Fixing Windows XP Annoyances
Once you start peeking under the hood of Windows XP, you'll notice some of the tools that have been included to help the system run smoothly. Some of these tools actually work, but it's important to know which ones to use and which ones are simply gimmicks. A good example is System Restore, a feature intended to solve certain file version conflicts automatically, its brute-force method often ends up causing more problems than it solves. See the discussion of System Restore later in this chapter for more information.
Here are some software-specific issues that should help you solve most problems with Windows XP and the applications that run on it.
6.2.1 What to Do when Windows Won't Start
Unfortunately, Windows' not being able to start is a common problem, usually occurring without an error message or any obvious way to resolve it. Sometimes you'll just get a black screen after the startup logo, or your computer may even restart itself instead of displaying the desktop. Of the many causes to this problem, many deal with hardware drivers, conflicts, or file corruption all of which are discussed elsewhere in this chapter.
In previous versions of Windows, up until Windows 98, one could start a DOS session before loading Windows, which was a gateway to several effective troubleshooting techniques. In Windows XP, this lifeline is gone, but, fortunately, there are several other tools in place to take up the slack:
- Windows Recovery Console
-
The Windows Recovery Console, discussed in Chapter 10, is a way to repair your operating system or boot manager. It also lets you delete or replace system files, something not possible from within Windows. Use the WRC when Windows won't start at all.
- Safe Mode with Command Prompt
-
The Safe Mode with Command Prompt, explained in Section 2.2.6, is somewhat of a hybrid between the Windows Recovery Console and a standard Command Prompt window. (It's also described later.) Use it to affect minor repairs when the Windows Recovery Console is overkill.
In either case, you'll get a Command Prompt interface that allows you to copy, move, rename, or delete files, as well as start certain programs. The specific steps you take depend on what you're trying to accomplish.
If you don't know where to start, you'll probably want to scan your hard disk for errors, since corrupted files can prevent Windows from loading. See Section 6.2.4, later in this chapter, for details.
The other choice you have, instead of using one of these Command Prompt variants, is to use one of Windows' built-in troubleshooting startup modes. Press the F8 key when Windows begins to load (or during the Boot Manager menu, if you're using a dual-boot system, as described in Chapter 10). You'll see a menu with the following choices:
- Safe Mode (also with Networking support or Command Prompt)
-
This forces Windows to start up in a hobbled, semi-functional mode, useful for troubleshooting or removing software or hardware drivers that otherwise prevent Windows from putting normally.
- Enable Boot Logging
-
This starts Windows normally, except that a log of every step is recorded into the ntbtlog.txt file, located in your \Windows folder. If Windows won't start, all you need to do is attempt to start Windows with the Enable Boot Logging option at least once. Then, boot Windows into Safe mode (or Safe mode with Command Prompt) and read the log with your favorite text editor (or Notepad). The last entry in the log is most likely the cause of the problem.
- Enable VGA Mode
-
Start Windows normally, but in 640 X 480 mode at 16 colors. This is useful for troubleshooting bad video drivers or incorrect video settings by allowing you to boot Windows with the most compatible display mode available.
- Last Known Good Configuration
-
This start Windows with the last set of drivers and Registry settings known to work. Use this if a recent Registry Change or hardware installation has caused a problem that prevents Windows from starting.
- Directory Services Restore Mode
-
Used only if your computer is a Windows NT domain controller.
- Debugging Mode
-
This option, typically of no use to end-users, sends debug information to your serial port to be recorded by another computer.
- Start Windows Normally
-
Use this self-explanatory option to continue booting Windows normally, as though never displayed the F8 menu.
Lastly, you should look for error messages, both fleeting ones that quickly disappear, and ones displayed when the Windows startup procedure comes to a screeching halt. See the next section for details.
6.2.2 Error Messages During Startup
You may have seen a strange message when Windows is loading, either during the display of the Windows logo screen or after the taskbar appears. Many different things can cause this, but there are a few common culprits. If you're having trouble starting Windows, see Section 6.1.1 earlier in this chapter.
- A driver won't load
-
When Windows starts, it loads all of the installed drivers into memory. A driver may refuse to load if the device for which it's designed isn't functioning or turned on, if there's a hardware conflict, if the driver itself isn't installed properly, or if the driver file is misconfigured or corrupted in some way. If you remove a device, make sure to take out the driver file as well even if it isn't generating an error message, it could be taking up memory. See Section 6.3 later in this chapter.
