Services - University of Worcester
Download
Report
Transcript Services - University of Worcester
COMP2122
Network Operating Systems
University of Worcester
Richard Henson
November 2009
Week 7:
Booting up into Windows
Objectives:
– Describe each of the six boot-up stages
– Explain the terms firmware, ACPI, and
plug-n-play
– Relate the different essential components
for Windows to the OSI model
Why does Operating System
Boot-up take so long?
Six Stages required (including BIOS)
before the user gets their desktop:
–
–
–
–
–
–
Power-on self test (POST)
Initial startup
Boot loader
Detect and configure hardware
Kernel loading
Logon
Stage 1: POST
No matter which operating system is
installed, the motherboard’s BIOS uses
POST immediately after switch on
– POST = Power-On Self-Test
– essential to check that basic hardware is
OK before loading ANY operating system
into memory…
POST…
Checks the following:
– crucial hardware matters, such as amount of
memory present
– presence of the devices needed to start the
operating system
Retrieves:
– low level functions from BIOS (basic input-output
system)
– system configuration settings from CMOS memory
(complementary metal-oxide semiconductor)
Stage 2: Initial Start-up
After POST completes:
– motherboard “add-on” adapters that have
their own firmware carry out internal
diagnostic tests
» (e.g. video and hard drive controllers)
– CMOS memory settings (e.g. boot order)
used to determine the devices the
computer will use to load an operating
system
» e.g. floppy disk, hard disk, CD/DVD, USB
device
Stage 3: The Boot Loader
A single “boot loader” file needs to be detected and loaded…
– called NTLDR
– should be in the boot area on the first boot device in the CMOS
boot list
if NTLDR is not found
– depending on the device:
» EITHER an error may comes up
» OR control may pass to the next device on the list
The boot loader file…
– sets the system for “32-bit mode”
– starts the file system (e.g. NTFS)
– loads other essential start-up files:
»
»
»
»
»
Boot.ini – partition boot options
Ntdetect.com – hardware detection
Ntbootdd.sys
Ntoskrnl.exe
Hal.dll
Stage 4: Detecting and
Configuring Hardware
NTDETECT then loaded:
– extracts text info from boot.ini file and the
registry
– gets hardware data from firmware routines
– passes data gathered to NTLDR
NTLDR
– structures data from NTDETECT
– passes it to NTOSKRNL
Stage 5: Kernel Loading
NTLDR creates the “WINDOWS
EXECUTIVE”
Requirements:
– Windows kernel file (NToskrnl.exe)
– correct hardware abstraction layer file
(HAL.dll by default)
» example HAL files:
Halacpi.dll (Advanced Configuration and
Power Interface (ACPI) PC)
Halmacpi.dll (ACPI Multiprocessor)
Halaacpi.dll (ACPI Uniprocessor)
Hal.dll (Standard PC)
Creating the
“system” registry key
NTLDR…
– reads and processes the
systemroot\System32\Config\System file
» contains essential information for determining
which drivers need to be loaded
– creates HKEY_LOCAL_ MACHINE\SYSTEM
registry key
» usually includes several “control sets” as subkeys
» set up and presented as menu options before the
system key can be used
System key “control sets”
– Typical Control sets:
» \CurrentControlSet, a pointer to a
ControlSetxxx subkey
where xxx represents a control set number,
such as 001 designated in the \Select\Current
entry
» \Clone
a copy of \CurrentControlSet, created each
time you start your computer
» \Select options (next slide)
\SELECT control set options
1. Default:
– points to the control set number for next
startup
» e.g. 001=ControlSet001
» if no error or manual invocation of the
LastKnownGood startup option
assuming that a user is able to log on successfully…
BECOMES the Default, Current, and
LastKnownGood entries
2. Current:
– last control set that was used to start the
system
\SELECT control set
options
3. “Failed”:
– a control set that did not start Windows XP
Professional successfully
– updated when the LastKnownGood option is used
to start the system.
4. LastKnownGood:
– the control set used during the last user session
– updated during logon with configuration
information from the previous user session
Creating the “Hardware” Key
Once the Control Set is loaded…
– kernel uses the data structures provided by NTLDR
to create the
HKEY_LOCAL_MACHINE\HARDWARE key
» hardware data collected at system startup
» includes information about various hardware components
and system resources allocated to each device
The Starting up progress indicator at the bottom
of the screen monitors and displays aspects of
the kernel load process during the creation of
this key
Drivers, Services, and
Kernel Initiation
Drivers:
– kernel-mode components required by
devices to function with the operating
system
Services:
– components that support operating system
functions and applications
– can run in various different contexts
– typically do not offer many user-configurable
options
Drivers are treated as services…
Which Services are loaded
during kernel initiation?
Services loaded before user login
– act independently of the user
– typically stored in the systemroot\System32 and
systemroot\System32\Drivers folders
– use .exe, .sys, or .dll file name extensions
Each Service has a “start” value to determine
conditions of loading…
– can be altered by those with admin rights
Service “Start” values
0 (Boot)
– Specifies a driver that is loaded (but not started)
by firmware calls made by Ntldr. If no errors occur,
the kernel starts the driver.
1 (System)
– Specifies a driver that loads at kernel initialization
during the startup sequence by calling Windows
XP Professional boot drivers.
