Your organization most likely has a file recovery strategy in place to recover user data stored on network file servers or storage devices that are accessible through the network. It's important to remember, however, that users often save their work to local computers. Therefore, you must provide a local file recovery method, so that you can recover these data files if users accidentally delete them or they get corrupted.
The following topics will be covered in this chapter:
- Performing file recovery
- Recovering Windows 10
- Troubleshooting the startup/boot process
- Troubleshooting applications
This chapter will provide you with the skills to troubleshoot applications, troubleshoot the startup/boot process, and perform file recovery and recover Windows 10. This chapter will help you to prepare for the MD-100 (Windows 10) exam, which is part of the Microsoft 365 Certified: Modern Desktop Administrator Associate certification.
In this chapter, you will see PowerShell code. The code is available on the following GitHub page: https://github.com/PacktPublishing/Microsoft-Exam-MD-100-Windows-10-Certification-Guide/tree/master/Chapter10
Throughout this chapter, you need to follow some steps to configure settings. These steps are also recorded. You can find the videos here: https://bit.ly/2LsQDqD
A computer contains various types of data that it stores at different locations. Types of computer data include configuration files for the Operating System (OS), user-related settings for the device, and user data. The latter might consist of documents, photographs, spreadsheets, and other file types. Computers are highly reliable, and most operating systems are stable and recoverable, but there are issues that can sometimes result in data loss.
To avoid data loss, we strongly recommend that user data is maintained on file servers or cloud-based solutions, where it is readily accessible and securely backed up. Windows tools, such as Folder Redirection or OneDrive, include transparent and secure offline access to reliable storage for users.
A system malfunction could be as easy as resetting the Personal Computer (PC) or providing a new PC in familiar situations and workloads, allowing the user to continue working on login. Enabling these solutions will result in considerable time savings when troubleshooting and dealing with data-loss-related costs and when resources are needed to support the recovery of desktop data.
But it is not always possible to store all data remotely. So, you need to be able to recover local data in case of hardware failure or other situations such as the following:
- A user unintentionally removes or deletes a file or a whole folder.
- Malware or a virus infects a computer, and user files are modified or encrypted.
- A user makes several modifications to a file but later decides that the changes were unnecessary and wants to access the original file.
- There is a natural disaster such as a fire, flood, or hurricane, and it destroys the machine.
- Data from a user does not frequently synchronize with the file server and is then stolen. The user wants new versions of the data to be accessed.
A computer can store data files and settings in multiple locations, and you need to make sure you secure them all. Windows 10 includes some tools that can help to protect your data and back up local files, including the following:
- Folder Redirection and Offline Files: Folder Redirection redirects local files from the user profile to the file server in a domain system. Offline Files include a local copy of the redirected files and make them available even if there is no network access to the file server.
- Work Folders: You can use Work Folders for whatever domain membership you might have. Work Folders synchronize data files between users and computers on the file servers.
- File History: Upon allowing File History, it will automatically create a backup of changed user files on the local drive, removable drive, or network location. File History backs up directories in user-profiles and databases, and additional folders may be added. By default, File History copies the changed files every hour in secure folders, and Windows 10 stores them forever, as long as there is ample storage space.
- Backup and Restore (Windows 7): While the tool's name includes Windows 7, it is a part of Windows 10. It's supposed to restore files in Windows 10 from a Windows 7 backup.
- Synchronization of user data with Microsoft OneDrive or OneDrive for Business: If your user account is connected to a Microsoft account or your business uses OneDrive for Business, you can synchronize data files with the cloud and between the devices you are using.
- Creation of a system image: A system image is not meant to be a solution for Backup and Restore, but it provides an exact copy of all of the data that was on a computer when you built it. There's no way to create a system image production schedule. You can transfer images of the device to hard disks, DVD sets, or network locations. A system image contains a virtual hard disk (.vhdx file) for every volume of the device you are creating the image for. Within File Explorer, you can mount the virtual disk and independently access and restore each file. If you want the entire system image to be restored, you can use the Windows Recovery Environment (Windows RE) System Image Recovery option.
- Wbamin.exe: This command-line tool can be used to create backups and restore the backup content.
- File Explorer (robocopy.exe): You can use either File Explorer or the robocopy.exe tool to copy files to other media or a network location manually.
- Microsoft Azure Backup: Azure Backup is not included in Windows 10. But if you have a subscription to Microsoft Azure, you can create a Backup Vault, download and install the Azure Backup Agent, and then back up Windows 10 to Microsoft Azure.
In this chapter, we will not deal extensively with the different tools of backup or File History. The advice is to look at that independently and what the possibilities are. In the next section, you will learn about the File History feature and how it works.
When using the File History feature, Windows 10 automatically saves copies of your files to a removable local drive or a network shared folder. Upon allowing File History, it regularly saves a copy of your updated files to a designated location. Windows 10 saves updated files every hour and holds new versions of files forever. You can, however, configure the interval at which the saves occur and how long Windows 10 will keep files saved.
The location of the File History storage you choose can be on a local drive, a removable drive, or a location on the network.
File History saves by default the files from the following directories, which can be found at C:\Users\<username>:
- Saved Games
- 3D Objects
The preceding directories can be seen in the following screenshot:
By using File History, you can secure files in two ways:
- In the Settings app, use the Backup option in the Update & Security section. To access that option, click Settings | Update & Security | Backup | More options in the Back up using File History window, which can be seen in the following screenshot:
You cannot add additional folders to the File History item in Control Panel.
