A Technician Is Troubleshooting A Windows Computer Experiencing Slow Startup? Quick Answer

The disk must contain at least one partition, which is usually mapped to a drive letter, and the partition must be formatted with an appropriate file system.

This guide describes how to troubleshoot and fix slow startup. This guide contains general tips that you can apply to these Windows versions: XP, Vista, 7, 8, 8.1, 10.

Fixes for a slow start

Solution #1: Check hard drive and/or memory

If your computer’s slow booting is caused by a faulty HDD/SSD, test your hard drive or RAM memory.

For more information on how to check HDD/SSD for errors, refer to this guide.

To do this, run the automatic repair from Easy Recovery Essentials (our recovery and repair disc). It will report any problems found with your hard drive or RAM memory.

Download Easy Recovery Essentials. Burn the ISO image. Follow our instructions on how to burn a bootable ISO image. If you want a recovery USB instead, follow our instructions on how to create a recovery USB. Boot into Easy Recovery Essentials. Choose Automatic Repair. Click “Continue” and wait for the automatic repair process to complete. The automatic repair process reports any problems found with your hard drive or RAM memory:

To download Easy Recovery Essentials, click here.

Solution #2: Disable startup applications

If slow booting is caused by a startup software application or service, you can fix the exact application causing it by disabling each application using the msconfig utility.

If after removing/disabling a specific software application your computer starts correctly and no longer starts slowly, then the problem may be coming from that software application. Try updating it to the latest version available.

Follow these steps to run msconfig:

Boot your system. Click Home. Click Run. Type: msconfig. Press Enter or click OK. Go to the Start or Services tab. Disable all services listed on this tab

If your computer still starts slowly, continue to Fix #2.

Fix #3: Delete Temporary Files

For more information on deleting temporary files, see this guide.

Large amounts of temporary files (stored in the special folder %temp% on Windows) can slow down your computer, including the startup process.

Follow these steps to delete the temporary files on your computer:

Start your computer. Click Home. Click Run. Enter the following: %temp%. Press Enter or click OK. Go to Folder Options (Tools > Folder Options for Windows XP; Organize or Tools > Folder Options for Windows Vista or 7). In the Folders section, check the Show hidden files, folders, or drive box. Click OK”. Select all files and folders from the Temporary folder. Right-click and click Delete.

If you cannot start Windows to delete the temporary files, use Easy Recovery Essentials’ automatic repair (our recovery and repair CD). In addition to automatically finding and fixing startup errors, temporary files can be automatically deleted.

Solution #4: Defragment Disk

A fragmented hard drive can slow down your computer and how it boots up.

Windows’ Disk Defragmenter utility lets you rearrange your hard drive’s fragmentation to make it run more efficiently.

Follow these steps to defragment your hard drive:

Start your computer and start Windows. Click Home. Search for disk defragmenter. In the Current Status section, select the disk that you want to defragment. If you have multiple disks listed, defragment all disks. Click Defragment Disk

Solution #5: Check for viruses

Download up-to-date antivirus software and run a scan.

If you don’t have one and/or cannot boot Windows, you can use Easy Recovery Essentials’ built-in antivirus scanner, which can run outside of Windows.

Easy Recovery Essentials for Windows Professional Edition has a powerful antivirus and rootkit scanner that can usually fix these and similar errors caused by virus, rootkit, trojan or spyware. EasyRE is currently available for Windows XP, Vista, 7 and 8 and can be downloaded and built on any PC.

You can download Easy Recovery Essentials here.

Fix #6: Run Startup Repair

The Startup Repair utility can find and fix various errors that may be preventing your computer from starting correctly. If the slow startup is caused by a startup error, Startup Repair will attempt to fix the error.

The Startup Repair utility is only available on Windows Vista and Windows 7 systems. For Windows XP systems, follow the next instructions in Fix #7.

Insert the Windows Vista or Windows 7 installation CD (the installation DVD) and boot from it. On the Welcome screen, click Repair your computer. Select your operating system and click Next to continue, restart your computer

Fix #7: Run chkdsk and sfc

If you have Windows XP, follow these steps:

Insert the Windows XP CD and boot from it. At “Welcome to Setup,” press “R.” Type: chkdsk C: /r Replace C: with the letter of the drive where Windows is installed. Press Enter. Type: sfc /scannow /offbootdir=c:\ /offwindir=c:\windows Replace C: with the letter of the drive where your Windows XP is installed. Press Enter Type exit and press Enter . Restart your computer.

If you have Windows Vista or Windows 7, follow these steps:

Follow the steps of fix #7 until you reach Command Prompt. When Command Prompt loads, enter this command: chkdsk C: /r Where C: is the drive letter where your Windows Vista or Windows 7 is installed. Press Enter Type: sfc /scannow Press Enter Type: exit Press Enter Restart your computer

If you have Windows 8 or Windows 10, follow these steps:

Insert the installation medium (DVD or USB). On the Welcome screen, click Repair your computer. On the Choose an option screen, click Troubleshoot. Click on additional options. Click Command Prompt. Type: chkdsk C: /f /x /r Replace C: with the letter where Windows 8/8.1 is installed. Press Enter: sfc /scannow Press Enter:

Exit Press Enter. Restart your computer

Other fixes you can try

If none of the above fixes fixed your computer’s slow startup, consider these tips:

Tip #1: Delete software you don’t use

Software applications that you no longer use can slow down your computer.

If you cannot boot Windows, boot into Last Known Good Configuration or Safe Mode and try uninstalling software applications that you no longer use:

Restart your computer. Press the F8 key to open the Advanced Boot Options menu. Choose Last Known Good Configuration or Safe Mode. Press Enter

Tip #2: Upgrade RAM or install SSD

If you have already checked your hard drive or memory for errors, you should consider upgrading your memory or moving from hard drive to SSD.

Tip #3: Update drivers

If you’ve recently added hardware drivers to your computer, make sure you have the latest version available from the manufacturer that’s compatible with the version of Windows you’re running: XP, Vista, 7, or 8.

Tip #4: Update or reinstall Windows

Updating or reinstalling Windows can fix slow startup.

Reinstalling Windows means you will lose all data if you don’t back up your personal files.

You can use the Easy Recovery Essentials Browse/Backup Files feature to access your computer and back up your personal files to a USB drive:

Download Easy Recovery Essentials. Make sure you select your Windows version – XP, Vista, 7 or 8 – before downloading EasyRE. Burn the ISO image. Our guides will help you: how to burn EasyRE to CD/DVD, how to create bootable EasyRE recovery USB drive. Boot your PC from the Easy Recovery Essentials CD or USB stick that you created. Select the Browse/Backup Files option and click Next . You now have access to your files. You can back up the files to an external USB drive.

Download Easy Recovery Essentials by clicking this link.

Follow these steps to reinstall Windows Vista or Windows 7:

Insert the installation DVD and boot from it. Select a keyboard method and language and click Next. On the Welcome screen, click Install Now. Follow the wizard to complete the installation process

More information

Linked Entries

Applicable Systems

This Windows-related knowledgebase article applies to the following operating systems:

Windows XP (all editions)

Windows Vista (all editions)

Windows 7 (all editions)

Windows 8 (all editions)

Windows 8.1 (all editions)

Windows 10 (all editions)

Suggest an edit

Table of Contents

Credentials processes in Windows authentication

article

07/29/2021

26 minutes to read

9 contributors

In this article

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016

This reference topic for IT professionals describes how Windows authentication handles credentials.

Windows credential management is the process by which the operating system obtains the credentials from the service or user and secures that information for future presentation to the authentication target. For a domain-joined computer, the authentication target is the domain controller. The credentials used in authentication are digital documents that associate the user’s identity with some form of proof of authenticity, such as a B. a certificate, a password or a PIN.

By default, the Winlogon service validates Windows credentials against the Security Accounts Manager (SAM) database on the local computer or against Active Directory on a domain-joined computer. Credentials are collected through user input on the login user interface or programmatically via the application programming interface (API) to be presented to the authentication target.

Local security information is stored in the registry under HKEY_LOCAL_MACHINE\SECURITY. The information stored includes policy settings, default security values, and account information, e.g. B. Cached credentials. A copy of the SAM database is also stored here, but it is read-only.

The following diagram shows the components required and the paths that credentials take through the system to authenticate the user or process for a successful login.

The following table describes each component that manages credentials in the authentication process at login time.

