How to Install Service Packs
Before installing a Service Pack, make sure you have no open applications on your computer; if you are on a LAN, also make sure that no one is connected to your computer. (You can use the Users button contained within the Control Panel’s Server applet to verify this fact.)
For More Information: For more information on the Server applet, see “Server,” Chapter 5.
Once you have verified there are no open applications or connected users, follow these steps to install the Service Pack update:
Locate the directory that contains the Service Pack files; for example, a hard disk directory, disk drive, or CD-ROM disc.
In this directory, run the program Update.exe. For example, you could use the Start menu/Run command and enter <path>\update, where <path> is the directory path of the Service Pack update files.
The update program informs you that it will upgrade your Windows NT installation to that Service Pack level. Click OK or press Enter to begin the installation process.
When the installation is complete, you will be informed that the system must now be rebooted (this is your only choice). When the system is restarted, it will be updated to the new Service Pack level.
Tip: To check the Service Pack level of a Windows NT computer, you can use the Version tab of the Windows NT Diagnostics program, located in the Start menu’s Administrative Tools program folder. You can also choose Run from the Start menu and type winver to display version information about the Windows NT system.
USING EVENT VIEWER TO DIAGNOSE PROBLEMS
One of the most useful diagnostic tools in Windows NT is a utility called the Event Viewer. In Windows NT, an event is an occurrence of some kind that transpires on the system. Events can be related to the system, to security, or to applications and can range from being informational to critical in nature. When you diagnose a problem in Windows NT, you should look first inside Event Viewer. It usually provides direct reasons for or major clues to a particular problem.
The Event Viewer application is located in the Start menu/Programs/Administrative Tools program folder, and is shown in Figure 7.8 below.
Windows NT events are recorded in special files called event logs, which you can view with the Event Viewer application. Windows NT has three event logs:
System log: Records events related to Windows NT system components, including services and devices. If a service or device fails to load during Windows NT startup, an event log entry for that service/device is recorded in this log.
Security log: Records security-related events that occur in Windows NT. This lets a system administrator track changes to security settings and identify security breaches.
Application log: Records application-specific events for programs that are designed to use this feature. The usefulness of this log in diagnosing problems with a particular application will depend on whether or not that program records events.
Special Note: You must be a system administrator to view the Security log of a Windows NT computer.
Of the three event logs, the System and Application logs provide the most useful information for diagnosing problems. The System log can help with failures of system components, such as services or devices that fail to load. The Application log provides information for applications compatible with the Event Viewer. When you start the Event Viewer application, the System log is shown by default.
In the main Event Viewer window, events are displayed in a list sorted by date, and each event entry has an icon at left identifying its event type. The columns running across the screen give more information about the event. These column headings and their descriptions are listed in Table 7.2.
To view the details of an individual event recorded in an event log — including a full text description of the event — double-click on it in the Event Viewer window. A window displaying additional event-specific information will appear (see Figure 7.9).
You can also use the Next and Previous buttons when viewing an event detail window to view details about other events in the log.
The text descriptions of events are usually informative and often contain information helpful in determining the source of problems. The event number can provide information useful to a support technician at Microsoft or the developer of a particular application; each number indicates a specific kind of system and application problem.
As mentioned previously, the Event Viewer window displays different icons for different event types. Five different types of events — each with a distinctive icon — are recorded in an event log. Table 7.3 describes these events types.
Special Note: Security events are only recorded if the Audit Policy (set in User Manager) is set to perform event auditing.
Filtering Event Logs
Because the Event Viewer logs record many kinds of events, including such noncritical ones as information events, the logs can become very large over time. When logs become excessively large, troubleshooting can become time-consuming. When you diagnose a problem, you might find it beneficial to look only at warnings and errors because these are the types of events that will provide the information you’re looking for. Event Viewer lets you filter event logs, so that only log entries matching specific criteria are shown.
To set Event Viewer to only show log entries for warning or error system events, follow these steps:
Start the Event Viewer application (found in the Start menu/Programs/Administrative Tools program folder).
From the menu bar, choose View, Filter Events. The Filter dialog box appears (shown in Figure 7.10).
In the Types box, check the boxes for the types of events you wish to view (Figure 7.11). For diagnosing problems, you might want to check only the Warning and Error boxes. If you wish to limit the events shown to only those within a specific date range, set the beginning and ending dates in the View From and View Through boxes. To show only events related to a specific service or drive, choose the Source drop down list and click the service or drive whose log entries you wish to display.
When you are finished, click OK or press Enter. If you make a mistake and want to reset the dialog box options back to the defaults, press Clear.
Tip: Use the Source field of the event log filter to force Event Viewer to display only log entries related to a specified service or device. By specifying this information, you can quickly get a handle on problems related to that service/device and see its event history. You might also learn when the problem with the service or device began, which may provide additional clues about its cause.
Clearing an Event Log
As mentioned previously, event logs tend to grow very large, and the information they contain becomes dated. Occasionally, you may want to clear an event log, especially after you have solved a problem that was generating event log errors. Event Viewer also gives you the option of saving (archiving) an event log before it is deleted.
