Comp2122 network operating systems
This presentation is the property of its rightful owner.
Sponsored Links
1 / 36

COMP2122 Network Operating Systems PowerPoint PPT Presentation


  • 93 Views
  • Uploaded on
  • Presentation posted in: General

COMP2122 Network Operating Systems. University of Worcester Richard Henson November 2009. Week 7: Booting up into Windows. Objectives: Describe each of the six boot-up stages Explain the terms firmware, ACPI, and plug-n-play

Download Presentation

COMP2122 Network Operating Systems

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Comp2122 network operating systems

COMP2122Network Operating Systems

University of Worcester

Richard Henson

November2009


Week 7 booting up into windows

Week 7: Booting up into Windows

  • Objectives:

    • Describe each of the six boot-up stages

    • Explain the terms firmware, ACPI, and plug-n-play

    • Relate the different essential components for Windows to the OSI model


Why does operating system boot up take so long

Why does Operating System Boot-up take so long?

  • Six Stages required (including BIOS) before the user gets their desktop:

    • Power-on self test (POST)

    • Initial startup

    • Boot loader

    • Detect and configure hardware

    • Kernel loading

    • Logon


Stage 1 post

Stage 1: POST

  • No matter which operating system is installed, themotherboard’s BIOS uses POST immediately after switch on

    • POST = Power-On Self-Test

    • essential to check that basic hardware is OK before loading ANY operating system into memory…


Comp2122 network operating systems

POST…

  • Checks the following:

    • crucial hardware matters, such as amount of memory present

    • presence of the devices needed to start the operating system

  • Retrieves:

    • low level functions from BIOS (basic input-output system)

    • system configuration settings from CMOS memory (complementary metal-oxide semiconductor)


Stage 2 initial start up

Stage 2: Initial Start-up

  • After POST completes:

    • motherboard “add-on” adapters that have their own firmware carry out internal diagnostic tests

      • (e.g. video and hard drive controllers)

    • CMOS memory settings (e.g. boot order) used to determine the devices the computer will use to load an operating system

      • e.g. floppy disk, hard disk, CD/DVD, USB device


Stage 3 the boot loader

Stage 3: The Boot Loader

  • A single “boot loader” file needs to be detected and loaded…

    • called NTLDR

    • should be in the boot area on the first boot device in the CMOS boot list

  • if NTLDR is not found

    • depending on the device:

      • EITHER an error may comes up

      • OR control may pass to the next device on the list

  • The boot loader file…

    • sets the system for “32-bit mode”

    • starts the file system (e.g. NTFS)

    • loads other essential start-up files:

      • Boot.ini – partition boot options

      • Ntdetect.com – hardware detection

      • Ntbootdd.sys

      • Ntoskrnl.exe

      • Hal.dll


Stage 4 detecting and configuring hardware

Stage 4: Detecting and Configuring Hardware

  • NTDETECT then loaded:

    • extracts text info from boot.ini file and the registry

    • gets hardware data from firmware routines

    • passes data gathered to NTLDR

  • NTLDR

    • structures data from NTDETECT

    • passes it to NTOSKRNL


Stage 5 kernel loading

Stage 5: Kernel Loading

  • NTLDR creates the “WINDOWS EXECUTIVE”

  • Requirements:

    • Windows kernel file (NToskrnl.exe)

    • correct hardware abstraction layer file (HAL.dll by default)

      • example HAL files:

        • Halacpi.dll (Advanced Configuration and Power Interface (ACPI) PC)

        • Halmacpi.dll (ACPI Multiprocessor)

        • Halaacpi.dll (ACPI Uniprocessor)

        • Hal.dll (Standard PC)


Creating the system registry key

Creating the “system” registry key

  • NTLDR…

    • reads and processes the systemroot\System32\Config\System file

      • contains essential information for determining which drivers need to be loaded

    • creates HKEY_LOCAL_ MACHINE\SYSTEM registry key

      • usually includes several “control sets” as subkeys

      • set up and presented as menu options before the system key can be used


System key control sets

System key “control sets”