Authentication components for all systems

Component Description User Logon Winlogon.exe is the executable file responsible for managing secure user interactions. The Winlogon service initiates the logon process for Windows operating systems by forwarding the credentials collected through user actions on the secure desktop (Logon UI) to the Local Security Authority (LSA) via Secur32.dll. Application logon Application or service logons that do not require interactive logon. Most user-initiated processes run in user mode using Secur32.dll, while startup-initiated processes such as Services, such as services, are run in kernel mode using Ksecdd.sys. For more information about user mode and kernel mode, see Applications and User Mode or Services and Kernel Mode in this topic. Secur32.dll The multiple authentication providers that form the basis of the authentication process. Lsasrv.dll The LSA Server service, which both enforces security policies and acts as the security package manager for the LSA. The LSA contains the Negotiate function, which selects either the NTLM or Kerberos protocol after determining which protocol should succeed. security support provider A set of providers that can individually invoke one or more authentication protocols. The default set of providers can change with each version of the Windows operating system, and custom providers can be written. Netlogon.dll The following services are performed by the Net Logon service: – Maintains the computer’s secure channel (not to be confused with Schannel) to a domain controller.

– Passes the user’s credentials to the domain controller over a secure channel and returns the domain security identifiers (SIDs) and user rights for the user.

– Publishes service resource records in the Domain Name System (DNS) and uses DNS to resolve names to Internet Protocol (IP) addresses of domain controllers.

– Implements the replication protocol based on remote procedure call (RPC) to synchronize primary domain controllers (PDCs) and backup domain controllers (BDCs). Samsrv.dll The Security Accounts Manager (SAM), which stores local security accounts, enforces locally stored policies and supports APIs. Registry The registry contains a copy of the SAM database, local security policy settings, default security values, and account information that only the system can access.

This topic contains the following sections:

Entry of access data for user registration

In Windows Server 2008 and Windows Vista, the Graphical Identification and Authentication (GINA) architecture was replaced by a credential provider model that allowed different logon types to be enumerated through the use of logon tiles. Both models are described below.

Graphical identification and authentication architecture

The Graphical Identification and Authentication (GINA) architecture applies to the Windows Server 2003, Microsoft Windows 2000 Server, Windows XP, and Windows 2000 Professional operating systems. In these systems, each interactive logon session creates a separate instance of the Winlogon service. The GINA architecture is loaded into the process space used by Winlogon, receives and processes the credentials, and makes the calls to the authentication interfaces through LSALogonUser.

The instances of Winlogon for an interactive logon run in session 0. Session 0 hosts system services and other critical processes, including the Local Security Authority (LSA) process.

The following diagram shows the logon process for Windows Server 2003, Microsoft Windows 2000 Server, Windows XP, and Microsoft Windows 2000 Professional.

Credential provider architecture

The credential provider architecture applies to the versions specified in the “Applies to” list at the beginning of this topic. In these systems, the architecture for entering credentials has been changed to an extensible design through the use of credential providers. These providers are represented by the different login tiles on the secure desktop, which allow for any number of login scenarios – different accounts for the same user and different authentication methods such as password, smart card and biometrics.

With the credential provider architecture, Winlogon always launches the login UI after receiving a secure attention sequence event. The credential UI queries each credential provider for the number of distinct credential types that the provider is configured to enumerate. Credential providers have the option to set one of these tiles as the default. After all providers have enumerated their tiles, Logon UI displays them to the user. The user interacts with a tile to provide their credentials. The login UI submits these credentials for authentication.

Credential providers are not enforcement mechanisms. They are used to collect and serialize credentials. Local security authority and authentication packages enforce security.

Credential providers are registered on the computer and are responsible for:

Description of the credentials required for authentication.

Handling of communication and logic with external authentication authorities.

Packaging credentials for interactive logon and network logon.

Packaging credentials for interactive logon and network logon includes the process of serialization. Credential serialization allows multiple login tiles to be displayed on the login UI. Therefore, your organization can control the login screen such as users, login target systems, pre-login access to the network, and workstation lock/unlock policies – through the use of customized credential providers. Multiple credential providers can coexist on the same computer.

Single sign-on (SSO) providers can be developed as standard credential providers or as pre-logon access providers.

Every version of Windows comes with a default credential provider and a default Pre-Logon Access (PLAP) provider, also known as the SSO provider. The SSO provider allows users to connect to a network before logging on to the local computer. When this provider is implemented, the provider does not list tiles on the login UI.

An SSO provider is intended to be used in the following scenarios:

Network authentication and computer logon are handled by different credential providers. Variations on this scenario include: A user is given the opportunity to connect to a network, e.g. B. with a virtual private network (VPN) before logging on to the computer, but does not have to make this connection. Network authentication is required to retrieve information used during interactive authentication on the local computer. Multiple network authentications are followed by one of the other scenarios. For example, a user authenticates with an internet service provider (ISP), authenticates with a VPN, and then uses their user account credentials to log on locally. Cached credentials are disabled and a Remote Access Services connection over VPN is required to authenticate the user before logging on locally. A domain user does not have a local account set up on a domain-joined computer and must establish a Remote Access Services connection over a VPN connection before completing the interactive logon.

Network authentication and computer logon are handled by the same credential provider. In this scenario, the user must connect to the network before logging on to the computer.

Enumeration of login tiles

The credential provider lists credential tiles in the following cases:

For the operating systems listed in the “Applies to” list at the beginning of this topic.

The credential provider lists the workstation logon tiles. The credential provider typically serializes credentials for authentication with the local security authority. This process displays tiles specific to each user and to each user’s target systems.

The credential and authentication architecture allows a user to use tiles enumerated by the credential provider to unlock a workstation. Usually the currently logged in user is the default tile, but if more than one user is logged in, numerous tiles are displayed.

The permissions provider lists tiles in response to a user request to change their password or other private information, such as a PIN. Usually the currently logged in user is the default tile; However, if more than one user is logged in, numerous tiles are displayed.

The credential provider lists tiles based on the serialized credentials to use for authentication on remote machines. The credential UI does not use the same instance of the provider as the login, unlock workstation, or change password UI. Therefore, state information cannot be maintained in the provider between instances of the credential UI. This structure results in a tile for each remote computer login, provided the credentials have been correctly serialized. This scenario is also used in User Account Control (UAC), which can help prevent unauthorized changes to a computer by asking the user for permission or an administrator password before allowing actions that might affect the computer’s operation or Settings could change that affect other users of the computer.

The following diagram shows the enrollment process for the operating systems specified in the Applies to list at the beginning of this topic.

Enter credentials to sign in to applications and services

Windows authentication was designed to manage credentials for applications or services that do not require user interaction. User-mode applications are limited in terms of the system resources they have access to, while services can have unrestricted access to system memory and external devices.

Transport-level system services and applications access a Security Support Provider (SSP) through the Security Support Provider Interface (SSPI) in Windows, which provides functions to enumerate the security packages available on a system, select a package, and retrieve that package in an authenticated manner Connection.

When authenticating a client/server connection:

The application on the client side of the connection sends credentials to the server using the InitializeSecurityContext(General) SSPI function.

The application on the server side of the connection responds with the SSPI function AcceptSecurityContext (General) .

The SSPI functions InitializeSecurityContext(General) and AcceptSecurityContext(General) are repeated until all required authentication messages have been exchanged to either succeed or fail the authentication.

After the connection is authenticated, the LSA on the server uses information from the client to create the security context, which contains an access token.

The server can then call the ImpersonateSecurityContext SSPI function to attach the access token to an impersonation thread for the service.

Applications and User Mode

User mode in Windows consists of two systems that can route I/O requests to the appropriate kernel-mode drivers: the environmental system, which runs applications written for many different types of operating systems, and the integral system, which operates system-specific functions on behalf of the environmental system.

The integral system manages operating system specific functions on behalf of the surrounding system and consists of a security system process (the LSA), a workstation service and a server service. The security system process handles security tokens, grants or denies permissions to access user accounts based on resource permissions, handles login requests and initiates login authentication, and determines what system resources the operating system must check.

Applications can run in user mode, in which the application can run as any principal, including in the local system (SYSTEM) security context. Applications can also run in kernel mode, which allows the application to run in the local system (SYSTEM) security context.

SSPI is available through the Secur32.dll module, which is an API used to get built-in security services for authentication, message integrity, and message privacy. It provides a layer of abstraction between application-level protocols and security protocols. Because different applications require different methods of identifying or authenticating users and different methods of encrypting data as it travels over a network, SSPI provides a way to access DLLs (Dynamic Link Libraries) that contain different authentication and cryptographic functions . These DLLs are called Security Support Providers (SSPs).

Managed service accounts and virtual accounts were introduced in Windows Server 2008 R2 and Windows 7 to provide critical applications such as Microsoft SQL Server and Internet Information Services (IIS) with the isolation of their own domain accounts while eliminating the need for an administrator to manage the Service Principal Name (SPN) and manually manage the credentials for those accounts. For more information about these features and their role in authentication, see the Managed Service Accounts documentation for Windows 7 and Windows Server 2008 R2 and the Group Managed Service Accounts Overview.

