Notes about Windows software and hardware issues

Updated: 2007-02-28
Created: 2000

MS-Windows authentication and Kerberos

MS-Windows has evolved through a number of authentication and authorization systems, nearly all of which currently are still supported, and the lasted is based on Active Directory which is a layer of Microsoft specific software on top of widely used standards like Kerberos, LDAP and DNS, in a typical embrace and extend way.

Since AD and more in general MS-Windows systems need to interoperate, it may be useful to understand the history and some of the peculiar details in order to better confront interoperability issues, and a list of past and and current outlines of MS-Windows authentication systems follows.

MS-Windows 3

MS-Windows 3 )(and related products like MS-Windows for Workgroups was built on top of MS-DOS which id not have any authentication and minimal authorization mechanisms, and therefore implemented some as extensions: one for authentication-only for local access to the PC, and another authorization-only for remote access to files.

MS-Windows 3 authentication was purely for local users with user attributes stored in a PWL file. This file contained barely more than the user name (encoded as the name of the file) and password.

Authorization applied only to remote file access, and each collection of remote files (a share) would have a read-only password and a read-write password.

In particular there was no centralized authentication or authorization system.

MS-Windows NT
MS-Windows AD

Microsoft AD is a layer over Kerberos used for authentication, LDAP used for registration and authorization, and DNS used to publish some aspects of registration.

AD defines a domain on top of a Kerberos realm.

Some resources about MS Windows XP SP2

Some resources about MS Outlook

MS Outlook is with MS Office the real current (2004) source of Microsoft customer lock-in, rather than MS Windows. It is the killer app. Well, it often kills e-mail :-). If you can, just avoid using it. Otherwise here are some resources, mostly related to dealing with PST files and archiving and converting them.

Some resources about MS IE

Some user has made a list of MS Knowledge Base articles about MS Internet Explorer that contains well selected, useful and interesting entries.

It also appears that MS IE cache troubles are so common that there is a program that is devoted solely to work around MS IE cache issues.

List of selected Mozilla or Firefox extensions

Refer to the Mozilla extensions and Firefox extensions lists in my Linux, as thanks to XUL they are essentially OS/hardware independent.

Deleting default multicast routes

When enabling a network interface MS Windows by default creates a multicast route on it which cannot be deleted.

Apparently it cannot be deleted because it is some kind of virtual route. But adding a similar route just overrides the virtual route, and it can then be deleted.

Something like this works:

route add 224.0.0.0 mask 240.0.0.0 10.0.0.1 10.0.0.1
route delete 224.0.0.0 mask 240.0.0.0 10.0.0.1

Deleting such a route can be useful to prevent packets being multicast on some of the interfaces of a multi-homed node.

How to find which processes have a lock on a file

Someone has written a nice utility called WhoLockMe that lists the processes that hold a lock on a file, and thus prevent file operations on it.

And someone else has written a nicer alternative unlocker on a page that even has a table of the features of similar utilities.

Amazing site on Windows tips

Axcel's is one of the best sites on obscure and useful Windows tips.

He also as an impressive list of freeish Windows utilities.

Interesting list(s) of freeware or cheap utilities

TBC

Creating a bootable Windows 200x CD-ROM

It is possible in some way to create a bootable Windows 200x CD-ROM.

Removing the Microsoft Java VM

Apparently a bug in the Microsoft Java VM allows an adware exploit to install itself.

It is in any case a good idea to completely remove the Microsoft Java VM, and there is a description of how to remove it

Interesting list of patches for Windows

Many sites have lists of the patches that are needed to make Windows versions slightly less unreliable and this australian one seems to have nice list.

There is also an official Microsoft FTP site for hotfixes for which there is a convenient HTTP mirror in Germany.

