by MS
Execution protection is applied to both user-mode and kernel-mode programs. A user-mode execution protection exception results in a STATUS_ACCESS_VIOLATION exception. In most processes, this exception will be an unhandled exception and will result in termination of the process. This is the desired behavior because most programs violating these rules, such as a virus or worm, will be malicious in nature.
Unlike applications, execution protection for kernel-mode device drivers cannot be selectively disabled or enabled. Furthermore, on compliant 32-bit systems, execution protection is applied by default to the memory stack. On compliant 64-bit systems, execution protection is applied by default to the memory stack, the paged pool, and the session pool. A kernel-mode execution protection access violation for a device driver results in an ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY exception.
Configuring System and User Environment Variables
System and user environment variables are configured by means of the Environment Variables dialog box, shown in Figure 2-19. To access this dialog box, click the Advanced tab in the System Properties dialog box and then click the Environment Variables button.
Figure 2-19: The Environment Variables dialog box lets you configure system and user environment variables.
Creating an environment variable You can create environment variables by completing the following steps:
Click New under User Variables or under System Variables, whichever is appropriate. This opens the New User Variable dialog box or the New System Variable dialog box, respectively.
In the Variable Name field, type the variable name. Then in the Variable Value field, type the variable value.
Click OK.
Editing an environment variable You can edit an existing environment variable by completing the following steps:
Select the variable in the User Variables or System Variables list box.
Click Edit under User Variables or under System Variables, whichever is appropriate. The Edit User Variable dialog box or the Edit System Variable dialog box will open.
Type a new value in the Variable Value field and click OK.
Deleting an environment variable You can delete an environment variable by selecting it and clicking Delete.
Note
When you create or modify system environment variables, the changes take effect when you restart the computer. When you create or modify user environment variables, the changes take effect the next time the user logs on to the system.
Configuring System Startup and Recovery
System startup and recovery properties are configured by means of the Startup And Recovery dialog box, shown in Figure 2-20. To access this dialog box, click the Advanced tab in the System Properties dialog box and then click the Settings button under Startup And Recovery.
Figure 2-20: The Startup And Recovery dialog box lets you configure system startup and recovery procedures.
Setting startup options The System Startup area of the Startup And Recovery dialog box controls system startup. In a computer with multiple bootable operating systems, to set the default operating system, select one of the operating systems listed in the Default Operating System field. These options change the configuration settings used by the Windows Boot Manager.
At startup of a computer with multiple bootable operating systems, Windows Vista displays the startup configuration menu for 30 seconds by default. You can affect this by either of the following actions:
Boot immediately to the default operating system by clearing the Time To Display List Of Operating Systems check box.
Display the available options for a specific amount of time by selecting the Time To Display List Of Operating Systems check box and then setting a time delay in seconds.
Generally, on most systems you'll want to use a value of three to five seconds. This is long enough to be able to make a selection, yet short enough to expedite the system startup process.
When the system is in a recovery mode and booting, a list of recovery options might be displayed. As with the standard startup options, you can configure recovery startup options in one of two ways. You can set the computer to boot immediately using the default recovery option by clearing the Time To Display Recovery Options When Needed check box, or you can display the available options for a specific amount of time by selecting Time To Display Recovery Options When Needed and then setting a time delay in seconds.
Setting recovery options The System Failure and Write Debugging Information areas of the Startup And Recovery dialog box control system recovery. Recovery options enable administrators to control precisely what happens when the system encounters a fatal system error (also known as a STOP error). The available options for the System Failure area are as follows:
Write An Event To The System Log Logs the error in the system log, which allows administrators to review the error later using the Event Viewer.
Automatically Restart Check this option to have the system attempt to reboot when a fatal system error occurs.
Note
Configuring automatic reboots isn't always a good thing. Sometimes you might want the system to halt rather than reboot to ensure that the system gets proper attention. Otherwise, you would know that the system rebooted only when you viewed the system logs or if you happened to be in front of the system's monitor when it rebooted.
The Write Debugging Information selection menu enables you to choose the type of debugging information that you want to write to a dump file. The dump file can in turn be used to diagnose system failures. The options are as follows:
None Use this option if you don't want to write debugging information.
Small Memory Dump Use this option to dump the physical memory segment in which the error occurred. This dump is 64 KB in size.
Kernel Memory Dump Use this option to dump the physical memory area being used by the Windows kernel. The dump file size depends on the size of the Windows kernel.
