Fixing Windows XP Annoyances

Once you start peeking under the hood of Windows XP, you'll notice some of the tools that have been included to help the system run smoothly. Some of these tools actually work, but it's important to know which ones to use and which ones are simply gimmicks. A good example is System Restore, a feature intended to solve certain file version conflicts automatically, its brute-force method often ends up causing more problems than it solves. See the discussion of System Restore later in this chapter for more information.

Here are some software-specific issues that should help you solve most problems with Windows XP and the applications that run on it.

6.2.1 What to Do when Windows Won't Start

Unfortunately, Windows' not being able to start is a common problem, usually occurring without an error message or any obvious way to resolve it. Sometimes you'll just get a black screen after the startup logo, or your computer may even restart itself instead of displaying the desktop. Of the many causes to this problem, many deal with hardware drivers, conflicts, or file corruption all of which are discussed elsewhere in this chapter.

In previous versions of Windows, up until Windows 98, one could start a DOS session before loading Windows, which was a gateway to several effective troubleshooting techniques. In Windows XP, this lifeline is gone, but, fortunately, there are several other tools in place to take up the slack:

Windows Recovery Console

The Windows Recovery Console, discussed in Chapter 10, is a way to repair your operating system or boot manager. It also lets you delete or replace system files, something not possible from within Windows. Use the WRC when Windows won't start at all.

Safe Mode with Command Prompt

The Safe Mode with Command Prompt, explained in Section 2.2.6, is somewhat of a hybrid between the Windows Recovery Console and a standard Command Prompt window. (It's also described later.) Use it to affect minor repairs when the Windows Recovery Console is overkill.

In either case, you'll get a Command Prompt interface that allows you to copy, move, rename, or delete files, as well as start certain programs. The specific steps you take depend on what you're trying to accomplish.

If you don't know where to start, you'll probably want to scan your hard disk for errors, since corrupted files can prevent Windows from loading. See Section 6.2.4, later in this chapter, for details.

The other choice you have, instead of using one of these Command Prompt variants, is to use one of Windows' built-in troubleshooting startup modes. Press the F8 key when Windows begins to load (or during the Boot Manager menu, if you're using a dual-boot system, as described in Chapter 10). You'll see a menu with the following choices:

Safe Mode (also with Networking support or Command Prompt)

This forces Windows to start up in a hobbled, semi-functional mode, useful for troubleshooting or removing software or hardware drivers that otherwise prevent Windows from putting normally.

Enable Boot Logging

This starts Windows normally, except that a log of every step is recorded into the ntbtlog.txt file, located in your \Windows folder. If Windows won't start, all you need to do is attempt to start Windows with the Enable Boot Logging option at least once. Then, boot Windows into Safe mode (or Safe mode with Command Prompt) and read the log with your favorite text editor (or Notepad). The last entry in the log is most likely the cause of the problem.

Enable VGA Mode

Start Windows normally, but in 640 X 480 mode at 16 colors. This is useful for troubleshooting bad video drivers or incorrect video settings by allowing you to boot Windows with the most compatible display mode available.

Last Known Good Configuration

This start Windows with the last set of drivers and Registry settings known to work. Use this if a recent Registry Change or hardware installation has caused a problem that prevents Windows from starting.

Directory Services Restore Mode

Used only if your computer is a Windows NT domain controller.

Debugging Mode

This option, typically of no use to end-users, sends debug information to your serial port to be recorded by another computer.

Start Windows Normally

Use this self-explanatory option to continue booting Windows normally, as though never displayed the F8 menu.

Lastly, you should look for error messages, both fleeting ones that quickly disappear, and ones displayed when the Windows startup procedure comes to a screeching halt. See the next section for details.

6.2.2 Error Messages During Startup

You may have seen a strange message when Windows is loading, either during the display of the Windows logo screen or after the taskbar appears. Many different things can cause this, but there are a few common culprits. If you're having trouble starting Windows, see Section 6.1.1 earlier in this chapter.

A driver won't load

When Windows starts, it loads all of the installed drivers into memory. A driver may refuse to load if the device for which it's designed isn't functioning or turned on, if there's a hardware conflict, if the driver itself isn't installed properly, or if the driver file is misconfigured or corrupted in some way. If you remove a device, make sure to take out the driver file as well even if it isn't generating an error message, it could be taking up memory. See Section 6.3 later in this chapter.

