From Proprofs

You are here: Home > Schools > Comptia > Comptia A+ > Wiki Home > A+ Certification Wiki

Contents 1 Study for CompTIA Part 2 1.1 Acknowlegement 1.2 Basic Windows Stuff 1.2.1 Win 9x 1.2.2 Win NT 4.0 1.2.2.1 Setup 1.2.2.2 Booting 1.2.3 Win 2k 1.2.3.1 Upgrade Paths 1.2.3.2 Disk Preparation 1.2.3.3 Boot Process 1.2.3.4 Safe Boot Options 1.2.4 Win XP 1.2.4.1 Recovery Console 1.3 Applications etc 1.4 File Systems 1.4.1 NTFS vs FAT 1.4.2 Conversion 1.4.3 File Naming convention 1.4.4 NTFS File Compression 1.4.5 NTFS Encryption 1.4.6 Permissions 1.5 Drivers 1.5.1 Driver Updates 1.5.2 Driver Signing 1.5.3 Additional Windows Components 1.6 Error Messages 1.6.1 Boot Errors 1.6.2 Startup Errors 1.6.3 Windows Protection Errors 1.6.4 Safe Modes 1.6.5 ASD.exe 1.7 Troubleshooting 1.7.1 Dr.Watson 1.7.2 Event Viewer 1.7.3 Startup Disk 1.7.4 Configsafe 1.7.5 User Help Resources 1.7.6 Task Manager 1.7.7 Device Manager 1.7.8 WinMSD 1.8 Common Problems 1.8.1 Printer 1.8.2 Printer Spool settings 1.8.3 BSOD 1.8.4 System Lockup 1.8.5 Application install problem 1.8.6 Service packs etc 1.9 Viruses 1.9.1 Types 1.9.2 Virus Protection 1.10 OS Management 1.10.1 Registry components 1.10.2 Registry Structure 1.10.3 Registry Editor 1.10.4 Registry Checker 1.10.5 Registry Restore 1.10.6 Windows 9x system files 1.10.7 Legacy Files 1.10.8 NT4/2000 system files 1.10.9 x Memory 1.10.10 NT4, 2k, XP memory 1.10.11 VM and the VMM 1.10.12 Disk Cache 1.11 Networking Technologies 1.11.1 Network Types 1.11.2 Adapter Configuration 1.11.3 TCP/IP Overview 1.11.4 TCP/IP – Manual vs. Automatic 1.11.5 ISP Services 1.11.6 SMTP, Pop, IMAP 1.11.7 HTML 1.11.8 HTTPS 1.11.9 SSL 1.11.10 Telnet 1.11.11 FTP 1.12 Configuring Networks 1.12.1 DHCP & BootP 1.12.2 DNS 1.12.3 WINS 1.12.4 TCP/IP Configuration 1.12.5 IPX/SPX 1.12.6 Appletalk 1.12.7 NetBEUI 1.13 Internet Technologies 1.13.1 Types of access 1.13.2 Browser Script Support 1.13.3 Proxy Servers 1.13.4 Firewalls 1.14 Internet Software 1.14.1 IPConfig & WINIPConfig 1.14.2 Ping/Tracert 1.14.3 NSLookup 1.15 Resource Sharing 1.15.1 Folders 1.15.2 Share Permissions 1.15.3 Printer Sharing 1.16 Miscellaneous

[edit section] Study for CompTIA Part 2

[edit section] Acknowlegement

Thanks to THE_Chris for creating and uploading this guide.

Note from THE_Chris : Hope you find these notes useful! But please dont take this Wiki guide as absolute Gospel. Your own study notes will be better tailored to yourself. These notes are what I used to pass my OS exam, and may not be suited for everyone. I knew a certain amount coming into the OS test, and as such did not include those things here. For example, I knew a lot about Legacy DOS files before I started, so the information included here on them is minimal. Use this as a backup to your own study, and best of luck in your own OS test!

Edit: Just to say that c/g means the file is corrupt or gone.

Feedback & Discussion Thread For This Guide

[edit section] Basic Windows Stuff

9x NT4 2k,XP

C:\windows\desktop C:\winnt\profiles\%user%\desktop C:\docs&set\%user%\desktop

[edit section] Win 9x

GDI 16bit, Kernel 32bit

VMM – 32bit Memory Manager

WDM – Windows Device Manager

BIOS Post -> Real Mode (io.sys) -> Protected Mode (vmm32.vxd) -> rest

Ifshlp.sys – 16bit file access

Setver – backwards compatibility

CTRL alters startup

Primary partition – 1 logical drive (OS)

Extended partition – many logical drives

Fdisk	Format	Setup
/mbr (fixes mbr)	/s (system disk) /q (quick) /f (floppy size) /u (unconditional) /autotext (totally automatic)	/d (if corrupt) /ir (no mbr update) /il (Logitech C mouse) /ih (scandisk) /in (no network steps) /id (no disk space check) /is (no scandisk)

Setuplog.txt

Detlog.txt (Detected hardware)

Msdos.sys
autoscan	0,1 (prompt),2 (auto)	bootfailsafe	Safe mode display
bootmulti	0,1	bootwarn	Safe mode warning message
bootwin	0 (dos),1 (win)	bootkeys	Enables F keys
bootgui	Dos, 9x	network	Safe mode w/network support
bootmenu	No menu, menu	logo	Text, logo
bootdelay	n	loadtop	Command.com to conventional
bootmenudefault	1-8 (startup menu)

Attrib –r –h –s msdos.sys (read, hidden, system)

Drivers = protected mode

[edit section] Win NT 4.0

Cannot access Fat32/HPFS (High performance)

Cannot upgrade from 9x (registry)

Fat16 = 2gb, Fat16(NT4) = 4gb

Boot Phase, Load Phase

Post – MBR – Preboot – NTLDR<ref>Boot.ini (root dir/info), ntdetect.com, hal.dll</ref> – OS Kernel

User Mode	OS Support for applications
Kernel Mode	Isolates Hardware, Processor, IRQ, Exception Handling
HAL	Hardware Platform Support

VDM – Virtual Dos machine. Isolates application in a DOS-like environment

Uses ntvdm.exe<ref>Ntvdm is 16 bit</ref>, ntio.sys, ntdos.sys.

