3.1.9. TYPICAL OS FAULTS, THEIR SEARCH AND ELIMINATION ALGORITHM

The most common causes of failures when booting the OS Windows :

• Corruption or deletion of important system files, such as registry files, ntoskrnl.exe, ntde-tect.com, hal.dll, boot.ini;
• installing incompatible or faulty services or drivers;
• damage or removal of services or drivers required for the system;
• physical damage or destruction of the disk;
• file system corruption, including violation of the directory structure, master boot record (MBR) and the boot sector;
• the appearance of incorrect data in the registry (with a physically non-damaged registry entries contain logically incorrect data, for example, beyond the allowable values ​​for services or drivers);
• Incorrectly set or too limited permissions for the \% systemroot% folder.

OS recovery tools can be divided into:

• regular, included in the distribution of Windows 2000 / XP
• third party utilities.

Established system recovery tools Disaster Recovery Disk
In Windows XP, the “Automated System Recovery (ASR)” system is used, which allows you to create a backup of the entire system using modern and popular high-capacity media such as CD-R / RW or hard drives (also tapes, if someone has there is a streamer).

Create an ASR set .

In order to take advantage of the ASR mechanism, it is necessary to create an ASR set consisting of 2 parts:

• data archive itself, which can be placed on a recordable CD, tape, non-system partition of a hard disk or other hard disk;
• A floppy disk on which data is written that is required for system recovery.

Administrators can create ASR sets. To create an ASR set, run the Data Backup program.

("Start - All Programs - Standard - System Tools - Data Archiving" or type ntbackup.exe from the "Start - Run" menu). Switch to advanced mode. By default, not all files are included in the archive being created. Therefore, before creating an ASR set, it is worth looking at the list of excluded files.

To do this, go to the "Tools - Options - File Exclusion" tab. By default, this list contains: a paging file (pagefile.sys), a file created when hibernating (hiberfil.sys) is used, recovery checkpoints, temporary files and some log files. Carefully check the entire list, if necessary, make changes to it. After that, you can run the Disaster Recovery Preparation Wizard to create an ASR set - select "Tools - Emergency System Recovery Wizard". Specify the path for the created archive. Do not specify the system partition of your hard disk as the path. After collecting the necessary information, the archiving process will begin. If you place an archive on a partition of a hard disk with the FAT32 file system, pay attention to the information line “Expected, byte” - if the size of the created archive is estimated at more than 4 GB, you should interrupt the backup process and reduce the size of the archive by excluding some non-system files from it , which can be saved in a separate archive, otherwise the creation of the ASR set will not be completed properly. After that, run the disaster recovery preparation wizard again. After creating the archive, you will be prompted to insert a floppy disk to write recovery parameters to it. This completes the creation of the ASR kit.

System Restore using ASR Kit

To restore the system, you need an ASR set (archive + floppy disk) and a Windows XP boot disk. Boot using the boot disk, choose to install Windows XP. When the prompt appears in the status bar, press the F2 key - the message "Insert a disk called Windows Automatic Restore Disk in the floppy drive" appears. After reading from the diskette necessary for data recovery and loading the main drivers, the system partition will be formatted and the initial installation of Windows XP will be made. Next, the wizard for emergency system repair will be launched and the files from the archive of the ASR set will be restored. After the files are restored, a reboot will be performed and you will receive Windows XP with all installed programs, documents and system settings at the time of creating the ASR set.

Recovery Console (Emergency Recovery Console)

Another system recovery tool is Emergency Recovery Console (abbreviated ERC), included in the Windows 2000 / XP distribution. You can install ERC on a computer only after installing Windows 2000 / XP, for which you must perform the following steps:

Click the "Start" button; select in the expanded menu the item “Run ...”;

• In the window that opens, enter the following command:
• M: \ i386 \ winnt32.exe / cmdcons, where M is the drive letter,
• corresponding to the CD-ROM drive; Click "OK";
• follow the instructions on the screen;
• When installation is complete, restart the PC.

