Survey of Operating Systems 5th

Edition Holcombe Solutions Manual

Visit to download the full and correct content document: https://testbankdeal.com/dow
nload/survey-of-operating-systems-5th-edition-holcombe-solutions-manual/
 Survey of Operating Systems — Fifth Edition
Instructor Manual
Chapter 7
Supporting and Troubleshooting Windows
In this chapter, students will look under the Windows desktop at some of the complexity of the
Windows operating system, including the registry, the Windows user options, power options, and
various ways to start up Windows for resolving problems, as well as working with device drivers
and troubleshooting. At the end of the lesson students should be able to:
LO 7.1 Define the role of the registry in Windows and back up and modify the registry when
needed.
LO 7.2 Describe the Windows user options and power options, and, given a scenario, select
appropriate startup options.
LO 7.3 Install and manage device drivers.
LO 7.4 Troubleshoot common Windows problems.
Estimated time for lesson: 3 to 4 hours
Preparing for Class
At minimum, the students should have computers configured with Windows 7, Windows 8.x or
Windows 10. Each student should be able to log on with an administrator type account.
Prerequisites for Class
Ensure that the students are:
• Able to access a running lab computer either individually or in small groups
• Able to browse the Internet and capable of using a web browser
• Able to access a computer running Windows, preferably Windows 7

Class Preparation Notes

While there are no hands-on activities that will be as time-consuming as the installation labs of
some of the early chapters, you should take time beforehand to review the five Step-by-Step
exercises and four Try This activities on a computer configured identically to the students'
computers to determine where your group of students might have difficulty.

General Teaching Tips

This chapter moves from the conceptual to the practical, while maintaining the “survey” level.
The goal of this chapter is to give users enough understanding of the workings of Windows to
enable them to use some of the simpler recovery tools, but to also understand the boundaries
between recovering from a disaster and creating a disaster by attempting to do advanced tasks
without the requisite knowledge. This caution especially applies to the first section; where we
want the students to understand the registry and its components but not to get bold about making
direct changes. It includes a Try This (page 268) in which they open Registry Editor, and a Step-

IM-7 | 1
Chapter 6 Under the Windows Desktop

by-Step that has them use System Restore as a simple way to back up the system, including the
registry. In the second section students learn about the Windows User and Power options and the
shut down and startup procedures for Windows 7, Windows 8.x, and Windows 10. Then, they
move on to working with device drivers, with a Try This for searching for a device driver on the
Web and a Step-by-Step in which they become acquainted with Device Manager. The section on
troubleshooting gives them hands-on experience with Safe Mode.
Key Terms
binary file — A file that contains program code, as opposed to a file containing data.
bootloader — The Windows OS startup code that gets loaded in memory.
bootstrap loader — A firmware program that uses hardware configuration settings stored in
nonvolatile memory (commonly called CMOS) to determine what devices can start an OS
and the order in which the system will search these devices while attempting to begin the OS
startup process.
code signing — A practice introduced in Windows 2000 in which all of the operating system
code is digitally signed to show that it has not been tampered with.
Command Prompt—A command-line interface (CLI) that you can launch from within
Windows, from Safe Mode, or as a Recovery option.
Consent Prompt — A prompt requesting permission from an administrator to proceed with
an action that requires administrator privileges.
Credentials Prompt — A prompt requesting that a standard user provide computer
administrator credentials before granting permission to proceed with an action that requires
administrator privileges.
data type — A special data format in the Windows registry. There are several registry data
types, such as REG_BINARY, REG_DWORD, and so forth.
Device Stage — A Windows 7 feature which, if the device supports it, will bring up a page
from which you can make many choices for managing the device, and it often includes an
accurate image of the device.
digital signature — In Windows, encrypted data that can be unencrypted by Windows in a
process called file signature verification.
driver signing — Code signing of device drivers that indicates two things: the integrity of
the file or files, and that the device driver has passed Microsoft’s tests for compatibility.
Early Launch Anti-Malware (ELAM) — A security component that examines each of the
device drivers before they load into memory, thus preventing suspicious drivers from
loading.
Fast Boot — A start-up feature that takes advantage of the hibernated kernel of the Windows
8 Hybrid Shutdown by bring the hibernated system session out of hibernation, saving all the
work of the Kernel Loading phase.
file signature verification — The process by which Windows unencrypts a digital signature
and verifies that the file has not been tampered with in any way.

IM-7 | 2
 Survey of Operating Systems — Fifth Edition
Instructor Manual
Hibernate — The process of saving to disk an image of the contents of RAM, including the
OS, open apps, and all the associated data before the OS sends the command to power down
the computer.
hive — The portion of the Windows registry represented in one registry file.
Hybrid Shutdown — In Windows 8, when you select Shutdown from the Power menu it 1)
sends messages to all running apps to save data and settings and then it shuts down the apps,
2) closes the session for each logged-on user, and 3) hibernates the Windows session and
saves it in a file.
key — In the Windows registry, a folder object that may contain one or more sets of settings
as well as other keys.
Last Known Good Configuration — A startup option that starts Windows normally and
selects the configuration that existed at the last successful user logon, ignoring changes made
after the last logon.
logon phase — The phase of startup that includes authenticating the user, starting the
Windows Logon service, runs existing logon scripts during program startup, and starts plug-
and-play detection.
Measured Boot — A UEFI firmware feature that logs the start-up process so antimalware
software can analyze this log to determine if malware is on the computer or if the boot
components were tampered with.
MSCONFIG — The System Configuration Utility, a Windows tool for modifying system
start-up, allows you to modify and test start-up configuration settings without having to alter
the settings directly. It allows you access to settings buried within the registry and allows you
to make the changes temporary or permanent.
plug and play — The ability of a computer to automatically detect and configure a hardware
device. To work, the computer, the device, and the OS must all comply with the same plug
and play standard.
power-on self-test (POST) — A series of firmware program tests of the system hardware
that determines the amount of memory present and verifies that devices required for OS
startup are working.
PowerShell — A command-line interface (CLI) that accepts text input and also accepts
objects, as defined by object-oriented programming.
registry — A database of all configuration settings in Windows.
root key — In the Windows registry, the top five folders are root keys, often called subtrees
in Microsoft documentation. Each of these subtrees is the top of a hierarchical structure
containing folders called keys.
Safe Mode — A mode for starting Windows with certain drivers and components disabled.
Safe Mode with Command Prompt — A mode for starting Windows with only a command
prompt as a user interface.
Secure Boot — The UEFI firmware feature that loads only trusted operating system

