50331B-EnU StudentGuide M03

7/30/2019 50331B-EnU StudentGuide M03

1/40

Module 3: Resolve SoftwareFailure

Table of Contents

Overview .................................................................................................................................................................... 3-1Lesson 1: Event Viewer ............................................................................................................................................. 3-2Lesson 2: Event Forwarding ...................................................................................................................................... 3-8Lesson 3: Application Compatibility Toolkit .............................................................................................................. 3-12Lesson 4: Windows Troubleshooting Platform ......................................................................................................... 3-16Lesson 5: Windows Experience Index ..................................................................................................................... 3-20Lesson 6: Testing Compatibility with Safe Mode .......... .......... ........... .......... ........... .......... ........... .......... ........... ........ 3-23Lesson 7: System Restore ....................................................................................................................................... 3-26Resolve Software Failure ......................................................................................................................................... 3-29Review Module 3: Resolve Software Failure Issues .......... ........... .......... ........... .......... ........... .......... ........... ........ 3-31Labs Module 3: Resolve Software Failure ........... .......... ........... .......... ........... .......... .......... ........... .......... ........... ... 3-33


2/40


3/40

Module 3: Resolve Software Failure 3-1

Overview

Event Viewer

Event Forwarding

Application Compatibility Toolkit

Windows Troubleshooting Platform

Windows Experience Index

Testing Compatibility with Safe Mode

System Restore

Resolve Software Failure

Even the best efforts to be proactive in preventing software failures will not have 100 percent success. There must

be a strategy in place to deal with application and operating system failures when they occur. The response to a

problem depends on the severity of the failure and how much time will be given to bring the system back to a working

condition.

Examining appropriate log files can provide helpful information in diagnosing the problem and in coming up with

possible solutions. Severe errors can be a warning precursor to more serious problems as well. Notifications can be

setup to automatically send messages to administrators when resources are close to their limit.

Some system failures can be fixed easily with upgrades, disabling features or reinstallation. Using the Safe Mode

and Last Known Good Configuration boot options are effective methods of quickly fixing some software issues as

well.

If the system cannot be fixed, using backups to restore data and system files might be the only option. Because of

the loss of data usually involved, this is often considered a last resort.

In this chapter, you will learn how to use the different methods available to solve software failure. Regardless of how

sever the problem is, there is usually a method available to recover from it. Proper planning is necessary to takeadvantage of some of these methods.


4/40

3-2 Module 3: Resolve Software Failure

Lesson 1: Event Viewer

Event Log Types

Event Message Properties

Integration with Task Scheduler

Event Log Settings

The Event Viewer is used on Windows systems to monitor and troubleshoot issues on a computer. When there is a

problem with an application, the logs in Event Viewer are one of the first areas checked to get more information about

the details of a problem.


5/40


Event Log Types

The Application log stores information about programs running on the computer. The Security log stores data about

whether or not an attempt to use user rights was successful or not. To store information about how applications and

users are accessing resources, some additional configuration might be necessary. The System Log stores general

system information about how the operating system and its services are running. The Setup log stores information

about new application installs. Information here can help with problems that occurred during a recent installation.

In addition to logging computer events, the console can be customized to merge information from different machines

and event log files to allow easier management of computers on the network. The filtering options make it easier to

track down specific problems and the integration with task scheduler allows you to configure automatic responses to

events.


6/40


Event Message Properties

All events logged on a system will have properties associated with it. The properties are:

Level: This is used to indicate the severity of the event. Information messages show a change in a system

component that does not affect the stability of the system. Warning messages occur when the change to acomponent is more serious and might impact the stability or performance of the computer. Errors indicate

that there is a problem that might affect the functionality of the computer. Critical messages are the most

severe and indicate that some resource on the system has stopped functioning. Any of these severity levels

can be seen in a system or application log.

When working in the Security Log, the Level property will indicate either a Success Audit orFailure Audit.

When user rights are used to accomplish some task, like changing permissions or logging onto a system,

the computer can be configured to store these details for examining by an administrator.

Date and Time: The date and time the event was logged can be used to find out if other activities that

occurred at the same time might have caused problems on the computer.

Source: The name of the software that logged the event is indicated here. Filtering on this parameter is

helping in knowing when and how often an application is experiencing problems on the system.

Event ID: This number identifies a particular type of event that can be researched using other tools. If a fix

for a particular event ID has already been created, that solution can be easily found by doing research over

the Internet (e.g. www.technet.com).
http://www.technet.com/http://www.technet.com/


7/40


Computer: The name of the computer on which the event happened is only useful when events from

multiple computers are being managed on a single system.


