Lesson 1: Managing Device Drivers and Devices CHAPTER 4 223 12. Click Show. 13. In the Show Contents dialog box, select the text box under Value to highlight it, double-click the text box, and paste the GUID you copied earlier (including the curly braces). The Show Contents box should be similar to Figure 4-27. FIGURE 4-27 Pasting the GUID into the Show Contents dialog box 14. Click OK to close the Show Contents dialog box. 15. Click OK to close the Allow Non-Administrators To Install Drivers For These Device Setup Classes dialog box. Local Group Policy Editor shows the policy is Enabled. 16. If you want, stage the driver for a reputable third-party imaging device. Then log on to the Canberra computer as Don Hall and install the device. Staging a driver is described in Exercise 2. note DRIVERS MUST BE SIGNED OR APPROVED BY AN ADMINISTRATOR The device driver package must be signed in accordance with computer policy. If the certificate for the driver is not in the Trusted Publishers certificate store, then the user is prompted to accept the unverified certificate during the installation process. If the device driver does not have a valid digital signature, it is not installed unless an administrator approves its installation. exercise 2 Staging a Device Driver in the Driver Store If you have permitted non-administrators to install devices in a device setup class, you can also enable them to install a specific device in this class automatically, as if it was a PnP device. To do this, you stage the driver for that device in the driver store. The driver store is a protected area that contains device driver packages that have been approved for installation on the computer. After a device driver package is in the driver store, a non-administrative user on the computer can install its device without needing 2 2 4 CHAPTER 4 Managing Devices and Disks elevated user permissions. To stage a driver package in the driver store, perform the following procedure: 1. If necessary, log on to the Canberra computer with the Kim_Akers account. 2. Copy a driver from media supplied with a reputable third-party device to a folder on your hard disk, for example C:\Newdrivers. For copyright reasons, the driver used in this exercise has been renamed Mydriver.inf. 3. Open an elevated command prompt. If necessary, click Yes to clear the UAC dialog box. 4. Enter pnputil –a c:\newdrivers\mydriver.inf (amend this instruction if your path and file name are different). 5. If the driver package is not signed or is signed by a certificate that is not currently in the Trusted Publishers certificate store, the Windows Security dialog box appears, asking you to confirm whether the driver should be installed. View the details of the message to determine the problem with the driver’s signature. If you are sure that the driver package is valid, click Install to finish the staging operation. 6. When staging is complete, the PnPUtil tool reports a published name (oem<number> .inf) that Windows 7 assigns to this package in the driver store. You need to reference this name if you want to delete the driver package from the store later. If you need to determine the published name for a driver package, enter pnputil.exe -e and search for the driver you need. More Info THE PnPUtil TOOL For more information about the PnPUtil tool, see http://technet.microsoft.com/en-us/ library/cc732408.aspx. exercise 3 Configuring Windows 7 to Search Additional Folders for Device Drivers When a new device is connected to a computer, Windows 7 checks the driver store to determine if an appropriate driver package is staged. If not, it checks several locations to find a driver package to place in the driver store. These locations are: n The folders specified in the DevicePath registry setting. n The Windows Update Web site. Note that you can prohibit this Internet search in Local Group Policy Object Editor by navigating to Open Local Computer Policy/ Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication Settings and configuring the Turn Off Windows Update Device Driver Searching setting. n A file path (typically to removable media) is provided by the user. Lesson 1: Managing Device Drivers and Devices CHAPTER 4 225 To modify the list of folders that Device Manager searches for a driver package, perform the following procedure: 1. If necessary, log on to the Canberra computer with the Kim_Akers account. 2. Click Start. Enter regedit in the Start Search box. If necessary, click Yes to clear the UAC dialog box. 3. Navigate to the following registry key: HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion 4. In the Details pane, double-click DevicePath. 5. Add additional folder paths to the setting, separating each folder path with a semicolon as shown in Figure 4-28. Ensure that you do not delete %Systemroot%\Inf from the setting. FIGURE 4-28 Editing the DevicePath setting note DEVICEPATH SUBFOLDERS If the folders listed in the DevicePath registry entry contain other subfolders, the subfolders will also be included in the search. For example, including C:\ as one of the paths causes Windows to search the entire drive (which could take some time). 