Instruction execution unit (Non-intel processors)

Windows On Windows processes – wowexec.exe (win 3.1 emulation), wow32.dll (dll emulation), krnl386, user.gdi. Rest are similar to 3.1 versions.

Hard for 16bit app to communicate out of ntvdm to a 32bit app.

Domain – logical group of computers

		PDC – Primary Domain Controller
		SAM – Security Accounts Manager (database)
		BDC – Backup Domain Controller (Backup of SAM)

HCL – Hardware compatibility list

NTHQ – NT Hardware Qualifier

RISC – Reduced Instruction Set Chip (Fat16)

[edit section] Setup

Winnt.exe – Setup from 16bit

Winnt32.exe – Setup from 32bit

/e:command	Runs command after GUI bit
/s:path	Source of files
/t:drive	Temporary file directory
/u	Unattended install
/udf	Creates uniqueness database file
/rx:dir	Creates a directory

Dualboot – Win9x running on a Fat16 drive. Set 2^nd OS to Fat16, use same directory for programs. Boot.ini <- edit OS loading menu as needed.

System Partition – Hardware specific files. Ntbootdd.sys – SCSI boot if BIOS off. (Among other files)

[edit section] Booting

Preboot	POST
Boot	Ntldr, ntldetect, ntoskrnl. Hardware detection
Kernel Load	Ntldr, ntoskrnl, low device drivers, HAL (NTLDR handover before HAL)
Kernel Init	Kernel takes over. High device drivers
Logon	Starts local security. Screg.exe

Boot disk location – d:\i386\winnt32.exe /ox

ERD – Emergency Repair Disk (run -> rdisk)

Ntvdm.exe – running 16bit applications. Separate one for each app.

• Anything that directly accesses hardware wont run. VXD.

LKGC – Last known good configuration (hkey_local_machine\hardware)

[edit section] Win 2k

Server - 4gb max RAM, 2 processors max

Advanced Server – 2 computers combined, 64gb RAM, 8 processors

Datacentre – 16/32 processors

Has USB, PnP support. NTFS, EFS (Encrypted File system), 32bit Fat32.

Has MMC – Microsoft Management console

OnNow – Hibernation

Workgroup – Simple collection of computers sharing files and printers

Domain – Share a security database

[edit section] Upgrade Paths

9x ->	2k
NT ->	2k
WforWgrp ->	NT ->	2k
3.x ->	9x ->	2k

Use – Win2k readiness analyzer tool

Winnt32 /checkupgradeonly

RIS – Remote installation service

CD	Winnt (16), winnt32.exe (32)
Network	Setup from shared network folder. Need i386 directory
Setup Manager	Uses answer files. * Fully automated, user specified * GUI attended – text part automated
Disk Duplication	Sysprep.exe, 3rd party imager used
RIS	Single location. Risetup.exe Needs DNS, DHCP, Active Directory Rbfg.exe – remote bootdisk Needs PXE, preboot execuation environment

Installation modes –

• Character mode – CDs, setup disk, winnt.exe
• GIU mode – autostart, winnt32.exe

[edit section] Disk Preparation

Pro – 620mb free (boot partition)

Server – 671mb free

Need primary, active, system partitions.

Fat16 – 2gb. Only for DOS etc dualboot

Fat32

NTFS – NTFS 5 . NT3.5 does NOT recognise 5.

9x/2000 dualboot. – 2k as 2^nd OS. Upgrade -> Install new copy. Need 2 extended partitions. Use fat32.

[edit section] Boot Process

POST	INTL3 checks for boot device
Bootstrap	Mbr to memory. 1st sector to 0x700h. Loads ntldr
OS	Ntdetect.com, boot.ini, bootsect.dos. 32bit mode. Minuture NTFS/FAT loads boot.ini (ARC path problem if this fails). ARISC (Advanced RISC). Checks for ntoskrnl, HAL, video drivers.
Drivers	Checks Currentcontrolset. Loads drivers & logo. Initialises ntoskrnl.
Kernel	Hal, Bootvid, creates hardware hive. Calls session manager.
Services	Runs boot programs. Sets up paging file. Loads console logon and services controller.
Logon	Clone control set to LKGC

PBODKSL – Peter Bought Orla DK StrangeLove.

[edit section] Safe Boot Options

Press F8

Safe mode	Basic files only. Ntbtlog.txt
Boot logging	Ntbtlog.txt
Directory Services Restore	Restores sys vol, active directory service database
Debug mode	Serial cable logs on another PC (com2). Component Object model.

[edit section] Win XP

Home, Pro (2x CPU), 64

More reliable, system restore.

Better 3d icons, 48x48

Account switching, help from support site

Internet firewall, connection sharing

WMP 9, movie maker, scanner/camera

Network, remote desktop, IEEE 802.11b

Fat16 – NT

Fat32 – 9x

NTFS – Dualboot with 2k

Domain membership not in Home

Upgrade

• Passwords for users must be set
• Network setup wizard
• Testing

98/ME upgrade – need to do convert d:/fs:ntfs

Dualboot – Different partition. Select "I want to choose……" – prevents format.

[edit section] Recovery Console

After safe mode tried.