8/40


Integration with Task Scheduler

One of the most helpful troubleshooting features in Event Viewer is the ability to link a whole log file or a specific

event in it with a task. If you are concerned about the activity on a computer and want to be notified whenever a

particular event is logged, this option can be used to send email messages automatically when the event occurs.

You can also configure an automatic response by running a program or script that will fix the problem. If a command-

line tool is being executed, you can specify any needed parameters for it when the task is created. There is also an

option to display a customized message in response to the event. Users can be warned about any improper actions

they are taking and how the system might be affected by their current actions.


9/40


Event Log Configuration

Archiving Logs

Changing Log Location

Wevtutil.exe

The information in the log files can be very useful, but only if it is allows you to examine information as far back as

necessary. Log information is often kept for a minimum of 30-days to allow recent problems to be diagnosed more

easily. Using the properties of any log file you can modify their size and location. The XML structure of the log files

means that they store data more efficiently. Using the archiving option is one way to make sure that events are never

overwritten. The configuration properties for the Event Viewer log files can also be managed from the command-line

with the wevtutil.exe tool.


10/40


Lesson 2: Event Forwarding

Event Forwarding Configuration

Creating Subscriptions

Managing application and operating system failure on a large number of desktops can be tedious without an

enterprise monitoring solution. Managing the errors and logs from a central location is more efficient and makes it

easier to find and track trends in system performance. Windows 7 does not have a built-in enterprise monitoring

solution, but the features of Event Forwarding will allow an administrator or desktop technician to use some of the

functionality of such a tool.


11/40


Event Forwarding Configuration

Collector Computers

Permissions

Network Settings

Collector computers can be configured to copy log details from multiple source machines on the network. All the log

information can be collected, or specific events that are deemed important can be collected. The data being sent can

be limited to a particular period of time, like 30-days, or a date range can be specified. Events can be gleaned from

specific log files or be marked based upon the source of the event. Event IDs, keywords and categories can also be

used to filter the messages that will be forwarded. The default destination log on the collector for these events is

called Forwarded Events, but an alternate log like System or Application can also be designated.

When necessary, a specific account with read access to the log information on the source computer can be specified.

Otherwise, the computer account can be used. For computers that will not always have adequate bandwidth for

sending messages to the source machines, the delivery optimization settings allow you to specify alternative settings

that can minimize bandwidth usage. Events forwarded over the network are normally retrieved by the collector using

HTTP on port 5985, but the port number can be modified and secure HTTPS used for better security.


12/40


Creating Subscriptions

Using GPO Settings

Windows Remote Management

Creating Events

A collector-initiated subscription can be configured manually by using the event viewer to add each source computer

as a new subscription and specifying what information will be collected and where it will be stored locally. For larger

networks where there are more than a few machines or if the machine names will change regularly, using a source-

initiated subscription will be the better option. Using group policy, the designated computers can be configured as

source machines that will forward events to a collector computer. To do this, open a GPO and go to Computer

Configuration > Administrative Templates > Windows Components > Event Forwarding. This feature is supported on

both Windows 7 and Vista desktops.

Both the source and collector computers must be configured to support Windows Remote Management. Running the

command winrm.exe qcq with administrator privileges will accomplish this. The Event Collector service must also

be configured on the collector. The command wecutil.exe qc /q will do this.

Multiple independent Event Collectors can be setup on the network or a single collector can be configured from which

others will pull their events. Specific collectors might also be configured to collect different types of events like

security, setup or application information. These systems should only collect information pertinent to the job duties of

a technician to avoid a situation where too many messages will mean ignoring all of them.


13/40


In some cases, the collectors are configured to generate messages automatically in response to certain errors that

need an immediate response. These message configurations can be tested using the eventcreate.exe command.

This command-line utility can generate events that are logged in the Event Viewer. One example of this command is

eventcreate.exe /s desktop02 /id 900 /t error /l application /d This is a test. This command would generate an

event on a computer named desktop02 with an event id of 900. The event would be classified as an error in the

application log file and would show a description of This is a test. Testing task scheduler messages with this tool

will allow you to ensure that when the actual event happens, the expected response will take place.