A program can't be found

After Windows loads itself and all of its drivers, it loads any programs configured to load at startup. These include screen savers, scheduling utilities, Palm HotSync software, all those icons that appear in your notification area (tray), and any other programs you may have placed in your Startup folder or that may be been configured to load automatically in the system Registry. If you removed an application, for example, and Windows continues to attempt to load one of its components at startup, you'll have to remove the reference manually. See Section 6.2.3 later in this chapter, for details.

A file is corrupt or missing

If one of Windows' own files won't load and you're sure it isn't a third-party driver or application, you may actually have to reinstall Windows to alleviate the problem. I'll take this opportunity to remind you to back up frequently.

An error message of this sort will usually include a filename. To help isolate the problem, write down the filename when you see the error message, and then try searching your hard disk for the reported file, as well as looking for places where the file may be referenced (see Section 6.2.3 later in this chapter for details). If you don't know what the error means exactly, you should definitely do both; a lot can be learned by finding how and where Windows is trying to load a program. However, if you know that the file or files are no longer on your system, you can proceed simply to remove the reference.

Conversely, if you know the file is still on your system and you want to get it working again, you'll probably need to reinstall whatever component or application it came with in order to fix the problem. Once you've located a particular file, it may not be obvious to which program it belongs. You can usually get a good clue by right-clicking on the file, selecting Properties, and choosing the Version tab.

Please wait while Windows updates your configuration files

This isn't an error, but rather a message you may see occasionally when Windows is starting. It simply means that Windows is copying certain files that it couldn't otherwise copy while Windows was loaded, most often as a result of software being installed during the last Windows session. For example, if a program you install needs to replace an old DLL in your \Windows\System32 folder with a newer version, but the DLL is in use and can't be overwritten, the program's setup utility will simply instruct Windows to do it automatically the next time it's restarted. The mechanism responsible is discussed in the discussion of the Wininit.ini file in Section 2.2.6.

If the name of a driver, service, or application is specified in the error message, there are three places you can look for more information:

6.2.3 Programs Run by Windows when It Starts

The following locations are places that files or drivers can be specified to load when Windows starts. This is useful not only for adding your own startup programs, but eliminating ones that are either causing problems or are simply unnecessary and slowing down the boot process.

The Startup folder

Your Startup folder (usually \Documents and Settings\{username}\Start Menu\Startup) contains shortcuts for all the standard programs you wish to load every time Windows starts. You should routinely look for and eliminate shortcuts to outdated or unwanted programs. If you're not sure of the application with which the shortcut is associated, right-click it, select Properties, and then click Find Target.

The Registry

There are several places in the Registry (see Chapter 3) in which Startup programs are specified. Such programs are specified here for several reasons: to prevent tinkering, for more flexibility, or, in the case of viruses and Trojan horses, to hide from plain view.

These keys contain startup programs for the current user:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

These keys contain startup programs for all users:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

The naming of the keys should be self-explanatory. Programs referenced in either of the Run keys listed above are run every time Windows starts. Likewise, an entry referenced in one of the RunOnce keys is run only once and then removed from the key.

Services

The Services window (services.msc) lists dozens of programs especially designed to run in the background in Windows XP. The advantage of services is that they remain active, even when no user is currently logged in. That way, for example, your web server can continue to serve web pages when the Welcome screen (or Log On dialog) is shown.

By default, some services are configured to start automatically with Windows and others are not; such information is found in the Startup Type column. Double-click any service and change the Startup type option to Automatic to have it start with Windows, or Manual to disable it.

However, changing the Startup type for a service won't load (start) or unload (stop) the service. Use the Start and Stop buttons on the toolbar of the Services window, or double-click a service and click Start or Stop. For an example, see the discussion of Universal Plug-&-Play in Section 7.3.1.

The WIN.INI file

Although it's uncommon, you may occasionally see a program referenced at the top of the WIN.INI file, on the lines that start with LOAD= or RUN=. See Section 3.2.4 for details on the structure of files of this type.

Although you may want to disable or eliminate unwanted startup programs in an effort to solve a problem or just improve system performance, you should not blindly disable any program you don't immediately recognize. Keep in mind that some of the startup programs referenced in the Registry and some of the services configured to start automatically are there for a reason, and are required for Windows XP to function. See Section 6.2.7, later in this chapter, for a list of programs you should not close with the Task Manager.