- A program can't be found
-
After Windows loads itself and all of its drivers, it loads any programs configured to load at startup. These include screen savers, scheduling utilities, Palm HotSync software, all those icons that appear in your notification area (tray), and any other programs you may have placed in your Startup folder or that may be been configured to load automatically in the system Registry. If you removed an application, for example, and Windows continues to attempt to load one of its components at startup, you'll have to remove the reference manually. See Section 6.2.3 later in this chapter, for details.
- A file is corrupt or missing
-
If one of Windows' own files won't load and you're sure it isn't a third-party driver or application, you may actually have to reinstall Windows to alleviate the problem. I'll take this opportunity to remind you to back up frequently.
An error message of this sort will usually include a filename. To help isolate the problem, write down the filename when you see the error message, and then try searching your hard disk for the reported file, as well as looking for places where the file may be referenced (see Section 6.2.3 later in this chapter for details). If you don't know what the error means exactly, you should definitely do both; a lot can be learned by finding how and where Windows is trying to load a program. However, if you know that the file or files are no longer on your system, you can proceed simply to remove the reference.
Conversely, if you know the file is still on your system and you want to get it working again, you'll probably need to reinstall whatever component or application it came with in order to fix the problem. Once you've located a particular file, it may not be obvious to which program it belongs. You can usually get a good clue by right-clicking on the file, selecting Properties, and choosing the Version tab.
- Please wait while Windows updates your configuration files
-
This isn't an error, but rather a message you may see occasionally when Windows is starting. It simply means that Windows is copying certain files that it couldn't otherwise copy while Windows was loaded, most often as a result of software being installed during the last Windows session. For example, if a program you install needs to replace an old DLL in your \Windows\System32 folder with a newer version, but the DLL is in use and can't be overwritten, the program's setup utility will simply instruct Windows to do it automatically the next time it's restarted. The mechanism responsible is discussed in the discussion of the Wininit.ini file in Section 2.2.6.
If the name of a driver, service, or application is specified in the error message, there are three places you can look for more information:
-
In the startup log, ntbtlog.txt, located in your \Windows folder. See Section 6.2.1 earlier in this chapter, for details.
-
In the Event Viewer (eventvwr.msc); open the System branch, and then sort the listing by clicking the Source column header.
-
In one of the places looks for startup programs, discussed in the next section.
6.2.3 Programs Run by Windows when It Starts
The following locations are places that files or drivers can be specified to load when Windows starts. This is useful not only for adding your own startup programs, but eliminating ones that are either causing problems or are simply unnecessary and slowing down the boot process.
- The Startup folder
-
Your Startup folder (usually \Documents and Settings\{username}\Start Menu\Startup) contains shortcuts for all the standard programs you wish to load every time Windows starts. You should routinely look for and eliminate shortcuts to outdated or unwanted programs. If you're not sure of the application with which the shortcut is associated, right-click it, select Properties, and then click Find Target.
- The Registry
-
There are several places in the Registry (see Chapter 3) in which Startup programs are specified. Such programs are specified here for several reasons: to prevent tinkering, for more flexibility, or, in the case of viruses and Trojan horses, to hide from plain view.
These keys contain startup programs for the current user:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
These keys contain startup programs for all users:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
The naming of the keys should be self-explanatory. Programs referenced in either of the Run keys listed above are run every time Windows starts. Likewise, an entry referenced in one of the RunOnce keys is run only once and then removed from the key.
- Services
-
The Services window (services.msc) lists dozens of programs especially designed to run in the background in Windows XP. The advantage of services is that they remain active, even when no user is currently logged in. That way, for example, your web server can continue to serve web pages when the Welcome screen (or Log On dialog) is shown.
By default, some services are configured to start automatically with Windows and others are not; such information is found in the Startup Type column. Double-click any service and change the Startup type option to Automatic to have it start with Windows, or Manual to disable it.
However, changing the Startup type for a service won't load (start) or unload (stop) the service. Use the Start and Stop buttons on the toolbar of the Services window, or double-click a service and click Start or Stop. For an example, see the discussion of Universal Plug-&-Play in Section 7.3.1.
- The WIN.INI file
-
Although it's uncommon, you may occasionally see a program referenced at the top of the WIN.INI file, on the lines that start with LOAD= or RUN=. See Section 3.2.4 for details on the structure of files of this type.
|
In many cases, it should be obvious what a particular startup program is for. If not, start by searching your system for the filename(s) specified. If in doubt, create a Registry patch of the entire Registry key in question (see Chapter 3 for details) and then remove the questionable entry. If anything goes wrong, you can reapply the Registry patch to restore the settings.