- File History also protects folders that you add to one of the protected libraries. Configuring File Explorer to show libraries and modifying the library properties to include additional folders can help to secure these folders. If you create a new library, it will automatically be protected by File History.
Using the File History feature in the Control Panel, you can change the File History settings. You can also change these settings from the Settings app by clicking Update & Security | Backup | More options link in the Backup tab using File History. By using the item File History in the Control Panel, you can start a backup manually. Additionally, you can configure how often backups should be performed and how long backups should be retained. You can also define the drive that will hold backups of the File History and exclude from File History folders and libraries.
You can use File Explorer to return to previous versions of files that are covered by File History. You can use it by right-clicking the file or folder to restore files and then clicking on the Previous Versions tab.
You can also navigate to the folder that contains a changed or deleted file, press History to open File History on the Home ribbon, and then view the recoverable files. Alternatively, you can directly use the Restore your files with File History option, allowing you to compare changed files and recover deleted or updated files.
File History backs up protected folders into a folder hierarchy and names the top folder as the username of the logged-in account. File History will back up the data to the Data folder's subfolders, as shown in the following screenshot:
From the previous screenshot, you can see that File History names the first level subfolder after the computer from which the data stored is backed up and names the Configuration and Data subfolders of the second level.
Previous versions of OneDrive files and folders are accessible via the online OneDrive portal. For companies with OneDrive for Business and SharePoint, consult with SharePoint Manager for versioning settings.
The File Explorer tab for Previous Versions is a feature included in Windows 10. This feature allows users to view, restore, or reverse previous versions of files, directories, or volumes. File History or restore point data fills in the Previous Versions tab. Therefore, to be able to use the Previous Versions function, you must configure either File History or restore the points.
The Previous Versions tab for all files is empty until either you run File History for the first time or, while using the Backup and Restore (Windows 7) feature, you make the original backup. File History data populates the Previous Versions tab only for files that are covered by File History. For instance, in Folder1, you can change File1.txt, but if File History does not protect Folder1, then the Previous Versions tab remains empty.
The Windows 7 (Backup and Restore) feature works similarly. This allows you to use preceding versions for any file on a New Technology File System (NTFS) volume that contains the backup. For example, if you are using the Backup and Restore (Windows 7) tool to back up Folder1, only the data from restore points for Folder1 and all of its contents will fill in the Previous Versions tab. The following screenshot shows you the Previous Versions tab for File1.txt:
If you configure File History and use the Backup and Restore (Windows 7) tool, the Previous Versions tab will be filled in by data from both sources. After that, each time File History runs, a new version of the file becomes available for any file protected by File History.
The Previous Versions tab shows Previous versions come from File History or restore points. This message does not, however, apply to restore points created by System Restore. This message refers to the points that are generated by the Backup and Restore (Windows 7) tool.
When a backup is created by the Backup and Restore (Windows 7) tool, it also automatically adds a new version of the file. If the backup is generated by File History or Backup and Restore (Windows 7), you can only restore files and folders to the versions included in the backup.
The function of Previous Versions is available in Windows 10, irrespective of which file system you are using. Nevertheless, the Windows 7 (Backup and Restore) tool can only back up data from NTFS volumes. So, File History will only protect specific files, if you want to use the Previous Versions option for files on the File Allocation Table (FAT) file system.
In this section, you learned how the Previous Versions feature can be used and learned about its benefits. But you have to be aware of specific requirements and benefits that are suitable to your environment. In the next section, we are going to compare the file recovery options.
Each Windows 10 file recovery option has specific requirements and benefits, and all options offer protection and recovery of NTFS volume files and folders. Nevertheless, their design does have important differences. When you consider, for example, which file recovery option to use, ask yourself the following questions:
- How often does an option create backups of the protected content?
- What kind of content and file systems does an option protect?
- Can an option protect and recover a computer's system state?
- Can I use a different computer to recover content than that on which I created it?
Windows 10 offers two options for file recovery: File History and Backup and Restore (Windows 7). You don't have to install any apps to use these tools, but you need to configure them first. If you need to restore files that you are protecting using either of these methods, you can use the Previous Versions function. Windows 10 doesn't provide Azure Backup, as Azure Backup is a paid service of Azure. So, before using Azure Backup to restore files, you have to make sure of the following:
- Purchase a Microsoft Azure subscription.
- Create a backup vault.
- Install the Microsoft Azure Backup agent.
- Register the computer with the backup vault.
Azure Backup does not integrate with the Windows 10 Previous Versions feature. You can use the Microsoft Azure Backup program to manage Azure Backups.
All three options, namely, File History, Backup and Restore (Windows 7), and Azure Backup, can secure and restore files and folders saved on an NTFS disk, which is Windows 10's most common file system. If files are stored on other file systems, such as FAT, FAT32, Extensible File Allocation Table (exFAT), or Resilient File System (ReFS), you can only use File History to protect and retrieve them. The Windows Backup and Restore (Windows 7) tool and Azure Backup do not support those file systems. If you need the ability to recover a full Windows 10 device, and not just files and directories, the Windows Backup and Restore (Windows 7) tool is necessary. This tool alone can create a system state image that uses bare-metal recovery.
When configuring File History, this creates by default a backup of the protected content every hour. You can customize the File History to make backups more often, with 10 minutes being the shortest time, and 24 hours being the longest time that you can set up. The Windows Backup and Restore feature (Windows 7) offers a weekly software backup, every Sunday at 19:00 hours, set by default.
When using the Backup and Restore (Windows 7) functionality, you can adjust the backup frequency to an hourly basis, and you can schedule backups that occur more regularly when using Task Scheduler. Conversely, Azure Backup is unable to create backups more often than three times a day.