IM-7 | 3
Chapter 6 Under the Windows Desktop

bootloaders.
security ID (SID) — A unique string of numbers preceded by S-1-5 that identifies a security
principal in a Windows security accounts database.
Sleep — The sleep power option causes the computer to stay on in a very-low-power mode;
the system state and user session (applications and data) are saved in RAM, but the screen
turns off.
subkey — In the Windows registry, a key that exists within another key.
System Recovery Command Prompt — An advanced command-line interface where you
can enter commands to repair Windows.
Trusted Boot — A Windows 8 feature that examines each of the system files required for
the boot process before it loads into memory.
value entry — A setting within a Windows registry key.
Windows Recovery Environment (Windows RE) — A component of Windows PE that,
when needed, provides support with a powerful group of diagnostic and repair tools.

IM-7 | 4
 Survey of Operating Systems — Fifth Edition
Instructor Manual
Lecture Outline

I. LO 7.1 Understanding the Registry

Teaching Tip:

Before you begin, do the Try This on page 265 so that hidden files and extensions are visible
in Windows Explorer/File Explorer. Then start out the lecture with Windows Explorer/File
Explorer open and be prepared to locate the registry files as you discuss them. Have the
students do the Try This so that they can see the files discussed. Then, a Try This activity
involves running Registry Editor in order to view the registry structure.
The objective of this section is to give the students an understanding of the function of the
registry, its pieces and parts, and the location of registry hive files. Discourage students from
actually modifying the registry. The text should help them understand that many things they
do day-to-day actually modify the registry. Step-by-Step 7.01 guides them through using
System Restore to create a restore point, an indirect way to back up the entire registry and
more. This section concludes with a brief description of how to back up just a portion of the
registry using Registry Editor.

A. The Registry Defined

1. The registry is a database of all configuration settings in Windows. It

includes settings for:

i) Device drivers

ii) Services

iii) Installed application programs

iv) Operating system components

v) User preferences

B. Automatic Registry Changes

1. Any change to the operating system or an installed application will result

in a change in the registry. The registry will automatically be changed
when:

i) Windows starts up or shuts down

ii) During Windows Setup (which runs more often than you may
think)

iii) Changes are made through a Control Panel applet or the newer
Settings tool

IM-7 | 5
Chapter 6 Under the Windows Desktop

iv) A new device is installed

v) Any changes are made to the Windows configuration

vi) Any changes are made to a user's desktop preferences

vii) An application is installed or modified

viii) Changes are made to preferences in any application

Teaching Tip:

If you have not done so already, have students do the Try This on page 265. Tell students that
in order to see all the registry files they must change the View settings in Folder Options:
Enable Show hidden files, folders, and drives and clear the check box next to Hide protected
operating system files. Both of these settings are required to view these files. However, warn
them that they should return these settings to the default. At minimum click to place a check
in the checkbox for Hide protected operating system files.

C. Registry Files

1. The Windows registry files include the following:

i) BCD

ii) DEFAULT

iii) NTUSER.DAT

iv) SAM

v) SECURITY

vi) SOFTWARE

vii) SYSTEM

2. The portion of the registry in each of these files is a hive.

i) The BCD (Boot Configuration Database) file resides in the Boot

folder in the hidden system partition. Like other registry files it is a
binary file. It contains the store used by Windows during the
bootloader phase of startup.

ii) The DEFAULT hive contains user desktop settings, called a user
profile, used when no user is logged on. You do need desktop
settings for the GUI even before you log on. The default profile is
contained in folders that reside in C:\users\default. In this case,
default is a hidden folder.

IM-7 | 6
 Survey of Operating Systems — Fifth Edition
Instructor Manual
iii) The NTUSER.DAT hive file contains the user profile for a single
user. A separate NTUSER.DAT file exists for each user who logs
onto the computer, as well as one located in the DEFAULT USER
folder. When a user logs on, the settings from that user's
NTUSER.DAT file apply and become part of the current registry.
The first time a user logs onto a computer, It saves the
NTUSER.DAT file in the top-level personal folder for that user.

iv) The SAM hive contains the local security accounts database; SAM
is an acronym for Security Accounts Manager.

v) The SECURITY hive contains the local security policy settings for
the computer.

vi) The SOFTWARE hive contains configuration settings for software

installed on the local computer, along with various items of
miscellaneous configuration data.

vii) The SYSTEM hive contains information used at startup, including

device drivers to load as well as the order of their loading, and
configuration settings, the starting and configuring of services, and
various operating system settings.

3. The Permanent Portions of the Registry are the Registry Hives (see above)
with all the changes saved from use to use.

4. The Temporary Portion of the Registry

i) HKEY_LOCAL_MACHINE\Hardware

ii) Information gathered during the hardware detection process of the

detect-and-configure-hardware phase of Windows startup. It is not
saved to disk in a file.