In many cases, it should be obvious what a particular startup program is for. If not, start by searching your system for the filename(s) specified. If in doubt, create a Registry patch of the entire Registry key in question (see Chapter 3 for details) and then remove the questionable entry. If anything goes wrong, you can reapply the Registry patch to restore the settings.

6.2.3.1 Special Case: antivirus software

One of the programs that is likely to start automatically with Windows (typically via the Registry keys listed earlier) is antivirus software. Antivirus software is a double-edged sword. Sure, viruses can be a genuine threat, and for many of us, antivirus software is an essential safeguard. But antivirus software can also be real pain in the neck.

The most basic, innocuous function of an antivirus program is to scan files on demand. When you start a virus scanner and tell it to scan a file or a disk full of files, you're performing a useful task. The problem is that most of us don't remember or want to take the time to routinely perform scans, so we rely on the so-called " auto-protect" feature, where the virus scanner runs all the time. This can cause several problems:

Now, if you take the proper precautions, your exposure to viruses will be minimal, and you will have very little need for the auto-protect feature of your antivirus software. Naturally, whether you disable your antivirus software's autoprotect feature is up to you. If you keep the following concepts in mind, regardless of the status of your antivirus autoprotect software, you should effectively eliminate your computer's susceptibility to viruses:

If you're on a network, your computer is only as secure as the least secure computer on the network. If it's a home network, make sure everyone who uses machines on that network understands the previous concepts. If it's a corporate network, there's no accounting for the stupidity of your coworkers, so you may choose to leave the autoprotect antivirus software in place.

Note that a firewall may protect you from attacks through your local-network or Internet connection; see Chapter 7 for details.

6.2.4 Check Your Drive for Errors with Chkdsk

The Chkdsk utility (chkdsk.exe, pronounced "check disk") is used to scan your hard disk for errors and optionally fix any that are found. To run Chkdsk, open a Command Prompt window (cmd.exe) by going to Start Run and typing cmd, and then type chkdsk at the prompt and press Enter.

Chkdsk can also be run from either Windows Recovery Console or the Safe Mode with Command Prompt (discussed in discussed in Chapter 10 and in Section 2.2.6, respectively).

When you run Chkdsk without any options, you'll get a report that looks something like this:

The type of the file system is NTFS. Volume label is SHOEBOX. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... File verification completed. CHKDSK is verifying indexes (stage 2 of 3)... Index verification completed. CHKDSK is verifying security descriptors (stage 3 of 3)... Security descriptor verification completed. 87406395 KB total disk space. 26569944 KB in 42010 files. 23844 KB in 896 indexes. 0 KB in bad sectors. 114839 KB in use by the system. 65536 KB occupied by the log file. 60632232 KB available on disk. 4096 bytes in each allocation unit. 4351598 total allocation units on disk. 176942 allocation units available on disk.

If any errors are found, such errors will be listed in the report along with the statistics in the example above. However, unlike the Scandisk utility found in some earlier versions of Windows, Chkdsk doesn't make any changes to your drive (repairs or otherwise) unless you specifically request them. As suggested by the "F parameter" warning in the report, you'll need to type chkdsk /f to affect any necessary repairs on the drive.

The /f parameter is not available in the Windows Recovery Console; instead, you'll need to use the more-powerful /r option to affect repairs, as described below. The other exception when Chkdsk is run from the WRC is that it won't usually scan for errors unless you include the /p option (which has no meaning outside the WRC).

The following terms describe most of the different types of problems that Chkdsk might report:

Lost clusters

These are pieces of data that are no longer associated with any existing files.

Bad sectors

Bad sectors are actually physical flaws on the disk surface. Use the /r option, below, to attempt to recover data stored on bad sectors. Note that recovery of such data is not guaranteed (unless you have a backup somewhere). Typical symptoms of bad sectors include seeing gibberish when you view the contents of a directory, or your computer crashing or freezing every time you attempt to access a certain file.

Cross-linked files

If a single piece of data has been claimed by two or more files, those files are said to be cross-linked.

Invalid file dates or times

Chkdsk also scans for file dates and times that it considers "invalid," such as missing dates or those before January 1st, 1980.