Select WinCDROM at boot, or winnt32 /cmdcons

More/type	Textfile display
Expand	Unzips
rd	Removes folder
Disable/Enable	Services/Devices
listsvc	List of devices/services
Fixboot/fixmbr
Bootcfg /scan	List of OSes
Bootcfg /rebuild	Replaces it
Bootcfg /add	Appends it
Format /diskpart

Has basic security only

[edit section] Applications etc

Computer Management Console (CMC)

• My computer – Manage – Connect to Computer & Event logs

Microsoft Management Console (MMC)

• Customised version of CMC. "Tools Host"

Device Manager

• Win NT4 – Control Panel / Devices
• 2000/XP – Hardware tab of system properties / CMC
• Failed device is ! with circle around it. Black !, yellow O.

MSConfig.exe

• 98/ME – System config utility
• Troubleshooting, better than text files

Sysedit.exe

• All but ME
• Config files editor
• Autoexec/config/win/system editors
• 9x Protocol.ini – network
• Backup saved as .syd

Edit

• Startup file / batch editor files
• 16bit mouse driver needed
• Edit /b = monochrome

Extract.exe

• Win 95. Files from Windows CD (*.cab)
• Extract (source) /L (Target)

Format

Format c:, or from MMC/CMC/shortcut

/fs:ntfs	NT4, 2k, XP	/F:size	FDD size
/v:label	11 chars	/T:tracks	Tracks per size
/q	Quick	/s	Adds system files
/c	Compressed NTFS	/b	Adds space for /s
/x	Dismount	/c	Check/verify clusters
/A:size	Allocation unit size

cmd.exe

• 32bit version of command.com (NT4, 2k, XP)
• Usual activation. /system32/cmd.exe
• Start in folder
• HKEY_CLASSES_ROOT\FOLDER\SHELL\CMD HERE] @="Command &Prompt here"
• HKEY_CLASSES_ROOT\FOLDER\SHELL\CMD HERE] @="cmd.exe /k pushd %L"
• /c – terminates after file run
• /k – keeps open after file run

Rd – Remove directory (rmdir)

Attrib –a (a = backup archive bit)

Ver/setver

• ver – Gives name of OS
• setver – gives version tables
• Also imitates DOS version for a program
• SETVER [DRIVE.PATH]<FILE> <6.02>
• [/DELETE] – Deletes from table [/QUIET] – No message

Mem * /c – list of programs in memory * /d – Details of memory areas /debug * /f – lists free /free (9x) * /m – Module eg: command.com (9x) * /p – dir /p idea	Autoexec.bat * echo – Echoes commands on screen * mode – Port settings etc * path – Search path for executables * pause * prompt – how c:\ displayed * rem – comment * set – set blaster stuff
more (/p idea) * Diskcopy a: a: /v (verify) * Xcopy	Delete/Rename * del/erase * del /p (one by one, no recycle) * deltree * ren/rename

Partitions

Primary –

• Primary – Startup files, OS Data
• Active – A primary that's marked as active (C:)

Extended –

• Extended – Data. Only one. No startup
• Logical – Division of extended. 23 max, 12 recommended.

Boot – Any partition with a startup file. System – Primary with a startup file (Active Primary)

Creation –

• Use diskmanager (replaces fdisk)
• MMC snap in. CMC -> In storage (diskmgmt.msc in run)
• Cant do >32gb, use fdisk.
• Then format.

Defrag

• Not in NT4.
• Optlog.txt (Program Summary)
• Uses cutaplog.exe, applog.dtm
• /all, /f (files/space), /u (files), /q (space), /noprompt

Backup

• tapes for Mon-Thur, one for Fri, one monthly (Child, Parent, Grandparent)
• Incremental Backup – whatevers changed
• Differential Backup – Modified files, archive bit changed
• 9x – msbackup.exe
• Others – ntbackup.exe
• XP – ASR Automatic System Recovery
• 2k – ERD Emergency Repair Disk

Scandisk

• Thorough – Disk surface check
• Scandisk.log if selected
• Scheduled Task Wizard

Chkdsk

• Detect/Repair errors
• System – Check for crosslinked files etc
• Sector – Check for damage

/f – Autofix	/i – Not as rigorous (NTFS)
/v – FAT displays paths. NTFS cleanup message	/c – No cycles (NTFS)
/r – Recover	/L – Max logfile size
/x – Forced Dismount

[edit section] File Systems

[edit section] NTFS vs FAT

• Fat16 – up to 32k clusters. Not > 511mb. Use for FDD/small HDD
• Fat32 – 4,8,16,32k clusters. More space
• NTFS4 – NT. Security. Up to 2Tb. Partition size change irrelevant
• NTFS5 – 2k.EFS, compression, permission, recovery.
• Use Fat32 for dualboot, not drive sharing on networks (FAT32,16 problems irrelevant)
• NTFS – Permissions and EFS
• Log Files – Better for repair. Dynamic cluster reassigning
• Disk compression
• >8gb, more efficient space management
• >256tb with proper clusters

[edit section] Conversion

16 to 32, 16 -> NTFS

• Protected Mode – Drive Converter32 (cvt1.exe)
• APM/ACPI BIOS. Some are incompatible with 32
• Hibernation files deleted if found
• Incompatible applications at hkey_local_machine\system\currentcontrolset\control\SessionManager\CheckBadApps400
• Real Mode – (cvt.exe)
• /win for VM
• /nop – no warning, /min – ignore minimum drive recommendation
• /noscan – skip Scandisk, /hib – Deletes hibernation stuff
• /nt5 – if dualboot found, convert to 32.