D. Viewing and Editing the Registry

Teaching Tip:

Open REGEDIT during this part of the lecture, and instruct the students to follow the
instructions in the Try This on page 268 to open this program and view the registry structure.
Then demonstrate the hierarchical structure of the registry and point out the key points. This
section has several key terms. Be sure to use the text and the REGEDIT program to
differentiate among these registry components.

1. View and edit the registry as a hierarchical structure using

REGEDIT.EXE.

i) REGEDIT is located in the folder in which Windows is installed

IM-7 | 7
Chapter 6 Under the Windows Desktop

(usually C:\Windows or C\WINDOWS)

ii) It does not have a shortcut on the Start menu.

a) It should not be too handy

b) Start it from the Search box or the Run box

iii) Navigation of registry folder is similar to disk folders

iv) Key — a folder object containing settings and other keys

v) root keys — five folders at the top of the hierarchy. See Table 7-2
on Page 247 for description of contents of each root key

vi) value entry — settings within a key

vii) data type — the specific format of a value entry. See Table 7-3 on
Page 269 for a short list and description of data types.

E. Backing Up the Registry

1. Creating a Restore Point

i) Step-by-Step 7.01: Creating a Restore Point

Teaching Tip:

Step-by-Step 7.01 guides students through using System Restore to create a restore point, an
indirect way to back up the entire registry and more. This exercise works in Windows 7,
Windows 8.x, and Windows 10. The System Properties dialog box is available in all three,
but it will only open in Windows 8.x and Windows 10 by launching sysdm.cpl from the Run
box. This is Step 1. If students have trouble with this, have them double check their spelling.

2. Use REGEDIT to Back Up the Registry

a) Back up using Registry Editor’s Export Registry File

option.

1) Select Computer to back up all

2) Select a key to back up portion

b) Double-click on the new .REG file to restore it.

Teaching Tip:

Take time to expand on the Warning on the top of page 272.

IM-7 | 8
 Survey of Operating Systems — Fifth Edition
Instructor Manual
II. LO 7.2 Windows User and Power Options
Teaching Tip:

This section is organized under User Options and Power Options, with the bulk of the
content under Power Options. Explain that at every startup the Windows OS is "rebuilt" from
the ground up through six phases. The exception is a Windows 8/8.1/10 Fast Boot, which can
only occur after a Windows Hybrid Shutdown. The advent of Hybrid Shutdown and Fast Boot
in Windows 8 and newer is the reason the authors describe Shutdown before startup in this
section.

A. Windows 7 combined both the user options and power options on one menu

B. Windows 8/8.1/10 separate these options

C. User Options

1. Windows 8/8.1 user options are in the User menu accessed from the User
tile on the Start screen. In Windows 10, access the User menu from the
User tile on the top of the Start menu.

2. Windows 8.1 User menu

i) Change account picture (Opens the Your Account page in Settings)

ii) Lock

iii) Sign out

3. Windows 10 User menu

i) Change account settings (Opens the Your Account page in

Settings)

ii) Lock

iii) Sign out

D. Power Options

1. Windows 7 from Start menu

i) Sleep

ii) Hibernate (only if configured for this)

iii) Shutdown

IM-7 | 9
Chapter 6 Under the Windows Desktop

iv) Restart

Discussion Point:

Point out the Note on page 274. This Note explains how to use a Restart as a
troubleshooting/problem resolution tool.

2. Windows 8/8.1/10 from Power button on Start screen (Windows 10 Start

menu)

i) Sleep

ii) Hibernate (only if configured for this)

iii) Shutdown

iv) Restart

3. Sleep

i) The computer stays on in a very-low-power mode; the system state

and user session (applications and data) are saved in RAM, but the
screen turns off.

ii) Use Sleep when you must briefly interrupt your work on a laptop
or tablet, as when you board a plane

iii) Do not use Sleep for lengthy periods because when the battery runs
down, Sleep mode ends

4. Hibernate

i) Windows saves to disk an image of RAM, including the OS, open

apps, and all associated data

ii) Use Hibernate when you would use Sleep, except that Hibernate
does not require power.

iii) It takes a bit longer to restore from Hibernate than from Sleep.

5. The Windows 7 Shutdown

i) When you select Shutdown, Windows:

a) Sends messages to all running apps to save data and

settings

b) Closes the session for each logged-on user

IM-7 | 10
 Survey of Operating Systems — Fifth Edition
Instructor Manual
c) Sends a shutdown message to all running services and then
shuts them down

d) Sends a shutdown message to all devices

e) Closes the operating system’s session

f) Writes pending data to the system drive

g) Sends a signal to power down the computer

6. Windows 8, 8.1, and Windows 10 Hybrid Shutdown

i) Select Shutdown from the Power menu, Windows:

a) Sends messages to all running apps to save data and

settings, and then shuts down the apps

b) Closes the session for each logged-on user

c) Hibernates the Windows session and saves it in a file. It

does not Hibernate the User session.

d) [Sends a signal to power down the computer]

Teaching Tip:

Oops! The authors left out the last step of Hybrid Shutdown in the book. This was added by
the authors in the PPT slides and entered into the final PDF for revision at a later printing.

7. Restart

i) When you select Restart, all Windows versions discussed here do a

full shutdown and a full system start up

ii) Important to know because Restart seems slower on a Windows 8

or newer computer than a cold boot does because it doesn’t do the
Hybrid shutdown or the Windows Fast Boot (description coming)

E. Windows 7 Startup Phases

1. Power-On Self-Test

i) Initiated by power up or restart

ii) CPU loads the BIOS programs beginning with the Power-On Self-
Test (POST)

IM-7 | 11
Chapter 6 Under the Windows Desktop

a) Tests system hardware

b) Determines the amount of memory present

c) Verifies that devices required for OS startup are working

d) Loads configuration settings from CMOS memory into

main system memory

e) During the POST, the BIOS (very) briefly displays

information on the screen as it tests memory and devices

2. Initial Startup

i) BIOS code uses CMOS settings to determine what devices are

usable to start an OS, and the order in which the system will search
these devices in attempting to begin the OS startup process.

ii) Loads the MBR from the first physical sector of the first hard disk.
(If booting from hard disk)

iii) MBR code loads boot sector from the primary active partition on
the first hard disk.

iv) Boot code from the boot sector identifies the file system, locates
the boot loader file, and loads it into memory.