14/40


Lesson 3: Application Compatibility Toolkit

Compatibility Issues

Mitigating Compatibility Problems

The failure of an application to run properly on desktop computers is often due to compatibility issues with the

software, drivers or hardware components on the system. Sometimes compatibility issues might arise when working

with Internet or Intranet web-sites. All of these situations can be diagnosed, and sometimes fixed with the Application

Compatibility Toolkit. While it is best to use this tool before deploying an approved application, it can also be used to

fix issues that come up after the fact. It can also be useful in determining if software updates will affect the system.


15/40


Compatibility Issues

User Account Control

Internet Explorer Protected Mode

Operating System Version Changes

64-bit vs. 32-bit Applications

Windows Resource Protection

Deprecated Features & Files

Some of the compatibility issues that come up for older applications might be because of new features in Windows 7

and Internet Explorer 8. The following technologies are common areas where issues might come up:

User Account Control: UAC is a security feature that limits permissions on a system when an

administrator logs in. It prevents unauthorized applications from using elevated privileges to perform

malicious operations. Applications that do not support UAC often show this during the install phase, but

some problems might only surface when the application is being used.

Internet Explorer Protected Mode: This feature also protects against malicious programs using elevated

privileges to perform unauthorized actions. Legitimate web applications that need to install resources or

modify system files and registry entries might also be affected.

Operating System Version Changes: Some applications will not install or run unless they are running on a

system that uses the specified version number for the operating system. The major version number of

Windows XP is 5, Windows Vista is 6 and Windows 7 is 7. You might need to check with the application

developer to see how to get an upgrade that resolves this problem.

64-bit vs. 32-bit Applications: 32-bit applications can be run on the 64-bit version of Windows 7, but they

are executed in the Windows on Windows 64 (WOW64) emulator. This will not work for all applications and

sometimes an upgrade will be necessary. The emulator might also work for some 16-bit applications, but

these must be tested thoroughly. Windows Resource Protection: Some older programs and software are designed to modify registry areas

and system files that are now protected in Windows 7. WRP allows those applications to work by redirecting

them to unprotected temporary work areas instead.


16/40


Deprecated Features & Files: Some options and files that were available in Windows XP and Vista are no

longer supported in Windows 7. Support for and application updates on software that use Session 0

features, GINA DLLs and other options that are slated for removal, should be considered carefully.


17/40


Mitigating Compatibility Issues

Registry Changes

Removing Files

Application Configuration

The ACT can give suggestions on fixing compatibility problems. Some of the suggestions might involve changes to

applicable registry entries. These might change how and if version information is passed to the application or where

in the registry data is written to. In some cases, the solution might involve removing certain files or registry settings or

simply instructing the program to ignore the error if its implications are not considered serious.


18/40


Lesson 4: Windows Troubleshooting Platform

Operating System Troubleshooters

Creating Troubleshooters

Troubleshooting Pack Components

When users are able to quickly resolve software problems on their own, this increases their productivity and reduces

the administrative load of IT technicians. The Windows Troubleshooting Platform helps in this area by helping end-

users to detect and solve computer problems on their own. This is accomplished through the use of built-in

troubleshooters. Additional troubleshooters can be created by internal developers and other IT professionals for

issues that can be solved without the assistance of help-desk staff.


19/40


Operating System Troubleshooters

Fix Hardware Problems

Fix Configuration Problems

Action Center

Download Troubleshooters

The built-in troubleshooters are available to fix problems related to audio, video and performance issues. The

program compatibility tool can also be executed to find and fix problems with older software. They can be launched

from the Control Panel by going to System and Security and then to the Action Center. Additional troubleshooters

can be downloaded to resolve known problems. The troubleshooters can be configured to automatically fix the

issues they find or to list them without applying a solution.


20/40


Creating Troubleshooters

PowerShell Scripts

WMI Components

Software Development Kit

The extensibility of this feature makes it very useful for fixing common software problems that might come up from

time to time. Software issues that used to be solved by sending technicians to desktops or by issuing detailed

instructions to end-users are now fixed by using preconfigured troubleshooting solutions. Troubleshooting packs are

a collection of PowerShell scripts and relevant metadata. They use a standard wizard that provides a similar

experience for built-in and customized troubleshooters.

Even without development experience, these solutions can be created by technicians with some knowledge of

Windows Management Instrumentation and PowerShell scripting. The WMI components will allow the creation of

troubleshooters that fix problems with the operating system, devices, peripherals and network resources. The

Windows 7 SDK is used to create Troubleshooting Packs by using the TSPBuilder.exe utility.

Deployment of customized troubleshooting packs can be done manually or through Group Policy Objects. The

certificate used to sign the pack must be trusted by the desktops that will use it, but this can also be done through

GPO settings as well.