6.2.3.1 Special Case: antivirus software
One of the programs that is likely to start automatically with Windows (typically via the Registry keys listed earlier) is antivirus software. Antivirus software is a double-edged sword. Sure, viruses can be a genuine threat, and for many of us, antivirus software is an essential safeguard. But antivirus software can also be real pain in the neck.
The most basic, innocuous function of an antivirus program is to scan files on demand. When you start a virus scanner and tell it to scan a file or a disk full of files, you're performing a useful task. The problem is that most of us don't remember or want to take the time to routinely perform scans, so we rely on the so-called " auto-protect" feature, where the virus scanner runs all the time. This can cause several problems:
-
Loading the auto-protect software at Windows startup can increase boot time; also, because each and every application must be scanned before it is started, application load time can be increased.
-
If the antivirus software or virus definitions become corrupted, the application auto-scanner may prevent any application on your system from loading, including the antivirus software itself, making it impossible to rectify the situation without serious headaches. (Yes, I've actually seen this happen.)
-
Some antivirus auto-protect features include web browser and email plug-ins, which scan all files downloaded and received as attachments, respectively. In addition to the performance hit, these plug-ins can inadvertently interfere with the applications used to open these files, and can cause all sorts of problems.
-
Antivirus software can also interfere with some applications, such as certain installation programs or low-level diagnostic utilities that may modify the boot sector of one of your drives.
-
Lastly, and most importantly, having the auto-protect feature installed can give you a false sense of security, reducing the chances that you'll take the precautions listed later in this section and increasing the likelihood that your computer will become infected.
Now, if you take the proper precautions, your exposure to viruses will be minimal, and you will have very little need for the auto-protect feature of your antivirus software. Naturally, whether you disable your antivirus software's autoprotect feature is up to you. If you keep the following concepts in mind, regardless of the status of your antivirus autoprotect software, you should effectively eliminate your computer's susceptibility to viruses:
-
If you don't download any documents or applications from the Internet, if you're not connected to a local network, if you have a firewalled connection to the Internet, and the only type of software you install is off-the-shelf commercial products, your odds of getting a virus are pretty much zero.
-
Viruses can only reside in certain types of files, including application (.exe) files, document files made in applications that use macros (such as Microsoft Word), Windows script files (.vbs), and some types of application support files (.dll, .vbx, .vxd, etc.). And because ZIP files (described in Chapter 2) can contain any of the aforementioned files, they're also susceptible.
Plain-text email messages, text files (.txt), image files (.jpg, .gif, .bmp, etc.), video clips (.mpg, .avi, etc.) and most other types of files are benign in that they simply are not capable of being virus carriers.[1]
[1] Actually, it is possible to embed small amounts of binary data into image files, which means, theoretically, that an image could contain a virus. However, such data would have to be manually extracted before it could be executed; a virus embedded in an image file would never be able to spontaneously infect your system.
-
Don't ever open email attachments sent to you from people you don't know, especially if they are Word documents or EXE files. If someone sends you an attachment and you wish to open it, scan it manually before opening it. Most antivirus software adds a context-menu item to all files (see Section 4.3 in Chapter 4), allowing you to scan any given file by right-clicking on it and selecting Scan for Viruses (or something similar).
-
Note that there are some types of viruses that will hijack a user's address book (typically MS Outlook users only) and automatically send an infected email to everyone that person has ever emailed. This means that you may get a virus in an email attachment from someone you know, but it will have a nonsensical filename and a generic, poorly-written message body, like "I send you this file in order to have your advice." If you get an email from someone you know, and it doesn't look like something that person would send you, it likely wasn't sent intentionally, and should be deleted. The worst thing that could happen if you're wrong is that the sender will just have to send it again.
If you're on a network, your computer is only as secure as the least secure computer on the network. If it's a home network, make sure everyone who uses machines on that network understands the previous concepts. If it's a corporate network, there's no accounting for the stupidity of your coworkers, so you may choose to leave the autoprotect antivirus software in place.
Note that a firewall may protect you from attacks through your local-network or Internet connection; see Chapter 7 for details.
6.2.4 Check Your Drive for Errors with Chkdsk
The Chkdsk utility (chkdsk.exe, pronounced "check disk") is used to scan your hard disk for errors and optionally fix any that are found. To run Chkdsk, open a Command Prompt window (cmd.exe) by going to Start
Chkdsk can also be run from either Windows Recovery Console or the Safe Mode with Command Prompt (discussed in discussed in Chapter 10 and in Section 2.2.6, respectively).
