Lesson 2: System Recovery CHAPTER 14 753 The Last Known Good Configuration (Advanced) The Last Known Good Configuration (Advanced) feature in Advanced Boot Options is a recovery option that you use to start your computer with the most recent settings that worked. Last Known Good Configuration (Advanced) restores registry information and driver settings that were in effect the last time the computer started successfully. You should use the Last Known Good Configuration (Advanced) feature when you cannot start Windows 7 after you make a change to your computer, or when you suspect that a change that you just made is causing a problem—for example, if you cannot start Windows after you install a new video driver. When you start your computer by using the Last Known Good Configuration (Advanced) feature, Windows 7 uses the configuration stored in the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet Figure 14-13 shows the Control key within the CurrentControlSet registry key. When your computer restarts and you log on, your current configuration in ControlSet001 is copied to CurrentControlSet and becomes the Last Known Good Configuration. Take care, therefore, if you see messages about error events being written to Event Viewer while your logon screen is active. If you log on at this point, you cannot return to the previous Last Known Good Configuration, although you can perform a system restore to previous restore points. FIGURE 14-13 The CurrentControlSet registry key 7 5 4 CHAPTER 14 Recovery and Backup Windows 7 Boot Options Windows 7 implements a boot loader, a boot configuration and storage system called Boot Configuration Data (BCD), and a boot option editing tool called Bcdedit. In Chapter 2, you saw how you can use the Bcdedit tool to make VHDs bootable on computers running Windows 7 Enterprise and Ultimate editions. Windows 7 includes the following boot loader features: n Windows boot manager (Bootmgr.exe) n Windows operating system loader (Winload.exe) n Windows resume loader (Winresume.exe) When a computer with multiple boot entries includes at least one entry for Windows 7, Windows Boot Manager starts the system and interacts with the user. It displays the boot menu, loads the selected system-specific boot loader, and passes the boot parameters to the boot loader. Boot Configuration Data On Windows 7, boot options and BCD are stored in the BCD store. BCD provides a common interface for all computers running Windows 7 and enables administrators to assign rights for managing boot options. BCD is available at run time and during all phases of setup, including resuming after hibernation. You can use the Bcdedit utility to manage BCD remotely and manage BCD when the system boots from media other than the media on which the BCD store resides. This feature is important for debugging and troubleshooting, especially when a BCD store must be restored while running Startup Repair from DVD-ROM, from USB-based storage media, or remotely. For example the following command forces the use of the Video Graphics Array (VGA; low resolution) display driver on reboot: bcdedit /set vga on The following command enables kernel debugging for the current operating system boot entry: bcdedit /debug on The following command disables kernel debugging for an operating system boot entry specified by its global unique identifier (GUID): bcdedit /debug <GUID> off You can use the Bcdedit utility to do the following: n Create a BCD store n Rebuild BCD n Add entries to a existing BCD store n Modify existing entries in a BCD store Lesson 2: System Recovery CHAPTER 14 755 n Delete entries from a BCD store n Export entries to a BCD store n Import entries from a BCD store n List currently active settings n Query entries of a particular type n Apply a global change to all entries n Change the default time-out value More Info BCD BOOT OPTIONS For more information about BCD boot options, see http://msdn.microsoft.com/en-us/ library/aa906217.aspx. You can use the Bcdedit utility to edit boot options in Windows 7. You must be a member of the local Administrators group to use Bcdedit. You can also use the Windows Management Instrumentation (WMI) interface to programmatically change the boot options. Chapter 13, “Monitoring and Performance,” discussed WMI in detail. More Info THE BCD WMI INTERFACE For more information about the BCD WMI interface and the Windows Software Development Kit (SDK), see http://msdn.microsoft.com/en-us/library/aa362692.aspx. Rolling Back Drivers Sometimes you can encounter problems because a recently installed driver for a hardware device is incompatible with other drivers or with the hardware in your computer. The classic situation is when you update a video driver and find that when you restart your computer, you cannot see your screen. In this case, you need to return your computer to its state before you updated the driver. If you have not logged on since the driver was updated, you can boot using Last Known Good Configuration (Advanced) in Advanced Boot Options. If you cannot use Last Known Good Configuration (Advanced) you would next consider performing a system restore. Typically, you would boot into Advanced Boot Options by using the F8 key and selecting Debugging Mode or boot from DVD-ROM and select Repair Your Computer. In either case, you would access the System Restore option and restore your system settings to the system restore point that was created before you installed the problem driver. It is a good idea to create a system repair point before you make any significant changes to a computer, such as installing a new driver. However, it is not always convenient to use Last Known Good Configuration (Advanced) or a system restore. The driver could have been installed through Windows Update with 7 5 6 CHAPTER 14 Recovery and Backup other important and recommended updates that you do not want to roll back. In this case, you need to boot the computer either into