21/40


Troubleshooting Pack Components

Troubleshooter Script

Root Cause

Resolver Script

Verifier Script

Each troubleshooting pack is made up of a troubleshooter script, one or more root causes, a resolver script and a

verifier script:

Troubleshooter Script: This script is the starting point for the troubleshooter and it will specify the verifier

script or scripts that will be executed to find the root cause of the problem. The root causes can be

automatically fixed or presented to the end user for examination.

Root Cause: This is the problem that the troubleshooter is being executed to fix. Each problem will have a

resolver associated with it and there can be multiple root causes or resolvers per troubleshooter.

Resolver Script: The script associated with a particular root cause or problem.

Verifier Script: These scripts are used to detect root causes and to verify that the resolver has fixed the

problem.

Each troubleshooting pack project will have a name and other particulars assigned to it like a version number. A

proper description and information about supported platforms should also be included in the metadata.


22/40


Lesson 5: Windows Experience Index

How to Use the Base Score

Optimizing Performance with Base ScoreInformation

Some software problems on a system might be due to hardware components that perform poorly although they meet

or exceed Windows 7 minimum requirements. One way to find out how Windows applications will perform on a

computer is to get the Windows Experience Index base score for it. The base score ranges from 1.0 to 7.9 with

higher numbers indicating that you should get better performance on the system. The standards for the tests will

sometimes change, so more information about a certain type of hard-drive might result in it getting a lower base score

than it received previously.

The base score of a system is based on the subscore of individual hardware components. The processor, memory,

hard drive and graphics components are rated individually using the same scale as the base score and the lowest

subscore will become the base score for the computer. If it is found that some applications will not perform properly

on machines with a low base score, that information can be used make decisions on future deployments.


23/40


How to Use the Base Score

Subscores

2.0

3.0

4.0 5.0

6.0

To view the base score on a computer, open Performance Information and Tools in the Control Panel. If the score

is not already displayed, click the Rate this computerbutton to get your rating. Since the lowest subscore is always

used, the base score will represent the minimum performance level expected from that computer.

A score of 2.0 or less means that machine can perform general computing tasks like running desktop applications or

Internet browsing. A rating of 3.0 or higher would be needed to run Aero and other basic Windows 7 features. A

score of between 4.0 and 5.0 means the system can run multiple applications at the same time and easily support

new Windows 7 features. Scores of 6.0 and higher indicate that the system can perform graphics-intensive

operations and carry out tasks that require disk-intensive operations.


24/40


Optimizing Performance using Base Score

High scores on all but one component can significantly affect a computers base score. If graphics, memory and

processor components are all rated above 6.0 but the hard-disk is rated 2.0, the base score cannot be higher than

2.0. In some cases, improving sub-components might be practical to allow an existing machine to support an

application. Here are some suggestions for improving the Windows Experience Index score by fixing the component

that is performing the worst:

Hard-Disk: Clean up the drive by deleting unnecessary files or moving them off the primary hard drive. The

score might improve if more free space is available. Defragmenting the drive is also recommended and

adjusting the indexing options can speed up searches for files on the computer.

Graphics: Modify the visual effects to reduce the load on the graphics card and adjust display settings.

Memory / Processor: Reduce the number of programs that start up automatically at boot time and disable

or set to manual services that are not needed or used regularly.

Other things that might be changed to improve performance include the power settings, device drivers and using

ReadyBoost features. After the improvements are made, the assessment can be re-run to see if the base score

improves.


25/40


26/40


Safe Mode

Safe Mode

Safe Mode with Command Prompt

Safe Mode with Networking

The Safe Mode options that are available include the following:

Safe Mode: The computer starts with the normal GUI but only critical drivers and services will be running.

The network drivers are also disabled. The option is often used to test local programs that do not need

network access. Make sure that all the resources needed for the test are on the local drive or on DVD and

other easily accessible media.

Safe Mode with Command Prompt: Only critical drivers and services are loaded, but the interface will be

the command prompt. The GUI and networking components are disabled. This is normally used when the

option above is not usable because of problems with video drivers. The help options can be used to get

information about parameters needed for command-line tools used to make changes to the system.

Safe Mode with Networking: Has all the features of Safe Mode with a minimal configuration, but the

networking components will be enabled. For applications that are only accessible over the network or that

need network resources, this option provides that access. If web-sites or web applications are being tested,

it might also be necessary to disable add-ons and test compatibility options in Internet Explorer.