3. Bootloader

i) Windows 7, Windows 8, and Windows 10 Boot Loader Phase

a) BOOTMGR is boot loader

1) Loads the Boot Configuration Database (BCD)

2) Loads the OS loader boot program,

WINLOAD.EXE

Discussion Point:

If students are still using Windows XP and are familiar with how Windows XP starts up,
point out that the Windows BOOTMGR and WINLOAD.EXE files together replace the
functions of the old NTLDR file in Windows XP. Newer versions of Windows do not need
NTLDR, BOOT.INI, and NTDETECT.COM, but these files will be present on a computer that
multi-boots between Windows XP or Windows Vista and a newer Windows version.

4. Detect and Configure Hardware

i) Scans the computer’s hardware

IM-7 | 12
 Survey of Operating Systems — Fifth Edition
Instructor Manual
ii) Creates a hardware list for later inclusion in the registry

5. Kernel Loading

i) NTOSKRNL.EXE loads into memory

ii) Hardware information passes to kernel

iii) Hardware abstraction layer (HAL) file loads into memory

iv) System portion of the registry loads

v) Drivers required at startup load

vi) Kernel initializes required services and drivers

vii) Kernel loads other components and switches Windows from text
mode to graphics mode

viii) Session manager starts user-mode Windows code (CSRSS.EXE)

ix) Creates virtual memory paging file (PAGEFILE.SYS)

x) Starts the Windows logon service (WINLOGON.EXE)

6. Logon

Teaching Tip:

Emphasize that much happens during the logon phase in addition to logon.

a) User Logon

b) Program Startup

c) Plug and Play Detection

F. Windows Secure Boot and Fast Boot

1. Firmware Startup

i) When computer is turned on, CPU loads firmware into memory

and POST occurs regardless of OS installed because it’s before OS
installation

ii) Secure Boot is the UEFI firmware feature that loads only trusted
OS bootloaders

iii) While Windows proceeds with startup to the point when

IM-7 | 13
Chapter 6 Under the Windows Desktop

antimalware software loads, a UEFI firmware feature, Measured

Boot, logs the process and antimalware software can analyze this
log

2. Trusted Boot [and ELAM]

i) A Windows 8 feature that examines each system file of the boot

process before it loads

ii) Another security component, Early Launch Anti-Malware (ELAM)

does the same for all device drivers.

3. Fast Boot

i) Takes advantage of the hibernated kernel of the Windows 8 Hybrid

Shutdown.

ii) Fast Boot simply brings the hibernated system session out of
hibernation

iii) On a computer with multiple cores, they work in parallel when

processing the hibernation file.

G. Modifying System Startup

1. Modifying System Startup for Windows 7, Windows 8x, and Windows 10

i) Boot configuration database (BCD) is a hidden part of the registry

a) C:\BOOT\BCD

b) Contains

1) Locale information

2) Location of the boot disk

3) Location of the Windows files

4) Other startup information

ii) View contents of BCD and directly edit using BCDedit

iii) Through the GUI in Startup and Recovery dialog (in Step-by-Step
7.02)

Teaching Tip:

Step-by-Step 7.02 Modifying Windows System Startup Point out that, as with previous

IM-7 | 14
 Survey of Operating Systems — Fifth Edition
Instructor Manual
versions of Windows, you can modify some startup settings through the GUI, which this
exercise demonstrates. Beginning in Step 4, they will also run BCDedit to see the contents of
BCD, including the change made through Startup and Recovery.

III. LO 7.3 Installing and Managing Device Drivers

Teaching Tip:

Allow the students the few minutes required to complete the Try This on page 282. If this is
not possible, demonstrate it for them.

A. Installing Device Drivers

1. Windows comes with a huge cache of device drivers, now mostly

available online

2. Windows and virtually all devices for PCs are plug and play

3. Some devices require that you install the driver and companion software
before connecting the device.

4. Always read the instructions for the device

5. Permissions

i) Administrator privileges required to install any device driver in

Windows.

a) In Windows 7, and Windows 8 you must respond to a UAC

prompt (Consent Prompt or Credentials Prompt).

ii) Unplugging (disconnecting) a device does not uninstall the driver.

Teaching Tip:

Recommend that students use Safely Remove Hardware before unplugging storage devices.

6. Working with Signed versus Unsigned Device Drivers

i) Code signing

a) Use of a digital signature as Microsoft’s seal of approval on

program code

b) Digital signature is encrypted data placed in the file

1) Process called file signature verification.

IM-7 | 15
Chapter 6 Under the Windows Desktop

2) It includes information that allows the OS to detect

if the file has been altered

3) Digital signature is unencrypted by Windows in file

signature verification

ii) Driver signing is code signing of device drivers.

iii) Default: cannot install unsigned drivers in 64-bit Windows 7, 8, or

in Windows 10.

B. Managing Installed Devices

1. Devices and Printers page

i) User-friendly

ii) Overview of most obvious devices

iii) Access to Properties and other appropriate tools

iv) Many newer devices support the Device Stage feature

2. Windows 8.1 PC Settings

i) Devices page lists printers and other devices.

3. Windows 10 Settings

i) In Settings, click or tap Devices and then select the type of device
you want to add or remove.

ii) Links let you launch Device Manager or Devices and Printers. This
may change as Microsoft continues to upgrade Windows 10.

