1 / 36

COMP2122 Network Operating Systems

COMP2122 Network Operating Systems. University of Worcester Richard Henson November 2009. Week 7: Booting up into Windows. Objectives: Describe each of the six boot-up stages Explain the terms firmware, ACPI, and plug-n-play

adia
Download Presentation

COMP2122 Network Operating Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. COMP2122Network Operating Systems University of Worcester Richard Henson November2009

  2. Week 7: Booting up into Windows • Objectives: • Describe each of the six boot-up stages • Explain the terms firmware, ACPI, and plug-n-play • Relate the different essential components for Windows to the OSI model

  3. Why does Operating System Boot-up take so long? • Six Stages required (including BIOS) before the user gets their desktop: • Power-on self test (POST) • Initial startup • Boot loader • Detect and configure hardware • Kernel loading • Logon

  4. Stage 1: POST • No matter which operating system is installed, themotherboard’s BIOS uses POST immediately after switch on • POST = Power-On Self-Test • essential to check that basic hardware is OK before loading ANY operating system into memory…

  5. POST… • Checks the following: • crucial hardware matters, such as amount of memory present • presence of the devices needed to start the operating system • Retrieves: • low level functions from BIOS (basic input-output system) • system configuration settings from CMOS memory (complementary metal-oxide semiconductor)

  6. Stage 2: Initial Start-up • After POST completes: • motherboard “add-on” adapters that have their own firmware carry out internal diagnostic tests • (e.g. video and hard drive controllers) • CMOS memory settings (e.g. boot order) used to determine the devices the computer will use to load an operating system • e.g. floppy disk, hard disk, CD/DVD, USB device

  7. Stage 3: The Boot Loader • A single “boot loader” file needs to be detected and loaded… • called NTLDR • should be in the boot area on the first boot device in the CMOS boot list • if NTLDR is not found • depending on the device: • EITHER an error may comes up • OR control may pass to the next device on the list • The boot loader file… • sets the system for “32-bit mode” • starts the file system (e.g. NTFS) • loads other essential start-up files: • Boot.ini – partition boot options • Ntdetect.com – hardware detection • Ntbootdd.sys • Ntoskrnl.exe • Hal.dll

  8. Stage 4: Detecting and Configuring Hardware • NTDETECT then loaded: • extracts text info from boot.ini file and the registry • gets hardware data from firmware routines • passes data gathered to NTLDR • NTLDR • structures data from NTDETECT • passes it to NTOSKRNL

  9. Stage 5: Kernel Loading • NTLDR creates the “WINDOWS EXECUTIVE” • Requirements: • Windows kernel file (NToskrnl.exe) • correct hardware abstraction layer file (HAL.dll by default) • example HAL files: • Halacpi.dll (Advanced Configuration and Power Interface (ACPI) PC) • Halmacpi.dll (ACPI Multiprocessor) • Halaacpi.dll (ACPI Uniprocessor) • Hal.dll (Standard PC)

  10. Creating the “system” registry key • NTLDR… • reads and processes the systemroot\System32\Config\System file • contains essential information for determining which drivers need to be loaded • creates HKEY_LOCAL_ MACHINE\SYSTEM registry key • usually includes several “control sets” as subkeys • set up and presented as menu options before the system key can be used

  11. System key “control sets” • Typical Control sets: • \CurrentControlSet, a pointer to a ControlSetxxx subkey • where xxx represents a control set number, such as 001 designated in the \Select\Current entry • \Clone • a copy of \CurrentControlSet, created each time you start your computer • \Select options (next slide)

  12. \SELECT control set options • 1. Default: • points to the control set number for next startup • e.g. 001=ControlSet001 • if no error or manual invocation of the LastKnownGood startup option • assuming that a user is able to log on successfully… • BECOMES the Default, Current, and LastKnownGood entries • 2.Current: • last control set that was used to start the system

  13. \SELECT control set options • 3. “Failed”: • a control set that did not start Windows XP Professional successfully • updated when the LastKnownGood option is used to start the system. • 4. LastKnownGood: • the control set used during the last user session • updated during logon with configuration information from the previous user session

  14. Creating the “Hardware” Key • Once the Control Set is loaded… • kernel uses the data structures provided by NTLDR to create the HKEY_LOCAL_MACHINE\HARDWARE key • hardware data collected at system startup • includes information about various hardware components and system resources allocated to each device • The Starting up progress indicator at the bottom of the screen monitors and displays aspects of the kernel load process during the creation of this key

  15. Drivers, Services, and Kernel Initiation • Drivers: • kernel-mode components required by devices to function with the operating system • Services: • components that support operating system functions and applications • can run in various different contexts • typically do not offer many user-configurable options • Drivers are treated as services…

  16. Which Services are loaded during kernel initiation? • Services loaded before user login • act independently of the user • typically stored in the systemroot\System32 and systemroot\System32\Drivers folders • use .exe, .sys, or .dll file name extensions • Each Service has a “start” value to determine conditions of loading… • can be altered by those with admin rights