  • Typical Control sets:

    • \CurrentControlSet, a pointer to a ControlSetxxx subkey

      • where xxx represents a control set number, such as 001 designated in the \Select\Current entry

    • \Clone

      • a copy of \CurrentControlSet, created each time you start your computer

    • \Select options (next slide)


Select control set options

\SELECT control set options

  • 1. Default:

    • points to the control set number for next startup

      • e.g. 001=ControlSet001

      • if no error or manual invocation of the LastKnownGood startup option

        • assuming that a user is able to log on successfully…

        • BECOMES the Default, Current, and LastKnownGood entries

  • 2.Current:

    • last control set that was used to start the system


Select control set options1

\SELECT control set options

  • 3. “Failed”:

    • a control set that did not start Windows XP Professional successfully

    • updated when the LastKnownGood option is used to start the system.

  • 4. LastKnownGood:

    • the control set used during the last user session

    • updated during logon with configuration information from the previous user session


Creating the hardware key

Creating the “Hardware” Key

  • Once the Control Set is loaded…

    • kernel uses the data structures provided by NTLDR to create the HKEY_LOCAL_MACHINE\HARDWARE key

      • hardware data collected at system startup

      • includes information about various hardware components and system resources allocated to each device

  • The Starting up progress indicator at the bottom of the screen monitors and displays aspects of the kernel load process during the creation of this key


Drivers services and kernel initiation

Drivers, Services, and Kernel Initiation

  • Drivers:

    • kernel-mode components required by devices to function with the operating system

  • Services:

    • components that support operating system functions and applications

    • can run in various different contexts

    • typically do not offer many user-configurable options

  • Drivers are treated as services…


Which services are loaded during kernel initiation

Which Services are loaded during kernel initiation?

  • Services loaded before user login

    • act independently of the user

    • typically stored in the systemroot\System32 and systemroot\System32\Drivers folders

    • use .exe, .sys, or .dll file name extensions

  • Each Service has a “start” value to determine conditions of loading…

    • can be altered by those with admin rights


Service start values

Service “Start” values

  • 0 (Boot)

    • Specifies a driver that is loaded (but not started) by firmware calls made by Ntldr. If no errors occur, the kernel starts the driver.

  • 1 (System)

    • Specifies a driver that loads at kernel initialization during the startup sequence by calling Windows XP Professional boot drivers.

  • 2 (Auto load)

    • Specifies a driver or service that will be initialized at system startup by Session Manager (Smss.exe) or Service Controller (Services.exe)


More start values

More “Start” values

  • 3 (Load on demand)

    • a driver or service that is manually started by a user, a process, or another service

  • 4 (Disabled)

    • a disabled (not started) driver or service


Loading services and creating the system key

Loading Services and creating the system key

  • During kernel initialization:

    • NTLDR reads HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename, then…

      • Ntldr searches the Services subkey for drivers with a Start value of 0

        • e.g. hard disk controllers

      • Ntoskrnl.exe searches for and starts drivers, that have a Start value of 1

        • e.g. network protocols

  • The kernel then starts the session manager


Session manager smss exe

Session Manager (SMss.exe)

  • Important initialization functions:

    • creates system environment variables

    • starts kernel-mode part of the Windows subsystem found at systemroot\System32\Win32k.sys

      • Windows XP Professional can now switch from text mode to graphics mode

      • Windows-based applications can run in the Windows subsystem

      • applications can now access operating system functions, such as displaying information to the screen


Session manager continued

Session Manager (continued)

  • Also starts the user-mode portion of the Windows subsystem found at systemroot\System32\Csrss.exe

  • Windows subsystem and the applications that run within it all user mode processes

    • no direct access to hardware or device drivers

    • run at a lower priority than kernel-mode processes

    • when it needs more memory the operating system can page memory used by user-mode processes to disk


Session manager continued1

Session Manager (continued)

  • Next starts the Logon Manager found at systemroot\System32\Winlogon.exe

    • creates additional virtual memory paging files

    • performs delayed rename operations for files listed in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations

      • e.g. prompts to restart the computer after installing a new driver or application

        • so that the file in use can be replaced


Session manager continued2

Session Manager (continued)

  • Finally, searches the registry for service information that is contained in the following subkeys:

    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename

    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Subsystems


Subkey information for smss

Subkey Information for SMss

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager provides a list of commands to run before loading services

    • e.g. The Autochk.exe tool

      • specified by the value of the BootExecute entry and virtual memory (paging file) settings stored in the Memory Management subkey

      • version of the Chkdsk tool

      • runs at startup if the operating system detects a file system problem that requires repair before completing the startup process


Subkey information for smss1

Subkey Information for SMss

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename

    • Service Control Manager initializes services that the Start entry has designated as Auto-load

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Subsystems

    • contains a list of available subsystems

      • e.g. Csrss.exe contains the user-mode portion of the Windows subsystem


Stage 6 logon phase

Stage 6: Logon Phase

  • Managed by Winlogon.exe

    • initializes security and authentication components

    • starts the Services subsystem or Service Control Manager (SCM): services.exe

      • starts the Local Security Authority (LSA) process (lsass.exe)

      • parses the Ctrl+Alt+Del key combination at the Begin Logon prompt


Logon phase

Logon Phase

  • The Graphical Identification and Authentication (GINA) component:

    • collects the user name and password

    • passes this information securely to the LSA for authentication

    • if the user supplied valid credentials, access is granted by using either the Kerberos V 5 authentication protocol or NTLM


Logon phase1

Logon Phase

  • After the user has logged on:

    • Control sets are updated

    • Group Policy settings take effect

    • Startup programs run e.g.

      • login scripts

      • programs in startup folders

      • services found in registry subkeys & folder locations


Logon phase2

Logon Phase

  • Services loaded from these registry subkeys:

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ Run

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce


Logon phase3

Logon Phase

  • Services loaded from these folder locations…

    • systemdrive\Documents and Settings\All Users\Start Menu\Programs\Startup

    • systemdrive\Documents and Settings\username\Start Menu\Programs\ Startup

    • windir\Profiles\All Users\Start Menu\Programs\Startup

    • windir\Profiles\username\Start Menu\Programs\Startup


Concluding logon phase

Concluding Logon Phase…

  • Winlogon provides Plug and Play support for computers equipped with ACPI firmware (Advanced Configuration & Power Interface):

    • enables enhanced features, e.g hardware resource sharing

    • especially useful for mobile users who use portable computers that support standby, hibernation, hot and warm docking, or undocking features

  • Plug and Play Device Detection

    • runs asynchronously with the logon process

    • relies on system firmware, hardware, device driver, and operating system e.g. ACPI to detect and enumerate new devices


Protecting the server software

Protecting the Server Software

  • All hardware can go wrong and should have a backup

  • What of software… need tools…

    • what to backup?

    • when to backup?

    • How to backup?

    • where to put the backup?

    • how long to keep the backup?

    • can the backed up software be fully restored…


Client backup

Client Backup

  • Windows XP presents four backup choices:

    • all files

    • current user settings

    • all user settings

    • custom choice

      • can choose between anything from all files and folders to none


Where to backup to

Where to backup to?

  • Computer hard disk?

    • ideal backup location is a separate partition on the same disk

    • e.g. hard disk is partitioned into drive C and drive D

      • data is on drive C

      • can safely it back up to drive D.

  • Zip drive or other removable media

  • Unfortunately, the Windows Backup utility can't save files directly to a CD-RW drive

  • A shared network drive. Limited only by the amount of free space on the network share.

  • External hard disk drive.

  • USB, IEEE 1394, FireWire drives


Prioritising server backup

Prioritising Server Backup?

  • Servers typically hold a lot of data

  • Generally accepted that “system state” files are those that are most important for keeping the NOS functioning normally

    • need to be backed up on a regular basis


System state

System state

  • Active Directory (NTDS)

  • System Volume (SYSVOL)

  • Boot files

  • Registry

  • COM+ class registration database


  • Login