4. Using Device Manager to manage Device Drivers

i) View and change device properties

ii) Update device drivers

iii) Configure Device settings

iv) Uninstall devices

v) Roll back driver update

Teaching Tip:

IM-7 | 16
 Survey of Operating Systems — Fifth Edition
Instructor Manual
Step-by-Step 7.03 Getting to Know Device Manager This exercise has you first create a
desktop shortcut to Device Manager. Once students complete Step 4, have them drag the new
shortcut to the taskbar to pin it there. Then delete the desktop shortcut. If you are “lucky,”
Device Manager will create a teaching moment by revealing a problem with a device. Be
prepared for such a moment by testing this exercise on the lab computers before class and
determining a course of action so that you can demonstrate how to solve any discovered
problem. Try to hold off on solving the problem until you move into the Troubleshooting
section.

IV. LO 7.4 Using Windows Troubleshooting and Recovery Tools

A. For Startup Failures: The Windows Recovery Environment

1. Windows RE is a group of diagnostics and repair utilities in the Windows

Preinstallation Environment (Windows PE), the scaled-down Windows
OS that supports the Windows Setup GUI (and the recovery environment).

2. Computer manufacturers who preinstall Windows can add their own repair
tools to Windows RE

B. Troubleshooting with Modified Startups

1. The Advanced Boot Options Menu

i) Repair Your Computer (Windows 7) loads Windows PE with the

Windows Recovery Environment (Windows RE) System Recovery
Options.
Discussion Point:
The Windows 7 System Recovery Options screen is shown in Figure 7-13 on page 288 in
Chapter 4 followed by a brief description of each option.

a) Startup Repair

b) System Restore

c) System Image Recovery

d) Windows Memory Diagnostic

e) Command Prompt

ii) Safe Mode (three variants)

a) Safe Mode — loads only basic, non-vendor-specific drivers

Discussion Point:

IM-7 | 17
Chapter 6 Under the Windows Desktop

If Windows will not start normally, but starts up in Safe Mode, see Discussion Point under
Safe Mode with Networking to determine if the problem is related to a network component
(usually the network adapter card). Then use Device Manager (in Safe Mode) to try to
determine the problem.

b) Safe Mode with Networking — like Safe Mode, but with

network support
Discussion Point:
If Windows will not start normally, but starts up in Safe Mode, then restart and select Safe
Mode with Networking. If it will not start in Safe Mode with Networking after previously
starting in Safe Mode, the problem is related to a network component (usually the network
adapter). If the problem appears immediately after installing a new adapter driver, uninstall
it and find a new driver. If it appears after an upgrade of the driver, open Device Manager in
Safe Mode and roll back the driver.

c) Safe Mode with Command Prompt — Safe Mode with only

a command prompt as a user interface
Discussion Point:
If Windows will not start normally, and will not start Safe Mode, then restart and select Safe
Mode with Command Prompt.

1) Troubleshoot for a problem with a GUI component

iii) Enable Boot Logging

a) Turns on boot logging and start Windows normally

b) Read the NTBTLOG.TXT file looking for a device driver

that did not load

iv) Enable Low-Resolution Video (640x480)

a) Starts Windows normally, with lowest resolution video

mode using installed video driver

b) Use to reverse a change that made Windows GUI unusable

v) Last Known Good (LKG) Configuration

a) Starts Windows normally, selecting the configuration from

the last successful user logon

b) Only works if you did not restart and log on since making
the change.

vi) Directory Services Restore Mode — only for Windows Servers in

domain controller role

IM-7 | 18
 Survey of Operating Systems — Fifth Edition
Instructor Manual
vii) Debugging Mode — very advanced (may be obsolete)

viii) Disable Automatic Restart on System Failure (Windows 7, 8.x,

And 10)

ix) Disable Driver Signature Enforcement (Windows Vista and

Windows 7)

x) Start Windows Normally

xi) Return to OS Choices Menu (Multi-Boot Only)

Teaching Tip:

Step-by-Step 7.04 Using Windows 7 in Safe Mode

This exercise gives the students experience restarting Windows in Safe Mode, and has them
browse through Windows Help and Support, which displays by default in Safe Mode in
Windows 7. This shows them the recovery tools they can easily access while in Safe Mode.

C. The Advanced Startup Options in Windows 8, 8.1, and Windows 10

1. Good practice to try the Windows 8 Advanced Startup options available

through the General page of Windows 8 PC Settings

Teaching Tip:
Step-by-Step 7.05 Exploring Windows 8 and 8.1 Advanced Options will walk students
through a tour of the Windows 8 Advanced Startup Options

2. Windows 8 Refresh Recovery Option

i) Step 3 in Step-by-Step 7.05 shows an option labeled Refresh your

PC.

ii) It refreshes the OS without affecting your files

iii) A quick solution to a scenario that previously required advanced

tasks and much time

iv) Refresh option saves user accounts, personal files, personal

settings, all your installed apps that came with Windows 8 and 8.1,
any apps purchased through the Windows Store, and your
important settings.

3. Windows 8 Reset your PC Option

i) Much more drastic option than Windows 8 Refresh

ii) It removes everything and reinstalls Windows requiring you to

IM-7 | 19
Chapter 6 Under the Windows Desktop

enter a product key code

iii) Use this option if you no longer plan to use this computer such as
when giving it away, because if you keep it you’ll need to reinstall
everything that does not come with Windows

D. Troubleshooting with System Configuration Utility (MSCONFIG) and Task

Manager

Teaching Tip:
Open MSCONFIG, following the Try This on page 298, and give the students a tour of the
myriad settings they can modify. This is a great “what-if” tool for testing various scenarios
when troubleshooting. Be sure to point out that the Startup page that appears in the Windows
7 MSCONFIG is not present in Windows 8.x or Windows 10. A link in MSCONFIG in these
newer OSs will open the Startup page of Task Manager. This is an improved version of the
Startup page in MSCONFIG.