[edit section] File Naming convention

• Long File Name (LFN)
• 8.3 - 32byte records, 10 reserved, 22 for general Properties info
• Thisis~1.txt, also removes spaces
• Old Scandisk etc will erase LFNs

[edit section] NTFS File Compression

• Compression bit added to a file to be compressed
• Automatic decompression when accessed
• Moving a file inherits the compression state of the destination
• HDD gets fragmented
• Tools – Folder Options – Show Compressed in Colour
• Properties – Advanced – Compress
• Compact.exe
• /c – compress, /u – decompress

[edit section] NTFS Encryption

• EFS – XP, 2k, but not XP Home
• DRA – Data Recovery Agent (Authorized admin who can also decrypt file)
• Encrypted file from encrypted folder stays encrypted if moved to unencrypted folder
• Rclick – properties – General – Advanced – Encrypt – Apply – Confirm

[edit section] Permissions

• Level of access of files, usually set on server
• Properties – Security – Add User/Group
• Applied to folder – Applied to subfiles
• Write Mode – Modify file, cant change permissions
• Advanced – Security – Edit Permissions
• Inheritance – Lower folders get top folder permissions
• Can set Group-Based permissions
• Don't change defaults

[edit section] Drivers

• Found New Hardware (PnP)
• Add New Hardware (non PnP)
• 16bit CDROM
• Config.sys DEVICE=A:\CDTECH.SYS /D:MSCD001
• Autoexec.bat MSCDEX.EXE /D:MSCD001 /L:E /M:10

[edit section] Driver Updates

• Hardware Update Wizard (XP)
• Update Device Driver (Others)
• Found from Select Device, Properties

[edit section] Driver Signing

• WHQL (Windows Hardware Quality Labs)
• Signed if meets WHQL requirements
• Sigverif.exe – checks all apps, drivers usually in System32 folder
• /defscan – no interaction, sigverif.txt created
• Windows File Protection in 2k, XP totally blocks some drivers
• Control Panel – System – Hardware – Driver Signing
• Some 2k, ME may work in XP (WDM – Windows Driver Model). Older, no.

[edit section] Additional Windows Components

• 2k, XP Windows Component Wizard (Add/Remove programs)
• IIS – Internet Information Services
• Edit sysoc.inf and remove "hide" from some

[edit section] Error Messages

[edit section] Boot Errors

Dos compatibility mode	Real mode drivers used to access/Outdated BIOS
Bad/missing file	Config.sys c/g<ref>Corrupt/Gone</ref>
Error in config.sys	One of the files referenced gone
Cannot open *.inf	Insufficient memory
Missing System file	Command.com/io.sys/msdos.sys
VXD Failure	VXD missing
An error message containing Kernel32	Corrupt Kernel
Invalid System Disk	Boot sector virus/io.sys corrupt
Bad/missing command.com	c/g
System Registry files missing	System.dat/user.dat c/g
Insufficient Diskspace
Invalid VXD Dynamic link call from IFSMGR	Msdos.sys c/g

Msconfig shows boot problems

ASD – Automatic Skip Driver (Use safe mode)

[edit section] Startup Errors

Himem.sys	c/g, check version
Config.sys line xx	Check syntax & driver, do step-by-step
System.ini	Rename, creating minimal version
Device not found	System.ini, win.ini, registry
New device not working	Safe mode
Failed to start device	MMC event viewer

[edit section] Windows Protection Errors

Usually VXD load/unload failure

• corrupt vxd
• real/protected mode driver fight (SB card configured differently in Dos and Windows)
• Invalid registry entry (regedit fix)
• Win.com/command.com corrupt or an early version
• Protected driver loaded, after driver initialisation
• i/o address / RAM conflict
• CMOS settings incorrect (cache or CPU timing)
• PnP Bios malfunction or mainboard failure
• Defective Ram/cache
• NovellClient32 on an Office 97 PC

[edit section] Safe Modes

• 98 – F8, safe mode, step by step, safe mode with prompt
• No autoexec/config, load/run in win.ini, boot, 386enh in system.ini
• 2k, XP – Safe mode & Network
• ME,XP – System restore
• NT4 – VGA mode

[edit section] ASD.exe

• Auto Skip Driver
• 98, ME – Failure twice, ASD disables it
• Asd.log
• Monitors starting of a device
• ASD can override BIOS on restart
• Checks video POST and power state
• Address space mapping, problems.
• Keeps eye on IRQ routing
• System information – tools – ASDagent.

[edit section] Troubleshooting

[edit section] Dr.Watson

• intercepts errors, gives causes and OS snapshot
• watson001.wlg or Watson001.log in win\drwatson
• good for regular errors. For random, load at startup
• system info – tools – Dr Watson. Or run drwatson.exe

[edit section] Event Viewer

• sys log general menu – log size, overwrite options
• sys log filter menu – event type to log
• even source – what hardware log comes from
• even ID – troubleshooting ID of the event

[edit section] Startup Disk

• 95,98,ME – same
• Add/remove programs – startup disk – create disk
• 98 – format, "Copy system files"
• 2k – setup or ERD
• Makeboot.exe, makeboot32.exe
• Boot disks across 2k versions are not compatible
• Boot, then use ERD/recovery console
• System tools – backup – ERD – select "also backup registry"
• XP – ASR (Automatic system recovery)
• Formats system partition
• Backup – advanced – ASR preparation

[edit section] Configsafe

• crash protection for all but ME
• snapshot creation. Periodic/random
• Report generation
• Shows changes in system files, drives, registry, etc.