When you run Chkdsk without any options, you'll get a report that looks something like this:
The type of the file system is NTFS. Volume label is SHOEBOX. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... File verification completed. CHKDSK is verifying indexes (stage 2 of 3)... Index verification completed. CHKDSK is verifying security descriptors (stage 3 of 3)... Security descriptor verification completed. 87406395 KB total disk space. 26569944 KB in 42010 files. 23844 KB in 896 indexes. 0 KB in bad sectors. 114839 KB in use by the system. 65536 KB occupied by the log file. 60632232 KB available on disk. 4096 bytes in each allocation unit. 4351598 total allocation units on disk. 176942 allocation units available on disk.
If any errors are found, such errors will be listed in the report along with the statistics in the example above. However, unlike the Scandisk utility found in some earlier versions of Windows, Chkdsk doesn't make any changes to your drive (repairs or otherwise) unless you specifically request them. As suggested by the "F parameter" warning in the report, you'll need to type chkdsk /f to affect any necessary repairs on the drive.
|
The following terms describe most of the different types of problems that Chkdsk might report:
- Lost clusters
-
These are pieces of data that are no longer associated with any existing files.
- Bad sectors
-
Bad sectors are actually physical flaws on the disk surface. Use the /r option, below, to attempt to recover data stored on bad sectors. Note that recovery of such data is not guaranteed (unless you have a backup somewhere). Typical symptoms of bad sectors include seeing gibberish when you view the contents of a directory, or your computer crashing or freezing every time you attempt to access a certain file.
- Cross-linked files
-
If a single piece of data has been claimed by two or more files, those files are said to be cross-linked.
- Invalid file dates or times
-
Chkdsk also scans for file dates and times that it considers "invalid," such as missing dates or those before January 1st, 1980.
|
The other important options available to Chkdsk are the following:
- /r
-
The /r parameter is essentially the same as /f, except that it additional scans for and recovers from bad sectors, as described earlier. When using Chkdsk from within the Windows Recovery Console, the /f option is not available, which means the /r option is your only choice if you need to affect repairs.
- /x
-
Include this option to force the volume to dismount before scanning the drive; otherwise, Windows will have to schedule the drive to be scanned during the next boot. This has the effect of temporarily disconnecting the drive from Explorer and all other programs, and closing any open files stored on the drive. The /x parameter implies the /f option; the /x option is not available in the Windows Recovery Console.
Additionally, the /i and /c options, which are applicable only on NTFS volumes, are used to skip certain checks in order to reduce the amount of time required to scan the disk. There is typically very little reason to use either of these options. Finally, you can run Chkdsk on a specific file (or group of files), but only on FAT or FAT32 disks (not NTFS drives). This is used to check a single file or a specific group of files for fragmentation, subsequently fixed by Disk Defragmenter (dfrg.msc).
|
6.2.4.1 Special case: dirty drives and automatic Chkdsk
When a volume is marked "dirty," Windows scans it with Chkdsk automatically during the boot process. A drive can become dirty if it's in use when Windows crashes, or Chkdsk schedules a scan when you attempt to check a disk that is in use. A drive not considered dirty is marked "clean."
The Fsutil (Fsutil.exe) utility is used to manage dirty drives. Open a Command Prompt window (cmd.exe) and type fsutil (without any arguments) to display a list of commands that can be used with Fsutil. As you might expect, the dirty command is the one that concerns us here. Here's how it works:
To see if drive G: is currently marked as dirty, type:
fsutil dirty query g:
To mark drive H: as dirty, so it will be scanned by Chkdsk the next time Windows starts, type:
fsutil dirty set h:
Note that Fsutil has been found to be unreliable when used on FAT or FAT32 drives, so you may only wish to use it on NTFS disks.
Another utility, Chkntfs, is used to choose whether or not Windows runs Chkdsk automatically at Windows startup. (It is not used to check NTFS drives, as its name implies, however.) Here's how it works:
To display a dirty/clean report about any drive (say, drive G:), type:
chkntfs g:
To exclude drive H: from being checked when Windows starts (which is not the default), type:
chkntfs /x h:
To include (un-exclude) drive H: in the drives to be checked when Windows starts, type:
chkntfs /c h:
To force Windows to check drive H: the next time Windows starts, type:
chkntfs /c h: fsutil dirty set h:
To include all drives on your system, thereby restoring the defaults, type:
chkntfs /d
Finally, when Windows detects a dirty drive, it starts a timed countdown (10 seconds by default), allowing you to skip Chkdsk by pressing a key. To change the duration of this countdown to, say, five seconds, type:
chkntfs /t:5
|
You'll have to restart Windows for any of these changes to take effect.