2 (Auto load)
– Specifies a driver or service that will be initialized
at system startup by Session Manager (Smss.exe)
or Service Controller (Services.exe)
More “Start” values
3 (Load on demand)
– a driver or service that is manually
started by a user, a process, or
another service
4 (Disabled)
– a disabled (not started) driver or
service
Loading Services and creating
the system key
During kernel initialization:
– NTLDR reads
HKEY_LOCAL_MACHINE\SYSTEM\CurrentContr
olSet\Services\servicename, then…
» Ntldr searches the Services subkey for drivers with a Start
value of 0
e.g. hard disk controllers
» Ntoskrnl.exe searches for and starts drivers, that have a
Start value of 1
e.g. network protocols
The kernel then starts the session manager
Session Manager (SMss.exe)
Important initialization functions:
– creates system environment variables
– starts kernel-mode part of the Windows subsystem
found at systemroot\System32\Win32k.sys
» Windows XP Professional can now switch from text mode
to graphics mode
» Windows-based applications can run in the Windows
subsystem
» applications can now access operating system functions,
such as displaying information to the screen
Session Manager (continued)
Also starts the user-mode portion of the
Windows subsystem found at systemroot
\System32\Csrss.exe
Windows subsystem and the
applications that run within it all user
mode processes
– no direct access to hardware or device
drivers
– run at a lower priority than kernel-mode
processes
– when it needs more memory the operating
system can page memory used by usermode processes to disk
Session Manager (continued)
Next starts the Logon Manager found at
systemroot\System32\Winlogon.exe
– creates additional virtual memory paging
files
– performs delayed rename operations for
files listed in the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\Session
Manager\PendingFileRenameOperations
» e.g. prompts to restart the computer after
installing a new driver or application
so that the file in use can be replaced
Session Manager (continued)
Finally, searches the registry for service
information that is contained in the following
subkeys:
– HKEY_LOCAL_MACHINE\SYSTEM\CurrentContr
olSet\Control\Session Manager
– HKEY_LOCAL_MACHINE\SYSTEM\CurrentContr
olSet\Services\servicename
– HKEY_LOCAL_MACHINE\SYSTEM\CurrentContr
olSet\Control\Session Manager
\Subsystems
Subkey Information for SMss
HKEY_LOCAL_MACHINE\SYSTEM\Curre
ntControlSet\Control\Session Manager
provides a list of commands to run
before loading services
– e.g. The Autochk.exe tool
» specified by the value of the BootExecute entry
and virtual memory (paging file) settings stored
in the Memory Management subkey
» version of the Chkdsk tool
» runs at startup if the operating system detects a
file system problem that requires repair before
completing the startup process
Subkey Information for SMss
– HKEY_LOCAL_MACHINE\SYSTEM\CurrentCo
ntrolSet\Services\servicename
» Service Control Manager initializes services that
the Start entry has designated as Auto-load
– HKEY_LOCAL_MACHINE\SYSTEM\CurrentCo
ntrolSet\Control\Session Manager
\Subsystems
» contains a list of available subsystems
e.g. Csrss.exe contains the user-mode portion of
the Windows subsystem
Stage 6: Logon Phase
Managed by Winlogon.exe
– initializes security and authentication
components
– starts the Services subsystem or Service
Control Manager (SCM): services.exe
» starts the Local Security Authority (LSA)
process (lsass.exe)
» parses the Ctrl+Alt+Del key combination at the
Begin Logon prompt
Logon Phase
The Graphical Identification and
Authentication (GINA) component:
– collects the user name and password
– passes this information securely to the LSA
for authentication
– if the user supplied valid credentials,
access is granted by using either the
Kerberos V 5 authentication protocol or
NTLM
Logon Phase
After the user has logged on:
– Control sets are updated
– Group Policy settings take effect
– Startup programs run e.g.
» login scripts
» programs in startup folders
» services found in registry subkeys &
folder locations
Logon Phase
Services loaded from these registry subkeys:
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window
s\CurrentVersion\Runonce
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window
s\CurrentVersion\policies\Explorer\Run
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window
s\CurrentVersion\Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\Windows\ Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu
rrentVersion\Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu
rrentVersion\RunOnce
Logon Phase
Services loaded from these folder
locations…
– systemdrive\Documents and Settings\All
Users\Start Menu\Programs\Startup
– systemdrive\Documents and
Settings\username\Start Menu\Programs\
Startup
– windir\Profiles\All Users\Start
Menu\Programs\Startup
– windir\Profiles\username\Start
Menu\Programs\Startup
Concluding Logon Phase…
Winlogon provides Plug and Play support for
computers equipped with ACPI firmware
(Advanced Configuration & Power Interface):
– enables enhanced features, e.g hardware resource
sharing
– especially useful for mobile users who use portable
computers that support standby, hibernation, hot and
warm docking, or undocking features
Plug and Play Device Detection
– runs asynchronously with the logon process
– relies on system firmware, hardware, device driver,
and operating system e.g. ACPI to detect and
enumerate new devices
Protecting the Server Software
All hardware can go wrong and should have
a backup
What of software… need tools…
–
–
–
–
–
–
what to backup?
when to backup?
How to backup?
where to put the backup?
how long to keep the backup?
can the backed up software be fully restored…
Client Backup
Windows XP presents four backup choices:
–
–
–
–
all files
current user settings
all user settings
custom choice
» can choose between anything from all files and
folders to none
Where to backup to?
Computer hard disk?
– ideal backup location is a separate partition on the same disk
– e.g. hard disk is partitioned into drive C and drive D
» data is on drive C
» can safely it back up to drive D.
Zip drive or other removable media
Unfortunately, the Windows Backup utility can't save files
directly to a CD-RW drive
A shared network drive. Limited only by the amount of
free space on the network share.
External hard disk drive.
USB, IEEE 1394, FireWire drives
Prioritising Server Backup?
Servers typically hold a lot of data
Generally accepted that “system state” files
are those that are most important for
keeping the NOS functioning normally
– need to be backed up on a regular basis
System state
Active Directory (NTDS)
System Volume (SYSVOL)
Boot files
Registry
COM+ class registration database