Chapter 16-1
The System file Checker tool can be used to find and replace corrupted Vista system files. The tool keeps a log of its actions, and if it cannot replace a corrupted file, you can find that information in the log file. Then you can manually replace the file. Locate the Microsoft Knowledge Base article 929833 at the support.microsoft.com site. Do whatever research is necessary to understand the steps in the article to manually replace a corrupted file and answer these questions:
1. What are other parameters for the sfc command besides /scannow?
C:\>sfc help
Microsoft (R) Windows (R) Resource Checker Version 6.0
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
Scans the integrity of all protected system files and replaces incorrect version
s with
correct Microsoft versions.
SFC [/SCANNOW] [/VERIFYONLY] [/SCANFILE=<file>] [/VERIFYFILE=<file>]
[/OFFWINDIR=<offline windows directory> /OFFBOOTDIR=<offline boot directory>
]
/SCANNOW Scans integrity of all protected system files and repairs files
with
problems when possible.
/VERIFYONLY Scans integrity of all protected system files. No repair operation is
performed.
/SCANFILE Scans integrity of the referenced file, repairs file if problems
are
identified. Specify full path <file>
/VERIFYFILE Verifies the integrity of the file with full path <file>. No repair
operation is performed.
/OFFBOOTDIR For offline repair specify the location of the offline boot directory
/OFFWINDIR For offline repair specify the location of the offline windows directory
e.g.
sfc /SCANNOW
sfc /VERIFYFILE=c:\windows\system32\kernel32.dll
sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDI
R=d:\windows
sfc /VERIFYONLY
2. Explain the purpose of the findstr command when finding the log file.
findstr is a search that is conducted through the command line.
3. Can a filename other than sfcdetails.txt be used in the findstr command line? Explain your answer.
Findstr is capable of finding the exact text you are looking for in any ASCII file or files. However, sometimes you have only part of the information that you want to match, or you want to find a wider range of information. In such cases, findstr has the powerful capability to search for patterns of text using regular expressions.
4. What is the purpose of the edit command?
Edit command is used to edit files, system files, batch files, or etc.
5. Explain the purpose of the takeown command when replacing a system file.
You may not have permission to replace the file, and the takeown will give you the permissions needed.
6. Explain why the icacls command is needed in the process.
Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories.
7. List some ways that you can locate a known good copy of the corrupted system file.
The disc that came with the PC, a computer that is running the same OS, or the RE operation of your PC.
The System file Checker tool can be used to find and replace corrupted Vista system files. The tool keeps a log of its actions, and if it cannot replace a corrupted file, you can find that information in the log file. Then you can manually replace the file. Locate the Microsoft Knowledge Base article 929833 at the support.microsoft.com site. Do whatever research is necessary to understand the steps in the article to manually replace a corrupted file and answer these questions:
1. What are other parameters for the sfc command besides /scannow?
C:\>sfc help
Microsoft (R) Windows (R) Resource Checker Version 6.0
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
Scans the integrity of all protected system files and replaces incorrect version
s with
correct Microsoft versions.
SFC [/SCANNOW] [/VERIFYONLY] [/SCANFILE=<file>] [/VERIFYFILE=<file>]
[/OFFWINDIR=<offline windows directory> /OFFBOOTDIR=<offline boot directory>
]
/SCANNOW Scans integrity of all protected system files and repairs files
with
problems when possible.
/VERIFYONLY Scans integrity of all protected system files. No repair operation is
performed.
/SCANFILE Scans integrity of the referenced file, repairs file if problems
are
identified. Specify full path <file>
/VERIFYFILE Verifies the integrity of the file with full path <file>. No repair
operation is performed.
/OFFBOOTDIR For offline repair specify the location of the offline boot directory
/OFFWINDIR For offline repair specify the location of the offline windows directory
e.g.
sfc /SCANNOW
sfc /VERIFYFILE=c:\windows\system32\kernel32.dll
sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDI
R=d:\windows
sfc /VERIFYONLY
2. Explain the purpose of the findstr command when finding the log file.
findstr is a search that is conducted through the command line.
3. Can a filename other than sfcdetails.txt be used in the findstr command line? Explain your answer.
Findstr is capable of finding the exact text you are looking for in any ASCII file or files. However, sometimes you have only part of the information that you want to match, or you want to find a wider range of information. In such cases, findstr has the powerful capability to search for patterns of text using regular expressions.