Installation will require about 6 MB in the system partition. Now in the OS selection menu that appears when the system starts up, there will be a new item - “Windows 2000 Recovery Console” or “Windows XP Recovery Console”. By selecting this item,

you will start downloading ERC

After starting the Recovery Console, you will need to select the installed operating system (if two or more systems are installed on the computer) and log in using the administrator password. If the entered password is correct, we will be able to boot into the command line interface. From it, by typing certain commands, you can try to restore the system. With the help of basic commands provided by the console, you can perform simple actions like changing the current folder or viewing it, as well as more complex ones, such as restoring the boot sector. To get help on the recovery console commands, enter the word “help” in the console command line. Here are the most important of the Recovery Console commands:

• registry overwrite - copy
• displaying a list of system services and drivers - listsvc
• disable certain service - disable (enable - enable )
• recovery boot files - fixboot
• Master Boot Record Recovery - fixmbr

Rollback driver

Very often, the system crashes when updating the driver of a device. Since the driver is essentially the same program, it sometimes contains errors that lead to incorrect operation in some configurations and, as a result, to a system failure. Windows, when updating a device driver, does not delete the old one, but saves it in case problems arise. And when a new driver causes problems, the Rollback Driver tool allows you to revert the old one, that is, how to roll back system changes. Moreover, the built-in mechanism for checking driver compatibility may not allow installing a driver that, according to Windows XP, is not suitable for it.

System Restore

System Restore, allows you to return the OS to a healthy state, based on the concept of restore points (Restore Points). The idea is simple, as all ingenious: to force the system itself to track and record all changes occurring with system files. Such a mechanism makes it possible to roll back to a workable version of the system if the system files are damaged by illiterate user actions or incorrect drivers or programs are installed. The System Restore mechanism automatically saves a set of system files before installing drivers or programs, and a system restore point is created once a day. When you start this service, you will be asked to choose whether to restore the system in accordance with the previously saved restore point or create a new restore point. Choose what you need, and then just follow the instructions that appear on the screen. If the computer does not boot, try opening the Last Known Good Configuration. Windows XP will restore the system using the latest restore point. Since each recovery point takes up space on the hard disk, it makes sense to delete unnecessary ones. To do this, do the following: "Start -> Programs -> Accessories -> System Tools -> Disk Cleanup", the "Advanced" tab. 'All points except the last are deleted. Also in the registry, you can set the lifespan of recovery points by adjusting the parameter

RPLifeInterval in the section: HKEY_LOCALMACHINE \ SOFT-WARE \ Microsoft \ Windows NT \ CurrentVer-sion \ SystemRestore. The parameter type is dword. The default value in seconds is 0076a700, which corresponds to 90 days.

System Registry Backup Tools

The registry is a huge database of settings stored in folders at% SystemRoot% \ System32 \ Config and the user profiles folder Ntuser.dat. Rough change of parameters or, even worse, the removal of entire branches can lead to the inoperability of the system as a whole. To back up the registry, you can use one of the following methods:

Method number 1 . Operating system, every successful launch saves A copy of the registry in a .cab file that is written to the hidden directory in the SYSBCKUP directory of Windows. By default, the last five copies are stored.

To restore the registry from one of these backups, you must reboot into DOS and execute the command SCANREG / RESTORE.

A list of available registry backups will appear, sorted by the time they were created. After selecting the desired copy, the data will be safely

restored, and you will receive a registry that meets the state of affairs at the time of its creation.

To back up the registry at any time, use the SCANREG / BACKUP command , which will create a backup in the case of a normally validated check.

Method number 2 . In order to back up the registry, You can use the Backup and Restore Wizard - Start / Programs / Standard / System Tools / Data Archiving - or just Run: ntbackup. The archiving program allows you to archive copies of important system components such as the registry, boot files (Ntldr and Ntdetect.com) and the Active Directory directory service database. For archiving the registry of Windows XP, step-by-step instructions are as follows:

1. Log in with administrator rights.
2. Run NTbackup - Archiving data.
3. From the wizard mode go to Advanced mode.
4. Select the Archiving tab.
5. In the left window we find the System State icon (string) and mark it with a “bird”:
6. Click on the Archive button, and then select Advanced.
7. We set a tick "Data verification after archiving"; Remove from the item "Automatically archive protected system files with the state of the system" (the procedure will take much less time):
8. Type of archive set Normal.
9. OK button and Archive

Step-by-step instructions for full registry recovery using NTbackup are as follows:

1. Log in with administrator rights.
2. Run NTbackup.
3. Go to the tab "Recovery and Media Management."
4. In the Check boxes box, for all objects that you want to restore, select the check box for the System Status object.

Method number 3. The essence of this method is the so-called. export reg file The method is especially effective (takes a little time and allows you to make copies of individual subsections) and is relevant when experimenting with the registry. Algorithm:

1. Run regedit command.
2. Select the desired section / subsection.
3. Right mouse button / export, specify the path to save a copy and the file name.

When archiving part of the registry, data is exported to a reg-file. In order to extract them and restore the original state of the registry, you must perform the following steps:

1. Run regedit: Start / Run / regedit.
2. choose File / Import with the path to the imported file in the main menu or simply launch the reg-file, confirming the import to the registry.