6.2.5 Error Messages and Crashing Applications
There are basically two different types of error messages:
-
An error that tells you that you've done something wrong, such as trying to delete or rename an file that is being used by an open application.
Obviously, the best way to alleviate these problems is to stop doing things wrong. But, of course, what's "wrong" is often a matter of interpretation, so in this case, it typically makes more sense to simply talk about making the resulting error messages less annoying (for example, by turning off the sounds associated with them), or making them go away altogether (by making liberal use of the Don't show this again options that sometimes appear).
-
An error that is the result of an application crash, hardware error, or problem with Windows' configuration.
Such errors are basically the subject of this section and many of the topics in this chapter. These errors can range from a single error message appearing and then disappearing with no discernible after-effects, to the more-severe Blue Screen of Death (BSoD) errors, discussed in Appendix E.
Now, it's important to realize that error messages of both types are essentially canned responses to predetermined criteria, and any given error message may be used in a variety of instances. This means that error messages are typically verbose, yet rarely helpful. And software developers are rarely English majors.
For example, a message might report that a program has crashed or isn't able to load, but the actual problem may be something completely unrelated to what the message is reporting. For example, you may see a "file not found" error when trying to start an application, if, perhaps, one of the support files has the incorrect file permissions (explained in Chapter 8).
Using Compatibility Mode
If you find that you're having trouble with a specific application, you can try running it in Compatibility Mode. Right-click any .exe file (or a shortcut to any .exe file), select Properties, and choose the Compatibility tab. The display settings allow you to limit the screen resolution and color depth, and disable visual themes, if they appear to be causing a problem. However, the real meat is the Run this program in compatibility mode for list, from which you can choose Windows 95, Windows 98/Me, Windows NT 4.0 w/SP5, or Windows 2000. This is useful if the program you're trying to run was specifically designed for an earlier version of Windows, and either refuses to run on Windows XP or simply doesn't work as well as it did in earlier version. This also applies when installing applications. Some application installers are designed only to allow installation on certain versions of Windows, even though the application, once installed, will actually work on Windows XP. Just enable Compatibility Mode for the installer executable (usually setup.exe or install.exe) to fool it into thinking you're installing on an earlier version of Windows. |
6.2.5.1 Error messages resulting from application crashes
Sometimes, a problem is severe enough to cause an application to close immediately. Fortunately, Windows XP isolates applications from one-another, and from the operating system itself, which means that a single application crash is much less likely to bring down the entire system.[2]
[2] This is one of the advantages of Windows XP/2000 over its DOS-based predecessors, such as Windows 9x/Me. See Section 2.1.1 for an option to isolate separate instances of Windows Explorer from one-another.
When an application crashes, Windows will close at and then, by default, display an error message explaining what happened. Naturally, as you'd expect, this error message doesn't really explain what happened, but rather only informs you that something happened.
|
When you see one of these errors, the first thing to do is determine if any action is necessary. You should expect this to happen occasionally, due to the complexity of today's software, but if it happens more frequently than, say, once a day, it could be the sign of a more serious problem. See if you can reliably reproduce the problem. If it seems to be application- or device-specific, where the same action in a program or the repeated use of a certain device causes the crash, then you've found the culprit.
If the occurrences instead appear to be random and not associated with any piece of hardware or software, there are some remaining possibilities. Errors in your system's memory and on your hard disk can cause these problems as well. To diagnose and repair problems on your hard disk, see Section 6.2.4, earlier in this chapter, or see Section 6.3, later in this chapter, for help with misbehaving devices.
Not only will Windows XP usually display an error message when a program crashes, but will ask you if you wish to report the problem Microsoft. If you actually believe that Microsoft will use the data you send them to fix bugs in Windows, I have some beach-front property in Wyoming to sell you.
Fortunately, not only can you turn off error reporting, you can disable the error messages entirely. Here's how to control this behavior:
-
Open Control Panel
System, and choose the Advanced tab -
Click Error Reporting, and select the Disable error reporting option.
-
To also turn off the error messages associated with application crashes, turn off the But notify me when critical errors occur option.
If you turn off these error messages, and a program subsequently crashes, its window will simply disappear. It may be a little disconcerting at first to see programs spontaneously vanish, but you'll quickly grow to appreciate the fact that Windows will no longer add insult to injury by hassling you with unnecessary error messages.
-
Click OK and then OK again when you're done; the change will take effect immediately.
For details on Blue Screen of Death (BSoD) errors, as well as how to stop Windows from restarting immediately after one occurs, see Appendix E.
6.2.6 Closing Hung Applications
Not all programs that crash are closed automatically by Windows. Such applications are said to be "hung," "frozen," or "locked up."