1. Executable name: MSCONFIG

2. GUI tool

3. Temporarily modifies system startup for testing scenarios

4. Works a little differently for Windows 7 than for Windows 8, 8.1, and 10

i) In Windows 7, the Startup tab contains a list of programs (shown

in Figure 7-15 on Page 297.

ii) In Windows 8, 8.1, and 10 the Startup tab only contains a link to
the Task Manager utility where a new Startup page contains the list
of programs.

E. Troubleshooting Device Problems

1. Device manager shows a yellow exclamation mark next to a device with a

problem

2. Problems include hardware, driver, or the ability of the OS to

automatically configure it

3. For more information double-click the device icon to open Properties

4. The Device Status box may recommend an action, such as updating

5. Check out Driver page for a device

i) If problem occurs after update, use Roll Back Driver

IM-7 | 20
 Survey of Operating Systems — Fifth Edition
Instructor Manual
ii) Uninstall if you do not need a driver or if it is a problem
Project
Test startup options using System Configuration. From the Search menu, enter msconfig. When
System Configuration opens, click the Services tab, and notice that all the services are selected to
start. Do not make any changes. Then open the Startup tab (in Windows 8.x or newer open the
Startup page in Task Manager) and notice that all the items listed are selected to start. Now
return to the General tab and select Diagnostic startup. Go back to the Services and Startup tabs.
What has changed?
Time permitting, click OK to have Windows restart using the configuration you select. The
System Configuration utility box will close, but a System Configuration message box will open.
Select Restart. After the computer restarts, can you see a difference? You will need to run
msconfig again, select Normal startup, and click OK to restart normally.
You can also use System Configuration to restart your computer in Safe Mode. To do this, select
the Boot tab and select from the Boot options. Safe boot, Minimal is plain Safe Mode. Test the
various choices under Safe boot, but do not forget to select Normal startup for your final restart.
Project Solution
When you select Diagnostic startup all the services and startup items are deselected.
When you restart in Diagnostic restart, there will be differences in the GUI, but it is not as
obvious as it is in Safe Mode. However, all but the most critical services were not started, nor
have many problems that normally automatically start.
Assessment Quiz
This quiz will test the knowledge students have gained during the lesson.
Questions
1. In the Windows registry, a unique string of numbers preceded by S-1-5 is a
____________________.
2. Each user's top-level personal folder contains the file ____________________, a registry
hive with the user profile settings for that user.
3. Computers that come with Windows 8 or newer preinstalled must have
____________________ and must have its security features enabled to protect Windows 8
during the startup process.
4. Windows finds instructions to run programs and services during startup by looking at certain
locations in the ____________________.
5. If Windows detects a problem with a device, Device Manager will expand the device type,
and the problem device will have a/an ____________________ on the device icon.
6. If you make changes in System Configuration, before Windows will restart normally, you
need to return to the General page and select ____________________ startup.
7. The ____________________Advanced Boot Options menu choice does not work in a
desktop version of Windows.

IM-7 | 21
Chapter 6 Under the Windows Desktop

8. The ____________________ and ____________________ phases are common to all PCs,

not just to those running Windows.
9. Use ____________________ to quickly back up the entire Windows registry and more.
10. Windows 8 and newer Fast Boot takes advantage of the hibernated kernel of the Windows 8
____________________.

Answers
1. In the Windows registry, a unique string of numbers preceded by S-1-5 is a security ID
2. Each user's top-level personal folder contains the file ntuser.dat, a registry hive with the user
profile settings for that user.
3. Computers that come with Windows 8 or newer preinstalled must have UEFI firmware and
must have its security features enabled to protect Windows 8 during the startup process.
4. Windows finds instructions to run programs and services during startup by looking at certain
locations in the registry.
5. If Windows detects a problem with a device, Device Manager will expand the device type,
and the problem device will have an exclamation mark on the device icon.
6. If you make changes in System Configuration, before Windows will restart normally, you
need to return to the General page and select Normal startup.
7. The Directory Services Restore Mode Advanced Boot Options menu choice does not work in
a desktop version of Windows.
8. The power-on self test and initial startup phases are common to all PCs, not just to those
running Windows.
9. Use System Restore to quickly back up the entire Windows registry and more.
10. Windows 8 and newer Fast Boot takes advantage of the hibernated kernel of the Windows 8
Hybrid Shutdown.

IM-7 | 22
 Survey of Operating Systems — Fifth Edition
Instructor Manual

Chapter 7 Textbook Solutions

Answers to Key Terms Quiz
1. hive

2. Device Stage

3. root key

4. logon phase

5. code signing

6. plug and play

7. binary file

8. MSCONFIG

9. Safe Mode

10. security ID (SID)

Answers to Multiple-Choice Quiz

1. Correct answer: C. User data files are not found in the registry.
A is not correct because device driver settings are found in the registry.
B is incorrect because services settings are found in the registry.
D is incorrect because user preferences are found in the registry.
E is incorrect because application program settings are found in the registry.

2. Correct answer: D. Registry is the name of the special database of settings that changes
whenever changes are made to Windows or installed application.
A is not correct because Microsoft SQL Server is not the name of this special database.
B is incorrect because Microsoft Excel is not the name of this special database.
C is incorrect because ntuser.dat is not the name of this special database.
E is incorrect because Default is not the name of this special database.

3. Correct answer: A. systemroot\System32\config is the location where Windows saves most

of the registry files.