2 2 6 CHAPTER 4 Managing Devices and Disks Lesson Summary n A non-administrator can install PnP devices with valid digital signatures linked to certificates in the Trusted Publishers store. If the device driver is not in the device driver store, or if it is unsigned, or if the signature is not trusted, administrator credentials are required to install the device. n An administrator can prestage a device by placing its driver in the device driver store. If the device driver is unsigned, the administrator can sign it with a certificate obtained from an internal CA to allow it to be installed by standard users within an organization. n You can prevent drivers downloading from Windows Update and automatically installing. You can also remove Windows Update from the device driver search path. You can disable or stop drivers to diagnose driver problems. If a new driver is giving you problems, you can roll back to a previous driver. Lesson Review You can use the following questions to test your knowledge of the information in Lesson 1, “Managing Device Drivers and Devices.” The questions are also available on the companion DVD if you prefer to review them in electronic form. note ANSWERS Answers to these questions and explanations of why each answer choice is correct or incorrect are located in the “Answers” section at the end of the book. 1. A user without administrator privileges attaches a device to a computer running Windows 7. Which of the following needs to be true for the device to be installed? (Choose all that apply.) a. The device driver must have a valid digital signature. B. The device driver must be stored in the Trusted Publishers store. c. The device driver must be stored in the device driver store. D. The device must connect through a USB port. e. The device driver must be signed by Microsoft. 2. You have four devices connected to a USB hub and none of them are working satis- factorily. You suspect one of the devices requires more bandwidth and should not be connected through a hub. How do you discover the bandwidth requirements of the devices? a. In Device Manager, double-click Universal Serial Bus Controllers, right-click the Host Controller for your system, and choose Properties. Access the Power tab. B. In Device Manager, double-click Universal Serial Bus Controllers, right-click the Host Controller for your system, and choose Properties. Access the Advanced tab. c. In Device Manager, double-click Human Interface Devices, and right-click each instance of USB Input Device in turn. For each device, access the Details tab. Lesson 1: Managing Device Drivers and Devices CHAPTER 4 227 D. In Device Manager, double-click IEEE 1394 Bus Host Controllers, and right-click each device in turn. For each device, access the Resources tab. 3. You want ordinary users to install a device. The device driver has a valid digital signature that uses a certificate that is in the Trusted Publishers store. How do you ensure that non-administrators can install the device? (Choose all that apply; each answer forms part of the solution.) a. In Device Manager, double-click the device type, right-click the device, and click Properties. On the Details tab, determine the device class GUID. In Local Group Policy Management, enable the Allow Non-Administrators To Install Drivers For These Device Setup Classes policy and associate it with the GUID. B. Access the registry key HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/ Current Version and double-click DevicePath In the Details pane. Add the C: drive to the device path. c. Stage the device driver by copying it to the Trusted Publishers store. D. Stage the device driver by copying it to the device driver store. 4. You want to prevent Windows 7 from searching Windows Update for a device driver when no driver is available in the device driver store. How do you do this? a. In the Device Installation Settings dialog box, clear Yes Do This Automatically (Recommended) and select No Let Me Choose What To Do and Never Install Driver Software From Windows Update. Click Select Changes. B. In Local Group Policy Object Editor, navigate to Open Local Computer Policy/ Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication Settings and configure the Turn Off Windows Update Device Driver Searching setting. c. Access the registry key HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/ Current Version and double-click DevicePath in the Details pane. Remove Windows Update from the device path. D. In the Device Installation Settings dialog box, clear Yes Do This Automatically (Recommended) and select No Let Me Choose What To Do and Always Install The Best Driver Software From Windows Update. Click Select Changes. 