Keeping Windows System Files in Check with SFC

Windows XP provides a command-line tool known as the System File Checker (sfc.exe) that allows you to control a variety of settings relating to WFP that would otherwise need to be changed manually via the Registry. As with any XP setting, using a provided tool is always better than editing the Registry manually, if only to avoid potential configuration errors.

The core function of SFC is to scan XP’s protected system files, and replace them with the correct versions (whether from cache or CD) as necessary. Futhermore, SFC will also repopulate the contents of the system file cache. This tool includes 6 main switches:
/scannow – forces an immediate scan of all system files, replacing files from cached versions and the XP CD.

/scanonce – forces a scan of all system files the next time your system reboots only.

/scanboot – forces a scan of all system files every time your system reboots.

/revert – resets WFP to its default configuration settings.

/purgecache – purges the contents of the system file cache, and then performs a scan of system files. This option is useful if you believe that the contents of the cache have become corrupt

/cachesize=x – configures a size to allocate to the system file cache, in MB. By default, there are no limits on the maximum cache size, although available disk space does have an impact.

In most cases, you’ll probably want to avoid the sfc /scanboot command, since it will negatively impact the time involved with each and every reboot. A better bet is to use the sfc /scanonce command as part of your regular monthly system maintenance, or sfc /scannow if you want to avoid the reboot.

Windows File Protection (WFP)

Without delving too far into what would certainly be a mundane history lesson, WFP was originally born of a need to make Windows more stable. Unfortunately, previous versions of Windows allowed applications to be installed that would potentially overwrite critical system files with their own special or modified versions. While this might have been necessary to make one particular application function correctly, it could also wreak havoc on other applications that expected the original version of a file to be present. Ultimately, the second application would appear to misbehave or frequently crash, leading to situation often referred to as “DLL Hell”. If you’ve never experienced this particular anguish, take the time to talk to a PC old-timer and ask about their experiences with Windows 3.1, and wait for the fire that lights up in their eyes over PC problems past.

Windows XP solves the “DLL Hell” issue by strictly monitoring any successful or attempted changes to critical system files, and then replacing them with the “proper” versions as necessary. In this context, the “proper” version is the one digitally signed by Microsoft. Microsoft digitally signs all critical system files as a type of identification, and only a few methods of updating these files are actually supported, as we’ll soon explore. The vast majority of time, you wouldn’t even know if WFP replaced a rogue file with the proper, signed version. XP maintains a cache of most system files from which an original can be obtained quickly and without intervention when necessary. Only when a cached version is not available does WFP prompt you to insert the Windows XP installation CD (or supply the location of your Windows source files) to revert to the original version.

In order to maintain system stability, critical files monitored by WFP can only be replaced by four main methods. These include via the installation of a Service Pack (named update.exe), an official hotfix (hotfix.exe), an operating system upgrade (winnt32.exe), or by using the Windows Update feature. In each of these situations, Microsoft again digitally signs files that are updated for the purpose of maintaining system integrity. Should program developers attempt to use other methods to update system files, WFP will attempt to replace the file with a cached version automatically, or prompt you for the CD.

Configuring Windows for Multiple Monitor Support

So you don’t have an NVIDIA or ATI dual display video card? Not to worry! The good news is that Windows versions since 98 forward (not NT) all support the use of two graphics cards for multiple-monitor configurations. Sure, you’ll be missing some of the cool features included with both the nView and HydraVision software packages, but at least you’ll still have the benefits of more space to work with. Also, a variety of utilities (including some found in Microsoft’s Power Toys) provide some of these features, such as virtual desktops.

In order to configure your system to use two graphics cards, the cards used must be either AGP- or PCI-based. In fact, Windows can support up to 9 displays in this type of configuration, although finding this many free PCI slots may present you with a small issue! Unfortunately, older ISA cards are not supported. One display will be configured as the primary display, and another as the secondary. It is not possible to configure which is which in Windows, since the order in which the BIOS initializes the devices controls this. The primary display will be the one visible during the boot process, and you may be able to change the settings there, if your BIOS allows it.

If your second desktop does not appear to function correctly after rebooting, access the Display program, and ensure that the option to extend your desktop to the second desktop is checked. Also, be sure that you have the correct driver installed for each device, since each is still an independent card with its own requirements.

Troubleshooting Windows XP with MSCONFIG

While more than just a potential diagnostic utility, the System Configuration Utility (msconfig.exe) included in both Windows 9x/ME and XP systems provides a wonderfully flexible way to test and troubleshoot system errors and issues. As a troubleshooting utility, this tool allows you to configure your system to boot using a variety of different configurations. For example, if your system is generating errors after you log on, there is a chance that certain startup settings are not correct, or that individual drivers are failing to load. To diagnose these problems, you can choose to boot your system using either the Diagnostic or Selective startup options from the General tab. Diagnostic mode allows you to interactively load drivers and software during the startup process, and also note any that might fail. A selective startup allows you to choose which common configuration files (like System.ini or Win.ini) will be processed. This allows you to troubleshoot by the process of elimination if necessary.

Going a step further, the System Configuration Utility also allows you to control individual elements of files like System.ini and Win.ini, selectively controlling the elements to be loaded. One last feature that appeals to all users is the program’s Startup tab – from here, you can control exactly which of those sometimes-pesky startup applications are loaded at boot time.

Windows XP Network Diagnostic Tools

If you’ve ever tried your hand at configuring a home network, chances as good that you’ve run into communications problems at some point. All Windows versions include a variety of network diagnostic tools, although you’ll find more in Windows XP than Windows 98. Regardless of your operating system version, the two basic tools that you’ll want to be familiar with include both the ipconfig and ping command line utilities.