IM-7 | 1
Chapter 6 Under the Windows Desktop

B is incorrect because D:\Windows is not the location where Windows saves most of the
registry files.
C is incorrect because systemroot\System32\Registry is not the location where Windows
saves most of the registry files.
D is incorrect because systemroot\Windows is not the location where Windows saves most of
the registry files.
E is incorrect because systemroot\WINNT is not the location where Windows saves most of
the registry files.

4. Correct answer: D. Sleep is the Power option that saves both the system state and the user
session in memory.
A is incorrect because Fast Boot is not an option from the Power menu, but the normal
behavior of Windows 8 startup, following a Hybrid Shutdown.
B is incorrect because Hibernate is not by default a Power option. When it is available, it
saves both the system state and user session to disk, and does not require power to maintain
them.
C is incorrect because Hybrid Shutdown is not a Power menu option, but the normal behavior
of Windows 8 when you select Shutdown from the Power menu.
E is incorrect because Measured Boot is not a Power menu option but a UEFI firmware
feature.

5. Correct answer: B. Beginning in Windows 8, the contents of the Startup tab page in
MSCONFIG have been moved to Task Manager.
A is not correct because System Configuration is not where the contents of the Startup tab
page in MSCONFIG have been moved to.
C is incorrect because BCDedit is not where the contents of the Startup tab page in
MSCONFIG have been moved to.
D is incorrect because Windows RE is not where the contents of the Startup tab page in
MSCONFIG have been moved to.
E is incorrect because PowerShell is not where the contents of the Startup tab page in
MSCONFIG have been moved to.

IM-7 | 2
 Survey of Operating Systems — Fifth Edition
Instructor Manual
6. Correct answer: D. Any member of the local Users group may disconnect or reconnect an
installed device. This is possible, because this action does not remove the device driver for
the device; it just makes the device unavailable.
A is incorrect because it is not true that only the Administrator account may disconnect or
reconnect an installed device.
B is incorrect because it is not true that only members of the Administrators group may
disconnect or reconnect an installed device.
C is incorrect because it is not true that only members of the Guests group may disconnect or
reconnect an installed device.
E is incorrect because it is not true that no one may disconnect or reconnect an installed
device.

7. Correct answer: B. Secure Boot is the UEFI security feature that loads only trusted operating
system bootloaders.
A is incorrect because Fast Boot is the Windows 8 default startup mode, not a UEFI security
feature.
C is incorrect because Measured Boot, while a UEFI security feature, is not the feature that
loads only trusted operating system bootloaders.
D is incorrect because Trusted Boot is a Windows 8 security feature that examines operating
system files, only allowing unmodified files to load.
E is incorrect because Early Launch Anti-Malware (ELAM) is a Windows 8 security feature
that examines device drivers only allowing unmodified drivers to load.

8. Correct answer: B. Roll back driver (also called driver rollback) is only available after an
installed driver updates.
A is not correct because Uninstall is available regardless of the update status of a driver.
C is incorrect because Disable is available regardless of the update status of a driver.
D is incorrect because Update driver is available regardless of the update status of a driver.
E is incorrect because Remove driver is not a feature of Device Manager.

9. Correct answer: A, BCD, is the registry hive file the bootloader uses during startup to locate
the operating system files it must load.
B, C, D, and E are all incorrect because these files (winload.exe, bootmgr, ntoskrnl.exe, and

IM-7 | 3
Chapter 6 Under the Windows Desktop

winlogon.exe), are not used by bootloader to locate the files for startup. They are the files
that must be loaded during startup.

10. Correct answer: A. Startup and Recovery, a page in System Properties, is where you can
modify the length of time the OS selection menu displays during Windows startup.
B is incorrect because Device Manager, while a GUI tool, will not allow you to modify the
length of time the OS selection menu displays during Windows startup.
C is incorrect because although BCDedit would allow you to modify the length of time the
OS selection menu displays during Windows startup, it is a non-GUI tool.
D is incorrect because Local Security Policy is not how you would modify the startup setting
mentioned in the question.
E is incorrect because Computer Management, while a GUI tool, is not how you would
modify the startup setting mentioned in the question.

11. Correct answer: E. Repair Your Computer is the option from the Windows 7 Advanced Boot
Options Menu that gives you a selection of tools that includes Startup Repair, System
Restore, System Image Recovery, Windows Memory Diagnostic, and Command Prompt.
A, B, C, and D are all incorrect because, while all of these are choices on the Windows 7
Advanced Boot Options menu, none of them offers the selection of tools listed in the
question.

12. Correct answer: E. Last Known Good Configuration is the startup option that will not do you
any good if you have restarted and logged on after making a change that caused problems in
Windows. It is no longer offered after Windows 7.
A is not correct because System Restore is not affected by restarting and logging on. Restore
points will be saved in spite of these actions.
B is incorrect because restarting and logging on does not affect Repair Your Computer
(Windows 7 only). You simply need to restart, press F8, and select this option from the
startup options menu.
C is incorrect because restarting and logging on does not affect Enable Boot Logging. You
simply access the startup options menu and select this option.
D is incorrect because restarting and logging on does not affect Safe Mode with Command
Prompt. You simple restart, press F8, and access this from the startup options menu.

IM-7 | 4
 Survey of Operating Systems — Fifth Edition
Instructor Manual
13. Correct answer: B. When Windows or newer does a Hybrid Shutdown it hibernates the
Windows session and saves it in a file but does not save the user session.
A is not correct because Sleep keeps the current user session and Windows session in
memory, requiring a small amount of power.
C is incorrect because Switch user keeps the current user session open in memory, but
locked, while opening another user session.
D is incorrect because Restart does not hibernate either the system or user sessions.
E is incorrect because Hibernate saves both system session and user session) to a file on disk.