5. You suspect that a device listed under Non-Plug And Play Drivers in Device Manager is causing problems. How do you immediately stop the device to investigate? a. Open the device Properties dialog box in Device Manager. On the Driver tab, click Stop. B. Open the device Properties dialog box in Device Manager. On the Driver tab, change the Startup Type to Disabled. c. Open the device Properties dialog box in Device Manager. On the Driver tab, click Disable. D. Open the device Properties dialog box in Device Manager. On the Driver tab, click Uninstall. 2 2 8 CHAPTER 4 Managing Devices and Disks Lesson 2: Managing Disks Windows 7 offers a considerable number of disk management options. You can automatically clean unnecessary and unwanted files from your disks and reduce data access times by regular defragmentation, so files are stored on contiguous areas of the disk. You can work with basic and dynamic disks and convert between dynamic disks, GUID Partition Table (GPT) partition style disks, and Master Boot Record (MBR) disks. You can extend and shrink volumes and work with spanned or striped partitions. Windows 7 introduces options with regard to USB external disks and USB flash memory not previously available. You can install system partitions on removable USB media and boot from it. If you have multiple drives (or spindles) you can implement redundant array of inexpensive disks (RAID) systems to improve performance, provide data protection, or both. You can implement striping, mirroring, or striping with parity. You can shrink or extend volumes without needing to use third-party tools. After this lesson, you will be able to: n Perform disk cleanup and defragmentation. n Manage disks with the Diskpart and Disk Management tools. n Manage removable media. n Manage disk volumes and partitions, including RAID volumes. Estimated lesson time: 50 minutes Disk Maintenance Before we consider the options Windows 7 offers to manipulate and manage disks, we should first consider basic principles. Any disk system works better if it is not clogged with unnecessary files and if files are contiguous and not stored in fragments in different physical areas on the disk surface. Therefore, you can almost always improve performance by carrying out a disk cleanup and by defragmenting your disks on a regular basis. Using Disk Cleanup Disk Cleanup removes unneeded files, such as files that you downloaded to install programs, temporary Internet files, files in the Recycle Bin, offline Web pages, hibernation files, setup log files, temporary files, and thumbnails. The Disk Cleanup dialog box, shown in Figure 4-29, lets you specify the files to be removed from the disk you select. Downloaded Program Files, Temporary Internet Files, and Thumbnails are selected by default. The easiest way to access the tool is to type disk cleanup in the Start search box. You can obtain details about any of the selections by clicking the item. Selecting the check box beside an item marks the relevant files for deletion. You can click View Files to get more details about the files before deciding whether or not to remove them. Lesson 2: Managing Disks CHAPTER 4 229 FIGURE 4-29 Disk Cleanup When you select the various types of file you want to delete and click OK, a Disk Cleanup dialog box asks you to confirm if you want to delete the files permanently. When you click Delete Files, the files are deleted. A standard, non-administrative user can use Disk Cleanup to delete files. If, however, you want to clean up the system files by clicking the Clean Up System Files control, you need to be logged on as an administrator or supply administrator credentials. In this case, the system cleanup happens automatically. The Disk Cleanup tool displays with the Clean Up System Files control removed, and you can access the More Options tab shown in Figure 4-30 to perform additional cleanup operations. FIGURE 4-30 The Disk Cleanup More Options tab 2 3 0 CHAPTER 4 Managing Devices and Disks Defragmenting Disks You can defragment internal and external hard disks, USB flash memory devices, and virtual hard disks (VHDs). If your disk or storage device is fragmented, it can slow your computer. Disk Defragmenter rearranges fragmented data so your disks and drives can work more efficiently. Typically, Disk Defragmenter runs on a schedule, but you can also analyze and defragment your disks and drives manually. The tool displays the disks and storage devices on the computer that can be defragmented. To obtain the current fragmentation level and determine if a disk needs to be defragmented, select the disk and click Analyze Disk. You need to be logged on with an administrator account or to supply administrator credentials to analyze (and to defragment) a disk. If the analysis shows a fragmentation level of 10 percent or more, defragment the disk by clicking Defragment Disk. Disk defragmentation might take from several minutes to a few hours to finish, depending on the size and degree of fragmentation of the hard disk. You can continue