Services - University of Worcester

Download Report

Transcript Services - University of Worcester

COMP2122
Network Operating Systems
University of Worcester
Richard Henson
November 2009
Week 7:
Booting up into Windows

Objectives:
– Describe each of the six boot-up stages
– Explain the terms firmware, ACPI, and
plug-n-play
– Relate the different essential components
for Windows to the OSI model
Why does Operating System
Boot-up take so long?

Six Stages required (including BIOS)
before the user gets their desktop:
–
–
–
–
–
–
Power-on self test (POST)
Initial startup
Boot loader
Detect and configure hardware
Kernel loading
Logon
Stage 1: POST

No matter which operating system is
installed, the motherboard’s BIOS uses
POST immediately after switch on
– POST = Power-On Self-Test
– essential to check that basic hardware is
OK before loading ANY operating system
into memory…
POST…

Checks the following:
– crucial hardware matters, such as amount of
memory present
– presence of the devices needed to start the
operating system

Retrieves:
– low level functions from BIOS (basic input-output
system)
– system configuration settings from CMOS memory
(complementary metal-oxide semiconductor)
Stage 2: Initial Start-up

After POST completes:
– motherboard “add-on” adapters that have
their own firmware carry out internal
diagnostic tests
» (e.g. video and hard drive controllers)
– CMOS memory settings (e.g. boot order)
used to determine the devices the
computer will use to load an operating
system
» e.g. floppy disk, hard disk, CD/DVD, USB
device
Stage 3: The Boot Loader

A single “boot loader” file needs to be detected and loaded…
– called NTLDR
– should be in the boot area on the first boot device in the CMOS
boot list

if NTLDR is not found
– depending on the device:
» EITHER an error may comes up
» OR control may pass to the next device on the list

The boot loader file…
– sets the system for “32-bit mode”
– starts the file system (e.g. NTFS)
– loads other essential start-up files:
»
»
»
»
»
Boot.ini – partition boot options
Ntdetect.com – hardware detection
Ntbootdd.sys
Ntoskrnl.exe
Hal.dll
Stage 4: Detecting and
Configuring Hardware

NTDETECT then loaded:
– extracts text info from boot.ini file and the
registry
– gets hardware data from firmware routines
– passes data gathered to NTLDR

NTLDR
– structures data from NTDETECT
– passes it to NTOSKRNL
Stage 5: Kernel Loading


NTLDR creates the “WINDOWS
EXECUTIVE”
Requirements:
– Windows kernel file (NToskrnl.exe)
– correct hardware abstraction layer file
(HAL.dll by default)
» example HAL files:




Halacpi.dll (Advanced Configuration and
Power Interface (ACPI) PC)
Halmacpi.dll (ACPI Multiprocessor)
Halaacpi.dll (ACPI Uniprocessor)
Hal.dll (Standard PC)
Creating the
“system” registry key

NTLDR…
– reads and processes the
systemroot\System32\Config\System file
» contains essential information for determining
which drivers need to be loaded
– creates HKEY_LOCAL_ MACHINE\SYSTEM
registry key
» usually includes several “control sets” as subkeys
» set up and presented as menu options before the
system key can be used
System key “control sets”
– Typical Control sets:
» \CurrentControlSet, a pointer to a
ControlSetxxx subkey

where xxx represents a control set number,
such as 001 designated in the \Select\Current
entry
» \Clone

a copy of \CurrentControlSet, created each
time you start your computer
» \Select options (next slide)
\SELECT control set options

1. Default:
– points to the control set number for next
startup
» e.g. 001=ControlSet001
» if no error or manual invocation of the
LastKnownGood startup option



assuming that a user is able to log on successfully…
BECOMES the Default, Current, and
LastKnownGood entries
2. Current:
– last control set that was used to start the
system
\SELECT control set
options

3. “Failed”:
– a control set that did not start Windows XP
Professional successfully
– updated when the LastKnownGood option is used
to start the system.

4. LastKnownGood:
– the control set used during the last user session
– updated during logon with configuration
information from the previous user session
Creating the “Hardware” Key

Once the Control Set is loaded…
– kernel uses the data structures provided by NTLDR
to create the
HKEY_LOCAL_MACHINE\HARDWARE key
» hardware data collected at system startup
» includes information about various hardware components
and system resources allocated to each device

The Starting up progress indicator at the bottom
of the screen monitors and displays aspects of
the kernel load process during the creation of
this key
Drivers, Services, and
Kernel Initiation

Drivers:
– kernel-mode components required by
devices to function with the operating
system

Services:
– components that support operating system
functions and applications
– can run in various different contexts
– typically do not offer many user-configurable
options

Drivers are treated as services…
Which Services are loaded
during kernel initiation?

Services loaded before user login
– act independently of the user
– typically stored in the systemroot\System32 and
systemroot\System32\Drivers folders
– use .exe, .sys, or .dll file name extensions

Each Service has a “start” value to determine
conditions of loading…
– can be altered by those with admin rights
Service “Start” values

0 (Boot)
– Specifies a driver that is loaded (but not started)
by firmware calls made by Ntldr. If no errors occur,
the kernel starts the driver.

1 (System)
– Specifies a driver that loads at kernel initialization
during the startup sequence by calling Windows
XP Professional boot drivers.