The basic purpose of ipconfig is to allow you to view basic TCP/IP information about your system including its IP address, subnet mask, and default gateway. Conveniently, this tool will also let you know if your network cable is unplugged. Typing ipconfig at the prompt provides basic information, but typing ipconfig /all provides variety of additional data, including how your system acquired its address, for example statically or dynamically. If your system has what appears to be an address starting with 169.254, this likely means that a DHCP server wasn’t available – to try to acquire an address again, type ipconfig /renew and press Enter.

In the world of networking, ping is the most basic diagnostic utility to test communications. If you cannot connect to a system, try to ping its IP address using the format ping You can also use the name of the server, for example ping If you’re trying to fix your own system and want to ping continuously for testing purposes, use the –t option, for example ping –t Finally, if you want to try to obtain the name of the computer for which you already know the IP address, type ping –a, and the name of the system will usually be returned.

System File Checker (SFC)

Although Windows 2000 and XP actively go out of there way to protect critical system files, the same cannot be said about Windows 9x/ME. It’s all too easy for a program to be poorly written, and in many cases developers take the terrible step of overwriting system files to meet their own needs – winsock.dll being a common casualty. This often causes problems with other applications that rely on the original Windows versions.

The System File Checker tool is another utility accessible from the System Information tools menu that allows you to scan for any system files that may have been modified or corrupted, perhaps during the installation of a new software package. After opening the tool, choose the option to scan for altered or corrupted files. If any such files are encountered, you will be prompted to restore the original version of the file from the original source files, such as your Windows CD.

Using Windows XP Dr. Watson

If you’ve ever come across this doctor, chances are the prognosis wasn’t all that good. Dr. Watson is a tool included with Windows for the purpose of diagnosing errors related to your system software environment. While most of us have come across a Dr. Watson error due to a misbehaving application, many people don’t realize that the good doctor can be used to capture error information as well. For example, if you’re constantly experiencing errors when opening a program, you could first open Dr. Watson, and then open the application to reproduce the error. Dr. Watson will then trap the error information, in order for it to be provided to technical support staff at Microsoft, for example.

Beyond simply capturing information, Dr. Watson can also provide you with a great deal of current environment information. When opened from System Information, the program hides in your System Tray. Double-clicking on this icon forces Dr. Watson to analyze your system for errors, and reports back with results. If you get the message shown at left, the news is generally good. However, much more information is provided by clicking View – Advanced View, which provides general system information, as well as details of running tasks, the startup environment, loaded drivers, and more. All of this information is invaluable to technical support staff.

Gathering System Information with Windows XP

Regardless of the version of Windows that you’re using, your first stop when looking at diagnostic tools should be the System Information, also known as MSINFO. To access this program, go to Accessories – System Tools, or simply open msinfo32.exe from the Run command. At first glance, you might think that System Information only provides details about your computer’s hardware, software, and system settings. While this is indeed true, the program also acts as a launching pad for a variety of other diagnostic and system utilities via its Tools menu. In fact, when accessing this menu you may be surprised to find some programs that you didn’t even know existed on your system.

Certainly the primary purpose of this tool is to consolidate various configuration and system setting information about your PC. However, it does include a few neat features. For example, if you were click an individual element in the Components sections like Network in Windows 9x, you have the option of not only viewing basic and advanced information, but also the component history, which will provide information about any changes that may have been made. If a certain component is no longer functioning correctly, this is invaluable information as to when or why an error may have occurred. If you’re running Windows XP, take advantage of the integrated Find feature, which allows you to search for a specific piece of information quickly and easily.

Seek and Destroy Malicious Processes with Task Manager

If you think that your system has somehow managed to be infiltrated by a worm or some other little spyware utility, Task Manager is the best place to start searching for answers. While the little buggers typically won’t appear on the Applications tab, it’s very difficult for them not to appear on the Processes tab. This is where your investigation should begin.

If you do think you’ve got a critter running in the background, start off by exiting all applications in your system tray. From there, start looking for names that appear suspicious, or those than seem to be consuming very little resources. Since the name generally won’t jump out at you, search for the full process name in the Process Library or Google, and see whether it’s valid for your system or not. Sometimes you’ll find that what you think looks suspicious is actually an operating system process, or some other valid program you installed. However, if the process is spyware or similar, chances are good that it will be obvious on the first page of Google results. Task Manager can help you identify the process and end the process, but you’ll need to sort the details of deleting it permanently. Happy hunting.

Task Manager Users Tab and the Run Command

The final tab in Task Manager is the Users tab. In most situations, this tab won’t be very helpful to you, since the only user connected to your system will be you. However, if your system is set up as a VPN server or you’re using the Remote Assistance feature, this tab will display other users connected to your PC. By right clicking on a user in this list you can send them a message, connect to their session, disconnect them, log them off, and more.

Once you take the time to start using Task Manager regularly, it’s really hard not to use it. Not only does it give you excellent high-level details about what’s going on with you system, but it also provides a great deal of control over system resources, especially the ability to free them up. Once other hidden tool that is particularly useful is the ability to launch new tasks from Task Manager. The File menu gives you access to New Task (Run) command, which is much more useful than you might think. If you or an application ever accidentally kills your main explorer.exe process, the quickest way to get your desktop back is by hitting Ctrl+Alt+Delete, choosing this option, typing explorer.exe, and clicking OK. No reboot required.