to use your computer during the defragmentation process. You can also schedule regular disk defragmentation by clicking Configure Schedule. The Disk Defragmenter Modify Schedule dialog box is shown in Figure 4-31. By default, disks are defragmented weekly at 1:00 a M on Wednesdays. You can change this in the pull-down menu boxes. By default, all disks are defragmented, and any new disks that are added are also defragmented. You can change this by clicking Select Disks. FIGURE 4-31 Scheduling disk defragmentation You cannot set more than one schedule on a computer for disk defragmentation by using the Disk Defragmentation tool. If a disk is excluded from the schedule, it is not defragmented unless you do so manually. If a disk is in exclusive use by another program, or if a disk is Lesson 2: Managing Disks CHAPTER 4 231 formatted using a file system other than NTFS, it cannot be defragmented. Network locations cannot be defragmented. A disk can become fragmented very quickly if it is used heavily and data is written to it frequently. Figure 4-32 (also used in the Practice Test Questions CD-ROM) shows just such a situation. Drive C: has become very highly fragmented in only six days and is already slowing the operation of the computer. The quick fix is to defragment the disk manually, but it will become fragmented again quickly. The solution is to alter the schedule and defragment more often. FIGURE 4-32 A high degree of disk fragmentation You can also defragment a disk by using the command-line defragmentation tool Defrag from an elevated command prompt. Defrag has the following syntax: Defrag <volume> | /C | /E <volumes> [/A | /X | /T] [/H] [/M] [/U] [/V] eXaM tIP The Defrag syntax has changed from Windows Vista. Traditionally, examiners have tended to test things that have changed. The defrag options are as follows: n <volume> The drive letter or mount point of the volume to defragment. n /C Defragment all local volumes on the computer. n /E Defragment all local volumes on the computer except those specified. 2 3 2 CHAPTER 4 Managing Devices and Disks n /A Display a fragmentation analysis report for the specified volume without defragmenting it. An analysis report tells you the volume size, available free space, total fragmented space, and the largest free space extent. It also tells you whether you need to defragment the volume. n /X Perform free space consolidation. This is useful if you need to shrink a volume. It can also reduce fragmentation of future files. n /T Track an operation already in progress on the specified volume. n /H Run the operation at normal priority, instead of the default low priority. Specify this option if a computer is not busy doing something else. n /M Defragment multiple volumes simultaneously, in parallel. This is used on computers that access multiple disks simultaneously, such as those using Small Computer System Interface (SCSI)– or Serial Advanced Technology Attachment (SATA)–based disks, rather than disks with an Integrated Development Environment (IDE) interface. n /U Print the progress of the operation on the screen. n /V Verbose mode. Provides additional detail and statistics. For example, the command defrag /c /h /u defragments all the defragmentable disks and storage devices on a computer and shows the progress on the Command Prompt screen. The command provides a pre-defragmentation report for each disk or device, provides details of the defragmentation passes, automatically performs free space consolidation, and provides a post-defragmentation report. It runs at normal priority so it completes more quickly, but you should avoid using the /H switch if you are carrying out other operations at the same time. note DEFRAG OUTPUT The command defrag /c /h /u produces output too detailed to capture in a figure in this book. If you want to see it, try this on your computer instead. Checking a Hard Disk for Errors If a disk you expect to see in Disk Defragmenter is not there, it might be experiencing errors. You can solve computer problems and improve computer performance by checking your hard disk for errors, many of which Windows 7 can fix automatically. To check a hard disk for errors, perform the following procedure: 1. On the Start menu, choose Computer. 2. Right-click the hard disk you want to check and choose Properties. 3. On the Tools tab, under Error-Checking, click Check Now. . highlight it, double-click the text box, and paste the GUID you copied earlier (including the curly braces). The Show Contents box should be similar to Figure 4- 27. FIGURE 4- 27 Pasting the GUID. disks, GUID Partition Table (GPT) partition style disks, and Master Boot Record (MBR) disks. You can extend and shrink volumes and work with spanned or striped partitions. Windows 7 introduces. ensure that non-administrators can install the device? (Choose all that apply; each answer forms part of the solution.) a. In Device Manager, double-click the device type, right-click the device,