[edit section] User Help Resources

• manuals, websites etc
• Win Resource Kits – CDRom with extra utilities
• Support.microsoft.com
• XP help/support
• Welcome to support – Get friend, Microsoft, forum

[edit section] Task Manager

• NT, 2k, XP – Performance information
• CTRL-ALT-Delete or CTRL-ALT-Escape in NT4,2k, or rightclick desktop
• New task opens a program (Under applications)
• Commit Charge – VM and Page File use
• Kernel Memory – Ram/VM used by OS

[edit section] Device Manager

• Status and list of hardware
• Diamond type thing – SCSI. Three lines – USB
• Red x – disabled. Yellow ! – problem/conflict but may be working
• Blue ! – Manual settings, no problem. Green ? – Driver not the one designed but works
• View – Print – Select All Devices (Report)
• Rightclick device to uninstall

[edit section] WinMSD

• use run Winmsd
• NT Diagnostics & Report
• Create report (print, or .txt)
• Programs – admin tools – diagnostics

* /a – complete report	* /f – send to file
* /s – summary report	* /p – send to printer
System report – BIOS/cpu	Environment – variable problem
Services " –Startup values/errors	Transport – hardware MAC and protocols
Drivers – All drivers	Further – Misc stuff

[edit section] Common Problems

[edit section] Printer

• Verify printer is ok and is default. Print test page
• In queue, cancel all documents
• Working in DOS but not windows, Properties – advanced – Print directly to printer
• Check CMOS and device manager
• PPT driver test – print /D:lpt1 file1.txt
• Printing from notepad but not other – might be program
• Reinstall driver. Properties – advanced – new driver
• Test on new cable or computer

[edit section] Printer Spool settings

• storing print job to buffer before printing
• ME – print after first/last page is spooled
• Properties – details – spool settings
• Can pick EMF (default) or RAW (printer specific and takes longer)

[edit section] BSOD

• OS/app crashes. Part of memory corrupt
• Error code, memory address, text code, modules, kernel debugger given
• Insufficient HDD space for temp files
• Registry corruption

Divide by 0
IRQL_NOT_LESS_OR_EQUAL	Driver or IRQ crash
K_MODE_EXCEPTION_NOT_HANDLED	Bad device or driver config
REGISTRY_ERROR
INACCESSIBLE_BOOT_DEVICE	Driver/SCSI terminator/Boot virus
UNEXPECTED_KERNEL_MODE_TRAP	Memory problem
BAD_POOL_HEADER	Most recent change causing problem
NTFS_FILE_SYSTEM	HDD corruption
KERNEL_DATA_INPAGE_ERROR	OS failed to read kernel data from page file
NMI_HARDWARE_FAILURE	HAL cant find error. Corrupt memory. Parity/non parity RAM mix

• illegal operations – invalid page faults (reinstall components)
• invalid current path – Application cant access working directory

[edit section] System Lockup

• check BIOS, defrag, scandisk, cooling, cards, voltage, speed
• BIOS (latest). If BIOS doesn't recognise CPU, upgrade it
• Malfunctioning peripheral device
• Illegal operation – unprocessable operation code. OS closed program

[edit section] Application install problem

• error messages given
• caused by incorrect use of an operation
• Corrupt files/virus
• Hardware malfunction
• Reinstall or check with Dr Watson
• Bad system files / lack of HDD space
• Check programs.txt in c:\windows for known issues.

[edit section] Service packs etc

• Patch – specific issue
• Service packs – many issues
• Update – entirely new version
• Admin logon with everyone else logged off
• ASR (auto system recovery), backup, turn off virus scanners

[edit section] Viruses

[edit section] Types

Traditional	Attact to exe, stay in RAM. Payload is action it does
Trojan Horse	Appears as legit. Does expected task as well as bad. Cannot replicate.
Logic Bomb	Secretly in host until trigger
Worm	Self replicating virus. Doesn't need trigger
Macro	Scripts. Application specific. MSword one wont do bad in MSexcel. Infects other MSWord (say) files
Boot sector

• Polymorphic – Changes replicated version
• Stealth – Conceals itself (returns good copy of boot sector if queried)
• Tunneling – Tunnels all HDD-OS communication through itself.

[edit section] Virus Protection

• Boot from clean rescue disk only. Write protect
• Scan all CDs etc
• Never open email attachments
• Download file check.
• Set macro disabling option
• Take backups
• Inform other people if infected
• Run antivirus monthly
• Update (liveupdate in Norton, set how much to scan)

[edit section] OS Management

[edit section] Registry components

• 98 – 1 database – user.dat, system.dat. policy.pol
• User.dat – user info. Logon/desktop/etc. Hidden in win directory
• System.dat – hardware info. PnP, application settings. ""
• Policy.pol – Policies that override above. Not mandatory file.
• NT – hierarchy. 5 files in a hive. Default, SAM, System, Software, Security
• Default – User config
• SAM (System Accounts Manager) – Passwords
• System – Devices/Services
• Software
• Security – Levels/permissions
• Interacts with ntoskrnl during startup & ntdetect.com (hardware)
• Ntldr – Device initialisation using registry
• Configuration info stored in registry too

[edit section] Registry Structure

• Rootkeys -> Subkeys -> Data items (Name/data/value/type)
• Rootkey – "HKey_"
• Some subtrees take data from many of the 5 hives.

HKEY_LOCAL_MACHINE	data, specific to PC. Associated with HKEY_CLASSES_ROOT, CURRENTCONFIG and DYN_DATA. (98 – system.dat, NT – Sam/Security/Sys/Hardware)
HKEY_USERS_DEFAULT HKEY_CURRENT_USER	Profiles. (98 – User.dat, NT – default)
HKEY_CURRENT_USER	98 – stored on startup. NT – Account needed
HKEY_CLASSES_ROOT HKEY_CURRENT_CONFIG	HKEY_LOCAL_MACHINE\software\classes HKEY_LOCAL_MACHINE\config
HKEY_DYN_DATA	Dynamic info. 9x, stored in RAM.