27/40


Safe Mode Options

Malware Check

Delete User Profile

Check Log Files

In addition to the above options, Safe Mode can be loaded with the boot log option to store the startup processes in

Ntbtlog.txt, base video to use a minimal VGA configuration orOS boot information to show the driver names as

they are being loaded during the startup process. These options are available during startup by pressing F8 or by

changing the boot options with bcdedit.exe. The boot options can also be managed with the System Configuration

tool by running msconfig.exe. The System Configuration tool provides the additional option to make the boot option

changes permanent.

While in Safe Mode, it is sometimes advantageous to do a virus and spyware scan to make sure that this is not the

cause of the application problem. Deleting the existing user profile or using a different one is another useful test.

The Event logs should also be checked for additional details that might point to the source of boot or application

problems.

If Safe Mode cannot be used during system startup, then hardware issues like faulty memory or hard disks might be

the problem. BIOS configuration changes might cause some boot problems. A scan for malicious software that does

not involve booting the local operating system might be needed to fix some problems.


28/40


Lesson 7: System Restore

Configuring System Restore

How to Use

The System Restore feature allows the configuration of the machine to be reverted to an older setup. When

application changes cause problems on the computer, this feature allows you to bring the system back to a working

state by using an older configuration. It allows these restores to take place without losing or changing user

documents on the machine. Only registry settings, system files and programs are modified during a restore.

Changes to script and batch files are also saved. The tools also make it easy for users to perform these tasks on

their own.


29/40


Configuring System Restore

Automatic Restore Points

System Restore Tool

Startup Options

If the application problems do not prevent you from logging into the computer, System Restore can be accessed from

the System Tools folder under Accessories. It can be used to manually create restore points. Automatic restore

points are created when doing updates or installing new software. Weekly restore points are also scheduled by

default. Any saved restore point can be used. The tool allows you to see a list of applications that will be affected by

doing a specific restore. Some programs might need to be reinstalled after the changes.

The System Restore tool is also accessible through the startup options when you press F8. When you choose the

Repair Your Computeroption, it loads the System Recovery Options from which you have access to System

Restore. It will provide the options to choose restore points and verify affected programs identical to the interface in

System Tools.


30/40


How to Use System Restore

Schedule Restore Points

Undo System Restore

Requirements

When system files are corrupted or deleted, it is often best to use the most recent restore point. If the application

causing the problems has been showing signs of problems for some time however, an older restore point might be

more prudent. Always verify the applications that will be affected by the changes. Automatic restore points will have

a descriptive named assigned to them based on the change that was made, like Installed New Software. Windows

updates will also create restore points. Those that are manually created should have a descriptive name assigned to

them. All restore points will have a date and time stamp associated with them.

System restores can be undone if they do not have the desired effect. Restore points are created each time you

apply a system restore. This is not the case however, when doing restore operations in Safe Mode or when using the

System Recovery Options. If there is uncertainty as to which restore point to apply, try applying other available points

until the problem is fixed. If software needs to be reinstalled, the application problem should be tested again after

this.

System Restore is automatically turned on for computers as a part of the System Protection feature. It requires that

the system use the NTFS file system. The amount of drive space used for restore points can also be controlled and

old restore points can be deleted to free up space. When new restore points are created and the drive resources set

aside for this purpose are already used up, older restore points will be automatically deleted to make room for the

new ones.


31/40


Resolve Software Failure

Review the scenarios and problems presented along with

their solutions

RESOLVE SOFTWARE FAILURES

The productivity of users is directly affected by whether or not their computers are working. System problems on

desktops need to resolved quickly to maintain access to resources need to complete job tasks. The restore options

in Windows 7 make it easier for technicians to diagnose and fix problems. They also allow user to easily fix some

problems on their own. Here are some problems that might arise and how to fix them.

An error message keeps appearing on the screen when a user works with a particular application.

Verify the error message in the Event Viewer and find a solution to it using the Knowledge Base or other resources at

www.technet.com.

You want to mitigate any compatibility issues that might occur with an older application before deploying it

to network computers.

Use the Application Compatibility Toolkit to verify if there will be any problems and to get suggestions as to how they

can be fixed.

The installation of a new application crashes a computer and you are not able to log back into the computer.

Use the Last Known Good Configuration and if that does not work, try using Safe Mode to boot the system and

remove the application.

A recent Windows Update is interfering with a custom application that is needed by all users. How can you

fix the application quickly?

Use the System Restore tool to revert to the system configuration the machine had before the Windows Update.