By default, Chkdsk will only scan the current drive (shown in the prompt C:> for drive C:). To scan a different drive, include the drive letter as one of the command-line options, like this: chkdsk d: /f.

The other important options available to Chkdsk are the following:

/r

The /r parameter is essentially the same as /f, except that it additional scans for and recovers from bad sectors, as described earlier. When using Chkdsk from within the Windows Recovery Console, the /f option is not available, which means the /r option is your only choice if you need to affect repairs.

/x

Include this option to force the volume to dismount before scanning the drive; otherwise, Windows will have to schedule the drive to be scanned during the next boot. This has the effect of temporarily disconnecting the drive from Explorer and all other programs, and closing any open files stored on the drive. The /x parameter implies the /f option; the /x option is not available in the Windows Recovery Console.

Additionally, the /i and /c options, which are applicable only on NTFS volumes, are used to skip certain checks in order to reduce the amount of time required to scan the disk. There is typically very little reason to use either of these options. Finally, you can run Chkdsk on a specific file (or group of files), but only on FAT or FAT32 disks (not NTFS drives). This is used to check a single file or a specific group of files for fragmentation, subsequently fixed by Disk Defragmenter (dfrg.msc).

To run Chkdsk from Explorer, right-click any drive, select Properties, choose the Tools tab, and click Check Now. Here, the Automatically fix file system errors option corresponds to the /f parameter, and the Scan for and attempt recovery of bad sectors option corresponds to the /r parameter.

6.2.4.1 Special case: dirty drives and automatic Chkdsk

When a volume is marked "dirty," Windows scans it with Chkdsk automatically during the boot process. A drive can become dirty if it's in use when Windows crashes, or Chkdsk schedules a scan when you attempt to check a disk that is in use. A drive not considered dirty is marked "clean."

The Fsutil (Fsutil.exe) utility is used to manage dirty drives. Open a Command Prompt window (cmd.exe) and type fsutil (without any arguments) to display a list of commands that can be used with Fsutil. As you might expect, the dirty command is the one that concerns us here. Here's how it works:

To see if drive G: is currently marked as dirty, type:

fsutil dirty query g:

To mark drive H: as dirty, so it will be scanned by Chkdsk the next time Windows starts, type:

fsutil dirty set h:

Note that Fsutil has been found to be unreliable when used on FAT or FAT32 drives, so you may only wish to use it on NTFS disks.

Another utility, Chkntfs, is used to choose whether or not Windows runs Chkdsk automatically at Windows startup. (It is not used to check NTFS drives, as its name implies, however.) Here's how it works:

To display a dirty/clean report about any drive (say, drive G:), type:

chkntfs g:

To exclude drive H: from being checked when Windows starts (which is not the default), type:

chkntfs /x h:

To include (un-exclude) drive H: in the drives to be checked when Windows starts, type:

chkntfs /c h:

To force Windows to check drive H: the next time Windows starts, type:

chkntfs /c h: fsutil dirty set h:

To include all drives on your system, thereby restoring the defaults, type:

chkntfs /d

Finally, when Windows detects a dirty drive, it starts a timed countdown (10 seconds by default), allowing you to skip Chkdsk by pressing a key. To change the duration of this countdown to, say, five seconds, type:

chkntfs /t:5

The Registry location of the timeout setting is stored in the AutoChkTimeOut value in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager key.

You'll have to restart Windows for any of these changes to take effect.

6.2.5 Error Messages and Crashing Applications

There are basically two different types of error messages:

Now, it's important to realize that error messages of both types are essentially canned responses to predetermined criteria, and any given error message may be used in a variety of instances. This means that error messages are typically verbose, yet rarely helpful. And software developers are rarely English majors.

For example, a message might report that a program has crashed or isn't able to load, but the actual problem may be something completely unrelated to what the message is reporting. For example, you may see a "file not found" error when trying to start an application, if, perhaps, one of the support files has the incorrect file permissions (explained in Chapter 8).

Using Compatibility Mode

If you find that you're having trouble with a specific application, you can try running it in Compatibility Mode.

Right-click any .exe file (or a shortcut to any .exe file), select Properties, and choose the Compatibility tab. The display settings allow you to limit the screen resolution and color depth, and disable visual themes, if they appear to be causing a problem.