[edit section] Registry Editor

• regedit.exe
• Root/Subkeys on left, value entries on right.
• Registry menu – Import/export/network
• Regedit32.exe – NT,2k
• Tree, security,options,window
• XP – built into Regedit

[edit section] Registry Checker

• 98/ME – Scanreg (Real Mode – Dos), Scanregw (Protected Mode – Windows)
• Takes backups daily, also made on successful boot
• Scanregw checks, optimises, then backs up
• Rbxxx.cab – Stores user.dat, system.dat. win.ini, system.ini backup. In \windows\sysbckup, for 5 days.
• Scanregw finds problem, reboots with scanreg.

[edit section] Registry Restore

• %root/repairs/regback
• Boot to recovery console.
• Cd system32\config. Rename files. Copy from backup.

[edit section] Windows 9x system files

• io.sys – functions of DOS io.sys and msdos.sys. Helps initial interaction between OS and PC hardware
• msdos.sys – text file. Config info for io.sys. Windows directory, does both windows or dos mode.
• Command.com – Displays promot, executes commands.

[edit section] Legacy Files

• Autoexec/config – Variables. Load TSRs, drivers
• Autoexec.bat – starts applications
• Config.sys – hardware control. Break, buggers, device, files (max), install, rem, stack (interrupts). Sends info to io.sys files.
• System.ini – storing info for device deivers about how DOS applications are to be handled
• Win.ini – information on config & wallpaper, data, fonts. Info usually stored in registry, here too for compatibility.

[edit section] NT4/2000 system files

• boot.ini – dual boot.
• Boot loader/OS sections.
• Boot loader – Timeout/default OS selection
• OS section – List of OS, optional switches.

/basevideo	Loads in VGA	/noguiboot	No graphic on boot
/crashdebug	Only if Kernel error	/sos	Driver display when loading
/debug		/maxmem
/debugport	Port select

• ntldr – loads selected OS
• bootsect.dos – Boot sector of installed OSes previous to 2k4. Legacy dualboot
• ntdetect.com – Test hardware, passes to ntldr
• ntbootdd.sys – Used if boot partition on SCSI device
• ntoskrnl, hal.dll, system, device drivers.

[edit section] x Memory

• hex used for ease
• 32bit flat, linear memory, using VM
• DOS
• 0 - 640k – Conventional – DOS programs
• 640k – 1mb – loading DOS drivers
• 1mb – 1088kb – High mem. DOS loaded here
• 1mb – rest – XMS (Extended)
• EMS (Expanded) – can make large amount of memory available. 64k EMS window. Loaded here, then transferred to expanded. 32mb through a card.
• Don't use emm/himem in 9x. 9x internal stuff more efficient
• DPMI (Dos Protected Mode interface). Many programs in XMS. Creates Virtual Machines
• Protected mode. OS allocated resources.
• Mem /c (areas/amounts shown)

[edit section] NT4, 2k, XP memory

• supports old DOS modes via Virtual Computers
• flat, 32 bit, linear memory. VMM + HDD
• up to 4gb memory (Physical & HDD)
• upper 2gb – OS (Kernel memory)
• lower 2gd – User memory
• process given a VM address. VMM transfers it to physical memory address
• VM broken into 4kb pages (efficient size)
• Needed pages swapped from HD to RAM
• FIFO used to decide which. Longest in there goes to HDD.
• Shared Memory allowed
• Processes cant access each others VM space.

[edit section] VM and the VMM

• address not in RAM. Hard page fault
• 9x – win386.swp, NT, 2k, XP – pagefile.sys <- process section in Performance Monitor

[edit section] Disk Cache

• temp storage in RAM. Stores data being written/read from the HDD
• HDD controller sends data to processor. Caching program reads whats next before its needed, loads to RAM. (faster)
• Hardware Cache needs no system RAM but travels over many buses (slower).
• Software cache uses system RAM (faster). Over system bus (fastest)
• MSDOS – buffers = [x] in config.sys
• DOS/3.1 – Smartdrive. 16bit real mode.
• 9x – Vcache. 32bit real mode. Better than Smartdrive
• NT,2k,XP – Automated caching.

[edit section] Networking Technologies

[edit section] Network Types

• NT4, 2k Workgroups
• P2p, decentralised. User added, must be made to all systems
• NT4 Domain
• PDC, BDC. Workstations. Partially centralised. Need permissions/location of resource
• 2k Domain
• Active Directory (AD). All objects. Domain Controller (DC). Centralised. Do not need to know location of resource. Multiple, grouped domains. ~Millions of objects possible

[edit section] Adapter Configuration

• NIC/ISDN/modem/serial/parallel/USB/infrared
• PnP needs restart. Drivers needed for legacy.
• Info – Properties in Device Manager
• General tab – Type, manufacturer, status, location, troubleshooting
• Advanced – Properties
• Driver – Driver Details, update, rollback, uninstall
• Resources – All resources & settings. I/O, DMA, IRQ, memory addys.
• Power Management – Standby, wake on LAN etc.