Complete Memory Dump Use this option to dump all physical memory being used at the time of the failure. The maximum dump file size is the same as the total physical memory size.
If you elect to write a dump file, you must also set a location for it. The default dump locations are %SystemRoot%Minidump for small memory dumps and %SystemRoot%MEMORY.DMP for all other memory dumps. You'll usually want to select Overwrite Any Existing File as well. This option ensures that any existing dump files are overwritten if a new STOP error occurs.
Best Practices
The dump file can be created only if the system is properly configured. The system drive must have a sufficiently large memory-paging file (as set for virtual memory on the Advanced tab), and the drive where the dump file is written must have sufficient free space as well. For example, my system has 128 MB of RAM and requires a paging file on the system drive of the same size—128 MB. Because the same drive is used for the dump file, the drive must have at least 256 MB of free space to correctly create a complete dump of debugging information (that's 128 MB for the paging file and 128 MB for the dump file).
The System Protection Tab
The System Properties dialog box's System Protection tab, shown in Figure 2-21, provides access to manage the configuration of System Restore. In Windows Vista, System Restore includes Previous Versions as a subcomponent. The sections that follow discuss techniques for working with and configuring System Restore. Using restore points to recover a computer is discussed in Chapter 16.
Figure 2-21: System Restore manages restore points on a per-drive basis.
Working with System Restore and Previous Versions
With System Restore enabled, a computer makes periodic snapshots of the system configuration. These snapshots are called restore points. These restore points include Windows settings, lists of programs that have been installed, and so on. If the computer has problems starting or isn't working properly because of a system configuration change, you can use a restore point to restore the system configuration to the point at which the snapshot wa
s made. For example, suppose your system is working fine and then you install a new service pack release for Microsoft Office. Afterward, the computer generates errors and Office applications won't run. You try to uninstall the update, but that doesn't work, so you decide to run System Restore. Using System Restore, you can restore the system using a snapshot taken prior to the update.
Note
System Restore can provide several different types of restore points. One type, System Checkpoint, is scheduled by the operating system and occurs at regular intervals. Another type of snapshot, Installation Restore Point, is created automatically based on events that are triggered by the operating system when you install applications. Other snapshots, known as Manual Restore Points, are created manually by users. You should recommend that users create Manual Restore Points prior to performing an operation that might cause problems on the system.
System Restore manages restore points on a per-drive basis. Each drive with critical applications and system files should be monitored for configuration changes. By default, System Restore is enabled only for the System drive. You can modify the System Restore configuration by turning on monitoring of other drives as needed. If a drive isn't configured for System Restore monitoring, configuration changes are not tracked and the disk cannot be recovered if problems occur.
In Windows Vista, previous versions of files and folders are created automatically as part of a restore point. Any file or folder that was modified since the last restore point is saved and made available as a previous version. The only exceptions are for system files and folders. Previous versions are not available for system folders, such as C:Windows.
You can use previous versions of files to restore files that were inadvertently modified, deleted, or damaged. When System Restore is enabled on a drive, Windows Vista automatically makes daily copies of files and folders that have changed on that drive. You can also create copies of files and folders that have changed by setting a restore point on the System Protection tab.
Note
Protection points are created daily for all drives being monitored by System Restore. However, only those versions of files that are actually different from the current version are stored as previous versions. You can enable or disable previous versions on a per-drive basis by enabling or disabling System Restore on that drive. Previous versions are saved as part of a volume's automatically or manually created protection points.
Configuring System Restore
You control how System Restore works using the System Restore tab of the System utility. The system process responsible for monitoring configuration and application changes is the System Restore Service. This service is configured for automatic startup and runs under the Local System account. System Restore won't work properly if this service isn't running or configured appropriately.
System Restore saves system checkpoint information for all monitored drives and requires at least 300 MB of disk space on the System volume to save restore points. System Restore reserves additional space for restore points as necessary, up to 10 percent of the total disk capacity, but this additional space is always available for user and application storage. System Restore frees up additional space for you as necessary. If System Restore runs out of available space, the operating system overwrites previously created restore points. You cannot configure the amount of disk space used by System Restore.
Complete the following steps to manage System Restore monitoring of a computer:
Click Start and then click Control Panel.
In Control Panel, click the System And Maintenance category heading link.
Click System. In the System Console, click Change Settings under Computer Name, Domain, And Workgroup Settings. Or click Advanced System Settings in the left pane.
To enable System Restore for a volume, select the volume's check box. When you enable System Restore, restore points are created automatically as discussed previously. You can manually create a restore point by clicking the volume and then clicking Create.