Both the Backup and Restore (Windows 7) tool and Azure Backup are capable of recovering files and folders on the same computer that created the backup and on different computers. However, File History can recover files and folders only on the computer that created the backup. If you have permissions, you can access backup folders in File History and manually restore files from any computer because the backup that File History performs is based on files.
If you wish to use file recovery, backup copies of files and folders that you want to recover must exist. The copies must be accessible, and you must have the appropriate file and folder recovery tool. File History, the Windows 7 Backup and Restore tool, and Azure Backup will not create backup copies until you configure them. For example, a previous version of the file will not be available in the File Properties dialog box on the Previous Versions tab until File History or the Windows Backup and Restore (Windows 7) tool creates a backup copy of that file.
If you are using Azure Backup, you can store backup copies of locally located files and folders in a shared folder or Microsoft Azure. If you want to do file recovery, backup copies must be made available. For example, if you create backup copies on a removable disk, you need to attach that disk to your Windows 10 computer, that is, if you want to do file recovery.
If you store backup copies in a shared folder, you need network connectivity to the file server and permissions to access the shared folder to recover files. If your backup is stored in Microsoft Azure, the following must be in place:
- Internet connectivity
- The Microsoft Azure Backup program
- Vault credentials
- A passphrase to enable the file recovery that is to be done
The current vault credentials can always be downloaded from the Microsoft Azure portal.
On the computer that you make a backup on, a passphrase is created, and you use it to encrypt your backup. You should store your passphrase safely since, without a valid passphrase, you won't be able to recover data. You need to provide vault credentials and a passphrase if you want to recover files on a computer other than the one you've created the backup on. If you misplace or lose the passphrase that you used to encrypt the backup, you can't access backup content.
If you are unable to access a remotely saved file backup, you should use standard network troubleshooting. If a file backup is stored locally and the backup location is not accessible, you should perform local storage troubleshooting. For example, if the local disk is connected and displays in Device Manager and Disk Management, you should look in Event Viewer for any disk-related entries.
File History stores backups within a hierarchy of folders. When using Previous Versions or File History, you can restore the backup only to the computer on which the backup was created. If you want to restore files and folders from a backup, you need to manually copy and rename the files and folders on different computers than the one you created it on.
In this section, you learned how you could perform file recovery through different methods, such as File History and Backup and Restore. You learned how to configure File History and the Previous Versions tab to recover files and folders. Furthermore, you know that the Windows 10 file recovery option has specific requirements and benefits, and all options offer protection and recovery of NTFS volume files and folders. The decision to implement the right choice of file recovery is strongly dependent on the needs of your organization.
In the next section, you are going to learn how you can recover Windows 10.
Windows 10 is a reliable OS. Occasionally, however, you will encounter problems with devices from your users that require you to perform some recovery of the OS. The nature of the problem will decide the particular course of action, and as a result, Microsoft has provided several recovery options in Windows 10.
Some of these are relatively benign and allow you to investigate and resolve the underlying problem with little effect on the OS. Others are more intrusive and can result in the OS being rolled back to an earlier point in time or even to its initial state. These recovery tools are listed as follows:
- Recovery Drive
- System Restore
- Windows Recovery Environment (WinRE)
- Reset this PC
- Fresh start
Let's see what each of these tools do in Windows 10.
Disk drive space is often smaller on many small form factor devices and tablets than what is available on a laptop or desktop. This may limit the availability to include a recovery partition for an Original Equipment Manufacturer (OEM) on devices shipped with Windows 10. If there is no partition to recover, you can still create a recovery drive based on a bootable USB drive. You can boot into the Recovery Environment using this drive. You will then need to access a system image created by you or provided by the OEM.
To Create a recovery drive, follow these steps:
- Click on Start.
- Search for Recovery Disk and open the app; this will open the Recovery Drive window, as shown in the following screenshot:
- Make sure that Back up system files to the recovery drive is selected.
- Then, click Next.
- In Select the USB flash drive, choose your USB flash drive and click Next, as shown in the following screenshot:
- Click the Create button to Create the recovery drive:
- The wizard is now Creating the recovery drive:
If your computer has a recovery partition, you will see a link to uninstall the recovery partition from your PC when the recovery drive has been provisioned on the removable media. This relates to the recovery partition of Windows 10 devices and not the newly created Recovery Drive. If you want your device to free up space, you must select this option. It is essential to store the recovery drive in a safe place because if you lose the recovery drive and delete the recovery partition, you will not be able to recover your device.
After they are created, you should carefully label your Recovery Drive files. Note that a 64-bit (x64) Recovery Drive can be used only to reinstall a 64-bit architecture device. The Windows 10 Recovery Drive can't be used to repair older Windows versions.
Now you know how you can configure a Recovery Drive. Up next, we will take a look at how you can set System Restore.
In an earlier version of Windows, such as Windows XP or Windows 7, you might have used System Restore to restore a computer that has become unstable. System Restore has been retained in Windows 10 and offers a familiar and reliable system recovery method by restoring the OS to a restore point created during the stability period.
Windows 10 does not automatically enable System Restore features. System Restore takes snapshots of your computer system, then saves them as points of restore. These restore points represent a point in time when it was running successfully for the configuration of the computer. The use of System Restore does not affect user data.
After you have enabled System Restore points, Windows 10 will automatically create them when the following actions take place:
- You install a new application or driver.
- You uninstall certain programs.
- You install updates.