However, the real meat is the Run this program in compatibility mode for list, from which you can choose Windows 95, Windows 98/Me, Windows NT 4.0 w/SP5, or Windows 2000. This is useful if the program you're trying to run was specifically designed for an earlier version of Windows, and either refuses to run on Windows XP or simply doesn't work as well as it did in earlier version.

This also applies when installing applications. Some application installers are designed only to allow installation on certain versions of Windows, even though the application, once installed, will actually work on Windows XP. Just enable Compatibility Mode for the installer executable (usually setup.exe or install.exe) to fool it into thinking you're installing on an earlier version of Windows.

6.2.5.1 Error messages resulting from application crashes

Sometimes, a problem is severe enough to cause an application to close immediately. Fortunately, Windows XP isolates applications from one-another, and from the operating system itself, which means that a single application crash is much less likely to bring down the entire system.[2]

[2] This is one of the advantages of Windows XP/2000 over its DOS-based predecessors, such as Windows 9x/Me. See Section 2.1.1 for an option to isolate separate instances of Windows Explorer from one-another.

When an application crashes, Windows will close at and then, by default, display an error message explaining what happened. Naturally, as you'd expect, this error message doesn't really explain what happened, but rather only informs you that something happened.

Often, this type of error is accompanied by lists of numbers (accessible by clicking Details), although these numbers will never be the least bit helpful for most users. Now, don't be fooled: the Details view also often lists a specific executable, blaming it for the problem. However, this doesn't necessarily mean that the program listed actually caused the problem; it only means that it crashed as a result of the problem.

When you see one of these errors, the first thing to do is determine if any action is necessary. You should expect this to happen occasionally, due to the complexity of today's software, but if it happens more frequently than, say, once a day, it could be the sign of a more serious problem. See if you can reliably reproduce the problem. If it seems to be application- or device-specific, where the same action in a program or the repeated use of a certain device causes the crash, then you've found the culprit.

If the occurrences instead appear to be random and not associated with any piece of hardware or software, there are some remaining possibilities. Errors in your system's memory and on your hard disk can cause these problems as well. To diagnose and repair problems on your hard disk, see Section 6.2.4, earlier in this chapter, or see Section 6.3, later in this chapter, for help with misbehaving devices.

Not only will Windows XP usually display an error message when a program crashes, but will ask you if you wish to report the problem Microsoft. If you actually believe that Microsoft will use the data you send them to fix bugs in Windows, I have some beach-front property in Wyoming to sell you.

Fortunately, not only can you turn off error reporting, you can disable the error messages entirely. Here's how to control this behavior:

  1. Open Control Panel System, and choose the Advanced tab

  2. Click Error Reporting, and select the Disable error reporting option.

  3. To also turn off the error messages associated with application crashes, turn off the But notify me when critical errors occur option.

    If you turn off these error messages, and a program subsequently crashes, its window will simply disappear. It may be a little disconcerting at first to see programs spontaneously vanish, but you'll quickly grow to appreciate the fact that Windows will no longer add insult to injury by hassling you with unnecessary error messages.

  4. Click OK and then OK again when you're done; the change will take effect immediately.

For details on Blue Screen of Death (BSoD) errors, as well as how to stop Windows from restarting immediately after one occurs, see Appendix E.

6.2.6 Closing Hung Applications

Not all programs that crash are closed automatically by Windows. Such applications are said to be "hung," "frozen," or "locked up."

When an application hangs, you have two choices. First, you can wait patiently to see if the application is simply busy and will eventually start responding again. This actually is the case more often you'd expect, even on very fast computers. For example, if you're using a CD burner, the program may stop responding for up to a minute while it waits for your hardware to respond.

The other choice is to take matters into your own hands and close hung applications yourself. There are two ways to do this:

6.2.6.1 Solution 1: Close the program window

Although the program will not responded normally, Windows will typically still allow you to move or close the window of a hung application. Just click the small [X] button on the application toolbar, or right-click the taskbar button corresponding to the hung application, and select Close.

6.2.6.2 Solution 2: Use the Windows Task Manager

The Windows Task Manager (taskmgr.exe) allows you to close any running process, which includes any visible application or even any program running invisibly in the background.