To disable System Restore for a volume, clear the volume's check box and then confirm the action by clicking Yes. When you disable System Restore, all restore points on that volume are removed and you cannot undo this action.
When you are finished making configuration changes, click OK.
Restoring a Previous Version
When you right-click a file or folder for which previous versions are available and then select Properties, you see a Previous Versions tab. If you select this tab, you should see previous versions of the file or folder. You can then use:
The Open button to open any of the previous versions
The Copy button to create a copy of a previous version
The Restore button to revert the file or folder to a selected previous version
There are several possible reasons you might not see a previous version of a file on your computer:
System Restore might not be enabled on the volume. If System Restore isn't enabled on a volume, Windows Vista doesn't create previous versions and therefore folders don't have any previous versions.
The file might be an offline file. Offline files are copies of network files. Client computers do not create previous versions of offline files. Previous versions may be available on the server where the file is stored, however.
The file might be a system file. Previous Versions does not create copies of system files. Changes made to system files are tracked with restore points, and you must recover the computer to the restore point to go back to a previous state.
The folder in which the file was stored has been deleted. In this case, you must open the properties for the folder that contained the folder that was deleted. Use this folder's Previous Versions tab to restore the folder and then access the folder to recover the previous version of the file you are looking for.
The Remote Tab
The System Properties dialog box's Remote tab controls Remote Assistance invitations and Remote Desktop connections. These options are discussed in Chapter 6 in the section entitled "Managing Remote Access to Workstations."
Chapter 3: Configuring Systems, Hardware Devices, and Drivers
Overview
Managing the configuration of computers running Microsoft Windows Vista is largely about installing and maintaining operating system components, hardware devices, and device drivers. However, managing the configuration of Windows Vista computers is very different from managing the configuration of earlier releases of Windows. Many aspects of Windows Vista are automatically monitored and updated and don't need to be configured or maintained in the same way as earlier releases of Windows do. Windows Vista uses the following:
Built-in diagnostics to monitor hardware devices, physical memory, networking, and performance
Problem reporting to try to automatically resolve configuration and performance issues
Problem diagnosis to offer solutions to issues that cannot be automatically resolved
Automatic updating to keep the operating system components up to date
Driver updating to obtain necessary drivers and driver updates for detected hardware devices
From the moment you first install the operating system, these features start working to help you monitor and maintain computers running Windows Vista. As an administrator, you can use these features to help guide your configuration and maintenance efforts. Separate tools are provided for managing the various areas monitored by diagnostics. These include hardware diagnostics, memory diagnostics, networking diagnostics, and performance diagnostics tools.
For configuring and maintaining hardware devices and drivers, you can also use Device Manager and the Add Hardware wizard. You'll use these tools whenever you install, uninstall, or troubleshoot hardware devices and drivers. Other tools are available for managing specific types of hardware devices, such as keyboards and sound cards. To manage automatic updating and driver updating, you'll use Windows Update, which is provided as a Control Panel utility.
Introducing Automated Help And Support
Windows Vista includes an extensive diagnostics and problem resolution architecture. These automated features are the next generation Automated Help System. Although earlier releases of Windows include some help and diagnostics features, those features are, for the most part, not self-correcting or self-diagnosing. Windows Vista, on the other hand, can detect many types of hardware, memory, and performance issues and either resolve them automatically or help users through the process of resolving them.
Windows Vista includes more reliable and better performing device drivers to prevent many common causes of hangs and crashes. Improved input/output (I/O) cancellation for device drivers ensures that the operating system can recover gracefully from blocking calls and that there are fewer blocking disk I/O operations.
To reduce downtime and restarts required for application installations and updates, Windows Vista can use the update process to mark in-use files for update and then automatically replace the files the next time the application is started. In some cases, Windows Vista can save the application's data, close the application, update the in-use files, and then restart the application. To improve overall system performance and responsiveness, Windows Vista uses memory more efficiently, provides ordered execution for groups of threads, and provides new process scheduling mechanisms. By optimizing memory and process usage, Windows Vista ensures that background processes have less performance impact on system performance.
Windows Vista provides improved guidance on the causes of unresponsive conditions. By including additional error reporting details in the event logs, Windows Vista makes it easier to identify and resolve issues. To automatically recover from service failures, Windows Vista uses service recovery policies more extensively than its predecessors do. When recovering a failed service, Windows Vista automatically handles both service and nonservice dependencies as well. Any necessary dependent services and system components are started prior to starting the failed service.