When an application hangs, you have two choices. First, you can wait patiently to see if the application is simply busy and will eventually start responding again. This actually is the case more often you'd expect, even on very fast computers. For example, if you're using a CD burner, the program may stop responding for up to a minute while it waits for your hardware to respond.
The other choice is to take matters into your own hands and close hung applications yourself. There are two ways to do this:
6.2.6.1 Solution 1: Close the program window
Although the program will not responded normally, Windows will typically still allow you to move or close the window of a hung application. Just click the small [X] button on the application toolbar, or right-click the taskbar button corresponding to the hung application, and select Close.
6.2.6.2 Solution 2: Use the Windows Task Manager
The Windows Task Manager (taskmgr.exe) allows you to close any running process, which includes any visible application or even any program running invisibly in the background.
To start the Task Manager, right-click an empty area of the taskbar, and select Task Manager. Or, press Shift-Ctrl-ESC to open the Task Manager more quickly.[3]
[3] You can also press Ctrl-Alt-Del to open the Task Manager if you've enabled the Welcome screen, as described in Chapter 8. If the Welcome screen is disabled, you can press Ctrl-Alt-Del to display the Windows Security dialog, at which point you can click the Task Manager to launch it.
To close any program, choose the Processes tab, select the application in the list, and click End Process. To make it easier to find a particular program, click the Image Name column header to sort the programs alphabetically.
See the next section, "Programs Commonly Running in the Background," for a list of programs you should not close with the Task Manager.
6.2.6.3 Special case: change the "Not Responding" timeout
Windows XP waits a predetermined amount of time before it considers an application to be hung ("Not Responding," in Microsoft vernacular). To change this timeout, follow these steps:
-
Open the Registry Editor (discussed in Chapter 3).
-
Expand the branches to HKEY_CURRENT_USER\Control Panel\Desktop.
-
Double-click the HungAppTimeout value in the right pane, and enter the number of milliseconds for the timeout. For example, type 4000 to set the timeout to 4 seconds.
-
Click OK, and then close the Registry Editor when you're done; you'll have to restart your computer for the change to take effect.
6.2.6.4 Special case: choose how Windows closes hung applications when you shut down
Windows XP attempts to close all running programs, services, and other background processes before it shuts down. If it encounters an application that does not appear to be responding, it will wait a predetermined amount of time, and then it will force the program to close. You can change this behavior the following procedure:
-
Open the Registry Editor (discussed in Chapter 3).
-
Expand the branches to HKEY_CURRENT_USER\Control Panel\Desktop.
-
Double-click the AutoEndTasks value in the right pane, and enter 1 (one) to automatically end tasks, or 0 (zero) to prompt before ending tasks.
-
Double-click the WaitToKillAppTimeout value, and enter the number of milliseconds for the timeout. For example, type 7000 to set the timeout to 7 seconds. (This setting is also discussed in Section 5.1.4.)
-
Click OK, and then close the Registry Editor when you're done; you'll have to restart your computer for the change to take effect.
6.2.7 Programs Commonly Running in the Background
Windows is basically just a collection of components, and at any given time, some of those components may be loaded into memory and listed as running processes in Task Manager (discussed in the previous topic).
As you might expect, the programs required by one system won't necessarily be the same as those required by another. Table 6-1 lists the those items commonly found on most Windows XP systems.
Process | Description |
---|---|
csrss.exe | Called the Client Server Runtime Process, csrss.exe is an essential Windows component, as it handles the user-mode portion of the Win32 subsystem. It is also a common target for viruses, so if this process appears to be consuming a lot of CPU cycles on your system, you should update and run your antivirus software. |
explorer.exe | This is simply Windows Explorer, which is responsible for your Desktop and Start Menu. If this program crashes or is closed, Windows will usually start it again automatically. If you see more than one instance of explorer.exe, it means that each folder window is being launched as a separate process (see Section 2.1.1 for details). |
lsass.exe | This is the Local Security Authority subsystem, responsible for authenticating users on your system. |
rundll32.exe | This program, the purpose of which is to launch a function in a DLL as though it were a separate program, is used for about a million different things in Windows. |
services.exe | This is the Windows NT Service Control Manager, and works similarly to svchost.exe, below. The difference is that services.exe runs services that are processes, and svchost.exe runs services that are DLLs. |
smss.exe | Called the"Windows NT Session Manager, smss.exe is an essential Windows component. Among other things, it runs programs listed in the HKEY_ LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager key in the Registry. |
spoolsv.exe | This handles printing and print spooling (queuing). |
svchost.exe | The application responsible for launching most services (listed in services.msc). See the "What is Svchost" sidebar for details. See also services.exe, above. |
System | The System process, an essential Windows component. |
System Idle Process | The "idle" process is a 16k loop, used to occupy all CPU cycles not consumed by other running processes. The higher the number in the CPU column (99% being the maximum), the less your processor is being used by the currently-running programs. |
winlogon.exe | This process manages security-related user interactions, such as logon and logoff requests, locking or unlocking the machine, changing the password, and the remote registry service. |
wmiprvse.exe | This is responsible for WMI (Windows Management Instrumentation) support in Windows XP, also known as WBEM. Like csrss.exe, above, wmiprvse.exe is a common target for viruses, so if this process appears to be consuming a lot of CPU cycles on your system, you should update and run your antivirus software. |
|
What is Svchost?