To clear an event log in the Event Viewer, follow these steps:
Display the log you want to clear on-screen by choosing it from the Event Viewer’s Log menu.
From the Log menu, click Clear All Events.
You will be asked whether you wish to save the log before deleting it. If you wish to save the log to a file, choose Yes; otherwise, choose No. If you choose to save the log to a file, you will also be asked to name the file.
Finally, Event Viewer will confirm that you wish to delete the log file and warn you that it is an irreversible action. Choose Yes to clear the log.
Tip: Users with administrative privileges can use the Event Viewer to view the event logs on other computers. To view these logs, choose Select Computer from the Log menu. Then select the computer from the list displayed or type the computer name in the Computer box.
MANAGING THE WINDOWS NT REGISTRY
The most critical component of a Windows NT installation is the registry. The registry is the Windows NT configuration database, and it is used by both the system and applications to store important configuration data. Any changes in your Windows NT environment — from screen saver settings to the addition of a new small computer system interface (SCSI) controller — are recorded in the Windows NT Registry. The registry consists of several different files, each of which stores information about a different aspect Windows NT’s environment.
The registry replaces the .ini file system that earlier Windows products such as Windows 3.x and Windows for Workgroups used to store configuration data. Instead of being a static text file (as with .ini files), the registry is a dynamic database that displays configuration data in “trees.” The registry database has many advantages over the older .ini file system, including
Centralization of configuration data: All data is found in one location, so you can easily find information related to a particular system component or application. You no longer have to search .ini files spread across multiple directories to view or edit configuration settings.
Better protection: Because the registry is a protected database and not a text file, it is harder for users and applications to make erroneous entries or delete configuration data in the registry. Also, Windows NT’s security system lets you set permissions on individual portions of the registry, restricting access where necessary.
Less clutter: The Windows NT Registry is far less susceptible to the accumulation of extraneous settings and garbage commonly seen in Windows 3.x System.ini and Win.ini files.
Despite all of its benefits, the registry is not foolproof. Because all of Windows NT’s vital data is stored in the registry, it is critical that the registry remain intact at all times. Invalid settings in the registry, whether made by a user, system service, or application, can render the system unstartable.
The registry is also more complicated than the .ini file system used in Windows 3.x products, and new users might find it difficult to understand and manage. This trepidation is — in the long run — beneficial, because playing around with unknown registry settings is very dangerous.
Working with NT’s Registry Editors
Despite the aforementioned caveats, you may occasionally need to make manual configuration changes to your Windows NT Registry database. Although such changes are rare, they are sometimes the only way to solve a problem or implement a particular feature. Therefore, some knowledge of the registry’s design and its management tools can be helpful.
The primary registry management utility in Windows NT is called the Registry Editor. Actually, starting with Windows NT 4.0, you are supplied with not one but two different Registry Editor utilities: Regedt32.exe and Redegit.exe. Both of these Registry Editors let you view the various registry database files and modify their contents. If you’re careful, you can sometimes use one of these Registry Editors to successfully troubleshoot advanced problems in Windows NT.
Caution: You should only edit the Windows NT Registry if you are an advanced user of Windows NT and are familiar with the values being changed, or you have been instructed to do so by Microsoft Product Support, a technical support representative of a hardware or software vendor, or a Microsoft KnowledgeBase article. However, be aware that even in these circumstances, Microsoft will tell you you’re doing so at your own risk. Do not experiment with registry changes you are unsure about: you can damage your Windows NT installation.
Windows NT 4.0 does not automatically create shortcut icons for the Registry Editor utilities. However, they are installed on every Windows NT System and can be accessed by choosing the Start menu’s Run option and typing either Regedit (for the Windows 95-like version) or Regedt32 (for the original, standard version) and pressing Enter. Both versions are capable of modifying the registry. New Windows NT users may want to use the newer Regedit.exe version of Registry Editor because it utilizes the Explorer interface and has better search capabilities than the older, original version (Regedt32.exe). The Regedit.exe version is also the best choice for Windows 95 users, due to the similarities between it and Windows 95’s Registry Editor. On the other hand, Windows NT 3.x users may prefer the traditional Regedt32.exe version for its familiarity.
The Regedt32.exe version of the Registry Editor utility is shown in Figure 7.12, and the Regedit.exe version in Figure 7.13.
Master SharePoint with 3 eLearning Seminars Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!
SharePointConnections Conference Fall 2008 Don’t miss the premier event for Microsoft IT Professionals in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).
VMworld 2008 - Sign Up Today! Join your peers on September 15-18 at The Venetian Hotel in Las Vegas as VMware hosts VMworld 2008, the leading Virtualization event.
Microsoft® Tech•Ed EMEA 2008 IT Professionals Advance your thinking with new ideas and practical real-world solutions at Microsoft’s FIVE day technical infrastructure conference 3-7 Nov., 2008. Register before 26 September 2008 to save €300.
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
Are You Really Compliant with Software Regulations? View this web seminar that will help you with compliance best practices and check out a management solution to assure that you won’t be in jeopardy of an audit.
Windows IT Pro
Register