[edit section] TCP/IP Overview

• Routable – address of destination and destination network included
• Can interconnect different network types (and PSTN)
• Scalable, efficient, efficient delivery (good for Internet)
• Common addressing scheme

[edit section] TCP/IP – Manual vs. Automatic

• Manual
• Time consuming, errors. Small network only
• IP address, subnet mask, gateway for each computer manually.
• Automatic
• DHCP (safe, reliable, configured automatically)
• Lets you move computers without reassigning them

[edit section] ISP Services

• POP – Points of Presence. ISP locations.
• Hosting etc Provided
• VPN – Virtual Private Network

[edit section] SMTP, Pop, IMAP

• SMTP - Simple Mail Transfer Protocol
• POP - Post Office Protocol
• IMAP - Internet Message Access Protocol
• POP2 – 1980s. SMTP for sending.
• POP3 – with or without SMTP
• SMTP has limited queueing, so POP3/IMAP help
• SMTP sends, POP/IMAP receive
• IMAP – Accessing message from a PC.
• Received and held by mail server
• Can view just heading/sender
• Needs continual server access. Remote file server, basicially
• POP3 – "Store and forward"

[edit section] HTML

• Hypertext Markup Language
• Tags <xxx>, </xxx>
• Platform independent, content based

[edit section] HTTPS

• HTTP over SSL (Secure Sockets Layer)
• Port 443. (HTTP = Port 80)
• Stages
• Browser sends request, informing server about what it supports.
• Server sends cert and its public key
• Browser makes secret key and encrypts with servers public key
• Sends to server
• Server decrypts with its own private key
• Cannot be read without these keys.

[edit section] SSL

• By Netscape
• Above TCP/IP, below HTTP, IMAP, SMTP
• SSL handshake protocol – Authentication.
• "Client Hello" – information on RSA etc, and two random numbers. Client number and SSL session
• "Server Hello" confirms.
• TLS – Transport Layer Security. Standardized version of SSL3.
• SSL source and identifying data not secure, but data is.

[edit section] Telnet

• Terminal emulator. Logon to remote device and run program
• TCP port 23
• Client can work on server through terminal
• Autonegotiation of flow control, screen size, terminal type (ANSI, VT52/100/220/TM3270)
• Telnet Miami.eteachonline.com 25 (80 for webserver)
• Routers support telnet for general management

[edit section] FTP

• Can be done through command line
• FTP
• Open ftp.eteachonline.com
• (Username & Password)
• Cd, get, put, bye
• ASCII mode – text. Binary – rest. Use auto though.

[edit section] Configuring Networks

[edit section] DHCP & BootP

• BootP = (older) Bootstrap Protocol
• Each host needs IP, subnet mask and default gateway.
• BootP – Diskless workstations. Send a UDP BootP request
• Servers respond to MAC addresses with IP information
• DHCP allows temporary or leased IP addresses
• Client sends DHCP message requesting IP

DHCPDISCOVER	Reply with DHCPOFFER. From many servers, computer picks one.
DHCPREQUEST	Accepting offer. "Lease ID cookie" – IP address committed
DHCPACK	Completion of process
DHCPNAK	If process fails
ARP Request	Checks if IP address already used. If so, DHCPDECLINE sent.

• APIPA – Allocation without DHCP server (Win 98+). If APIPA cant find DHCP it uses 169.254.0.1 to 169.254.255.254. These aren't used on the Internet
• Default Class B Subnet Mask – 255.255.0.0
• DHCP not suitable for Internet. No DNS.

[edit section] DNS

• Domain Name System. Replaces IP address with a name
• DNS – Stores domains in inverted tree structure. "Domain Name Space"
• Root domain – ICANN. Assigned names and numbers.
• Register domain names, IP addresses, protocol/port numbers, oversee stable operation of root DNS servers.
• ccTLD – Country Code Top Level Domain
• Name resolvers – Must access one name server, or do a referral.
• DNS servers use caching

[edit section] WINS

• Windows Internet Naming Service
• Maps PC names to IP addresses (NetBios names to IP addresses)
• 2k uses DNS names
• LMHOSTS file contains mapping. Manually done, bad for big network.
• Transmit a request, computers respond with their IPs. Will not work through routers.
• WINS server does it through Unicast. Works through routers.
• Processes into Name/Client services
• Client registers name & IP with WINS server. Multiple WINS servers in a big network, synchronizing their data tables.

B-Mode	Broadcasts for NetBIOS
P-Mode	Name registered and resolved with WINS
M-Mode	Tries B mode then P mode
H-Mode	Tries P mode then B mode

• WINS still exists for backward compatibility.

[edit section] TCP/IP Configuration

• manually done = static IPs
• Select "Obtain IP/DNS Automatically"
• Subnet mask distinguishes network and host. Eg – 192.168.10.1
• Network identifier = 192.168.0.0
• Host ID = 0.0.10.1
• Default gateway – Defines route for external network (router)
• "Alt config" tab appears when Auto IP from DHCP selected
• APIPA used if no DHCP available

[edit section] IPX/SPX

• Similar to OSI model
• RIP, NLSP, SPX, NCP, SAP, IPX
• Connectionless, datagram based

IPX (Internetwork Packet Exchange) – routes packets through network for transparency SPX (Sequenced Packet Exchange) – ensures packets are in correct sequence NCP (Netware Call Protocol) – satisfies application requests (e.g. security, synchronisation) NLSP (Netware Link Service Protocol) – reduces bandwidth wasted by RIP RIP (Routing Information Protocol) – dynamic exchange and updating of routing info SAP (Service Advertising Protocol) – SAP table. allows servers to advertise themselves every 60sec. Stored on each server and router.

• Logical network needs unique address – 32bit 1 to FFFFFFE
• Devices have unique node address – 48bit value from MAC
• Data loss must be prevented

[edit section] Appletalk

• Phase 1 – 254 devices, 127 nodes, 127 servers.
• Phase 2 – 253 devices, any combination
• Nonextended – Labelled 1-1024, one Zone.
• Extended – Many numbers, done on Cable Range.
• Layout
• Socket – Addressable location (DDP)
• Node – Apple PM, printer, software. Socket in Node
• Network – Cables, with many nodes
• Zone – What the admin decides will be included.