To start the Task Manager, right-click an empty area of the taskbar, and select Task Manager. Or, press Shift-Ctrl-ESC to open the Task Manager more quickly.[3]

[3] You can also press Ctrl-Alt-Del to open the Task Manager if you've enabled the Welcome screen, as described in Chapter 8. If the Welcome screen is disabled, you can press Ctrl-Alt-Del to display the Windows Security dialog, at which point you can click the Task Manager to launch it.

To close any program, choose the Processes tab, select the application in the list, and click End Process. To make it easier to find a particular program, click the Image Name column header to sort the programs alphabetically.

See the next section, "Programs Commonly Running in the Background," for a list of programs you should not close with the Task Manager.

6.2.6.3 Special case: change the "Not Responding" timeout

Windows XP waits a predetermined amount of time before it considers an application to be hung ("Not Responding," in Microsoft vernacular). To change this timeout, follow these steps:

  1. Open the Registry Editor (discussed in Chapter 3).

  2. Expand the branches to HKEY_CURRENT_USER\Control Panel\Desktop.

  3. Double-click the HungAppTimeout value in the right pane, and enter the number of milliseconds for the timeout. For example, type 4000 to set the timeout to 4 seconds.

  4. Click OK, and then close the Registry Editor when you're done; you'll have to restart your computer for the change to take effect.

6.2.6.4 Special case: choose how Windows closes hung applications when you shut down

Windows XP attempts to close all running programs, services, and other background processes before it shuts down. If it encounters an application that does not appear to be responding, it will wait a predetermined amount of time, and then it will force the program to close. You can change this behavior the following procedure:

  1. Open the Registry Editor (discussed in Chapter 3).

  2. Expand the branches to HKEY_CURRENT_USER\Control Panel\Desktop.

  3. Double-click the AutoEndTasks value in the right pane, and enter 1 (one) to automatically end tasks, or 0 (zero) to prompt before ending tasks.

  4. Double-click the WaitToKillAppTimeout value, and enter the number of milliseconds for the timeout. For example, type 7000 to set the timeout to 7 seconds. (This setting is also discussed in Section 5.1.4.)

  5. Click OK, and then close the Registry Editor when you're done; you'll have to restart your computer for the change to take effect.

6.2.7 Programs Commonly Running in the Background

Windows is basically just a collection of components, and at any given time, some of those components may be loaded into memory and listed as running processes in Task Manager (discussed in the previous topic).

As you might expect, the programs required by one system won't necessarily be the same as those required by another. Table 6-1 lists the those items commonly found on most Windows XP systems.

Table 6-1. Processes you should expect to find running on your system

Process

Description

csrss.exe

Called the Client Server Runtime Process, csrss.exe is an essential Windows component, as it handles the user-mode portion of the Win32 subsystem. It is also a common target for viruses, so if this process appears to be consuming a lot of CPU cycles on your system, you should update and run your antivirus software.

explorer.exe

This is simply Windows Explorer, which is responsible for your Desktop and Start Menu. If this program crashes or is closed, Windows will usually start it again automatically. If you see more than one instance of explorer.exe, it means that each folder window is being launched as a separate process (see Section 2.1.1 for details).

lsass.exe

This is the Local Security Authority subsystem, responsible for authenticating users on your system.

rundll32.exe

This program, the purpose of which is to launch a function in a DLL as though it were a separate program, is used for about a million different things in Windows.

services.exe

This is the Windows NT Service Control Manager, and works similarly to svchost.exe, below. The difference is that services.exe runs services that are processes, and svchost.exe runs services that are DLLs.

smss.exe

Called the"Windows NT Session Manager, smss.exe is an essential Windows component. Among other things, it runs programs listed in the HKEY_ LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager key in the Registry.

spoolsv.exe

This handles printing and print spooling (queuing).

svchost.exe

The application responsible for launching most services (listed in services.msc). See the "What is Svchost" sidebar for details. See also services.exe, above.

System

The System process, an essential Windows component.

System Idle Process

The "idle" process is a 16k loop, used to occupy all CPU cycles not consumed by other running processes. The higher the number in the CPU column (99% being the maximum), the less your processor is being used by the currently-running programs.

winlogon.exe

This process manages security-related user interactions, such as logon and logoff requests, locking or unlocking the machine, changing the password, and the remote registry service.

wmiprvse.exe

This is responsible for WMI (Windows Management Instrumentation) support in Windows XP, also known as WBEM. Like csrss.exe, above, wmiprvse.exe is a common target for viruses, so if this process appears to be consuming a lot of CPU cycles on your system, you should update and run your antivirus software.