Safe Mode or Enable Low Resolution Video (if your problem is a video driver) and roll back the driver. Managing drivers and using Device Manager were discussed in detail in Chapter 4, “Managing Devices and Disks.” On the Drivers tab of the device’s Properties dialog box, shown in Figure 14-14, you can choose to uninstall or disable the driver. If the device was a monitor, this would result in the default low-resolution driver being used, but in other types of devices, it would probably result in the device not working at all. FIGURE 14-14 Drivers tab of a device Properties box Your choice, therefore, should be to roll back the driver. This rolls back to the previous driver that was used (and worked satisfactorily) before the new device driver was installed. One of the main functions of Safe Mode and the Enable Low Resolution Video option is to allow you to make changes to device drivers when these are causing problems. Note that the Roll Back option is enabled only if a driver for a device has been installed that overwrote a previous driver. Practice Configuring System Protection, Creating a Restore Point, and Performing a System Restore In this practice, you configure system protection on a hard disk on which it is not configured by default. You then manually create a restore point. You make a system change (uninstall a driver) and then perform a system restore to the restore point you created. Finally, you check that the system change has been reversed. Lesson 2: System Recovery CHAPTER 14 757 exercise 1 Configure System Protection In this exercise, you configure system protection on a hard disk that does not hold a system partition and therefore does not have system protection on by default. You can choose any hard disk you want, but you will likely use the second internal hard disk if one exists on your computer. If you are saving your backups on an external hard disk, you can choose to do this provided that this disk is formatted with the NTFS filing system, although in practice you are unlikely to enable system protection on a device used only to store backups. System protection configuration is discussed in more detail in Lesson 3. Perform the following procedure: 1. If necessary, log on to the Canberra computer with the Kim_Akers account. 2. In Control Panel, click System And Security. In the System And Security window, click System. 3. In the System window, click System Protection. This accesses the System Protection tab of the System Properties dialog box, as shown in Figure 14-15. FIGURE 14-15 The System Protection tab of the System Properties dialog box 4. Select the drive on which you want to configure system protection and then click Configure. 5. In the System Protection dialog box for the selected drive, select Restore System Settings And Previous Versions Of Files. Configure the Maximum Usage setting (the maximum disk capacity that you want to use to store restore points) by using the slider control, as shown in Figure 14-16. 7 5 8 CHAPTER 14 Recovery and Backup FIGURE 14-16 Configuring system protection for a selected disk drive 6. Click OK. 7. On the System Protection tab of the System Properties dialog box, ensure that system protection for the disk drive you selected is set to On. Click OK. exercise 2 Create a Restore Point Manually In this exercise, you manually create a restore point named Trial Restore Point. 1. If necessary, log on to the Canberra computer with the Kim_Akers account and access the System Protection tab of the System Properties dialog box, as described in Exercise 1. 2. Click Create. 3. In the Create A Restore Point dialog box, type Trial Restore Point. Click Create. Windows 7 creates a restore point. This can take some time. 4. Click Close. exercise 3 Perform a System Restore In this exercise, you make a system change. You then perform a system restore to the Trial Restore Point and check the system change is reversed. 1. If necessary, log on to the Canberra computer with the Kim_Akers account. 2. On the Start menu, right-click Computer and choose Manage. 3. In the left pane of the Computer Management console, select Device Manager. 4. Choose a device that you are not using right now. Right-click the device and choose Properties. 5. Click Driver to access the Driver tab, as shown in Figure 14-17. Lesson 2: System Recovery CHAPTER 14 759 FIGURE 14-17 The Driver tab for the chosen device 6. Click Uninstall. Click OK to confirm that you want to uninstall the driver. 7. Access the System Protection tab of the System Properties dialog box, as described in Exercise 1. 8. Click System Restore. 9. On the Restore System Files And Settings page of the System Restore Wizard, click Next. 10. In the Restore Your Computer To The State It Was In Before The Selected Event dialog box, ensure that Trial Restore Point is selected, as shown in Figure 14-18. Click Next. FIGURE 14-18 Selecting a restore point 7 6 0 CHAPTER 14 Recovery and Backup WarnIng YOUR COMPUTER WILL RESTART The next step in this exercise restarts your computer. Ensure that all your work is saved and any applications you are not currently using are closed before continuing. 11. Click Finish. Click Yes to confirm that you want to continue. Windows 7 performs a system restore and the Canberra computer reboots. 12. Log on to the Canberra computer with the Kim_Akers account. 13. Click Close to close the System Restore Completed Successfully box. 14. Access the Driver tab of the device you chose earlier, as described in steps 2 through 5 in this exercise. 