Windows 9x hangs during shutdown

This is actually somewhat well known, and there is a Microsoft knowledge base article about it. The fix is to get an updated version of the USER and USER32 components as follows:

Date        Time    Version    Size     File name   Platform
--------------------------------------------------------------------------- 
04/21/2000  11:33a  4.10.2227   55,296  User32.dll  Windows 98 Second Edition
04/19/2000  04:02p  4.10.2227  549,760  User.exe    Windows 98 Second Edition
08/24/2000  05:05p  4.00.954    44,544  User32.dll  Windows 95 (all versions)
08/24/2000  04:54p  4.00.954   462,560  User.exe    Windows 95 (all versions)

They also suggest the workaround of disconnecting all mapped network drivers before shutting down. There have been reports that mapped network drivers may cause other problems with games like MechWarrior4 on AMD/VIA based motherboards.

Windows Update download points

In an article in PC Pro, January 2002, David Moss says that the automagic Windows Update site, which can only be used from Windows and only using IE, is also actually rather behind the times. There are a number of places in the Microsoft web site where updates can be downloaded manually, using any OS and any browser, that are usually kept more up-to-date as they are used by corporate users, and they are:

SoundBlaster Live! problems

The SoundBlaster Live! and its variants seem to have a badly misdesigned hardware and software interface, that really poften manifests itself in lockups and incompatibilities with various motherboards, graphics cards, operating system drivers, both under Linux and Windows. It is also rather overpriced.

It is particularly dangerous to leave the SoundBlaster 16 emulation mode enabled.

Some of the problems are described here including a procedure on how to perform a full unistall of the SoundBlaster Live! drivers.

It is usually best to avoid such a poorly misdesigned card, and to get a replacement. Generally, Yamaha and Crystal chipset based cards are good replacements; the Turtle Beach brand ones (e.g. the Sonic Fury mentioned in the link above) seem to be pretty good.

It might help to try disabling ACPI mode, as described below.

Norton Utilities NDD is extremely slow during the directory scan phase when checking volumes after a Windows crash, during Windows 95 or 98 startup, while the GUI version of NDD is very fast, once Windows 95 or 98 has started up.

Apparently NDD for DOS, the version that runs to repair volumes after a crash, before Windows 95 or 98 are fully started, does no disk caching of its own, and it rereads the same blocks on disk over and over; thus one needs to start smartdrv in the autoexec.bat file. This probably has no adverse affects after Windows 95 or 98 have started, and it seems to me it speeds up the loading of Windows 95 or 98 too.

It is impossible to manually set the IRQ used by a serial port in Windows 95 or 98: when clicking Change Setting... one gets This resource setting cannot be modified.

Thanks to another tips site that I cannot remember, here is the really obscure solution: there are several possible default manually selectable configurations in the properties for a serial port device (Basic configuration 000n), and only on the last the IRQ can be modified. The others are fixed. Just select the last then, and you will be able to set any IRQ. Note: even this is not allowed for the first two serial ports.

Switching off ACPI support can be done without reinstalling

ACPI support under MS Windows 9x or MS Windows 2000 can cause a number of problems, including IRQ conflicts and sharing.

The safest way to make sure that ACPI is disabled under MS Windows 2000 and 98 is to reinstall them with an option that disables ACPI handling.

Making sure that MS Windows 2000 is installed without ACPI usually requires reinstallation with the /NOACPI option to the setup program.

However while replacing a non ACPI HAL with an ACPI one is very unadvisable, replacing an ACPI one with a non ACPI one is less risk, and Lindsay R. Ritchie has described a way to switch off ACPI support without reinstalling:

In order to achive this the Windows 2000 computer configuration has to changed from being an ACPI PC to a standard PC. One way of doing this is by updating the COMPUTER driver from being ACPI to Standard PC in device manager (NB ACPI should also be turned of in the BIOS). A few re-boots are required as Windows 2000 then creates a new hardware profile and will detect all hardware again. The proper way of doing this is to cleanly install Windows 2000 on a newly formatted partition. (This of course takes time, but is STRONGLY recommended).

While reinstallation is better, switching ACPI off for MS Windows 98 is safe, unlike for MS Windows 200.

To switch ACPI off in MS Windows 98 the system drivers must be updated similarly: the ACPI BIOS entry in the System Devices subtree of the Device Manager must be removed and the Standard BIOS installed in its place.

For MS Windows 98 enabling ACPI at (re)install time can be done by using the /p j switch to setup; similarly, disabling it can be done with the /p i switch.