A recent problem with a critical application only happens on computers that have a certain operating system

feature disabled. How can you easily test computers for this feature and apply the fix if they need it?

Create a Troubleshooting Pack and deploy it using a GPO.
http://www.technet.com/http://www.technet.com/


32/40


You support an application that sometimes generates a non-critical error message when being used. How

can you configure an automatic response to these errors?

Use the Event Viewer to attach a task to that error event. This can be managed from a single computer by using

Event Forwarding.

You need a consistent system of rating the performance of network computers so better decisions can be

made when deploying new applications. What system is already in place that can be used to do this?Use the Windows Experience Index which rates the performance of hardware components on the desktop.

A user is having trouble explaining what they did before getting an error message in an application. Without

connecting to their desktop, how can you get better details about what they are doing?

Have the user run the Problem Steps Recorder to create a record of what they did then have them send the file to

you.

You are unable to run an Intranet web-site application from some of the computers on the network. How can

this problem be diagnosed?

Try the compatibility mode in Internet Explorer. You can also try connecting to the web-site in Safe Mode to see if

other application drivers might be causing a problem.

You need to generate an error and send a notification of it whenever users run a script by developers. Howcan these tasks be done?

Use the eventcreate.exe command to generate the error message in Event Viewer and attach a task to that event

that will send an email or display a message.


33/40


Review Module 3: Resolve Software Failure Issues

Examine the review questions as a class

REVIEW

1. What are the four possible levels that events can have in the system or application logs?

2. What command-line utility can be used to manage Event Viewer log files?

3. What tool is used to configure Remote Management on a desktop?

4. What can the eventcreate.exe command be used to do?

5. What service manages subscriptions to events from remote computers?

6. What functionality is provided by Windows Resource Protection?

7. What feature allows 32-bit applications to be run on Windows 7 64-bit operating systems?

8. What kind of scripts are used to design a troubleshooting pack?

9. What tool is used to create troubleshooting packs?


34/40


10. What three different types of scripts might you create in a troubleshooter pack?

11. How is the Windows Experience Index base score calculated?

12. How can the Windows Experience Index subscore of the primary hard disk be improved?

13. What tool can be used to change the boot options for a computer?

14. True or False. Drivers and Services can be disabled using Safe Mode with Command-Prompt.

15. True or False. System Restore can be used to retrieve deleted user files.


35/40


Labs Module 3: Resolve Software Failure

Exercise 1: Install Applications written for older O.S.

Exercise 2: Using the Program Compatibility Tool

Exercise 3: Disable the Network Adapter

Exercise 4: Use the Troubleshooter to Enable the Adapter

Exercise 5: Create PowerShell script for Troubleshooter

Exercise 6: Install Windows 7 SDK

Exercise 7: Create a Troubleshooting Pack with the SDK

Exercise 8: Configure Event Forwarding

Exercise 9: Configure System Restore

Overview: Test the Program Compatibility tool on applications written for older versions of

Windows. Use the Software Development Kit to create a test a Troubleshooter. Configure System

Restores. Install Windows 7 deployment tools. Create and work with a Virtual Hard Drive (VHD).

Start both the Windows 7 client and domain controller images for this lab. If there are

connectivity issues during the exercises, temporarily stop the Windows Firewall service.

Estimated time to complete this lab is 105 minutes.

Exercise 1: Install applications written for older versions of Windows

1. Copy xlviewer.exe and wdviewer.exe from \\NYC-DC1\CLASSFILES TO E:\TEMP.

2. Install both applications using their default settings. Run the installations with elevated privileges as

administrator.

3. Execute both applications to make sure they run without error messages.

Exercise 2: Use Program Compatibility tool to configure settings for older applications

1. Click Start > Control Panel > Programs > Run programs made for previous versions of Windows.

2. From the Program Compatibility window, click Advanced, then click Run as administrator.

3. Click Next.

4. Select Microsoft Office Excel Viewer 2003 from the list and click Next.

5. Choose Try Recommended Settings

6. Notice the compatibility mode applied.

7. Click Start the program to verify that it runs without errors and then close the program down.
http://server01/CLASSFILEShttp://server01/CLASSFILES


36/40


8. In the Program Compatibility window, click Next.

9. Click Yes, save these settings for the program.

10. Click View detailed information to see the Troubleshooting report.

11. Click Next then click Close.

12. Perform the steps in this task again for the Microsoft Office Word Viewer 2003 application.

Exercise 3: Disable the Network Adapter with a PowerShell Script

1. Open the Command Prompt as an administrator

2. Type powershell.exe and execute it. (Note: Notice the change in the prompt with PS indicating that you

are in a powershell.