15. Check that the device driver is no longer uninstalled (that is, the Uninstall button is enabled). Lesson Summary n If system protection is configured on a disk drive, restore points are created automatically when you make significant system changes. You can also manually create a restore point. n You can restore your system settings to a selected restore point. n You can restore your entire computer from a System Image backup to how it was when the backup was taken. n You can boot from the Windows 7 installation DVD-ROM and run a System Repair, or you can access the Advanced Boot Options by pressing the F8 key during a reboot. Both techniques access tools that let you investigate boot and system problems. Lesson Review You can use the following questions to test your knowledge of the information in Lesson 2, “System Recovery.” The questions are also available on the companion DVD if you prefer to review them in electronic form. note ANSWERS Answers to these questions and explanations of why each answer choice is correct or incorrect are located in the “Answers” section at the end of the book. 1. You are testing unsigned device drivers on a computer on an isolated test network. You install a display driver and find that the computer boots to a blank screen. You restart the computer and press F8. What Advanced Boot Options could you choose to help remedy the situation? (Choose all that apply.) a. Safe Mode B. Enable Boot Logging Lesson 2: System Recovery CHAPTER 14 761 c. Enable Low Resolution Video D. Last Known Good Configuration (Advanced) e. Disable Driver Signal Enforcement 2. You are deciding on which storage devices you want to configure system protection. System protection is enabled by default on your C: drive, which holds your system files. No other storage device on your computer has system protection enabled. On which of the following storage devices can you enable system protection? (Choose all that apply.) a. Your second internal hard disk, formatted with NTFS B. An external USB hard disk formatted with FAT c. A USB flash drive D. Your optical drive e. A mounted VHD created on your second internal hard disk 3. You are investigating instability and boot problems on a computer running Windows 7 Enterprise. You boot using the Last Known Good Configuration (Advanced) option and perform a system restore. This does not solve your problems, and you want to undo the system restore. Can you do this, and what is the reason for your answer? a. No. You can undo a system restore only if you initiate it from the System Recovery tools. B. No. You can undo a system restore only if you carry it out after booting normally. c. Yes. You can always undo a system restore, no matter how you booted the computer or how you initiated the restore. D. Yes. You can undo a system restore that you perform after either booting normally or booting using Last Known Good Configuration (Advanced). 4. You are troubleshooting instability problems on a computer running Windows 7 Ultimate and suspect that they might be related to hardware faults in RAM. You access the System Recovery options. Which option is most likely to help you diagnose the problem? a. Windows Memory Diagnostic B. Startup Repair c. System Restore D. System Image Recovery 5. What command-line utility can you use in Windows 7 to edit boot options? a. Bootmgr.exe B. Winload.exe c. Bcdedit.exe D. Winresume.exe 7 6 2 CHAPTER 14 Recovery and Backup Lesson 3: Recovering Files and Folders This lesson looks at previous versions of files and folders created as shadow copies by the Volume Shadow Copy Service (VSS) when a restore point is created or held in backup sets created by a file and folder backup. It discusses how you can restore previous versions of files even when these files have been renamed or deleted. The lesson looks at file and folder recovery and the Recover Files Wizard and describes how you use this wizard to restore user profile information. System Protection was introduced in Lesson 2, and this lesson considers System Protection settings in more detail. After this lesson you will be able to: n Recover a previous version of a file or folder. n Recover a file and folder from backup. n Restore a renamed or deleted file. n Restore a user profile. Estimated lesson time: 35 minutes Restoring Damaged or Deleted Files by Using Previous Versions Previous versions are either backups of files and folders that you create by using the Backup And Restore console and restore by accessing the same tool and using the Restore Files Wizard, or they are shadow copies. Shadow copies are copies of files and folders that Windows 7 automatically saves when it creates a restore point. You can decide whether to restore from backup or restore from a shadow copy. The file you restore from backup will be the version of the file that was current when the backup was taken. You may have a shadow copy that is more recent than the backed-up file, or you may want to restore an older version. You can use previous versions of files to restore damaged files or files that you, or users you support, accidentally modify or delete. You can access previous versions, save them to a different location, or restore a previous version of a damaged file to its original location. Restoring Files and Folders Windows 7 makes restoring files and folders from backup straightforward. You can restore a file or folder to its original location or to a different location. Typically, you restore a file to its original location if it is corrupted or has been accidentally overwritten, but sometimes you want to restore to a different location to test that your backup and restore procedures are working correctly without the risk of overwriting your current files and folders. This is known as a dummy restore. . restore to previous restore points. FIGURE 1 4-1 3 The CurrentControlSet registry key 7 5 4 CHAPTER 14 Recovery and Backup Windows 7 Boot Options Windows 7 implements a boot loader, a boot configuration. bootable on computers running Windows 7 Enterprise and Ultimate editions. Windows 7 includes the following boot loader features: n Windows boot manager (Bootmgr.exe) n Windows operating system. Figure 1 4- 17. Lesson 2: System Recovery CHAPTER 14 75 9 FIGURE 1 4- 17 The Driver tab for the chosen device 6. Click Uninstall. Click OK to confirm that you want to uninstall the driver. 7. Access