Windows 10 also creates System Restore points:
- Manually, whenever you choose to create them
- Automatically, once daily
- Automatically, if you decide to use System Restore to restore to a previous point in time
System Restore creates a new restore point in this last instance, before restoring the system to an earlier state. This gives you an option for recovery if the restore operation fails or leads to problems. Nevertheless, if you are in safe mode and you restore to a former state, Windows RE will not generate a restore point for the current state.
Follow these steps to turn on System Restore and manually create a restore point:
- Type in the Search bar Create a restore point and open the app. The resultant window is shown in the following screenshot:
- Then, click on the Configure… button:
- Select the Turn on system protection option.
- You can additionally move the slider under Disk Space Usage to allow room on the restore points to be saved.
You can also customize System Restore using PowerShell. Some of the commands you need to review are as follows:
- Enable-ComputerRestore: This command allows System Restore feature on the specified drive.
- Disable-ComputerRestore: It disables the System Restore feature on the specified drive.
- Get-ComputerRestorePoint: It gets the restore points on the local computer.
- Checkpoint-Computer: It creates a System Restore point on the local computer.
If the amount of space reserved for restore points is full, the oldest restore points will be removed automatically by System Restore. If more restore points are needed to be used, a more significant proportion of the hard disk must be allocated to the feature.
If the program has created restore points, you are safe, and the system should be recoverable.
To recover your system, you can launch the System Restore wizard from either of the following:
- System Protection: If your system allows you to sign in to Windows, you can start the System Restore… option in the System Properties dialog box and follow the wizard to restore to a restore point that was created earlier:
- Windows Recovery Environment (Windows RE): If the system doesn't allow you to sign in, you can boot from the Advanced options to the Windows RE and start the System Restore wizard.
Windows RE is a Windows Preinstalling Environment (Windows PE) based recovery tool. Windows RE uses two main features. These main features are: diagnosing and repairing automated startup issues and providing a unified platform for further advanced recovery tools.
If you want to access the Windows RE environment and your Windows 10 has started (booted) normally, you can access Windows RE by following any one of these steps:
- Click Start | the Power option, then hold the Shift key while clicking Restart.
- Click Start | Settings | Update & security | Recovery option under Advanced Startup, then click Restart now.
- At the login screen, click Shutdown, then hold the Shift key while selecting Restart.
- Boot to recovery media.
- From Command Prompt, run the following command:
shutdown /r /o
If you are unable to boot Windows successfully, you can access Windows RE by doing one of the following:
- Attach the media in Windows 10, then power on the computer. Execute the Windows 10 Media Setup program, if requested. After configuring the Language and Keyboard settings, pick the Repair your computer option, which scans the computer for Windows installations, and then press the Troubleshoot button.
- Some systems will support pressing a function key during boot (such as F11).
The previous method of using F8 or Shift+F8 is no longer reliable.
Windows 10 includes an on-disk version of Windows RE. If a computer running Windows 10 detects a startup failure, it can automatically fail to run Windows RE on-disk.
Windows OS Loader sets a status flag during initialization, which indicates when starting the process. Winload.exe clears this flag before showing the sign-in screen for Windows. When the boot fails, the flag will not be visible to the loader. Consequently, Windows OS Loader detects the flag when the device starts next time; it believes a startup failure has occurred and then launches Windows RE instead of Windows 10.
The benefit of automatic failover to Windows RE Startup Repair is that when a startup problem occurs, you may not need to test the troubled device.
Notice that for Windows OS Loader, the system has to start successfully to remove the status flag. If the control of the machine is disrupted during the activate-up phase, Windows OS Loader will not remove the flag and will instead automatically start Start-up Repair.
Remember that the presence of both Windows Boot Manager and Windows OS Loader is necessary for this automatic failover. If any of these components are missing or damaged, automatic failover can not function, and you must perform a manual evaluation and repair of the startup environment of the device.
Now you know how the Windows Recovery Environment works, let's go to the Reset this PC feature.
There are several explanations of why a consumer may want their machine reset. For example, if a user has significant configuration issues or bugs or the system does not run correctly, they might choose to reset their Windows 10 machine. The user can intend to repurpose the computer and give it to a member of the family.
You can reset the device using the Reset this PC feature. The Reset this PC tool reinstalls Windows 10, but it can retain computer settings and files depending on your choices. Optionally, the Reset this PC tool can remove most of the applications and leave the computer only with the default Windows 10 installation.
You do not need Windows 10 media to use the Reset this PC feature.
From the Settings app or the Windows RE, you can access the Reset this PC feature. In either case, you can select the option to protect your files or delete everything from the device in the Reset this PC tool. When you decide to remove everything, you can specify that you only remove your data or that you clean the drive thoroughly.
It takes considerably more time to clean your drive entirely. It's more secure, though, because you can't easily retrieve the deleted files. The Reset this PC device still maintains the size and names of disk partitions irrespective of your range, and it always eliminates applications and drivers that are not part of the initial Windows 10 installation process.
The Reset this PC tool can only be run as a local user from the Settings app. When you run it from the Settings app, you don't need to provide credentials, and you select the option to protect your files. The Reset this PC tool will warn you of the applications it is going to delete, and you will need to reinstall them manually.
If you are running Reset this PC from the Windows RE accessible on a local drive, you will need to pick the local user and provide the credentials to the user. You won't be told of the apps it will uninstall, in any case. In either case, after completing the process, the Reset this PC tool will add a list of the removed apps to the local user's screen.
Although Windows 10 is reinstalled by the Reset this PC function, it retains computer settings such as computer name, domain membership, and local users. The Reset this PC feature removes device drivers and programs that were not a part of the default update for Windows 10 but retains all user settings and files.