Services and kernel mode

Although most Windows applications run in the security context of the user who starts them, services do not. Many Windows services, such as Services such as network and printing services are started by the service controller when the user starts the computer. These services may run as a local service or local system and may continue to run after the last human user logs off.

Note Services typically run in security contexts called Local System (SYSTEM), Network Service, or Local Service. Windows Server 2008 R2 introduced services running under a managed service account, which are domain principals.

Before starting a service, the service controller logs in with the account designated for the service and then presents the service’s credentials for authentication by the LSA. The Windows service implements a programmatic interface that the service controller manager can use to control the service. A Windows service can be started automatically at system startup or manually using a service control program. For example, when a Windows client computer joins a domain, Messenger on the computer connects to a domain controller and opens a secure channel with it. To obtain an authenticated connection, the service must have credentials that are trusted by the remote computer’s Local Security Authority (LSA). When communicating with other computers on the network, LSA uses the local computer’s domain account credentials, as do all other services that run in the local system and network service security context. Services on the local machine run as SYSTEM, so no credentials need to be presented to the LSA.

The Ksecdd.sys file manages and encrypts these credentials and uses a local procedure call into the LSA. The file type is DRV (driver) and is referred to as Security Support Provider (SSP) in kernel mode and is FIPS 140-2 Level 1 compliant in the versions specified in the Applies To list at the beginning of this topic.

Kernel mode has full access to the computer’s hardware and system resources. Kernel mode prevents user-mode services and applications from accessing critical areas of the operating system that they shouldn’t have access to.

Local Security Agency

The Local Security Authority (LSA) is a protected system process that authenticates and logs users on the local computer. In addition, LSA maintains information about all aspects of local security on a computer (these aspects are collectively referred to as local security policy) and provides various services for translation between names and security identifiers (SIDs). The security system process, Local Security Authority Server Service (LSASS), tracks the security policies and accounts in effect on a computer system.

The LSA validates a user’s identity based on which of the following two entities issued the user’s account:

Local Security Agency. The LSA can validate user information by checking the Security Accounts Manager (SAM) database located on the same computer. Each workstation or member server can store local user accounts and information about local groups. However, these accounts can only be used to access that workstation or computer.

Security authority for the local domain or for a trusted domain. The LSA contacts the entity that issued the account and requests confirmation that the account is valid and that the request came from the account holder.

The Local Security Authority Subsystem Service (LSASS) stores credentials on behalf of users with active Windows sessions. The saved credentials enable users to seamlessly access network resources such as file shares, Exchange Server mailboxes, and SharePoint sites without having to re-enter their credentials for each remote service.

LSASS can store credentials in several forms, including:

Reversibly encrypted plaintext

Kerberos tickets (ticket-granting tickets (TGTs), service tickets)

NT hash

LAN Manager (LM) hash

When the user logs on to Windows with a smart card, LSASS does not store a plain-text password, but instead stores the corresponding NT hash for the account and the plain-text PIN for the smart card. When the account attribute is enabled for a smart card that is required for interactive logon, a random NT hash is automatically generated for the account instead of the original password hash. The password hash, which is generated automatically when the attribute is set, does not change.

When a user logs on to a Windows-based computer with a password that is compatible with LAN Manager (LM) hashes, this authenticator is present in memory.

The storage of clear-text credentials in memory cannot be disabled, even if the credential providers that require them are disabled.

The stored credentials are directly associated with Local Security Authority Subsystem Service (LSASS) logon sessions that started and were not closed after the last reboot. For example, LSA sessions with saved LSA credentials are created when a user performs one of the following actions:

Logs in to a local session or a Remote Desktop Protocol (RDP) session on the computer

Runs a task with the RunAs option

Runs an active Windows service on the computer

Runs a scheduled task or batch job

Runs a task on the local computer using a remote management tool

Under certain circumstances, the LSA secrets, which are secret data that only SYSTEM account processes can access, are stored on disk. Some of these secrets are credentials that must persist across reboots, and they are stored on disk in an encrypted form. Credentials stored as LSA secrets may include:

Account password for the computer’s Active Directory Domain Services (AD DS) account

Account passwords for Windows services configured on the computer

Account passwords for configured scheduled tasks

Account passwords for IIS application pools and websites

Microsoft account passwords

The client operating system introduced in Windows 8.1 provides additional protection for the LSA to prevent memory reading and code injection by unprotected processes. This protection increases security for the credentials that the LSA stores and maintains.

For more information about these additional protections, see Configuring Additional LSA Protection.

Cached credentials and validation

Validation mechanisms rely on the submission of credentials at the time of enrollment. However, if the computer is disconnected from a domain controller and the user presents domain credentials, Windows uses the cached credentials process in the validation mechanism.

Each time a user logs on to a domain, Windows caches the provided credentials and stores them in the security hive in the operating system’s registry.

Cached credentials allow the user to log on to a domain member without being connected to a domain controller within that domain.

Storage and Validation of Credentials

It’s not always desirable to use one set of credentials to access different resources. For example, an administrator might want to use administrator and not user credentials when accessing a remote server. When a user accesses external resources, e.g. Similarly, if they have a bank account, they can only use credentials that are different from their domain credentials. The following sections describe the differences in credential management between current versions of Windows operating systems and the Windows Vista and Windows XP operating systems.

Remote credential processes

The Remote Desktop Protocol (RDP) manages the credentials of the user connecting to a remote computer using the Remote Desktop client introduced in Windows 8, the authentication process and, if successful, connects the user to permitted resources. RDP does not store the credentials on the client, but the user’s domain credentials are stored in the LSASS.

Introduced in Windows Server 2012 R2 and Windows 8.1, Restricted Admin Mode provides additional security for remote login scenarios. This mode of remote desktop causes the client application to perform a network logon challenge-response request using the NT one-way function (NTOWF) or using a Kerberos service ticket when authenticating with the remote host. After the administrator is authenticated, the administrator does not have the appropriate account credentials in LSASS because they were not submitted to the remote host. Instead, the administrator has the computer account credentials for the session. Administrator credentials are not provided to the remote host, so actions are performed as a computer account. Also, resources are limited to the computer account, and the administrator cannot access resources using their own account.

Credential process for auto restart

When a user logs on to a Windows 8.1 device, LSA stores the user credentials in an encrypted store that only LSASS.exe can access. If Windows Update initiates an automatic restart without the user present, these credentials are used to configure automatic logon for the user.

On reboot, the user is automatically logged on via the autologon mechanism, and then the computer is additionally locked to protect the user’s session. Lockdown is initiated via Winlogon while credential management is handled by LSA. Automatically logging in and locking the user’s session on the console restarts the user’s lock screen applications and makes them available.

For more information about ARSO, see Winlogon Automatic Restart Sign-On (ARSO).

Saved usernames and passwords in Windows Vista and Windows XP

In Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP, stored usernames and passwords in Control Panel simplify management and use of multiple credential sets, including X.509 certificates used with smart cards and Windows Live credentials (now called Microsoft account). The credentials – part of the user profile – are stored until they are needed. This action can increase per-resource security by ensuring that compromise of a password does not compromise overall security.

After a user logs in and attempts to access additional password-protected resources, e.g. a share on a server, and if the user’s default credentials are not sufficient to gain access, stored usernames and passwords are prompted. If alternate credentials with the correct credentials are saved in Saved Usernames and Passwords, those credentials will be used to gain access. Otherwise, the user is prompted for new credentials, which can then be saved for reuse, either later in the login session or during a subsequent session.

The following restrictions apply:

Wenn „Gespeicherte Benutzernamen und Kennwörter“ ungültige oder falsche Anmeldeinformationen für eine bestimmte Ressource enthält, wird der Zugriff auf die Ressource verweigert, und das Dialogfeld „Gespeicherte Benutzernamen und Kennwörter“ wird nicht angezeigt.

Gespeicherte Benutzernamen und Kennwörter speichern Anmeldeinformationen nur für NTLM, Kerberos-Protokoll, Microsoft-Konto (ehemals Windows Live ID) und Secure Sockets Layer (SSL)-Authentifizierung. Einige Versionen von Internet Explorer verwalten ihren eigenen Cache für die Standardauthentifizierung.

Diese Anmeldeinformationen werden zu einem verschlüsselten Teil des lokalen Profils eines Benutzers im Verzeichnis \Dokumente und Einstellungen\Benutzername\Anwendungsdaten\Microsoft\Credentials. Daher können diese Anmeldeinformationen mit dem Benutzer roamen, wenn die Netzwerkrichtlinie des Benutzers Roaming-Benutzerprofile unterstützt. Wenn der Benutzer jedoch Kopien von gespeicherten Benutzernamen und Kennwörtern auf zwei verschiedenen Computern hat und die Anmeldeinformationen ändert, die der Ressource auf einem dieser Computer zugeordnet sind, wird die Änderung nicht an die gespeicherten Benutzernamen und Kennwörter auf dem zweiten Computer weitergegeben.

