by MS
   Chapter 16: Supporting and Troubleshooting Windows Vista
   Overview
   Throughout this book, I've discussed support and troubleshooting techniques that you can use to diagnose and resolve problems with Microsoft Windows Vista. Some of the most extensive support and troubleshooting discussions are in Chapters 2, 3, and 15.
   In the "Supporting Computers Running Windows Vista" section of Chapter 2, "Managing Windows Vista Systems," you'll find a detailed discussion on using key support tools to manage a computer, diagnose problems, and troubleshoot support issues. The "Managing System Configuration, Startup, and Boot" section is particularly important to review for troubleshooting system startup using selective startup of networking, services, and Windows components.
   Chapter 3, "Configuring Systems, Hardware Devices, and Drivers," has extensive discussion on diagnosing and resolving hardware, memory, and resource issues using built-in diagnostics. The chapter also examines automated help and support. In the "Introducing Automated Help And Support" section, you'll find a detailed discussion on the entire automated help framework, including Problem Reports And Solutions, Restart Manager, Startup Repair Tool, and built-in diagnostics.
   The "Checking for Disk Errors" section of Chapter 15, "Optimizing Windows Vista," details how to find and repair hard disk errors. The "Defragmenting Disks" section details how to defragment disks. If a computer uses BitLocker Drive Encryption and a hard disk has been tampered with while the computer is offline, you can recover the computer as discussed in the "Recovering Volumes Protected by BitLocker Drive Encryption" section. See the "Managing Windows Defender" section for details on how to remove malicious programs from a computer.
   Other relevant discussions on support and troubleshooting techniques include the following:
   Resolving problems with installed programs is covered in Chapter 5, "Installing and Maintaining Programs," in the "Managing and Repairing Installed Programs" section.
   Resolving password problems is covered in Chapter 6, "Managing User Access and Security," in the "Recovering Local User Account Passwords" section.
   Resolving hard disk problems is covered in Chapter 9, "Managing Disk Drives and File Systems," in the "Recovering a Failed Simple, Spanned, or Striped Disk" and "Troubleshooting Common Disk Problems" sections.
   Troubleshooting NTFS file system (NTFS) permissions is covered in Chapter 10, "Managing File Security and Resource Sharing," in the "Determining the Effective Permissions and Troubleshooting" section.
   Troubleshooting offline files and synchronization is covered in Chapter 11, "Configuring Advanced Windows Explorer Options, Offline Files, and Disk Quotas," in the "Managing Offline File Synchronization" section.
   Troubleshooting Transmission Control Protocol/Internet Protocol (TCP/IP) and networking issues related to Internet Protocol (IP) addressing, Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS) and Windows Internet Naming Service (WINS) is covered in Chapter 12, "Configuring and Troubleshooting TCP/IP Networking," in the "Troubleshooting and Testing Network Settings" section.
   Troubleshooting dial-up, broadband, and virtual private network (VPN) connections is covered in Chapter 13, "Managing Mobile Networking and Remote Access," in the "Establishing Connections" section.
   In this chapter, you'll learn techniques for improving support of computers regardless of their location and for recovering from specific types of problems, including problems with startup, programs, and Windows Vista itself. Let's start with a look at how using the Remote Assistance feature can help you troubleshoot problems when you're not at the user's keyboard.
   Using Remote Assistance to Resolve Problems
   Remote Assistance enables support personnel to view a user's desktop and take control temporarily to resolve problems or walk the user through the execution of complex tasks. Once Remote Assistance is configured locally as discussed in Chapter 6, or through Group Policy as discussed in Chapter 8, "Configuring User and Computer Policies," you can work with this feature.
   Understanding Remote Assistance
   Remote Assistance is a feature of Windows XP, Windows Vista, Windows Server 2003, and later releases of Windows. Only users running these operating systems can initiate and respond to Remote Assistance invitations. Users initiate sessions by creating an invitation request. Support personnel initiate sessions by offering help to users. Once a session is initiated, assistants can chat with users, observe their working screens, and if permitted, control their computers.
   Remote Assistance invitations can be created using the following techniques:
   E-mail invitation E-mail invitations are sent as e-mail messages to a named e-mail address. An attachment provided in the message is used to initiate the Remote Assistance session. You might want to configure a standard e-mail address, such as RemoteAssist@your/company/name.com, to allow users to send invitation requests easily to the support team. If this address is configured in Microsoft Exchange Server as a distribution list that delivers the invitations to support team members or as an additional mailbox for specific team members, support staff will be able to handle requests more efficiently and users will have a standard way of requesting help.
   File invitation File invitations are saved as Microsoft Remote Control Incident (MsRcIncident) files. Double-clicking the file name initiates the Remote Assistance session. You can use file invitations if you are using Web-based e-mail and need to attach the invitation separately. You might also want to configure a shared folder that is automatically mapped as a network drive for users and ensure that it is accessible by support personnel. Name the share something that easily identifies it as being used for assistance requests, such as HelpDeskRequest or AssistanceInvitations.