When you run the Reset this PC tool and choose to remove all, and if your device has more than one drive, you will be asked to decide whether you want to delete all files from all drives or remove all data from the drive where Windows 10 is installed. You will also need to decide whether the Reset this PC operation should only wipe your files or clean the drive thoroughly.
The Reset this PC procedure will erase all disk space multiple times before installing Windows 10 if you choose to clean your drive entirely. If you don't want to recover your files, such as before selling your Windows 10 device or giving it to a family member for personal use, you can choose this option. The Reset this PC procedure removes all software, settings, and data that are not included in the default Windows 10 installation if you decide to uninstall all.
Up next, you will find some considerations for using the Reset this PC tool.
Consider the following when you are deciding whether to use the Reset this PC tool with the Keep my files option:
- The choice of Keep my files isn't as detrimental as just deleting my files and cleaning the drive options entirely. Although the Reset this PC tool preserves your data and settings, it removes all programs that were not included in the initial Windows 10 update.
- If you start the Reset this PC tool with the Keep my files option from the Windows RE, which is accessible from the local drive, you need a local user with administrative permissions. If you use Keep my files from the Windows 10 media within the Reset the PC tool, anyone with physical access to the device can use the Reset feature of this PC tool.
- You have to reinstall all applications and reapply any updates that have been made since the Windows 10 device was first installed.
- You don't need a backup or Windows 10 media to use the Keep my Files option from the Reset this PC tool.
When choosing to use the Reset this PC tool with the Just remove my files or Fully clean the drive options, you need to consider the following:
- The Reset this PC tool eliminates all software and desktop applications from your Windows Store. Only the programs that are included in the default Windows 10 update will be available on the device.
- To use Reset this PC with the Just remove my files or Fully clean the drive options, you do not need any special permissions.
- Your configuration settings for files, settings, and computer are set to their original, post-installation state.
- You must reinstall all programs and reapply any updates that have been made since the Windows 10 device was first installed.
- You don't need a backup or Windows 10 media to perform Reset this PC with the Just remove my files or Fully clean the drive options.
To start the recovery process, follow these steps:
- Launch the Settings app.
- Click Update & Security | Recovery option.
- On the Reset this PC page, click Get Started.
- In the dialog box, you will be presented with two options, namely, Keep my files and Remove everything, as shown in the following screenshot:
- Choose one of the options that suits you, and click Reset to restart the PC and allow the reset process to begin.
Besides all of the options mentioned previously, you also have the Fresh Start feature.
- Reinstalls Windows 10 while retaining your data
- Removes all installed apps and bloatware
- Installs the latest security updates
When the system restarts after the Fresh Start has been completed, you can sign in with the same username and password, and it will retain all of your data. You need to reinstall any additional applications that you had installed before. If you need access to the list of removed applications, during the process, a file will be created that can be found on the desktop after you sign in to the computer. Within the Fresh Start page in the Windows Security app, you will see a history of when you have used the Fresh Start feature and a link to the removed apps list.
Any apps that came preinstalled on your system by the OEM will have also been removed.
- Launch Windows Security.
- Select Device performance and Health.
- Scroll down to Fresh Start and click on Additional information, as shown in the following screenshot:
- Then, click on Get Started.
- Read the warning and click Next to proceed.
- Fresh Start will then display a list of apps that will be removed, then click Next.
- On the Let's Get Started page, click Start. Then, the PC will start the reset process, which can take up to 20 minutes.
At this point, you have the knowledge to recover Windows 10 with the previously mentioned recovering options. You have two more options, such as using a system image backup and using a system repair disk. These two mentioned options are not necessary for the exam, so we will not be handling those two options.
The next section will be about troubleshooting the Windows 10 startup and boot process.
Windows 10 has a competent and reliable architecture for the startup. You rarely need to get involved in solving startup problems. When one arises, however, it can be difficult to solve unless you understand the underlying mechanism.
Windows includes boot loader components designed for quick and secure loading of Windows. These three components are given as follows:
- Windows Boot Manager (Bootmgr.exe): Windows Boot Manager (BOOTMGR) first loads as the computer starts and then reads the Boot Configuration Data (BCD). BCD is a startup configuration information database that is stored in a registry-like format on the hard disk.
- Windows OS Loader (Winload.exe): Winload.exe is the boot loader for the OS invoked by Windows Boot Manager. Winload.exe loads the device drivers for the OS kernel, namely, Windows NT operating system kernel (ntoskrnl.exe) and BOOT_START, which, together with BOOTMGR, make it functionally identical to NTLDR. Winload.exe initializes memory, loads drivers to continue, and transfers control to the kernel afterward.
- Windows Resume Loader (Winresume.exe): BOOTMGR transfers the information to Winresume.exe only if the BCD contains information about a current hibernation file. Then, BOOTMGR exits and starts/initiates Winresume.exe. After it starts to execute, it reads the image file for hibernation and uses that file to restore the OS to its running state for pre-hibernation.
Windows 10 enables fast startup by default. When the Windows 10 computer is shut down, Windows stores part of the state of the OS into the hiberfil.sys file. When you start your Windows 10 machine next time, this condition will be reloaded during initialization. Often, this process is called Hybrid Startup. This behavior can be controlled via the Control Panel | Power Options | Change what the power button does | Turn on fast startup (recommended) option.
You just learned that three components are necessary to startup Windows 10 from cold boot or hibernation. In the next section, you will learn the seven steps of the startup process of Windows.