Windows Vault und Anmeldeinformations-Manager

Der Anmeldeinformations-Manager wurde in Windows Server 2008 R2 und Windows 7 als Funktion der Systemsteuerung zum Speichern und Verwalten von Benutzernamen und Kennwörtern eingeführt. Mit Credential Manager können Benutzer Anmeldeinformationen, die für andere Systeme und Websites relevant sind, im sicheren Windows Vault speichern. Einige Versionen von Internet Explorer verwenden diese Funktion zur Authentifizierung bei Websites.

Die Verwaltung von Anmeldeinformationen mithilfe von Credential Manager wird vom Benutzer auf dem lokalen Computer gesteuert. Benutzer können Anmeldeinformationen von unterstützten Browsern und Windows-Anwendungen speichern und speichern, um sich bequem bei diesen Ressourcen anzumelden. Anmeldeinformationen werden in speziellen verschlüsselten Ordnern auf dem Computer unter dem Profil des Benutzers gespeichert. Anwendungen, die diese Funktion unterstützen (durch die Verwendung der Credential Manager-APIs), wie z. B. Webbrowser und Apps, können anderen Computern und Websites während des Anmeldevorgangs die richtigen Anmeldeinformationen präsentieren.

Wenn eine Website, eine Anwendung oder ein anderer Computer eine Authentifizierung über NTLM oder das Kerberos-Protokoll anfordert, wird ein Dialogfeld angezeigt, in dem Sie das Kontrollkästchen Standardanmeldeinformationen aktualisieren oder Kennwort speichern aktivieren. Dieses Dialogfeld, in dem ein Benutzer Anmeldeinformationen lokal speichern kann, wird von einer Anwendung generiert, die die Credential Manager-APIs unterstützt. Wenn der Benutzer das Kontrollkästchen Kennwort speichern aktiviert, verfolgt Credential Manager den Benutzernamen, das Kennwort und zugehörige Informationen des verwendeten Authentifizierungsdienstes.

Wenn der Dienst das nächste Mal verwendet wird, liefert Credential Manager automatisch die Anmeldeinformationen, die im Windows Vault gespeichert sind. Wenn sie nicht akzeptiert wird, wird der Benutzer zur Eingabe der korrekten Zugangsinformationen aufgefordert. Wenn der Zugriff mit den neuen Anmeldeinformationen gewährt wird, überschreibt Credential Manager die vorherigen Anmeldeinformationen mit den neuen und speichert dann die neuen Anmeldeinformationen im Windows Vault.

Security Accounts Manager-Datenbank

Der Security Accounts Manager (SAM) ist eine Datenbank, die lokale Benutzerkonten und Gruppen speichert. Es ist in jedem Windows-Betriebssystem vorhanden; Wenn ein Computer jedoch einer Domäne beigetreten ist, verwaltet Active Directory Domänenkonten in Active Directory-Domänen.

Beispielsweise nehmen Clientcomputer, auf denen ein Windows-Betriebssystem ausgeführt wird, an einer Netzwerkdomäne teil, indem sie mit einem Domänencontroller kommunizieren, selbst wenn kein menschlicher Benutzer angemeldet ist. Um die Kommunikation zu initiieren, muss der Computer über ein aktives Konto in der Domäne verfügen. Bevor die Kommunikation vom Computer akzeptiert wird, authentifiziert die LSA auf dem Domänencontroller die Identität des Computers und erstellt dann den Sicherheitskontext des Computers, genau wie bei einem menschlichen Sicherheitsprinzipal. Dieser Sicherheitskontext definiert die Identität und Fähigkeiten eines Benutzers oder Dienstes auf einem bestimmten Computer oder eines Benutzers, Dienstes oder Computers in einem Netzwerk. Beispielsweise definiert das im Sicherheitskontext enthaltene Zugriffstoken die Ressourcen (z. B. eine Dateifreigabe oder einen Drucker), auf die zugegriffen werden kann, und die Aktionen (z. B. Lesen, Schreiben oder Ändern), die von diesem Prinzipal – einem Benutzer – ausgeführt werden können , Computer oder Dienst auf dieser Ressource.

Der Sicherheitskontext eines Benutzers oder Computers kann von einem Computer zum anderen variieren, beispielsweise wenn sich ein Benutzer bei einem Server oder einer anderen Arbeitsstation als der eigenen primären Arbeitsstation des Benutzers anmeldet. Sie kann auch von Sitzung zu Sitzung variieren, z. B. wenn ein Administrator die Rechte und Berechtigungen des Benutzers ändert. Darüber hinaus ist der Sicherheitskontext normalerweise anders, wenn ein Benutzer oder Computer eigenständig, in einem Netzwerk oder als Teil einer Active Directory-Domäne betrieben wird.

Lokale Domänen und vertrauenswürdige Domänen

Wenn zwischen zwei Domänen eine Vertrauensstellung besteht, verlassen sich die Authentifizierungsmechanismen für jede Domäne auf die Gültigkeit der Authentifizierungen, die von der anderen Domäne kommen. Vertrauensstellungen helfen dabei, kontrollierten Zugriff auf freigegebene Ressourcen in einer Ressourcendomäne (der vertrauenden Domäne) bereitzustellen, indem sie überprüfen, ob eingehende Authentifizierungsanforderungen von einer vertrauenswürdigen Stelle (der vertrauenswürdigen Domäne) stammen. Auf diese Weise fungieren Vertrauensstellungen als Brücken, die nur validierte Authentifizierungsanfragen zwischen Domänen übertragen lassen.

Wie eine bestimmte Vertrauensstellung Authentifizierungsanfragen übergibt, hängt von ihrer Konfiguration ab. Trust relationships can be one-way, by providing access from the trusted domain to resources in the trusting domain, or two-way, by providing access from each domain to resources in the other domain. Trusts are also either nontransitive, in which case a trust exists only between the two trust partner domains, or transitive, in which case a trust automatically extends to any other domains that either of the partners trusts.

For information about domain and forest trust relationships regarding authentication, see Delegated Authentication and Trust Relationships.

Certificates in Windows authentication

A public key infrastructure (PKI) is the combination of software, encryption technologies, processes, and services that enable an organization to secure its communications and business transactions. The ability of a PKI to secure communications and business transactions is based on the exchange of digital certificates between authenticated users and trusted resources.

A digital certificate is an electronic document that contains information about the entity it belongs to, the entity it was issued by, a unique serial number or some other unique identification, issuance and expiration dates, and a digital fingerprint.

Authentication is the process of determining if a remote host can be trusted. To establish its trustworthiness, the remote host must provide an acceptable authentication certificate.

Remote hosts establish their trustworthiness by obtaining a certificate from a certification authority (CA). The CA can, in turn, have certification from a higher authority, which creates a chain of trust. To determine whether a certificate is trustworthy, an application must determine the identity of the root CA, and then determine if it is trustworthy.

Similarly, the remote host or local computer must determine if the certificate presented by the user or application is authentic. The certificate presented by the user through the LSA and SSPI is evaluated for authenticity on the local computer for local logon, on the network, or on the domain through the certificate stores in Active Directory.

To produce a certificate, authentication data passes through hash algorithms, such as Secure Hash Algorithm 1 (SHA1), to produce a message digest. The message digest is then digitally signed by using the sender’s private key to prove that the message digest was produced by the sender.

Note SHA1 is the default in Windows 7 and Windows Vista, but was changed to SHA2 in Windows 8.

Smart card authentication

Smart card technology is an example of certificate-based authentication. Logging on to a network with a smart card provides a strong form of authentication because it uses cryptography-based identification and proof of possession when authenticating a user to a domain. Active Directory Certificate Services (AD CS) provides the cryptographic-based identification through the issuance of a logon certificate for each smart card.

For information about smart card authentication, see the Windows Smart Card Technical Reference.

Virtual smart card technology was introduced in Windows 8. It stores the smart card’s certificate in the PC, and then protects it by using the device’s tamper-proof Trusted Platform Module (TPM) security chip. In this way, the PC actually becomes the smart card which must receive the user’s PIN in order to be authenticated.

Remote and wireless authentication

Remote and wireless network authentication is another technology that uses certificates for authentication. The Internet Authentication Service (IAS) and virtual private network servers use Extensible Authentication Protocol-Transport Level Security (EAP-TLS), Protected Extensible Authentication Protocol (PEAP), or Internet Protocol security (IPsec) to perform certificate-based authentication for many types of network access, including virtual private network (VPN) and wireless connections.

For information about certificate-based authentication in networking, see Network access authentication and certificates.