Svchost.exe and services.exe are the programs responsible for launching the processes associated with the behind-the-scenes programs controlled by the Services window (services.msc). A single instance of Svchost.exe may be responsible for a single service or several. You should never interfere with any instances of svchost.exe or services.exe you might see listed in Task Manager. Instead, use the Services window (services.msc) to start or stop a service or choose whether or not a service is started automatically when Windows starts. If you're using Windows XP Professional edition, you can use the TaskList utility (tasklist.exe) to see which services are handled by any given instance of svchost.exe. Just open a Command Prompt window (cmd.exe), and type: tasklist /svc Then, match up the numbers in the PID column of TaskList's output with those in the PID column of Task Manager's Processes tab. |
If you're not familiar with a particular program that is running, there's a relatively easy way to learn more about it. First, right-click the associated .exe file (easily located with the Search tool), and select Properties. Choose the Version tab, and look under the various resources listed in this dialog; typically, the most useful information will be listed under the Company and Product Name entries. If no Version tab is present, it means the file has no version information, and you'll have to use other means to find out what the file is for. For example, if the file is located in a particular application directory, odds are it belongs to that application. Often, you can learn quite a bit by simply searching the Web for the name the file.
6.2.8 Patching Windows with Windows Update
If software manufacturers waited until their products were completely bug-free before releasing them, then we'd all still be using typewriters.
Windows XP has a fairly automated update system, wherein patches to the operating system that Microsoft considers to be important are made available on their web site, and, by default, automatically downloaded and installed on your computer.
Just open Internet Explorer (other web browsers won't work) and visit http://www.windowsupdate.com (or go to Tools
This is a fairly straightforward procedure, and one you should do regularly. Here are a few tips to improve your experience with this tool.
- Disable automatic Windows Update
-
Depending on your settings, Windows XP may routinely activate the Windows Update feature to scan for and download updates to Windows XP automatically. If you have a fast Internet connection and usually don't remember to check for updates yourself, you'll probably want this feature turned on. However, if you already check for updates and would rather not have Windows interrupt you while you work, you'll probably want to disable automatic updating by going to Control Panel
System Automatic Updates.
|
- Dealing with missing files
-
During the installation of updates, Windows may occasionally inform you that it can't find one or more files. This, of course, is a bug in the installer, but the workaround is easy. Open a Search window (see Section 2.2.7), and type the name of the specified file in the All or part of the file name field. If the file is already on your hard disk, it will show up in the search results; just type the full path of the folder containing the file into the Copy files from field, and click OK (or Retry). In most cases, such files will be already on your system, typically in the \Windows\System32 and \Windows\System32\drivers folders.
- Whether or not to install Driver Updates
-
For the most part, it's a good idea to install all of the updates in the Critical Updates and Windows XP categories, but use your judgement when installing items in the Driver Updates category. The drivers recommended in here (typically only for devices already using a Microsoft drivers) may be older than the ones you're using, or may even be inappropriate for your hardware. If Windows Update is recommending a driver update, check with the manufacturer of the corresponding device and install their latest driver instead.
- Managing Windows Updates for a large number of computers
-
If you're a system administrator and are responsible for a large number of Windows XP machines, you may not want your users to have access to Windows Update. Otherwise, you may have to deal with increased network traffic whenever a new update becomes available, and you may have to clean up the mess left behind by a bad update.
The solution lies in Microsoft's Software Update Services (SUS), a system by which administrators can deploy critical updates to their Windows XP- and Windows 2000-based systems. More information on SUS can be found at http://www.microsoft.com/windows2000/windowsupdate/sus/.
One other way to prevent your users from accessing the Windows Update site is to set up firewall rules to restrict access to the server. You can also set up the hosts file on each computer to redirect any requests to www.windowsupdate.com and windowsupdate.microsoft.com to a different location, as described in Section 7.2.9.