2 (Auto load)
– Specifies a driver or service that will be initialized
at system startup by Session Manager (Smss.exe)
or Service Controller (Services.exe)
More “Start” values

3 (Load on demand)
– a driver or service that is manually
started by a user, a process, or
another service

4 (Disabled)
– a disabled (not started) driver or
service
Loading Services and creating
the system key

During kernel initialization:
– NTLDR reads
HKEY_LOCAL_MACHINE\SYSTEM\CurrentContr
olSet\Services\servicename, then…
» Ntldr searches the Services subkey for drivers with a Start
value of 0

e.g. hard disk controllers
» Ntoskrnl.exe searches for and starts drivers, that have a
Start value of 1


e.g. network protocols
The kernel then starts the session manager
Session Manager (SMss.exe)

Important initialization functions:
– creates system environment variables
– starts kernel-mode part of the Windows subsystem
found at systemroot\System32\Win32k.sys
» Windows XP Professional can now switch from text mode
to graphics mode
» Windows-based applications can run in the Windows
subsystem
» applications can now access operating system functions,
such as displaying information to the screen
Session Manager (continued)


Also starts the user-mode portion of the
Windows subsystem found at systemroot
\System32\Csrss.exe
Windows subsystem and the
applications that run within it all user
mode processes
– no direct access to hardware or device
drivers
– run at a lower priority than kernel-mode
processes
– when it needs more memory the operating
system can page memory used by usermode processes to disk
Session Manager (continued)

Next starts the Logon Manager found at
systemroot\System32\Winlogon.exe
– creates additional virtual memory paging
files
– performs delayed rename operations for
files listed in the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\Session
Manager\PendingFileRenameOperations
» e.g. prompts to restart the computer after
installing a new driver or application

so that the file in use can be replaced
Session Manager (continued)

Finally, searches the registry for service
information that is contained in the following
subkeys:
– HKEY_LOCAL_MACHINE\SYSTEM\CurrentContr
olSet\Control\Session Manager
– HKEY_LOCAL_MACHINE\SYSTEM\CurrentContr
olSet\Services\servicename
– HKEY_LOCAL_MACHINE\SYSTEM\CurrentContr
olSet\Control\Session Manager
\Subsystems
Subkey Information for SMss

HKEY_LOCAL_MACHINE\SYSTEM\Curre
ntControlSet\Control\Session Manager
provides a list of commands to run
before loading services
– e.g. The Autochk.exe tool
» specified by the value of the BootExecute entry
and virtual memory (paging file) settings stored
in the Memory Management subkey
» version of the Chkdsk tool
» runs at startup if the operating system detects a
file system problem that requires repair before
completing the startup process
Subkey Information for SMss
– HKEY_LOCAL_MACHINE\SYSTEM\CurrentCo
ntrolSet\Services\servicename
» Service Control Manager initializes services that
the Start entry has designated as Auto-load
– HKEY_LOCAL_MACHINE\SYSTEM\CurrentCo
ntrolSet\Control\Session Manager
\Subsystems
» contains a list of available subsystems

e.g. Csrss.exe contains the user-mode portion of
the Windows subsystem
Stage 6: Logon Phase

Managed by Winlogon.exe
– initializes security and authentication
components
– starts the Services subsystem or Service
Control Manager (SCM): services.exe
» starts the Local Security Authority (LSA)
process (lsass.exe)
» parses the Ctrl+Alt+Del key combination at the
Begin Logon prompt
Logon Phase

The Graphical Identification and
Authentication (GINA) component:
– collects the user name and password
– passes this information securely to the LSA
for authentication
– if the user supplied valid credentials,
access is granted by using either the
Kerberos V 5 authentication protocol or
NTLM
Logon Phase

After the user has logged on:
– Control sets are updated
– Group Policy settings take effect
– Startup programs run e.g.
» login scripts
» programs in startup folders
» services found in registry subkeys &
folder locations
Logon Phase

Services loaded from these registry subkeys:
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window
s\CurrentVersion\Runonce
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window
s\CurrentVersion\policies\Explorer\Run
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window
s\CurrentVersion\Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\Windows\ Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu
rrentVersion\Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu
rrentVersion\RunOnce
Logon Phase

Services loaded from these folder
locations…
– systemdrive\Documents and Settings\All
Users\Start Menu\Programs\Startup
– systemdrive\Documents and
Settings\username\Start Menu\Programs\
Startup
– windir\Profiles\All Users\Start
Menu\Programs\Startup
– windir\Profiles\username\Start
Menu\Programs\Startup
Concluding Logon Phase…

Winlogon provides Plug and Play support for
computers equipped with ACPI firmware
(Advanced Configuration & Power Interface):
– enables enhanced features, e.g hardware resource
sharing
– especially useful for mobile users who use portable
computers that support standby, hibernation, hot and
warm docking, or undocking features

Plug and Play Device Detection
– runs asynchronously with the logon process
– relies on system firmware, hardware, device driver,
and operating system e.g. ACPI to detect and
enumerate new devices
Protecting the Server Software
All hardware can go wrong and should have
a backup
 What of software… need tools…

–
–
–
–
–
–
what to backup?
when to backup?
How to backup?
where to put the backup?
how long to keep the backup?
can the backed up software be fully restored…
Client Backup

Windows XP presents four backup choices:
–
–
–
–
all files
current user settings
all user settings
custom choice
» can choose between anything from all files and
folders to none
Where to backup to?

Computer hard disk?
– ideal backup location is a separate partition on the same disk
– e.g. hard disk is partitioned into drive C and drive D
» data is on drive C
» can safely it back up to drive D.





Zip drive or other removable media
Unfortunately, the Windows Backup utility can't save files
directly to a CD-RW drive
A shared network drive. Limited only by the amount of
free space on the network share.
External hard disk drive.
USB, IEEE 1394, FireWire drives
Prioritising Server Backup?
Servers typically hold a lot of data
 Generally accepted that “system state” files
are those that are most important for
keeping the NOS functioning normally

– need to be backed up on a regular basis
System state
Active Directory (NTDS)
 System Volume (SYSVOL)
 Boot files
 Registry
 COM+ class registration database