See also

Windows Authentication Concepts

A hard boot takes longer than a soft boot.

t/f true

The Advanced Boot Options menu is displayed when a user presses F8 while loading Windows.

t/f wrong

In safe mode, there is no option for network access.

t/f wrong

A Windows 7 system repair disc can be created using the Backup and Restore utility.

t/f true

When solving a Windows problem, always choose the method that makes as many changes as possible to the system in order to rejuvenate the machine.

t/f wrong

What program is responsible for reading the motherboard settings and running the POST? Boot BIOS

What is the name of the program that reads the settings in the Boot Configuration Data (BCD) file and manages the first boot of the operating system? Windows Boot Manager

What program starts the part of the Win32 subsystem that displays graphics? SMS.exe

Which option should be enabled to show what was and was not loaded during boot? boot logging

It is important to try the ________________________ early in the troubleshooting session before overriding it. Last known working configuration

Which Windows RE tool is considered the least intrusive? jump start

Which Windows RE tool should be used when you suspect the hard drive is corrupt? command prompt

Name the Windows RE command that can be used to manage disks, partitions and volumes. disk part

What diskpart command is used to remove partition or volume information from selected disk? clean

Which of the following Windows RE commands can be used to search for Windows installations not stored in the BCD?

Question options:

1)

bootrec /scanOS

2) bootrec /fixmbr

3) bootrec /fixboot

4) bcdedit bootrec /scanOS

What key to press during boot to see Advanced Boot Options? F8

Which of the following keys causes the Windows Boot Manager to be displayed as long as it is pressed during the boot process?

1) F8

2)

spacebar

3) F5

4) Enter the space bar

What should you try first if the hard drive is not spinning at startup? Check power connections and switches

What command is used to check and repair disk? chkdsk c:/r

Which of the following symptoms might indicate that the MBR record is corrupt?

Question options:

1) loud clicking sound

2)

Invalid partition table error

3) Error message “RAID not found”.

4) Invalid boot disk error Invalid partition table error

The ____ command finds and replaces corrupted system files. sfc /scan

Which of the following error messages indicates that the MBR program cannot find BootMgr or cannot hand over operation to it? (Choose all that apply).

Question options:

1) Invalid drive specification

2) Missing operating system

3) Windows failed to load

4) Invalid partition table Missing operating system

3) Windows failed to load

4) Invalid partition table

Which of the following actions can occur while BootMgr is rolling at startup? (Choose all that apply.)

1) POST is performed

2) MBR program searches for partition table

3) it reads the settings in the BCD

4) Dual boot menu is displayed, it reads the settings in the BCD

4) Dual boot menu will appear

Which of the following does the kernel do during the boot process? (Choose all that apply.)

Question options:

1) Activates the HAL

2) starts critical services

3) Loads the system registry hive

4) Starts the session manager 1) Activates the HAL

2) starts critical services

Starts the session manager

Which of the following text error messages may indicate that the BIOS could not find a hard drive? (Choose all that apply).

Question options:

1)

Invalid boot disk

2)

Non-system disk or hard disk error

3)

Error loading operating system

4) A disc read error has occurred 1)

Invalid boot disk

2)

Non-system disk or hard disk error

4) A disk read error has occurred

WinLoad loads ________________ into memory but does not start it yet. kernel

Use the _______ ______ with network option if you are solving a boot problem and need access to the network to solve the problem. security mode

_______________ is a lightweight operating system that can be used to solve Windows boot problems after other tools available in the Advanced Boot Options menu failed to solve the problem. window right

When you load Windows in safe mode, all files used for loading are recorded in the file ______________________. ntbtlog

In __________ mode, you have the ability to move boot logs from a failed computer to another computer for evaluation. Debug

How to restart a PC without turning off the soft boot

Registry settings and device drivers in effect when the computer last started successfully. Last known good configuration

The Windows 7/Vista program that manages the first boot of Windows. Windows Boot Manager

A lightweight operating system that can be used to fix problems when Windows refuses to start. Windows Recovery Environment (RE)

A self-diagnostic utility used to perform a simple test of the CPU, RAM, and various I/O devices. POST (Power On Self Test)

Recording of all files used during the boot log of the loading process

A Windows 7/Vista command that repairs the boot sector of the system partition. repair boat

Restart the computer by turning it off or restarting it by pressing the reset button during cold boot

A Windows 7/Vista file has the same structure as a registry file and contains configuration information about how Windows starts. Boot configuration data file

Efficient SQL Server performance monitoring includes monitoring OS, SQL Server, and database performance. In How to Monitor Your SQL Server Instances and Databases, we introduced tools to monitor the last two performance metrics. In this article, we will introduce tools that enable OS performance monitoring.

Monitoring the performance of all three groups above provides a complete picture of system health and critical information needed to troubleshoot performance issues and bottlenecks. Operating system performance metrics relate to disk, memory, processor, and network performance. Some of the key system performance metrics are available memory, average bytes per read/write, average read/write time, disk reads/writes per second, network utilization, pages input per second, pages per second, processor queue length, and processor usage.

The choice of metrics used for monitoring depends on the monitoring goals and performance requirements. It is important for a DBA to be able to improve performance based on the monitoring results, but also to be able to identify potential problems and bottlenecks in a timely manner and fix them before they affect the system.

Windows Task Manager

This is a native Windows monitoring tool useful for basic monitoring and troubleshooting. It can be helpful in determining where the bottleneck is: on a disk, processor, memory, or network. Aside from that, it doesn’t provide enough information to determine the exact problem

To open it, click Ctrl + Alt + Del and select Task Manager. Alternatively, right-click the taskbar and select Task Manager from the context menu. Select the Performance tab. In the left pane, select the hardware component you want to monitor: processor, memory, hard drive, or a network adapter

Additional information that may be useful for further analysis is displayed in other Windows Task Manager tabs and in Resource Monitor.

Only the applications and processes that are currently using the most computer resources can view this information. There is no historical or statistical data for deeper analysis and troubleshooting of existing or potential performance issues. However, the tool is useful, handy, Windows users are used to it and is great for ending unwanted and unresponsive processes.

Windows performance monitor

Windows Performance Monitor is a native Windows tool. Besides system performance metrics, it supports a wide range of performance metrics including SQL Server, SQL Agent, Database and many others. It shows performance metrics in real-time charts and allows custom selection of metrics to be displayed, definition of metric thresholds, generation of reports and insight into historical data (historical data is only available for the period since the last computer restart).

To start Windows Performance Monitor: Click Start and go to Run . On Windows 8, click Windows + C. Type perfmon and press Enter

and go to . On Windows 8, click Windows + C. Type and press Open Windows Control Panel, go to System and Security, Administrative Tools and click Performance Monitor. Select Monitoring Tools, Performance Monitor in the left pane. Select and configure the performance metrics you want to monitor. To add a metric:

Right-click the chart and select Add Counter from the context menu

in the context menu press Ctrl + N

From the menu, click Add (the green plus icon).

In the Add Counter dialog box, select the computer

Expand the metric group and select the metrics you want to monitor

Note that some of the metrics can be displayed as an average value. For example, processor metrics can be displayed as total values ​​for all processors/cores available on the machine, but also as individual values ​​for each processor/core.

All selected metrics are monitored in a single chart. Because this can be difficult to track, you can uncheck the Show box to hide the metric and get a clearer picture. Another trick is to highlight a specific graph (Ctrl + H).

In addition to displaying the values ​​in the chart, the Windows performance monitor also offers a text report and a histogram representation of the data. It allows creating data collector sets that can be used to collect performance metric values ​​and to view historical data stored in logs.

Windows Performance Monitor is an easy-to-use, low-overhead tool. It offers a wide range of performance indicators, but when a deeper analysis is required, it cannot provide all the necessary information. The notification is limited and does not provide useful details.

July 16, 2014

Topic B: Computer hardware and software

Click play on the audio player below to listen along as you read this section.

Computer Hardware Basics

Hardware – any physical device or equipment used in or with a computer system (everything you can see and touch).

External hardware

External hardware devices (peripherals) – any hardware device that is external to the computer.

– any hardware device that is external to the computer. Input Device – a hardware device used to input information into a computer for processing.

– a hardware device used to input information into a computer for processing. Examples: keyboard, mouse, trackpad (or touchpad), touchscreen, joystick, microphone, light pen, webcam, voice input, etc.

Output device – a hardware device that receives information from a computer.

– a hardware device that receives information from a computer. Examples: monitor, printer, scanner, speakers, screen (tablet, smartphone…), beamer, headphones, etc.

Internal hardware

Internal hardware devices (or internal hardware components) – any hardware device that resides inside the computer.

– any hardware device that resides inside the computer. Examples: CPU, HDD, ROM, RAM, etc.