  17. Service “Start” values • 0 (Boot) • Specifies a driver that is loaded (but not started) by firmware calls made by Ntldr. If no errors occur, the kernel starts the driver. • 1 (System) • Specifies a driver that loads at kernel initialization during the startup sequence by calling Windows XP Professional boot drivers. • 2 (Auto load) • Specifies a driver or service that will be initialized at system startup by Session Manager (Smss.exe) or Service Controller (Services.exe)

  18. More “Start” values • 3 (Load on demand) • a driver or service that is manually started by a user, a process, or another service • 4 (Disabled) • a disabled (not started) driver or service

  19. Loading Services and creating the system key • During kernel initialization: • NTLDR reads HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename, then… • Ntldr searches the Services subkey for drivers with a Start value of 0 • e.g. hard disk controllers • Ntoskrnl.exe searches for and starts drivers, that have a Start value of 1 • e.g. network protocols • The kernel then starts the session manager

  20. Session Manager (SMss.exe) • Important initialization functions: • creates system environment variables • starts kernel-mode part of the Windows subsystem found at systemroot\System32\Win32k.sys • Windows XP Professional can now switch from text mode to graphics mode • Windows-based applications can run in the Windows subsystem • applications can now access operating system functions, such as displaying information to the screen

  21. Session Manager (continued) • Also starts the user-mode portion of the Windows subsystem found at systemroot\System32\Csrss.exe • Windows subsystem and the applications that run within it all user mode processes • no direct access to hardware or device drivers • run at a lower priority than kernel-mode processes • when it needs more memory the operating system can page memory used by user-mode processes to disk

  22. Session Manager (continued) • Next starts the Logon Manager found at systemroot\System32\Winlogon.exe • creates additional virtual memory paging files • performs delayed rename operations for files listed in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations • e.g. prompts to restart the computer after installing a new driver or application • so that the file in use can be replaced

  23. Session Manager (continued) • Finally, searches the registry for service information that is contained in the following subkeys: • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Subsystems

  24. Subkey Information for SMss • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager provides a list of commands to run before loading services • e.g. The Autochk.exe tool • specified by the value of the BootExecute entry and virtual memory (paging file) settings stored in the Memory Management subkey • version of the Chkdsk tool • runs at startup if the operating system detects a file system problem that requires repair before completing the startup process

  25. Subkey Information for SMss • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename • Service Control Manager initializes services that the Start entry has designated as Auto-load • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Subsystems • contains a list of available subsystems • e.g. Csrss.exe contains the user-mode portion of the Windows subsystem

  26. Stage 6: Logon Phase • Managed by Winlogon.exe • initializes security and authentication components • starts the Services subsystem or Service Control Manager (SCM): services.exe • starts the Local Security Authority (LSA) process (lsass.exe) • parses the Ctrl+Alt+Del key combination at the Begin Logon prompt

  27. Logon Phase • The Graphical Identification and Authentication (GINA) component: • collects the user name and password • passes this information securely to the LSA for authentication • if the user supplied valid credentials, access is granted by using either the Kerberos V 5 authentication protocol or NTLM

  28. Logon Phase • After the user has logged on: • Control sets are updated • Group Policy settings take effect • Startup programs run e.g. • login scripts • programs in startup folders • services found in registry subkeys & folder locations

  29. Logon Phase • Services loaded from these registry subkeys: • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ Run • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

  30. Logon Phase • Services loaded from these folder locations… • systemdrive\Documents and Settings\All Users\Start Menu\Programs\Startup • systemdrive\Documents and Settings\username\Start Menu\Programs\ Startup • windir\Profiles\All Users\Start Menu\Programs\Startup • windir\Profiles\username\Start Menu\Programs\Startup

  31. Concluding Logon Phase… • Winlogon provides Plug and Play support for computers equipped with ACPI firmware (Advanced Configuration & Power Interface): • enables enhanced features, e.g hardware resource sharing • especially useful for mobile users who use portable computers that support standby, hibernation, hot and warm docking, or undocking features • Plug and Play Device Detection • runs asynchronously with the logon process • relies on system firmware, hardware, device driver, and operating system e.g. ACPI to detect and enumerate new devices

  32. Protecting the Server Software • All hardware can go wrong and should have a backup • What of software… need tools… • what to backup? • when to backup? • How to backup? • where to put the backup? • how long to keep the backup? • can the backed up software be fully restored…

  33. Client Backup • Windows XP presents four backup choices: • all files • current user settings • all user settings • custom choice • can choose between anything from all files and folders to none

  34. Where to backup to? • Computer hard disk? • ideal backup location is a separate partition on the same disk • e.g. hard disk is partitioned into drive C and drive D • data is on drive C • can safely it back up to drive D. • Zip drive or other removable media • Unfortunately, the Windows Backup utility can't save files directly to a CD-RW drive • A shared network drive. Limited only by the amount of free space on the network share. • External hard disk drive. • USB, IEEE 1394, FireWire drives

  35. Prioritising Server Backup? • Servers typically hold a lot of data • Generally accepted that “system state” files are those that are most important for keeping the NOS functioning normally • need to be backed up on a regular basis

  36. System state • Active Directory (NTDS) • System Volume (SYSVOL) • Boot files • Registry • COM+ class registration database

More Related