- Download updates for installation on other computers
-
If you have more than one XP machine to update, you may not want to download the same updates again and again. Start by loading Windows Update, as described earlier. Then, click Personalize Windows Update on the left side, and turn on the Display the link to the Windows Update Catalog under See Also option. Finally, click Windows Update Catalog (which should now appear to your left) to enter the catalog and selectively download self-installing updates.
6.2.9 What to Do when Windows Won't Shut Down
Most of the problems that prevent Windows from shutting down properly have to do with power management and faulty drivers, although there are plenty of other causes to consider. The following solutions should help fix most shutdown problems.
6.2.9.1 Part 1: Power management issues
Start by checking out the solutions in Section 5.1.4, which explain the power management settings that can affect shutdown performance, as well as the problems associated with such settings.
Power management settings in Windows XP can be set by going to Control Panel
If the aforementioned APM tab is not present, though, you'll need to check your computer's BIOS setup (see Appendix B) and make sure that APM (Advanced Power Management) or ACPI (Advanced Configuration and Power Interface) support is enabled. You'll also need to make sure you're using the correct HAL (Hardware Abstraction Layer) for your computer.
Next, check these two power management-related settings in the Registry:
-
Open the Registry Editor (discussed in Chapter 3).
-
Expand the branches to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer.
-
Double-click the CleanShutdown value. The default is 0 (zero) for this value, but you can change it to 1 (one) if you're experiencing shutdown problems, such as your system restarting instead of shutting down.
-
Click OK, and then expand the branches to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. (Note the Windows NT branch here, as opposed to the more common Windows branch).
-
Double-click the PowerdownAfterShutdown value in the right pane, enter 1 (one) to have Windows power down your computer, or 0 (zero) to disable this feature.
-
Click OK, and then close the Registry Editor when you're done; you'll have to restart your computer for the change to take effect.
Finally, the following steps have been known to work on some computers:
-
Open the Device Manager (devmgmt.msc).
-
Select Show Hidden Devices from the View menu.
-
If an entry named APM/NT Legacy Node appears in the System devices category, and there's a red X over its icon, right-click it and select Enable. (If the entry isn't there, then this solution doesn't apply to you.)
-
Close the Device Manager when you're done.
6.2.9.2 Part 2: Look for shutdown scripts
If you have a shutdown script configured, it may be preventing Windows from shutting down properly.
-
Open the Group Policy window (gpedit.msc).
-
Expand the branches to Computer Configuration\Windows Settings\Scripts (Startup/Shutdown).
-
Double-click the Shutdown entry in the right-hand pane to show the Shutdown Properties dialog. If there are any entries in the list, make a note of them (in case you need to re-establish them), and then remove them.
-
Click OK and close the Group Policy window when you're done.
6.2.9.3 Part 3: Virtual memory problems
There's a setting in Windows XP that forces the swap file (paging file) to be cleared when you shut down, which can cause problems on some systems. To disable this, try the following:
-
Open the Group Policy window (gpedit.msc).
-
Expand the branches to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
-
Double-click the Shutdown: Clear virtual memory page entry in the right-hand pane, and select Disabled.
-
Click OK and close the Group Policy window when you're done.
See Section 5.2.4 for more information on virtual memory and your computer's swap file.
6.2.9.4 Part 4: Other causes
Here are some other things that can cause Windows XP shutdown problems:
-
Antivirus software has been known to prevent Windows from shutting down; see Section 6.2.3, earlier in this chapter, for more information.
-
If shutting down results in a Blue Screen of Death (BSoD), see Appendix E.
-
See Section 6.2.6, earlier in this chapter, for solutions concerning the way Windows XP automatically shuts down running programs and processes during shut down.
-
Make sure you have the latest XP updates from Microsoft; see Section 6.2.8, earlier in this chapter, for details.
-
If you have a desktop computer with at least one network card, try moving the card to a different slot.
-
Your power supply could be to blame; see the discussion of power supplies in Chapter 5 for upgrading tips.
-
If Windows is allowed to shut down your USB controller to save power, it may prevent Windows from shutting down. See Section 6.4.6 section, later in this chapter, for details.
Here are some examples of popular products whose early drivers were notorious for causing shutdown problems, fixed, in all cases, by updates available at the manufacturers' web sites:
- Adaptec/Roxio Easy CD Creator
-
http://www.roxio.com
- nVidia-based video cards (nVidia Driver Helper Service)
-
http://www.nvidia.com
- Soundblaster Live! (Devldr32.exe)
-
http://www.creaf.com