Computer software fundamentals

computer software

Software – a set of instructions or programs that tells a computer what to do or how to perform a specific task (computer software runs on hardware).

– a set of instructions or programs that tells a computer what to do or how to perform a specific task (computer software runs on hardware). Main types of software – system software and application software.

application software

Application software – a computer program that provides users with tools to perform a specific task.

– a computer program that provides users with tools to accomplish a specific task. Examples of application software: word processing, spreadsheet, presentation, database management, web browser, email, media player, accounting, pronunciation, translation, desktop publishing, business, etc.

system software

System software – serves to run a computer’s hardware and application software and to make the computer system available for use. It serves as an interface between hardware, application software and the user.

Main functions of the system software – allocate system resources, manage disk space, store and retrieve files, provide security, etc.

Main types of system software – operating system, device drivers, utility software, programming software, etc.

Operating System (OS) – software that controls and coordinates the computer hardware devices and runs other software and applications on a computer. It is the main part of the system software and a computer will not function without it.

Main functions of an operating system – booting the computer, managing system resources (CPU, memory, storage devices, printers, etc.), managing files, processing input and output, running and providing services to application software, etc.

Examples of operating systems: Microsoft Windows, Apple iOS, Android OS, macOS, Linux, etc.

Device driver – a software program designed to control a specific hardware device attached to a computer.

The main purpose of the device driver – it acts as a translator between the hardware device and operating systems or applications that use it.

It instructs the computer how to communicate with the device by translating the operating system’s instructions into a language that a device can understand in order to perform the required task.

Examples of device drivers: printer driver, display driver, USB driver, sound card driver, motherboard driver, ROM driver, etc.

Utility Software – A type of system software that helps set up, analyze, configure, boost, and maintain a computer and performs a very specific task (e.g., antivirus software, backup software, memory tester, screen saver, etc.).

Task manager application included in the Windows NT family of operating systems

Task Manager, formerly known as Windows Task Manager, is a task manager, system monitor, and startup manager included with Microsoft Windows systems. It provides information about computer performance and running software, including running process name, CPU and GPU usage, commit fee, I/O details, logged in users and Windows services. Task Manager can also be used to set process priorities and processor affinity, start and stop services, and force-end processes.

The program can be started in newer versions of Windows by pressing ⊞ Win + R and then typing taskmgr.exe by pressing Ctrl + Alt + Del and clicking Start Task Manager by pressing Ctrl + ⇧ Shift + Esc, by right-clicking on the Windows taskbar and selecting “Task Manager” or by typing taskmgr in the File Explorer address bar.

Task Manager was introduced in its current form with Windows NT 4.0. Earlier versions of Windows NT, as well as Windows 3.x, include the Task List application, are able to list and kill currently running processes or create new ones. Windows 9x has a program called Close Program that lists the currently running programs and provides options to close programs and shut down the computer.[2]

Functionality[ edit ]

Task Manager on Windows XP with the Processes tab.

Since Windows 8, the task manager has two views. When Task Manager is first invoked by a user, it is presented in a simplified summary mode (described as Less Detail in User Experience). It can be switched to a more detailed mode by clicking More Details. This setting will be saved for this user on this computer.[3]

Since at least Windows 2000, the CPU utilization can be displayed as a tray icon in the taskbar for a quick overview.[4][5]

Summary mode [ edit ]

In Summary mode, Task Manager displays a list of currently running programs with a main window. It has a “More Details” hyperlink that activates a full-featured, multi-tab task manager.

If you right-click any of the applications in the list, you can switch to that application or end the application’s task. Issuing a final task causes a graceful exit request to be sent to the application.

Processes and Details[ edit ]

The Processes tab shows a list of all running processes on the system. This list includes Windows services and processes from other accounts. The Delete key can also be used to kill processes from the Processes tab. By default, the Processes tab shows the user account the process is running under, the amount of CPU, and the amount of memory the process is currently consuming. Additional columns can be displayed. The Processes tab divides the process into three categories:

Apps: Programs with a main window

Windows Processes: Components of Windows itself that do not have a main window, including services

Background Process: Programs that do not have a main window, including Services, and are not part of Windows itself

This tab shows the name of each main window and each service associated with each process. Both a graceful kill command and a kill command can be sent from this tab, depending on whether the command is sent to the process or its window.

The Details tab is a lighter version of the Processes tab and behaves similarly to the Processes tab in Windows 7 and earlier. It has a more rudimentary user experience and can perform some additional actions. Right-clicking a process in the list allows you to change the priority of the process, set processor affinity (determine which CPUs the process can run on), and kill the process. If you select End Process, Windows immediately ends the process. Selecting “End Process Tree” causes Windows to immediately terminate the process and all processes started directly or indirectly by this process. Unlike selecting “End Task” in the Applications tab, selecting “End Process” doesn’t give the program a warning or an opportunity to clean it before exiting. However, if a process is running under a different security context than that which invoked the Terminate Process, the use of the KILL command line tool is required.[6]

performance [edit]

The Performance tab shows overall system performance statistics, specifically the total amount of CPU usage and how much memory is being used. A recent usage chart for these two values ​​is displayed. Details about specific storage areas are also displayed.

There is an option to split the CPU usage chart into two sections: kernel mode time and user mode time. Many device drivers and core parts of the operating system run in kernel mode, while user applications run in user mode. This option can be enabled by selecting Show kernel times from the View menu. When this option is enabled, the CPU usage graph shows a green and a red area. The red area shows time spent in kernel mode and the green area shows time spent in user mode.

The Performance tab also shows statistics for each of the network adapters present in the computer. By default, the adapter name, network utilization percentage, link speed, and network adapter status are displayed along with a graph of recent activity.

App history[ edit ]

The App History tab shows resource usage information about Universal Windows Platform apps. Windows controls the lifecycle of these apps more tightly. In this tab, the data that Windows has collected about you can be viewed at a later time.

Home [edit]

The Startup tab manages software that starts with the Windows shell.

Edit user ]

The Users tab shows all users who currently have a session on the computer. Server computers can have multiple users connected to the computer through Terminal Services (or the Fast User Switching service in Windows XP). Users can be disconnected or logged out from this tab.

history [edit]

Task Manager was originally an external side project developed at home by Microsoft developer David Plummer. Encouraged by Dave Cutler and collaborators to make it a part of the main “Build” product, he donated the project in 1995. The original Task Manager design included another “Processes” page that pulled information from the public registry APIs and system metrics do not come from private internal operations.

Windows 9x[edit]

A Close Program dialog box appears when pressing Ctrl + Alt + Del in Windows 9x.[2] Also in Windows 9x there is a program called Tasks ( TASKMAN.EXE ) located in the Windows directory. It’s rudimentary and has fewer features. The System Monitor utility in Windows 9x includes process and network monitoring features similar to Windows Task Manager. Also, when the Explorer process is shut down, the Tasks program is invoked by double-clicking on the desktop.

Windows XP[edit]

Only in Windows XP is there a Shutdown menu that provides access to Standby, Hibernate, Power off, Restart, Log off, and Switch user. This is because by default in Windows XP, pressing Ctrl + Alt + Del opens the Task Manager instead of opening a dialog that provides access to the Task Manager in addition to the options above.

On the Performance tab, the display of CPU values ​​has been changed from a display that mimics a seven-segment LED display to a standard numeric value. This was done to accommodate non-Arabic numeral systems such as Eastern Arabic numerals that cannot be represented on a seven segment display.[7]

Prior to Windows XP, process names longer than 15 characters are truncated. This issue has been resolved in Windows XP.[8]

The Users tab is introduced by Windows XP.

Starting with Windows XP, the Del key is enabled on the Processes tab.

Windows Vista[edit]

Windows Task Manager has been updated in Windows Vista with new features[9] including:

A Services tab for viewing and modifying currently running Windows services and for starting and stopping all services, as well as enabling/disabling the User Account Control (UAC) file and registry virtualization of a process.

New columns “Image path name”, “Command line” and “Description” in the “Processes” tab. These show the full name and path of the executable image running in a process, any provided command line parameters, and the “Description” property of the image file.

New columns with DEP and virtualization status. Virtualization state refers to UAC virtualization, in which file and registry references to certain system locations are silently redirected to user-specific scopes.