Once you turn on a computer, the initialization process will load the basic input/output system (BIOS) module or Unified Extensible Firmware Interface (UEFI) on more recent or modern computers. When loading the UEFI or BIOS, the machine accesses the boot disk's Master Boot Record (MBR), followed by the drive startup's boot sector.
The cold startup process of Windows 10 has seven steps, as follows:
- First, the UEFI or BIOS does a Power-On Self-Test (POST). From a startup perspective, before loading the OS, the BIOS allows the device to access peripherals such as hard disks, keyboards, and computer monitors.
- Then, in the UEFI or BIOS, the computer uses the information to locate a mounted hard disk that should contain an MBR. After that, BOOTMGR is called and loaded by the computer, which then locates an active drive partition on the discovered hard disk's sector 0.
- Then, BOOTMGR reads the BCD file from the active partition, collects information about the different operating systems mounted on the computer, and then shows a boot menu, if applicable.
- For a resume operation, BOOTMGR either transfers control to Winload.exe or calls Winresume.exe.
- Otherwise, Winload.exe initializes memory and loads drivers that are set to start at startup. Such drivers (configured in the registry with a start value of 0 and called BOOT_START drivers) are essential components of hardware such as disk controllers and peripheral bus drivers. Winload.exe then transfers the access to the kernel of the OS, that is, ntoskrnl.exe.
- Then, the kernel initializes and loads the drivers at a higher level (except for BOOT_START and services). In this step, as the Session Manager (Smss.exe) initializes the Windows subsystem, you'll see the screen turn to graphical mode.
- Then, the Windows OS loads the Winlogon.exe service, which displays the Sign-in page. Windows Explorer loads once the user has logged in to the system.
In this section, you learned about the seven steps of the startup process of a Windows OS. Nowadays, you have seen that many manufacturers are implementing UEFI boot instead of BIOS boot to give more enhanced security to your computer. In the next section, you will learn about Secure Boot.
Secure Boot is a Windows 10 feature on UEFI-based devices that can help to enhance your device's protection by helping to prevent unauthorized software from running on your computer during the startup. Secure Boot checks every piece of software that has a valid digital signature. The verification applies to the OS itself.
With Secure Boot on a device, each piece of software is checked by the device against the databases of known good signatures kept within the firmware. Using this method, the firmware will only run software that it deems free of tampering.
The Secure Boot phase under Windows 10 requires UEFI-based firmware. The Secure Boot process uses UEFI to avoid the launch of unknown or potentially unwanted OS boot loaders (such as firmware rootkits) between the system's firmware start and the start of the Windows 10 OS.
Some desktop computer manufacturers might allow you to deactivate Windows 10 Secure Boot via UEFI. However, on UEFI-based tablet devices running Windows 10, this may not be possible.
With Windows 10, Secure Boot is mandatory, and it greatly increases the quality of the startup process.
In this section, you learned about Secure Boot on UEFI-based devices and about Secure Boot's ability to secure your Windows 10 environment. In the next section, you will understand about the BCD store and what it does.
The Windows 10 BCD store is an extensible database of objects and elements that can include hibernation image details and individual configuration options to start Windows 10 or an alternative OS. For new firmware models, the BCD store offers an improved mechanism for describing the boot configuration details.
The boot sector loads BOOTMGR during startup, which in effect accesses the BCD store, and then uses that information to view the user's startup menu (if there are several boot options) and to load the OS. Such parameters were previously found in the Boot.ini file (in BIOS-based operating systems) or the Non-Volatile Random Access Memory (NVRAM) entries in the Extensible Firmware Interface (EFI) operating systems.
Windows 10, however, removes the BCD store boot.ini file and NVRAM entries. The BCD store is more flexible than boot.ini and can be extended to computer platforms that do not use BIOS to start the device. You can also apply the BCD store to firmware versions, such as EFI-based computers.
Windows 10 stores the BCD as a hive for the registry. The BCD registry file is in the active \Boot directory partition for BIOS-based systems. The BCD registry file for EFI–based systems is on the partition of the EFI device.
Now you understand more about the Windows 10 BCD store, and you learned how the BCD store works when you boot up your Windows 10 computer. The following section is about troubleshooting application installer issues and how you can resolve these kinds of problems.
This section is about troubleshooting applications. That's something different than troubleshooting the Windows 10 OS. Most large organizations manage application installations from a central location.
Desktop support staff, however, are involved in deploying applications during initial development and when troubleshooting failed installations. Therefore, you need to learn how to determine why the installation of a desktop app fails and how to solve those problems that might prevent the installation.
Windows 10 runs updates using Windows Installer. Both versions of Windows 7 and older versions of the Windows OS include Windows Installer 5.0.
If the program you want to install is packaged as a .msi file and is accessible from the destination computer, you can either double-click the .msi file or run msiexec.exe from elevated Command Prompt to install a desktop app. To install an application from a shared folder, for example, execute the following command from an elevated prompt:
Msiexec.exe /i \\PACKTDC1\apps\application1.msi
You may receive one of the following error messages during the installation of an application:
- The Windows Installer Service could not be accessed.
- Windows Installer Service could not be started.
- Could not start the Windows Installer service on the Local Computer.
One of the causes of problems with Windows Installer is applications that don't complete their installation or uninstallation successfully. In some cases, restarting the computer can force the operation to continue. You may need to reinstall or repair the program before you can uninstall it. However, in a worst-case scenario, you may need to uninstall an application, including its registry entries manually. You can use any of the following methods to troubleshoot Windows Installer issues:
- Verify that Windows Installer is functioning by running the following command at Command Prompt:
- Verify that the Windows Installer service is configured to start manually and that it starts without errors.