3. Use the ipconfig /all command to get the MAC / Physical address of your adapter and make a note of it.

MAC Address ____________________. Note: represent the MAC address as being delimited by colons ( :

) instead of dashes ( - ).

4. Run the wmiobject to get more information about the adapter by running the following command:

get-wmiobject win32_networkadapter | where {$_.MACAddressEQ }.

represents the mac address delimited by colons ( : ) instead of dashes ( - ).

5. Assign the adapter information to a variable named $NIC with the following command:

$NIC = get-wmiobject win32_networkadapter | where {$_.MACAddressEQ }.6. Disable the network adapter using the variable:

$NIC.disable()

(Note: The $NIC.enable() command could enable the NIC but we will use the Troubleshooter instead)

7. Run ipconfig to verify that the network adapter is disabled.

Exercise 4: Use the Troubleshooter to enable the network adapter

1. Click Start and in the Search programs and files window, type Network Diagnostics

2. Click Identify and repair network problems

3. The Windows Network Diagnostics window should indicate that the adapter is disabled.

4. Click View detailed information. Click Next.

5. Click Try these repairs as an administrator6. After the adapter is enabled, click Close.

Exercise 5: Configure Powershell scripts to change the NICs IP address (To be used when

creating the Troubleshooter with the SDK)

1. Open a Command Prompt as administrator.

2. Run powershell.exe

3. Get the execution policy for scripts by running this command: Get-ExecutionPolicy

4. Configure the system to execute powershell scripts: Set-ExecutionPolicy unrestricted

5. Verify that the execution policy is now set to unrestricted: Get-ExecutionPolicy

6. Exit powershell, but stay in the Command Prompt.7. Run the command: xcopy \\NYC-DC1\classfiles\MOD03\*.ps1 e:\temp\ /s/v

8. Modify the E:\Temp\static_ip.ps1 file with notepad and replace the MAC address in the script with the one

for your NIC. Save the file.

9. Modify the E:\Temp\dynamic_ip.ps1 file with notepad and replace the MAC address in the script with the one

for your NIC. Save the file.

10. Run the command: powershell.exe e:\temp\static_ip.ps1

11. Use ipconfig to verify that the machine now has a static IP address

12. Run the command: powershell.exe e:\temp\dynamic_ip.ps1

13. Use ipconfig to verify that the machine is using a dynamic IP address
http://server01/classfiles/MOD03/*.ps1http://server01/classfiles/MOD03/*.ps1


37/40


14. Run the static_ip.ps1 script again to change the IP back to a static address.

Exercise 6: Install Windows 7 Software Development Kit (SDK).

1. Click Start and navigate to Control Panel > Programs > Programs and Features > Turn Windows features on

or off.2. In the Windows Features window, make sure that all the Microsoft .NET Framework components are

selected and installed.

3. Click OK.

4. Restart the computer and login again as Admin1.

5. Use the Virtual Machine Connection menu bar option (Media) to insert the Windows 7 Software

Development Kit ISO. Execute the setup.exe program from the SDK ISO as an administrator.

6. During the setup install all components except for the .NET Framework.

7. Accept all other default settings to complete the setup.

8. Before finishing the install, make sure that View the Windows SDK Release Notes is checked.

9. Read section 1.1 Recommended Resources,4.1 Installation and Related Content, 4.5 File System

Layout and 6.3 Ways to Find Support and Send Feedback in the Release Notes document.

10. Close the document.

Exercise 7: Create a Troubleshooting Pack with the Software Development Kit

1. Click Start > All Programs > Microsoft Windows SDK > Tools > Windows Troubleshooting Pack Designer.

2. From the Windows Troubleshooting Pack Designer, click Project > New.

3. From the Create a Troubleshooting Pack window, name the project Configure DHCP Client and change

the location to E:\Temp.