By right-clicking on any process, it is possible to directly open the properties of the executable image file of the process or the directory (folder) containing the process.

the executable image file of the process or the directory (folder) containing the process. The task manager has also been made less vulnerable to attacks from remote sources or viruses, as it needs to work under administrator privileges to perform certain tasks, such as: B. logging out other connected users or sending messages. The user needs to go to the “Processes” tab and click on “Show processes of other users” to check the administrator rights and unlock these privileges. Viewing processes from all users requires all users, including administrators, to accept a UAC prompt unless UAC is disabled. If the user is not an administrator, they must enter a password for an administrator account when prompted to continue, unless UAC is disabled, in which case the elevation will not occur.

to perform specific tasks such as B. logging out other connected users or sending messages. The user needs to go to the “Processes” tab and click on “Show processes of other users” to check the administrator rights and unlock these privileges. Viewing processes from all users requires all users, including administrators, to accept a UAC prompt unless UAC is disabled. If the user is not an administrator, they must enter a password for an administrator account when prompted to continue, unless UAC is disabled, in which case the elevation will not occur. It is possible to create a dump by right-clicking on a running process. This feature can be useful when an application or process is not responding so that the dump file can be opened in a debugger to get more information.

. This feature can be useful when an application or process is not responding so that the dump file can be opened in a debugger to get more information. The Shutdown menu with Standby, Hibernate, Power off, Restart, Log off and Switch user has been removed. This was done due to low usage and to reduce the overall complexity of the task manager. [10]

System availability is displayed on the Performance tab.

Windows 8[edit]

In Windows 8, the Windows Task Manager has been revised and the following changes[3] have been made:

Starting with Windows 8, the tabs are hidden by default and the task manager opens in summary mode (Less details). This view only shows applications and their associated processes. Prior to Windows 8, what is shown in Overview mode was shown in the Applications tab.

). This view only shows applications and their associated processes. Prior to Windows 8, what is shown in Overview mode was shown in the Applications tab. Resource usage on the Processes tab is shown in different shades of yellow, with a darker color representing higher usage.

The Performance tab is divided into CPU, Memory, Hard Disk, Ethernet, and Wireless Network (if applicable) sections. There are overall charts for each and clicking on one takes you to details for that particular resource. This includes the consolidation of information previously displayed on the Network tab from Windows XP through Windows 7. The CPU tab no longer displays individual charts for each logical processor in the system by default. It can now display data for each NUMA node. The CPU tab now shows simple percentages on heat-mapping tiles to show utilization for systems with many (64 to 640) logical processors. [11] The color used for these heatmaps is blue, with a darker color indicating heavier utilization. Hovering over any logical processor’s data now displays that processor’s NUMA node and its ID.

Tab from Windows XP to Windows 7. Added a new Startup tab that lists running startup applications. [12] Previously MSConfig was responsible for this task, or Windows Defender’s Software Explorer section only in Windows Vista. [13] Windows Defender, which shipped integrated with Windows 7, lacked this option, nor was it present in the downloadable Microsoft Security Essentials.

Previously MSConfig was responsible for this task, or only in Windows Vista the “Software Explorer” section of . The one that came built into Windows 7 lacked this option, nor was it present in the downloadable program. The Processes tab now lists application names, application status, and general usage data for CPU, memory, disk, and network resources for each process.

A new App History tab is introduced. The application status can be changed to suspended. The normal process information of the older Task Manager can be found in the new Details tab.

Windows 10[edit]

The Processes tab is divided into categories. [14]

View GPU information on the Performance tab, if available.

weakness [edit]

Task Manager is a common target of computer viruses and other forms of malware. Typically, malware closes the task manager as soon as it starts to hide from users. Variants of the Zotob and Spybot worms, for example, have made use of this technology.[15][obsolete source] It is possible to disable the task manager via group policy. Many types of malware also enable this policy setting in the registry. Rootkits can prevent themselves from being listed in Task Manager, preventing them from being detected and terminated with it.

See also[edit]

Lesson 15: Disable applications from running at startup

/en/basic-computer-skills/how-to-power-cycle-a-device/content/

Disable applications from running at startup

You might not notice it, but your computer runs multiple applications as soon as it starts up. While this is necessary for your computer to function, too many applications running at startup can slow down your computer. One of the things you can do to keep your computer running smoothly is to prevent applications from running at startup to improve performance.

Think before you disable anything

Before you disable an application from launching, consider whether you should do so. You don’t have to disable most applications, but disabling the ones that you don’t always need or that are taking up your computer’s resources can make a world of difference. If you use the program every day or it is necessary for the operation of your computer, you should leave it activated at startup. You can search the web for a program’s name if you’re not sure what it is or what it does.

Disable in a program’s own settings

Some programs have a built-in setting that allows them to be enabled or disabled at startup. Each program is different, but it’s usually found in a settings or configuration menu. Many programs don’t have a startup setting because most operating systems can automatically manage which programs run at startup.

Disable in Windows 8 and 10

In Windows 8 and 10, Task Manager has a Startup tab to manage which applications run at startup. On most Windows computers, you can access Task Manager by pressing Ctrl+Shift+Esc and then clicking the Start tab. Select any program in the list and click the Disable button if you don’t want it to run at startup.

Disable in Windows 7 and earlier

In Windows 7 and earlier, the process is a bit more complicated. These settings are located in the System Configuration Utility, also known as msconfig.

Open the start menu and locate the search box. Note: If you are using Windows XP, click Run on the right side of the Start menu. In either the search box or the Run dialog box, type msconfig and press Enter. In the System Configuration window, click the Boot tab. The checkboxes to the left of each program name indicate whether it will run at startup. After changing the selection, click the Apply button.

Unlike the Task Manager in newer versions of Windows, the System Configuration Utility in older versions of Windows can contain important Windows processes. Make sure you know what you are disabling or you could damage your operating system!

Disable in OS X

Click on the Apple icon in the top left corner of the screen and then select System Preferences. In the System Preferences window, open Users & Groups. In the Users & Groups window, click the Login Items tab. Select an application and click the minus button to remove it from the startup list, or click the plus button to add an application to the list if you want it to run at startup.

/en/basic-computer-knowledge/how-to-keep-an-old-computer-just-running-/contents/

Table of Contents

stop process

Relation

Stops one or more running processes.

In this article

syntax

Stop-Process [-Id] [-PassThru] [-Force] [-WhatIf] [-Confirm] []

Stop-Process -Name [-PassThru] [-Force] [-WhatIf] [-Confirm] []

Stop-Process [-InputObject] [-PassThru] [-Force] [-WhatIf] [-Confirm] []

description

The Stop-Process cmdlet ends one or more running processes. You can specify a process by process name, process identifier (PID), or pass a process object to Stop-Process. Stop-Process only works on processes running on the local computer.

On Windows Vista and later versions of the Windows operating system, to end a process that is not owned by the current user, you must start PowerShell with the Run as administrator option. Also, you are not prompted for confirmation unless you specify the Confirm parameter.

examples

Example 1: Stop all instances of a process

PS C:\> Stop-Process -Name “notepad”

This command stops all instances of the Notepad process on the computer. Each instance of Notepad runs in its own process. It uses the Name parameter to specify the processes, all of which have the same name. If you were to use the id parameter to stop the same processes, you would need to list the process ids of each instance of notepad.

Example 2: Stop a specific instance of a process

PS C:\> Stop-Process -Id 3952 -Confirm -PassThru Confirm Are you sure you want to perform this action? Performing the Stop-Process operation on the notepad (3952) target. [Y] Yes [A] Yes to all [N] No [L] No to all [S] Suspend [?] Help (Default is “Y”):y Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) ID Process Name ——- —— —– —– —– —— — — ——- 41 2 996 3212 31 3952 Notepad

This command stops a specific instance of the Notepad process. It uses the process ID 3952 to identify the process. The Confirm parameter tells PowerShell to prompt you before ending the process. Since the prompt includes the process name in addition to its ID, this is a best practice. The PassThru parameter passes the process object to the formatter for display. Without this parameter, there would be no display after a stop process command.

Example 3: Stop a process and find that it has stopped

calc $p = Get-Process -Name “calc” Stop-Process -InputObject $p Get-Process | Where Object {$_.HasExited}

This command sequence starts and stops the Calc process and then detects terminated processes.

The first command starts an instance of the calculator.

The second command uses Get-Process, gets an object representing the Calc process, and then stores it in the $p variable.

The third command stops the Calc process. It uses the InputObject parameter to pass the object to Stop-Process.

The last command will get all the processes on the computer that were running but are now stopped. It uses Get-Process to get all processes on the computer. The pipeline operator ( | ) passes the results to the Where-Object cmdlet, which selects those where the value of the HasExited property is $True. HasExited is only a property of process objects. To find all properties, type Get-Process | a get member .

Example 4: Stop a process not owned by the current user

PS> Get-Process -Name “lsass” | Stop-Process Stop-Process : Process ‘lsass (596)’ cannot be stopped due to the following error: Access Denied In Line: 1 Character: 34 + Get-Process -Name “lsass” | Stop-Process <<<< [ADMIN]: PS> Get-Process -Name “lsass” | Stop process warning! Are you sure you want to perform this action? Perform operation ‘Stop-Process’ on target ‘lsass(596)’ [Y] Yes [A] Yes to all [N] No [L] No to all [S] Suspend [?] Help (default is “Y”) : [ADMIN]: PS> Get-Process -Name “lsass” | Stop Process -Force [ADMIN]: PS>

These commands show the effect of using Force to stop a process that is not owned by the user.