- Re-register Windows Installer, but first unregister by using the following command:
After executing the preceding command, make sure to run the following command as well:
- Reboot the computer to reset any running installations.
- Remove any software that may clash with the software you are attempting to install.
In rare cases, another application that is running may be preventing the installation or removal of the device. Try to identify a problem application so that you can disable services and applications that start automatically.
To resolve application deployment issues, you need to understand why the deployment failed. In the next section, you will learn some standard resolving methods for deployment issues.
Being able to solve deployment problems with desktop applications depends on your understanding of why the deployment failed. When you understand why a desktop application doesn't deploy properly, you can then decide the appropriate methods for resolving the problem.
The following is a list of approaches used to overcome deployment problems with desktop applications:
- Run as administrator: For installations with desktop applications that do not correctly elevate installation permissions, you can manually elevate permissions by right-clicking the installation file and then clicking Run as Administrator.
- Install the necessary dependencies: If you are unable to install a desktop application due to missing dependencies, then you have to install the correct dependencies. If the missing dependency affects multiple computers, the best way to fix the missing dependency on all computers needs to be decided. You may need to update the base image, which you can then deploy along with the dependency.
- Application Compatibility Toolkit (ACT): ACT is a suite of software that you use to ease the installation and execution of earlier Windows OS applications on newer versions. Application Compatibility Manager is one of the methods at ACT.
You can use this method to create an inventory of installed applications and then determine whether those applications are experiencing problems while running on Windows 10. During conversion to a new OS, you will usually be using ACT. As a part of the Windows Assessment and Deployment Kit, you can install ACT.
- Correct AppLocker configuration: If AppLocker blocks the installation of valid desktop applications, then you need to change the AppLocker rules setting.
In the case of automated deployment, when deployed manually, the application will install and perform correctly but will fail when using an automated deployment process. While the application itself should not be ruled out, when a manual installation works and the automatic installation doesn't, the installation is often stopped because of a lack of permissions. You have to verify that whichever deployment tool you use has the correct permissions to install the program.
A desktop application operational issue is any case where a desktop application does not work correctly from the user's perspective. Some of the problems you or your users can experience include the following:
- Missing application features: You can select which features to install in many applications. The default installation options for an application might not include all of the features a user requires.
- Missing Windows OS features: Some applications require proper functioning of the Windows OS features. This includes various Microsoft .NET Framework versions.
- Incorrect configuration: The default settings post-installation of an application might not be sufficient. You can configure the program settings to suit your needs, such as the default locations for saving files and folders. Some desktop apps might also need the firewall to have open ports. Users may not have access to start all apps, or some file permissions may be inadequate for users to run the app.
- Poor performance: Applications could be running slower than users could expect. This can happen when users perform a specific task, when devices don't meet minimum hardware requirements or they are used regularly.
- Application errors: Every fault the program shows on the screen is an issue in the operation of a desktop application.
- Incorrect database connection settings: Some desktop applications use a database server as a store for data. If you don't correctly configure the link to the database, the application cannot function properly.
- Application blocking by AppLocker: To enable or block applications on Windows 10 computers, you can configure AppLocker. If AppLocker blocks an authorized desktop app, you will have to try to solve the problem.
Issues concerning desktop application operations can affect the performance of a user's work. Therefore, you need to define and solve these problems as quickly and as accurately as possible.
You will bring it through a rigorous testing process before you deploy a desktop app, which involves every day user activities. Desktop support staff often do this research, but you may want users to be included in this testing process too. The desktop app may not function as you would expect during testing, which results in the need for more troubleshooting.
Users are the most popular source for information on issues with device operations after you install a desktop app. Use on-screen error messages and event logs while examining problems with desktop application operations. In some instances, these messages and logs provide sufficient information to solve the problem. In other cases, you may need to do more work. Additional research might include searching the vendor's website, searching the internet, or contacting vendor support.
In this section, you learned various methods with which you can troubleshoot some Windows Installer issues. If a desktop application is successfully installed, there can be some problems with the applications as well. In the next section, you will learn how you can resolve operations in desktop applications.
Your success in solving a problem with a desktop application process depends on your consistency in the problem description. The following methods include some ways to resolve the problems with desktop app operations:
- Install a requested feature: If there is a missing application function that a user needs, then you can disable it. Finally, you have to decide whether other users also need the functionality, and if so, determine how best to accommodate them. You may need to update the installation process of the program or update an image of the OS containing the application.
- Reconfigure the application: When you incorrectly configure a desktop app, you can reconfigure it to meet the requirements that have been specified. If multiple users need to reconfigure, the best way to upgrade multiple computers is to be decided. You can choose to update your group policy, update the application deployment process, or update an image of the OS containing the application.
- Repair or reinstall the application: If a desktop app faces errors or is unable to start, the issue might be resolved by fixing the program. During the process of repairing an application, the configuration files are set to the correct version and rewrite the computer-specific registry entries. It does not impact user-specific entries within the registry. If an application patch does not fix the problem, try reinstalling the program.
- Apply application updates: These software updates update the application issues found by the vendor of the software. Installing timely application updates can prevent problems with desktop application operations from occurring in your environment and may solve any performance problems.
- Upgrade the application to a newer version: Some issues relating to application operations enable you to update to a more recent application version. For example, you may need to update an app to a 64-bit version to improve the performance and access more memory. Newer versions may also offer new features.