4. What is the purpose of the edit command?
Edit command is used to edit files, system files, batch files, or etc.
5. Explain the purpose of the takeown command when replacing a system file.
You may not have permission to replace the file, and the takeown will give you the permissions needed.
6. Explain why the icacls command is needed in the process.
Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories.
7. List some ways that you can locate a known good copy of the corrupted system file.
The disc that came with the PC, a computer that is running the same OS, or the RE operation of your PC.
Chapter 16-2
To get some practice using the Recovery Console, first boot from your Windows 2000/XP setup CD and load the Recovery Console. Then do the following:
1. Get a directory listing of C:\. Are the files normally hidden in Windows Explorer displayed in the list?
See picture. Yes, there are some files that are normally hidden in Windows.
2. Create a folder on your hard drive named c:\temp.
See picture.
3. List the files contained in the Drivers.cab cabinet file.
I do not have the CD.
4. Expand one of these files and put it in the C:\temp folder.
I do not have the CD.
5. Exit the Recovery Console and reboot.
Chapter 16-3
Using Windows Explorer, rename the Ntldr file in the root directory of drive C. Reboot the system. What error message do you see? Now use the Recovery console to restore the Ntldr without using the renamed ntldr file on drive c. Copy the file from the Windows setup CD to drive C. List the commands you used to do the job.
The error you get is missing or corrupted ntldr file reboot
Chapter 16-4
In a lab environment, follow these steps to find out if you can corrupt a Windows XP system so that it will not boot, and then repair the system.
1. Looking at Figure 16-22, make a list of the user-mode processes critical to Windows XP.
2. Rename or move one of the program files shown in Figure 416-22. Which program file did you select? In what Windows folder did you find it?
I moved the lsass.exe program and it was found in C:\WINDOWS\System32.
3. Restart your system. did and error occur? check in Explorer. Is the file restored? What Windows feature repaired the problem?
Error Message: Missing file error. - Unable to find locale data files - Please reinstall
I used the restore point to recover.
4. Try other methods of sabotaging the Windows XP system, but carefully record exactly what you did to sabotage the boot. Can you make the boot fail?
5. Now recover the Windows XP system. List the steps you took to get the system back to good working order.
After making a backup of the registry and copying it to a flash drive, I deleted files from the registry. After rebooting I received errors stating the I had missing or corrupt files reboot. I used a Knoppix CD and used my backup registry to replace the broke registry and then rebooted. The laptop booted up.
Chapter 16-5
Create a Windows 2000/XP boot disk and use it to boot your computer. Describe how the boot worked differently from booting entirely from the hard drive.
I had to hit any key to boot from CD, then boot process started. I then got to the Recovery Console asking what I would like to do. It does not go to the desktop.
Using Windows Explorer, rename the Ntldr file in the root directory of drive C. Reboot the system. What error message do you see? Now use the Recovery console to restore the Ntldr without using the renamed ntldr file on drive c. Copy the file from the Windows setup CD to drive C. List the commands you used to do the job.
The error you get is missing or corrupted ntldr file reboot
Chapter 16-4
In a lab environment, follow these steps to find out if you can corrupt a Windows XP system so that it will not boot, and then repair the system.
1. Looking at Figure 16-22, make a list of the user-mode processes critical to Windows XP.
2. Rename or move one of the program files shown in Figure 416-22. Which program file did you select? In what Windows folder did you find it?
I moved the lsass.exe program and it was found in C:\WINDOWS\System32.
3. Restart your system. did and error occur? check in Explorer. Is the file restored? What Windows feature repaired the problem?
Error Message: Missing file error. - Unable to find locale data files - Please reinstall
I used the restore point to recover.
4. Try other methods of sabotaging the Windows XP system, but carefully record exactly what you did to sabotage the boot. Can you make the boot fail?
5. Now recover the Windows XP system. List the steps you took to get the system back to good working order.
After making a backup of the registry and copying it to a flash drive, I deleted files from the registry. After rebooting I received errors stating the I had missing or corrupt files reboot. I used a Knoppix CD and used my backup registry to replace the broke registry and then rebooted. The laptop booted up.
Chapter 16-5
Create a Windows 2000/XP boot disk and use it to boot your computer. Describe how the boot worked differently from booting entirely from the hard drive.
I had to hit any key to boot from CD, then boot process started. I then got to the Recovery Console asking what I would like to do. It does not go to the desktop.