The first command uses Get-Process to get the Lsass process. A pipeline operator sends the process to Stop-Process to stop it. As shown in the sample output, the first command fails with an “Access Denied” message because only a member of the Administrators group on the computer can stop this process.

When PowerShell opens with the Run as administrator option and the command is repeated, PowerShell prompts you for confirmation.

The second command specifies Force to suppress the prompt. As a result, the process is stopped without confirmation.

parameter

-Confirm

Prompts you for confirmation before running the cmdlet. Type: SwitchParameter Aliases: cf Position: Named Default value: False Accept pipeline input: False Accept wildcard characters: False

-Makes

Stops the specified processes without asking for confirmation. By default, Stop-Process prompts for confirmation before killing a process not owned by the current user. To determine the owner of a process, use the Get-CimInstance cmdlet to get a Win32_Process object that represents the process, and then use the object’s GetOwner method. Type: SwitchParameter Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False

-ID

Specifies the process IDs of the processes to stop. To specify multiple IDs, use commas to separate the IDs. To find the PID of a process, type Get-Process. Type: Int32 [ ] Position: 0 Default: None Accept pipeline input: True Accept wildcards: False

-input object

Specifies the process objects to stop. Enter a variable that contains the objects, or enter a command or expression that retrieves the objects. Type: Process[ ] Position: 0 Default: None Accept pipeline input: True Accept wildcards: False

-Surname

Specifies the process names of the processes to stop. You can enter multiple process names separated by commas or use wildcard characters. Type: String [ ] Aliases: Process name Position: Named Default value: None Accept pipeline input: True Accept wildcard characters: True

– Run away

Returns an object representing the process. By default, this cmdlet generates no output. Type: SwitchParameter Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False

-What happened if

Shows what would happen if the cmdlet was run. The cmdlet will not run. Type: SwitchParameter Aliases: wi Position: Named Default value: False Accept pipeline input: False Accept wildcard characters: False

inputs

procedure

You can pipe a process object to this cmdlet.

exits

None, System.Diagnostics.Process

This cmdlet returns a System.Diagnostics.Process object that represents the process that ended when you specify the PassThru parameter. Otherwise, this cmdlet will not generate any output.

Remarks

Which of the following methods is used to improve memory usage?

Exchange

operating system

memory stack

None of these.

Explanation:

Answer: (a) Replace

Explanation: Swapping is a technique where the process is removed from main memory and stored in secondary memory. It is used to improve main memory usage.

You have an application that renders videos to be used in your online business. You want to make sure that the application continues to get enough attention from the system CPU even when you open other applications. How can you adjust the number of participants for this application?

Thrashing is a computer activity that makes little or no progress, usually because memory or other resources are exhausted or too limited to perform required operations. When this happens, a pattern typically develops where a request is made to the operating system by one process or program, the operating system tries to find resources by taking them from another process, which in turn makes new requests that don’t can be satisfied. In a virtual memory system (an operating system that manages its logical memory or memory in units called pages), thrashing is a condition in which excessive paging operations take place.

A jerky system can be perceived as either a very slow system or one that has stalled.

How to find out what’s running on a Windows computer

Windows Task Manager

Microsoft Windows Task Manager is a common, quick, and easy way to see what programs, background processes, and apps are running on your computer. If your computer is running slowly, this is a useful tool to see if a program might be using too much CPU or memory resources on your computer.

Tip You can access Task Manager by pressing Ctrl + Alt + Del on your keyboard and then selecting Task Manager. You can also right-click the Windows taskbar and select Task Manager.

As shown in the image below, in Windows 8 and Windows 10, Windows Task Manager opens with the Processes tab selected. In Windows 7 and earlier, Task Manager opens with the Applications tab selected. In both cases, the applications that are currently open and running on the computer are displayed. From here, you can end any application that isn’t responding by selecting it in the list and clicking the End Task button.

Note The Applications tab is not present in the Windows 8 and Windows 10 Task Manager.

The Processes tab shows running applications and Windows system processes. You can see which processes are consuming your resources by clicking on the CPU or Memory (labeled Memory Usage in Windows 7 and earlier) column headings. This sorts the process list by how much of that resource they are using. Click the heading multiple times to toggle between sorting from highest to lowest and lowest to highest.

Windows process tool

Unfortunately, not all processes and services are displayed by the Windows Task Manager. If you’re worried about hidden malicious software, run a utility like HijackThis, process the log, and use our Windows process tool.

DxDiag (“DirectX Diagnostic Tool”) is a diagnostic tool for testing DirectX functionality and fixing video or sound-related hardware problems. DirectX Diagnostic can save text files with the scan results. These files are often posted on tech forums or attached to support emails to give support personnel a better idea of ​​the PC the requester is using in case the error is due to a hardware failure or incompatibility.

Dxdiag is located in %SystemRoot%\System32.[1] Starting with Windows Vista, DxDiag only displays information; It is no longer possible to test the hardware and the various DirectX components.[2]

Features [ edit ]

The System tab displays the current DirectX version, computer hostname, operating system version, system BIOS information, and other data. The DirectX Files tab displays information about the versions of certain DirectX system files, which are portable executables or DLLs (Dynamic Link Libraries).

DxDiag displays information about the current display settings and video hardware on the Display tab. If the computer has more than one monitor, DxDiag will show a separate tab for each monitor. This tab can disable DirectDraw, Direct3D and/or AGP texture acceleration for troubleshooting purposes. If the installed display driver passed Windows Hardware Quality Labs testing, DxDiag will display this result on the right side of the window.

The Music tab displays information about the computer’s MIDI settings and lists various music-related software and hardware on your computer. The Input tab displays information about input devices installed on the computer, such as B. Keyboards and mice. It will also try to detect problems with these devices. Dxdiag also displays information about the installed DirectPlay Service Provider.

It is possible to create chat rooms with DxDiag that other computers can access, as long as anyone trying to join knows the IP address of the host computer.

Windows XP Professional x64 Edition, Windows Vista x64 Edition, Windows 7 x64 Edition, Windows 8 x64 Edition and Windows 10 x64 Edition come with two versions of DxDiag, a native 64-bit version and a 32-bit version. Windows XP Professional x64 Edition, Windows Vista x64 Edition, and Windows 7 x64 Edition run the 32-bit version of DxDiag by default.

question answer

The use of 3D effects, animations, and new transparent visual features called ____ enhance the fresh new look of Windows Vista and Windows applications. Aero glass

Graphics cards with a dedicated ____ allow Windows Vista to assign drawing operations directly to it, freeing the processor for other operations. Graphic processing unit (GPU)

The ____ (formerly codenamed “Avalon”) unifies the look and feel of the operating system for developers. Windows Presentation Foundation

The ____ (formerly codenamed “Indigo”) allows applications to send messages to each other. Windows Communication Foundation

The ____ is a programming model that allows developers to quickly create workflow-enabled applications. Windows Workflow Foundation

____ Allows applications to track a user’s security credentials (user ID and password) for one or more security systems. Windows CardSpace

____ adds the ability to securely encrypt the contents of the hard drive at the hardware level. BitLocker Drive Encryption

Applications can keep track of what network services are available using the ____ service as a central reference. NLA

Component manufacturers who wish to have their product tested with Windows Vista can submit their solution to the ____. Windows Hardware Quality Labs (WHQL)

In the past, Microsoft maintained a ____ to keep track of which products would work with each operating system. Hardware Compatibility List (HCL)

A single ____ in Windows represents a collection of data, files, and instructions with a specific purpose while it is running. procedure

When a thread doesn’t finish executing, perhaps because it had to wait or was terminated prematurely, it is usually restarted on the same processor on which it was previously executing. This is referred to as ____. processor affinity

____ Systems have more than one physical CPU. multiprocessor

____ CPUs have additional hardware built in to allow more than one thread to be processed concurrently on a single CPU. hyperthreading

____ technology assumes that hardware components can be plugged in or activated at any time while the operating system is running. plug and play

The ____ file system uses a 32-bit numbering system to increase the number of blocks of data that can be managed and organized as part of a single partition. FAT32

The ____ was introduced with Windows NT 4 and replaced by UDF because of the preference for formatting removable media such as CDs and DVDs. CDFS

____ is a third-party standard that defines how data is stored on removable media such as DVDs. UDF

The ____ is a free tool from Microsoft that IT administrators can use to determine which of their existing applications are compatible with Windows Vista. Application Compatibility Toolkit (ACT)

A software component with access in ____ mode has unrestricted access to all data on the computer and its hardware. kernel