- Identify performance issues and bottlenecks: The performance issues that are usually reported by the users are vague. By using tools such as Performance Monitor or Resource Monitor, you need to identify the source of the problem. Improving performance may rely on hardware upgrades, or users might need to run fewer applications on the device simultaneously. You might also need to change the performance expectations of the users.
- Reconfigure AppLocker rules: If AppLocker rules prevent a legitimate desktop app from running, these rules must be reconfigured to allow the desktop app to run, using the application path, the publisher, or the hash value.
So, now you know how to resolve issues with desktop applications. But in Windows 10, you can also install applications via the Windows Store. The applications that you are installing from the Windows Store are Universal Windows Platform (UWP) apps. These types of applications work differently than traditional applications.
The Windows Store will alert you when there are problems with an application and will immediately try to solve the problem in most situations. You may encounter situations where an app won't start, and the Windows Store won't be able to solve the problem. This section will address some of the most common issues you can experience while running Universal Windows Apps.
You can run the Apps troubleshooter if you have issues with an application or if the Windows Store app isn't loading. This tool will detect and repair Universal Windows applications and Windows Store software issues. It's only available in English, but the tool can be used on computers that are using any other language. The following screenshot shows you the Windows Store Apps window:
- Built-in Administrator can't run Universal Windows Apps: You cannot run Universal Windows Apps when signed in as the built-in administrator because of the default configuration. To run Universal Windows apps, you must allow User Account Control: Admin Approval Mode for Built-in Administrator account.
- Allow Universal Windows applications to run at User Account Control (UAC): Universal Windows applications can only start when UAC is allowed. If you have UAC disabled, it must be re-enabled to run Universal Windows Apps.
- Windows Firewall could block the app: Windows Firewall blocks those Universal Windows Apps to protect your device. Microsoft suggests configuring the Windows Firewall rules for the proper functioning of an application.
- Group Policy could block the application: AppLocker may be preventing certain Universal Windows Apps from installing and running. Microsoft recommends reconfiguring AppLocker rules to allow the installation and execution of an application.
- Verify that your applications are valid: When you run into problems with starting Universal Windows Apps, you should first test whether the Windows Store apps have any updates. You should make sure that the application updates are allowed automatically to avoid this problem.
- Clear the cache for the Windows Store: If the Windows Store app does not start, or the Windows Store app can't connect to the store, this problem could be fixed by clearing the Windows Store cache. You can reset the Windows Store cache by typing the following command in Command Prompt and then pressing Enter:
- Synchronize the licenses to apply: If the license for the application you want to start isn't compatible with the computer that you want to start the application on, then synchronizing the licenses could solve the problem.
If the previously mentioned suggestions with starting your Universal Windows App have not solved your problem, then I suggest reinstalling the program. To reinstall the program, you need to uninstall it first and then open the Windows Store app to reinstall it.
In this section, you have learned some methods to troubleshoot Universal Windows Apps with, for example, the Apps Troubleshooter tool, which you can download from the Microsoft Download Center.
This chapter was all about recovery and troubleshooting from files to Windows 10 to applications. You learned how to enable and configure File History and make use of the Previous Versions tab to go back to a previous version of a document or other types of files. Furthermore, you can decide which type of file recovery you can use in your organization and how you can troubleshoot issues with file recovery.
Another crucial thing you have learned is how you can recover Windows 10 through different mechanisms, such as Fresh Start and using a recovery drive.
Sometimes it can happen that Windows 10 won't boot at all, due to a corrupt boot loader or a similar issue. So you learned the process of booting Windows 10 and how you can troubleshoot this as well.
The last part of this chapter was about troubleshooting applications, such as UWP apps and desktop applications, through deployment and operational issues.
In the next chapter, you are going to learn to manage updates in Windows 10. It is common knowledge that it is essential to keep your Windows 10 and applications up to date. You will discover several key strategies to keep Windows 10 up to date.
- Is Microsoft Azure Backup a built-in tool in Windows 10?
- Does File History, by default, back up Windows libraries?
- Can the recovery drive have a size of 4 GB?
- When you go back to an earlier created restore point, will your personal data be affected then?
- Can you enter the Windows Recovery Environment with the F8 key?
- Can you use the ACT tool to test your legacy software on Windows 10?
- Is the IISReset.exe command the correct one to clear the Windows Store cache?
- How to use all of Windows 10's backup and recovery tools: https://www.howtogeek.com/220986/how-to-use-all-of-windows-10%E2%80%99s-backup-and-recovery-tools/
- Backup and Restore in Windows 10: https://support.microsoft.com/en-us/help/4027408/windows-10-backup-and-restore
- Backup Windows 10 to Microsoft Azure Backup: https://www.thomasmaurer.ch/2018/10/backup-windows-10-microsoft-azure-backup/
- Create a recovery drive: https://support.microsoft.com/en-us/help/4026852/windows-create-a-recovery-drive
- Managing restore points with PowerShell: https://mcpmag.com/articles/2012/02/21/powershell-windows-restore.aspx
- Windows Recovery Environment (Windows RE): https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference
- How to reset your Windows 10 PC: https://www.laptopmag.com/articles/reset-windows-10-pc
- How to factory reset Windows 10 using the Fresh Start option: https://www.windowscentral.com/how-reset-windows-10-pc-factory-settings#reset_freshstart_windows10
- Released Versions of Windows Installer: https://docs.microsoft.com/en-us/windows/win32/msi/released-versions-of-windows-installer?redirectedfrom=MSDN
- Fix problems with apps from Microsoft Store: https://support.microsoft.com/en-us/help/4027498/microsoft-store-fix-problems-with-apps