14. Correct answer: D: Disable automatic restart on system failure may give you an opportunity
to restart normally and attempt to troubleshoot the problem.
A is not correct because debugging mode will not allow you to restart without having the
computer automatically restart again after a system failure.
B is incorrect because enable boot logging will only start Windows normally while creating a
log of startup information.
C is incorrect because Safe Mode with command prompt will only start Windows in Safe
Mode with just a command prompt window.
E is incorrect because Safe Mode with networking simply starts Windows in Safe Mode with
the network components enabled.

15. Correct answer: B MSCONFIG is the executable name for the GUI utility that allows you to
temporarily modify system startup.
A, C, D, and E are not correct because SYSCON, SYSEDIT, REGEDIT, and BCDEDIT are
not the executable names for the GUI utility that allows you to temporarily modify system
startup.

Answers to Essay Quiz

Answers will vary.
1. The actions that will create Windows registry changes are: Windows starting up or shutting
down, running Windows Setup, changing settings in a Control Panel applet, installing a new
device, changing any Windows configuration settings, changing user desktop preference,
installing or modifying an application, and making changes to user preferences in any
application.

IM-7 | 5
Chapter 6 Under the Windows Desktop

2. Start up Windows 7 using the Enable low-resolution video choice from the Advance Boot
Options menu, which will use the installed video driver in a very basic video mode. Then, if
this works, the new driver is not entirely bad, it just cannot handle the configuration and you
should open Display Properties | Settings and reduce the screen resolution and/or color
quality settings. If this option does not work, you should start Windows in Safe Mode, which
does not use the installed video driver—it uses a very basic video driver. If Windows starts in
Safe Mode, run Device Manager in Safe Mode, open the properties dialog box for the
Display adapter, select the Driver tab and use the Rollback button to remove the updated
driver you installed that caused the problem.

3. The PC Settings/Settings Devices page in windows 8, 8.1 and Windows 10 are simple tools
for managing devices, while the Device Manager is a more advanced tool for managing
devices. In Windows 8 or 8.1 you can only add or remove devices in PC Settings/Settings.
When troubleshooting device problems in Windows 8 and 8.1, we have often ignored the PC
Settings/Settings and gone right to Device Manager. This will not change for Windows 8 and
8.1, but it seems almost certain that it will change in Windows 10 as Microsoft brings out
updates and new features, moving more functionality to the Settings utility. The old utilities
will then lose their importance, especially to new users and new technicians who are not
accustomed to using the old utilities.

4. He can use Device Manager to view the status of devices, even though Windows will not
allow him to actually make any changes unless he logs on as an administrator. If he starts
Device Manager, he will see a warning message that he does not have sufficient privileges to
install or modify device drivers. However, if he clicks the OK button on this warning box,
Device Manager will open, allowing a standard user to look but not touch. If Device
Manager indicates a problem with the network adapter, he can relay that information to the
administrator.

5. Boot logging occurs in all Safe Modes, but you can also select it from the Advanced Boot
Options menu, which turns on boot logging, but starts the computer normally. In all cases,
boot logging creates a log of the Windows startup in a file named NTBTLOG.TXT and saves
it in the systemroot folder. This log file contains an entry for each component in the order in
which it loaded into memory. It also lists drivers that were not loaded. You expect some

IM-7 | 6
 Survey of Operating Systems — Fifth Edition
Instructor Manual
drivers not to be loaded in Safe Mode, but when this occurs in a normal startup, it alerts an
administrator to a possible source of a problem.

Solution to Lab Project 7.1

1. To isolate the problem to the network card, I would restart, press F8, and select Safe Mode
from the Advanced Boot Options menu. Being able to start in Safe Mode does not isolate the
problem to the network card, because that is one of several device drivers that aren’t loaded.
It does indicate, however, that one of the components that was not started is the cause of the
problem. To isolate the problem to the network card, I would again restart, press F8 and
select Safe Mode with Networking. This loads the networking components, including the
network adapter driver. If it fails to start in this mode, the problem has been isolated to the
network components. The most likely component is the network adapter. So, restart again,
press F8 and select Safe Mode from the Advanced Options menu. Once in Safe Mode, run
Device Manager, select the network adapter, and disable it. Restart once again, and allow it
to start up normally. If the start up succeeds this time, the problem is isolated to the network
adapter itself. Use Device Manager to perform whatever maintenance is appropriate. If the
driver was recently updated, use Driver Rollback. If it needs an update use the Update option.
If all else fails, uninstall the device driver and acquire a new driver or an entirely new
adapter.

2. Demonstrate the steps to your instruction. Do this by first restarting the computer in Safe
Mode, describing the reason for doing so, and then restarting in Safe Mode with Networking,
explaining that if this failed, it would prove that the problem was with network components.
Then, restart in Safe Mode, open Device Manager, and open the Properties of the network
adapter and discuss the Driver Rollback and Update options.

Solution to Lab Project 7.2

The two procedures in question are Refresh Your PC and Reset your PC. Refreshing is
less drastic, and is what you should try after trying other options, like System Restore. It will
leave you with your personal settings, but reset all system settings to the defaults. It will save
your data, as well as any apps purchased through the Windows Store. It will remove apps
installed from any other source. After a Refresh, a list on the Desktop shows all programs that
were removed, but all data files are saved.
The second procedure is much more drastic, because it removes your data and all installed apps.
Solution to Lab Project 7.3

IM-7 | 7
Chapter 6 Under the Windows Desktop

1. You can back up the registry using System Restore, which will back up the entire system and
settings, but the more targeted approach is to simply back up the key hierarchy that you are
about to modify. The steps to do this are:

a. Open the Registry Editor and browse to the key in its location under the
HKEY_LOCAL_MACHINE\SOFTWARE and right-click on it.

b. From the context menu select Export.

c. In the Export registry file dialog box, provide a name and location for the
exported portion of the file and select Save.

2. Demonstrate the above steps.

IM-7 | 8