game runs but degrades the overall performance of Windows, what could cause that problem? That points more squarely at the application side of things rather than the hardware or drivers, especially if the computer successfully runs other programs. The bottom line with crash issues is to keep an open mind and not rule out anything without testing it first.
One of the big headaches with an application failure isn’t so much the failure itself, but any data it may have corrupted. Sure, a good backup or a restore point might save you, but these can be a hassle. Unless the data was specifically saved (in the backup), there’s a chance you don’t have a backup in the first place. Microsoft came to your rescue in Windows Vista (Business, Ultimate, and Enterprise only) and Windows 7/8/8.1/10 (all editions) with a feature called System Protection.
This amazing feature is powered by Volume Shadow Copy Service (VSS). VSS enables the operating system to make backups of any file, even one that is in use. Windows uses VSS for its System Protection feature, enabling you to access previous versions of any data file or folder. Try right-clicking on any data file and selecting Restore previous versions, which opens the file’s Properties dialog box with the Previous Versions tab displayed, as shown in Figure 17-47.
Figure 17-47 Previous Versions tab
NOTE For some unknown reason, Microsoft removed the Previous Versions tab for local volumes in Windows 8/8.1 then added it back for Windows 10. If you need to restore a single file in Windows 8/8.1, you can set up and use the File History applet in Control Panel that you read about in Chapter 15. Just make sure you set it up before you need it!
If any of the following criteria are met, you will have at least one previous version in the list:
• The file or folder was backed up using the backup program.
• You created a restore point.
• The file or folder was changed.
You must make sure System Protection is enabled as well. Go to the System Protection tab in the System Properties dialog box (see Figure 17-48) to see if the feature is enabled (it should be running by default).
Figure 17-48 System Protection tab
NOTE Keep in mind that System Protection doesn’t have to be only for recovery of corrupted data files caused by bad applications. It’s also a great tool to recover previous versions of files that users accidently overwrite.
The System Protection tab also enables you to load a restore point and to create restore points manually, very handy features.
System Protection falls in the category generically called file recovery software, and does an outstanding job. You can also get many third-party utilities that accomplish general file recovery. I’ve used Recuva from Piriform many times, for example, to get “deleted” data off a hard drive or RAID array.
1. Which utility is useful in identifying a program that is hogging the processor?
A. Task Manager
B. Device Manager
C. Action Center
D. System Information
2. Which Windows utility uses points in time that enable you to return your system to a previous date and state?
A. System Configuration utility
B. Snapshot Manager
C. System Restore
D. GRUB or LILO
3. Scott’s Windows 8.1 computer isn’t performing as well as it once did. What option can he use to reset his system without deleting any personal files or changing any settings?
A. Reset your PC
B. Refresh your PC
C. Restore your computer
D. System Refresh
4. What can device drivers and failing hardware in Mac OS X and Linux cause?
A. Spinning windmill
B. Blue Screen of Death (BSoD)
C. Kernel panic
D. Terminal emulation
5. Which of the following points to a hardware or CMOS problem rather than an OS problem with a PC that won’t boot.
A. A black screen with the error message “invalid boot disk”
B. A black screen with the error message “NTLDR Bad or Missing”
C. A black screen with the error message “Missing BOOT.INI”
D. A black screen with the error message “Invalid BCD”
6. John’s computer has an error that says bootmgr is corrupted. What tool can he use to fix this problem?
A. bcdedit
B. chkdsk
C. diskpart
D. regedit
7. What does Microsoft call the 32- or 64-bit installation environment in Windows 7?
A. WinEE
B. WinPE
C. WinRE
D. WinVM
8. Ralph suspects a bad RAM stick is causing Windows to fail to boot. What default Windows tool can he use to check the RAM?
A. MEMMAKER
B. Memtest86+
C. Windows RAM Diagnostic Tool
D. Windows Memory Diagnostic Tool
9. Which of the following commands will repair a damaged master boot record in a Windows 8 PC?
A. bootrec /fixboot
B. bootrec /fixmbr
C. fixboot
D. fixmbr
10. Which feature in Windows 7 enables you to right-click a file or folder and restore previous versions of that file or folder?
A. System Recovery Options
B. System Protection
C. File History
D. Undelete
1. A. Task Manager will very quickly identify a program that is hogging the processor.
2. C. System Restore uses restore points—snapshots of a system at a given point of time—a quick and handy way to return your system to a previous state.
3. B. Refresh your PC in Windows 8 and later will rebuild Windows but preserve all user files and settings. Reset your PC removes all apps, programs, user files, user settings—and presents a fresh installation of Windows.
4. C. Device drivers and failing hardware can trip up Mac OS X and Linux and create kernel panic, which can bring the system down.
5. A. A black screen with an “invalid boot disk” error message points to a hardware or CMOS problem with a PC that won’t boot.
6. A. The bcdedit program can fix a corrupted bootmgr.
7. B. Microsoft calls the 32- or 64-bit installation environment in Windows 7 the Windows Preinstallation Environment, or WinPE.
8. D. Ralph should use the Windows Memory Diagnostic Tool to scan his RAM.
9. B. Run bootrec /fixmbr in the Windows RE to repair a damaged master boot record in a Windows 8 PC.
10. B. The System Protection feature in Windows 7 enables you to right-click a file or folder and restore previous versions of that file or folder.