ADSP (Appletalk Data Stream Protocol) – Duplex. Ensures delivery of data AEP (Appletalk Echo Protocol) – Determines if node can be accessed and length of time for packet to get there AFP (Appletalk Filing Protocol) – App/Pres layer. Permits application to work with files on servers and sharing. ASP (Appletalk Session Protocol) – Transport/Session layers. Asymmetric, Session of OSI. Establishes sessions between client and server ATP (Appletalk Transaction Protocol) – Sequencing, resending lost packets DDP (Datagram Delivery Protocol) – Network layer. Forwards packets between sockets. Relies on others. LAP (Link Access Protocol) – Data Link layer. Selects from and switches hardware. RTMP (Routing Table Maintenance Protocol) – Keeps routing table and determines best way to forward frame ZIP (Zone Information Protocol) – Lets apps get the zone name and network details ETHERtalk, TOKENtalk, LOCALtalk, FDDItalk. Various implementations.

[edit section] NetBEUI

• from an upgrade of NetBIOS
• 18 commands
• 20-200 PCs on a LAN. No routing.
• Self Tuning. Dynamically allocates memory.
• Good error protection.
• Used on NT4. 2k, 2k3, XP use TCP/IP
• NBF – NetBIOS frame. Better than NetBEUI.
• 32bit number. Better than 254 session, 8 bit NetBIOS.
• Broadcast traffic high. Does cache MAC addresses
• Not routable. Must bridge connections, which is bad.

[edit section] Internet Technologies

[edit section] Types of access

• DSL – Some use modems, some use CSU/DSU (Channel/data service unit)
• ISDN
• BRI – Basic Rate Interface
• 2x B @64k, 1x D @16k. (Signalling & Admin)
• 2B+D, 144k
• Up to 8 ISDN devices
• D signals and routes to devices
• D can put a call on hold (Multiple Call Appearances)
• PRI (Primary Rate Interface)
• Used at PBX (Private Branch Exchange)
• 2mbps EU (30B+D), 1.5 US, Asia (23B+D)
• Can order nB+D
• Dynamic bandwidth allocation of T1/E1 bandwidth

• Cable Modems
• RF to IP. Up to 36mbps downstream
• Bandwidth distributed among many homes
• Not encrypted
• Satellites
• GHz. "Footprint"
• C Band (2-3m dish), Ku Band (18 inch dish) and Ka bands.
• 24 GPS satellites
• WLAN
• RF. Uses an AP. Wired -> Wireless
• PCMCIA/NIC
• Transparent to Network OS
• LAN/WAN
• LAN
• Small area – Close workstations, high bandwidth, continuous connectivity
• WAN
• Large, leased lines, continuous or intermittent connectivity.
• Connects LANS, a combination of wired & wireless
• Uses Switches, Leased.

[edit section] Browser Script Support

• IE : Advanced tab of tools – Select "JIT compiler for VM enabled"
• Netscape : Edit – Preferences – Advanced – Select "Enable Java" and "Enable native object scripting"

[edit section] Proxy Servers

• IE connections tab – Lan Settings – Use Proxy
• Netscape – Edit – Preferences – Advanced – Proxies – Set Auto Proxy Config URL
• Security in Netscape "Privacy and Security"

[edit section] Firewalls

• "Stateful inspection technology"
• Accepts only traffic that matches entry in its table
• Security logs (can be set to log accepted/denied or both)
• Control panel – Network Connections – Properties – Advanced – "Protect my computer…."

[edit section] Internet Software

[edit section] IPConfig & WINIPConfig

• static IP – shown
• auto IP – DHCP shown
• "More info" gives Host/Ethernet Adapter infos
• Host – Card, DNS, Node type, Scope ID
• Ethernet Adaptor – WINS etc
• "Release" sends DHCPRELEASE (Giving up IP)
• "Renew" sends DHCPREQUEST
• /release or /renew do the same
• Doubleclick network connection, support tab, details.
• Ipconfig /all
• If DHCP successful, its shown.

/? – Gives list of commands	/displayDNS – Displays cache contents
/flushDNS – Purges cache	/showclassID

• Unix – IFConfig
• "-a" gives status of all interfaces

[edit section] Ping/Tracert

• Ping
• Packet Inter Network Groper
• "Echo request" and "Echo reply"
• Testing own TCP/IP stack "Loopback address" 127.0.0.1
• Tracert
• Ping with TTL changing.
• First hop. TTL=1. Error generated, sent back with IP, result given.
• Second hop. TTL=2. Error, sent back, result.
• Nth set, TTL=n
• "Tracert <ip>"

[edit section] NSLookup

• Querys DNS
• "nslookup" gives a > . Enter hostname.
• "Set type = <xxx>"

(A)	32bit IP4 address
Canonical Name (CNAME)	Alias DNS
Mail Xchanger (MX)	Message Routing
Name Server (NS)	Responsibilty for Zones "Authoritative"
Pointer (PTR)	Location in DNS space
Start of Authority (SOA)	Mailbox, serial number etc.
Service (SRV)	Single DNS Domain. Designating Backups.

• >set type = mx
• >eteachonline.com
• >set type = any
• Type "Server Name" = alt DNS

[edit section] Resource Sharing

[edit section] Folders

• File/print sharing must be installed.
• Do properties/sharing.

[edit section] Share Permissions

• Restrict access (but not locally)
• Full Control
• Change (All, but no modifying of sharing properties)
• Read (Just view and run)
• Can combine with NTFS permissions. If the two are not the same, the more restrictive is used.

[edit section] Printer Sharing

• Add Printer wizard or Properties/sharing
• Can select "Browse for Printer"

[edit section] Miscellaneous

• Max 300 shared folders in Win 95
• Sys.com on ERD fixes command.com

	Web ProProfs.com