Naturally, you shouldn't interfere with the components Windows requires to operate while you're looking for errant programs or programs you can get along without. And just because something isn't listed here, doesn't mean it isn't required by your system, so use caution when ending a process with which you're not familiar.

What is Svchost?

Svchost.exe and services.exe are the programs responsible for launching the processes associated with the behind-the-scenes programs controlled by the Services window (services.msc).

A single instance of Svchost.exe may be responsible for a single service or several. You should never interfere with any instances of svchost.exe or services.exe you might see listed in Task Manager. Instead, use the Services window (services.msc) to start or stop a service or choose whether or not a service is started automatically when Windows starts.

If you're using Windows XP Professional edition, you can use the TaskList utility (tasklist.exe) to see which services are handled by any given instance of svchost.exe. Just open a Command Prompt window (cmd.exe), and type:

tasklist /svc

Then, match up the numbers in the PID column of TaskList's output with those in the PID column of Task Manager's Processes tab.

If you're not familiar with a particular program that is running, there's a relatively easy way to learn more about it. First, right-click the associated .exe file (easily located with the Search tool), and select Properties. Choose the Version tab, and look under the various resources listed in this dialog; typically, the most useful information will be listed under the Company and Product Name entries. If no Version tab is present, it means the file has no version information, and you'll have to use other means to find out what the file is for. For example, if the file is located in a particular application directory, odds are it belongs to that application. Often, you can learn quite a bit by simply searching the Web for the name the file.

6.2.8 Patching Windows with Windows Update

If software manufacturers waited until their products were completely bug-free before releasing them, then we'd all still be using typewriters.

Windows XP has a fairly automated update system, wherein patches to the operating system that Microsoft considers to be important are made available on their web site, and, by default, automatically downloaded and installed on your computer.

Just open Internet Explorer (other web browsers won't work) and visit http://www.windowsupdate.com (or go to Tools Windows Update) to load the Windows Update program. Click Scan for updates to compile a list of the updates you haven't yet installed from which you can selectively download those updates you want or need.

This is a fairly straightforward procedure, and one you should do regularly. Here are a few tips to improve your experience with this tool.

Disable automatic Windows Update

Depending on your settings, Windows XP may routinely activate the Windows Update feature to scan for and download updates to Windows XP automatically. If you have a fast Internet connection and usually don't remember to check for updates yourself, you'll probably want this feature turned on. However, if you already check for updates and would rather not have Windows interrupt you while you work, you'll probably want to disable automatic updating by going to Control Panel System Automatic Updates.

Even if you've enabled full automatic updating, Windows XP may only install critical updates. It's a good idea to check with Windows Update manually to make sure the updates you want are installed.

Dealing with missing files

During the installation of updates, Windows may occasionally inform you that it can't find one or more files. This, of course, is a bug in the installer, but the workaround is easy. Open a Search window (see Section 2.2.7), and type the name of the specified file in the All or part of the file name field. If the file is already on your hard disk, it will show up in the search results; just type the full path of the folder containing the file into the Copy files from field, and click OK (or Retry). In most cases, such files will be already on your system, typically in the \Windows\System32 and \Windows\System32\drivers folders.

Whether or not to install Driver Updates

For the most part, it's a good idea to install all of the updates in the Critical Updates and Windows XP categories, but use your judgement when installing items in the Driver Updates category. The drivers recommended in here (typically only for devices already using a Microsoft drivers) may be older than the ones you're using, or may even be inappropriate for your hardware. If Windows Update is recommending a driver update, check with the manufacturer of the corresponding device and install their latest driver instead.

Managing Windows Updates for a large number of computers

If you're a system administrator and are responsible for a large number of Windows XP machines, you may not want your users to have access to Windows Update. Otherwise, you may have to deal with increased network traffic whenever a new update becomes available, and you may have to clean up the mess left behind by a bad update.

The solution lies in Microsoft's Software Update Services (SUS), a system by which administrators can deploy critical updates to their Windows XP- and Windows 2000-based systems. More information on SUS can be found at http://www.microsoft.com/windows2000/windowsupdate/sus/.