   With Windows Vista, invitations must be created with a control password, which is a change from previous releases of Windows to enhance security. The control password provides an additional layer of security in the Remote Assistance configuration, ensuring that users are authorized to provide remote assistance and that they know the invitation password. You should establish an official guideline that requires the use of invitation passwords. To streamline the invitation process, you might want to have predefined passwords that are used with invitations. Passwords should be changed regularly, and you might want to assign different passwords to different groups within the organization.
   To work properly, Remote Assistance relies on the presence of a network connection between the user's computer and the assistant's computer. Remote Assistance uses TCP as the communications protocol, communicating over port 3389. Because most firewalls do not have this port open by default, a firewall between the two computers might prevent the assistance session. Port 3389 must be opened for outbound communications from the assistant's computer to the user's computer.
   In Windows Vista, Remote Assistance has been improved in many ways. It is faster, uses less bandwidth, and can work through Network Address Translation (NAT) firewalls. When providing support using Remote Assistance, you'll find built-in diagnostics tools that you can run with a single click. For escalation of support issues, two different support staff can connect to a computer simultaneously. Finally, thanks to the automatic reconnect after restart feature, if you need to restart a computer you are remotely assisting, you won't need to reconnect to the computer manually. The Remote Assistance session is reestablished automatically after the computer reboots.
   Creating Remote Assistance Invitations
   To create a Remote Assistance invitation for e-mail, follow these steps:
   Click the Help And Support Home button on the toolbar and then click Remote Assistance under Ask Someone.
   In the Remote Assistance Wizard, click Invite Someone You Trust To Help You and then click Use E-mail To Send An Invitation.
   When prompted, enter and confirm a secure password for connecting to the computer. This password is used by the person you are inviting and is only valid for the Remote Assistance session.
   When you click Next, Wi
ndows Vista starts your default mail program and creates an e-mail message with the invitation. In the To field, type the e-mail address of the person you are inviting and then click Send.
   To create a Remote Assistance invitation and save it to a file, follow these steps:
   Click the Help And Support Home button on the toolbar and then click Remote Assistance under Ask Someone.
   In the Remote Assistance Wizard, click Invite Someone You Trust To Help You and then click Save This Invitation As A File.
   In the field provided, enter a path and file name for the invitation. If you specify the path to a network folder, the invitation can be easily accessed by an administrator with access to this network folder.
   Enter and then confirm a secure password for connecting to the computer. This password is used by the person you are inviting and is only valid for the Remote Assistance session.
   Click Finish.
   By default, Remote Assistance invitations are valid for a maximum of six hours and enable support staff to remotely control a computer. You can change these settings using the System Properties dialog box as discussed in Chapter 6 in the "Configuring Remote Assistance" section. Once you've sent the invitation for e-mail or created the invitation file, the Windows Remote Assistance dialog box is displayed, as shown in Figure 16-1. This dialog box provides the following options:
   Cancel Effectively cancels the Remote Assistance request by not allowing the invitation to be used to connect to the computer.
   Request Control/Stop Sharing Requests control or stops sharing of the computer.
   Fit To Screen Resizes the other person's screen to fit your window.
   Disconnect Ends the help session and disconnects.
   Settings Allows you to configure the session settings. Available settings depend on the type of computer being helped. By default, when you press the Esc key, shared control of the computer is stopped, a log of the Remote Assistance session is saved, and the bandwidth usage is configured so full window drag and desktop backgrounds are not enabled. For fast or slow connections, you can modify the bandwidth usage settings using the Bandwidth Usage slider.
   Note
   By default, the Remote Assistance log is created in the %UserProfile%DocumentsRemote Assistance Logs folder on the computer of the user requesting remote assistance.
   Chat Opens a chat window for sending messages between the helper and the current user of the computer.
   Send File Transfers a file to the other computer.
   Figure 16-1: Manage Remote Assistance sessions.
   Offering Remote Assistance or Answering a Remote Assistance Invitation
   If you know that a user is having problems with her computer, you can follow these steps to offer remote assistance rather than waiting for her to send you an invitation:
   Click the Help And Support Home button on the toolbar and then click Remote Assistance under Ask Someone.
   In the Remote Assistance Wizard, click Offer To Help Someone.
   Type the name or IP address of the computer you want to assist. The computer must be configured to accept Remote Assistance offers.
   Click Finish.
   If someone has already created an invitation, you can answer the invitation by double-clicking the related e-mail attachment or file. You can also answer an invitation saved to a file by following these steps:
   Click the Help And Support Home button on the toolbar and then click Remote Assistance under Ask Someone.
   In the Remote Assistance Wizard, click Offer To Help Someone.
   Click Browse. Use the Open dialog box to locate the invitation and then click Open.
   When prompted, provide the necessary password for the invitation.