4. In the Privacy URL box, type http://NYC-DC1

5. Click Add New Root Cause

6. In the Root Cause ID box, type STATIC_IP

7. In the Root Cause Name box, type Client computers with a static IP address

8. Click Define Troubleshooter

9. Under Troubleshooter Properties, note the default options but do not change them.10. Click Define Resolver.

11. For the Resolver Name box, type Assign Dynamic IP Address and change Elevation to YES.

12. Click Define Verifier. Note the information provided but do not change the default settings.

13. Click Edit Root Cause Scripts.

14. Click the Edit Resolver Script link.

15. In the new dialog window, paste the code from the dynamic_ip.ps1 script.

16. Save and exit from the dialog window.

17. From the Menu bar of the Windows Troubleshooting Pack Designer, click Project > Save.

18. From the Menu bar of the Windows Troubleshooting Pack Designer, click Build > Run.

19. Accept all the default settings to do a test run of the pack.

20. Verify that the Troubleshooter worked by making sure the computer has a dynamic IP address.

21. In the Windows TroubleshootingPack Designer window, click Build > Build Pack.

22. Click View Output Folder to see the package files.

23. Close Windows Explorer and the Designer.


38/40


Exercise 8: Join the Domain and Configure Event Forwarding

1. Restart the system and login to VIRTUAL1 as Admin1.

2. Click Start > right click Computer and click Properties. Under Computer name, domain, and workgroup

settings, click Change Settings. In the Computer Name tab, click Change. Under Member of, click

Domain and type CONTOSO.COM. Click OK. Type the Admin1 credentials and click OK.3. Close all dialog windows and restart the VIRTUAL1 machine after successfully joining the domain. Login to

VIRTUAL1 as VIRTUAL1\Admin1.

4. Open the Computer Management console as an Administrator. Navigate to Local Users and Groups >

Groups. Open the properties window for the Administrators group. Add the Contoso\Classroom

Administrators group to the members list.

5. Open a Command Prompt with administrator credentials.

6. Run the command: winrm quickconfig (Note: This allows users on other systems to subscribe to events on

your computer)

7. Accept the changes if prompted to do so.

8. Run the command: wecutil qc. Accept the service changes when prompted.

9. Login to the domain controller (NYC-DC1) as Contoso\Administrator with a password of Pa$$w0rd. Run the

Active Directory Users and Computers snap-in as an Administrator.

10. Open the Builtin container.11. Open the properties of the Event Log Readers group. Click Add. Click Object Types and check off the

Computers object type. Click OK. In the Enter the object names to select window, type VIRTUAL1 and

click Check Names to verify the computer name is typed correctly. Click OK twice to close the Event Log

Readers properties window.

12. In the Event Viewer folder, navigate to Subscriptions.

13. Right click the Subscriptions tab and choose Create Subscription

14. In the Subscriptions Properties window, name the subscription Windows Logs

15. Set the Destination log to Forwarded Events

16. For the Subscription type, choose Collector initiated. Click the Select Computers button to add

VIRTUAL1 and Test the connection. Click OK.

17. Click Select Events and in the Query Filter window, use the drop-down window for Event Logs to

choose the Application, Security, Setup and System Event Logs. Click OK.

18. Click OK in the Subscription Properties window.19. Restart VIRTUAL1 and login to the system as VIRTUAL1\Admin1.

20. On NYC-DC1 in the Computer Management console, open the System Tools > Event Viewer > Windows

Logs > Forwarded Events folder. Verify that there are entries from the VIRTUAL1 machine.

21. In the Subscriptions folder, Disable the newly created subscription.

22. Optional Step: Use the information from the previous steps to configure Virtual1 with a subscription of

NYC-DC1 System and Application Logs.

Exercise 9: Configure System Restore

1. On Virtual1, navigate to Control Panel > System and Security > System.

2. Click the System protection link.

3. In the System Properties window on the System Protection tab, click the Create button to create a new

restore point named Pre_Application_Install. Close the System Properties window.

4. Run the command \\NYC-DC1\CLASSFILES\TOOLS\XLVIEWER.EXE to install Excel Viewer.

5. Accept the default settings to complete the setup.

6. Execute the application to verify that it installed properly. Close the application.

7. Open the System Properties window and go to the System Protection tab. Click System Restore.

8. Click the link for Is this process reversible? and read the documentation. Close it when done.

9. Click Scan for affected programs. Close the dialog window after it shows the Excel application.

10. Click the Choose a different restore point radio button and click Next.
http://server01/CLASSFILES/TOOLS/XLVIEWER.EXEhttp://server01/CLASSFILES/TOOLS/XLVIEWER.EXE


39/40


11. Choose the Pre_Application_Install restore point and click Next.

12. Click Finish and then Yes.

13. Verify that the Excel application has been removed after the reboot of the system.

14. Restart the system and boot into the original Windows 7 installation.

15. Login as Admin1 and create a Restore Point named Post_Lab3.


40/40


50331B-EnU StudentGuide M03

Documents

Transcript of 50331B-EnU StudentGuide M03