One other way to prevent your users from accessing the Windows Update site is to set up firewall rules to restrict access to the server. You can also set up the hosts file on each computer to redirect any requests to www.windowsupdate.com and windowsupdate.microsoft.com to a different location, as described in Section 7.2.9.

Download updates for installation on other computers

If you have more than one XP machine to update, you may not want to download the same updates again and again. Start by loading Windows Update, as described earlier. Then, click Personalize Windows Update on the left side, and turn on the Display the link to the Windows Update Catalog under See Also option. Finally, click Windows Update Catalog (which should now appear to your left) to enter the catalog and selectively download self-installing updates.

6.2.9 What to Do when Windows Won't Shut Down

Most of the problems that prevent Windows from shutting down properly have to do with power management and faulty drivers, although there are plenty of other causes to consider. The following solutions should help fix most shutdown problems.

6.2.9.1 Part 1: Power management issues

Start by checking out the solutions in Section 5.1.4, which explain the power management settings that can affect shutdown performance, as well as the problems associated with such settings.

Power management settings in Windows XP can be set by going to Control Panel Power Options. For example, if there's a tab named APM, it means Windows correctly identifies your motherboard's APM (Advanced Power Management) support. Choose the APM tab, and make sure the Enable Advanced Power Management Support option is enabled.

If the aforementioned APM tab is not present, though, you'll need to check your computer's BIOS setup (see Appendix B) and make sure that APM (Advanced Power Management) or ACPI (Advanced Configuration and Power Interface) support is enabled. You'll also need to make sure you're using the correct HAL (Hardware Abstraction Layer) for your computer.

Next, check these two power management-related settings in the Registry:

  1. Open the Registry Editor (discussed in Chapter 3).

  2. Expand the branches to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer.

  3. Double-click the CleanShutdown value. The default is 0 (zero) for this value, but you can change it to 1 (one) if you're experiencing shutdown problems, such as your system restarting instead of shutting down.

  4. Click OK, and then expand the branches to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. (Note the Windows NT branch here, as opposed to the more common Windows branch).

  5. Double-click the PowerdownAfterShutdown value in the right pane, enter 1 (one) to have Windows power down your computer, or 0 (zero) to disable this feature.

  6. Click OK, and then close the Registry Editor when you're done; you'll have to restart your computer for the change to take effect.

Finally, the following steps have been known to work on some computers:

  1. Open the Device Manager (devmgmt.msc).

  2. Select Show Hidden Devices from the View menu.

  3. If an entry named APM/NT Legacy Node appears in the System devices category, and there's a red X over its icon, right-click it and select Enable. (If the entry isn't there, then this solution doesn't apply to you.)

  4. Close the Device Manager when you're done.

6.2.9.2 Part 2: Look for shutdown scripts

If you have a shutdown script configured, it may be preventing Windows from shutting down properly.

  1. Open the Group Policy window (gpedit.msc).

  2. Expand the branches to Computer Configuration\Windows Settings\Scripts (Startup/Shutdown).

  3. Double-click the Shutdown entry in the right-hand pane to show the Shutdown Properties dialog. If there are any entries in the list, make a note of them (in case you need to re-establish them), and then remove them.

  4. Click OK and close the Group Policy window when you're done.

6.2.9.3 Part 3: Virtual memory problems

There's a setting in Windows XP that forces the swap file (paging file) to be cleared when you shut down, which can cause problems on some systems. To disable this, try the following:

  1. Open the Group Policy window (gpedit.msc).

  2. Expand the branches to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.

  3. Double-click the Shutdown: Clear virtual memory page entry in the right-hand pane, and select Disabled.

  4. Click OK and close the Group Policy window when you're done.

See Section 5.2.4 for more information on virtual memory and your computer's swap file.

6.2.9.4 Part 4: Other causes

Here are some other things that can cause Windows XP shutdown problems:

Here are some examples of popular products whose early drivers were notorious for causing shutdown problems, fixed, in all cases, by updates available at the manufacturers' web sites:

Adaptec/Roxio Easy CD Creator

http://www.roxio.com

nVidia-based video cards (nVidia Driver Helper Service)

http://www.nvidia.com

Soundblaster Live! (Devldr32.exe)

http://www.creaf.com

Категории