   When you click Finish, you'll be connected to the computer of the user needing assistance, providing the user hasn't canceled the invitation, the invitation hasn't expired, and Remote Assistance is allowed.
   Detecting and Resolving Windows Vista Errors
   Any particular computer can have dozens, and in some cases hundreds, of different components, services, and applications configured on it. Keeping all these components working properly is a big job and the built-in diagnostics features discussed previously in this book do a good job of detecting common problems and finding solutions for them. As discussed in Chapter 3, known problems are tracked in the Problem Reports And Solutions console. Like the built-in diagnostic features, this console attempts to provide solutions to problems where possible. Not all problems can be automatically detected and resolved, and this is where the errors reported by Windows components, applications, services, and hardware devices become useful.
   Using the Event Logs for Error Tracking and Diagnosis
   Windows Vista stores errors generated by processes, services, applications, and hardware devices in log files. Two general types of log files are used:
   Windows Logs Logs used by the operating system to record general system events related to applications, security, setup, and system components
   Applications And Services Logs Logs used by specific applications or services to record application-specific or service-specific events
   Entries in a log file are recorded according to the warning level of the activity, which can include errors as well as general informational events. You'll see the following levels of entries:
   Information An informational event, which is generally related to a successful action
   Audit Success An event related to the successful execution of an action
   Audit Failure An event related to the failed execution of an action
   Warning A warning, details of which are often useful in preventing future system problems
   Error An error, such as the failure of a service to start
   In addition to level, date, and time, the summary and detailed event entries provide the following information:
   Source The application, service, or component that logged the event.
   Event ID An identifier for the specific event.
   Task Category The category of the event, which is sometimes used to further describe the related action.
   User The user account that was logged on when the event occurred. If a system process or service triggered the event, the user name is usually that of the special identity that caused the event, such as Network Service, Local Service, or System.
   Computer The name of the computer where the event occurred.
   Details In the detailed entries, this provides a text description of the event, followed by any related data or error output.
   Viewing and Managing the Event Logs
   You can access event logs using the Event Viewer node in Computer Management. To open Computer Management, click Start. Then select All Programs, Administrative Tools, and then Computer Management. If the Administrative Tools menu isn't accessible, you can access this tool by clicking Start and then selecting Control Panel. In Control Panel, click System And Maintenance, Administrative Tools, and then Computer Management.
   You can access the event logs by completing the following steps:
   Open Computer Management. You are connected to the local computer by default. If you want to view logs on a remote computer, right-click the Computer Management entry in the console tree (left pane) and then select Connect To Another Computer. Then, in the Select Computer dialog box, enter the name of the computer that you want to access and click OK.
   Expand the Event Viewer node and then expand the Windows Logs, the Application And Services Logs node, or both to view the available logs.
   Select the log that you want to view, as shown in Figure 16-2.
   Figure 16-2: Event Viewer displays events for the selected log.
   Warnings and errors are the two key types of events you'll want to examine closely. Whenever these types of events occur and you are unsure of the cause, double-click the entry to view the detailed event description. Note the source of the error and attempt to resolve the problem using the techniques discussed in this book. To learn more about the error 
and steps you can take to resolve it (if necessary), you can click the link provided in the error description or search the Microsoft Knowledge Base for the event ID or part of the error description.
   Scheduling Maintenance Tasks
   When you manage desktop and laptop systems, you'll often want to perform routine maintenance tasks on a periodic or recurring basis. To do this, you can use the Task Scheduler service to schedule one-time or recurring tasks to run automatically. You automate tasks by running command-shell scripts, Windows Script Host (WSH) scripts, or applications that execute the necessary commands for you. Unlike earlier releases of Windows, Windows Vista includes an extensive library of preconfigured tasks. These tasks handle everything from uninstalling a Bluetooth device to defragmenting disks to performing Windows Defender scans.
   Understanding Task Scheduling
   Windows Vista provides several tools for scheduling tasks, including the Scheduled Task Wizard and the Schtasks command-line tool. Both can be used for scheduling tasks on local and remote systems. The Scheduled Task Wizard provides a point-and-click interface to task assignment, and Schtasks is its command-line counterpart.
   Both scheduling tools use the Task Scheduler service to monitor the system clock and run tasks at specified times. The Task Scheduler service logs on as the LocalSystem account by default. This account usually doesn't have adequate permissions to perform administrative tasks. To overcome this problem, each task can be set to run as a specific user, and you set the user name and password to use when you create the task. Be sure to use an account that has adequate user privileges and access rights to run the tasks that you want to schedule.
   Note
   The focus of this section is on the Scheduled Task Wizard. This is the primary tool you'll use to schedule tasks on Windows Vista systems. To learn more about Schtasks, type schtasks /? at the command prompt or refer to Chapter 4, "Scheduling Tasks to Run Automatically," in the Microsoft Windows Command-Line Pocket Consultant (Microsoft Press, 2004).