In all cases, ACPI support also should be turned off in the BIOS setup screens.

In any case ACPI is essentially useless for desktops (it may be useful for laptops) as a column about ACPI says:

Even once you have a new machine with ACPI support enabled, however, your worries are not over. If you add a new peripheral that is not ACPI-compliant, then you could "break" a previously functioning ACPI setup. Unless every piece in the system is ACPI-compliant, you can't take full advantage of ACPI power savings. This problem also explains why early tests have shown that ACPI was not offering any battery life enhancements over APM on notebooks. (See "Windows systems suck more juice" for more.)

There is also an interesting presentation of ACPI registry entries, that I think was inspired by a Microsoft article for OEMs:

During Windows 98 Setup, ACPI is installed only on systems that are listed on the retail compact disc as good ACPI systems. However, if you have had the system BIOS updated to a fully functioning ACPI BIOS, you can have ACPI installed by using the following procedure.
To install ACPI:
  1. Flash the BIOS to the latest rev.
  2. Run Regedit.
  3. Under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Detect, add a String value called ACPIOption, and set it to "1" (or use the ACPION.REG file from the downloads page).
  4. In Control Panel, click Add/Remove Hardware and have it run full detection.

To remove ACPI support perform steps 2 through 4, but set ACPIOption to "2".
The settings for ACPIOption are as follows

It has been reported by a reader of this page that setting that registry entry to 2 is not sufficient, and one should also delete the acpi.sys driver file.

Other resources:

The DirectX installer does not allow downgrading to an earlier release.

In theory downgrading DirectX can cause problems, but usually it does not. There are several possible solutions, but the simplest is to make the installer believe that it is actually upgrading, by looking at the registry key HKEY_Local_Machine\Software\Microsoft\DirectX and setting "Version" to for example to "4.06.00.0000", which makes the installer believe that DirectX 6 is installed, thus allowing to upgrade DirectX 8 to DirectX 7.

The other method is to use a DirectX uninstaller, of which there are a few, for example:

MS-Windows 7 boot details

I found some good pages (to be listed below) and here is a summary for the case where the disk is partitioned using traditional PC-DOS style labels.

MS-Window booting disk details

The first 63 sectors (512 bytes each) are reserved to contain disk related metadata. The first sector is called MBR ad contains 3 main areas:

Each partition may contain whatever or be marked an extended partition in which case it has the same format as a disk, with the first 63 sectors reserved for metadata, and the first of these sectors containing an MBR. With some restrictions:

MS-Windows 7 boot data partition

A non-extended partition, whether primary (defined in the top level partition table) or logical (defined in the partition table of an extended partition) can contain whatever, and the type of othe contents is by convention indicated by a type field in the partition description.

MS-Windows can put a volume inside a partition (the volume can be on its own if the disk is not partitioned) and the volume (or a set of volumes) can contain a filesystem, typically in FAT32 or NTFS format, which have their own type field values.

f the partition contains a static Microsoft filesystem it must have one of the FAT or NTFS partition types, and the first 16 sectors contain volume metadata, of which the first sector is the partition boot sector. The metadata is not part of the filesystem and describes the volume, which is a container for the filesystem, and can exist outside of a partition, where the volume takes up the disk instead of a slice of it.

The layout and content of the volume metadata is somewhat different dependening on the type of the filesystem contained in the volume, but mostly it contains in the first sector some code to bootstrap, a volunme descriptor, and in the following sectors, more bootstrap code and/or filesystem data.

For a recent NTFS volume the first sector of the metadata contains the bootstrap information for the filesystem in the following fields:

Windows 7 boot OS layer

The boot starts with the reset signal to the CPU, which triggers the loading of the BIOS, which then loads the code in the first sector of the first disk, which then loads the code in the active primary partition's first sector.

This is rather more complex code that can traverse the filesystem, and then load the files that initialize the operating system.

The operating system bootstrap code is loaded from the system volume's filesystem, consults the bootstrap configuration file, and then loads the operating system code from the boot volume (which is often the same as the system volume). This then consults the registry, sets up memory, processes, the storage system, and loads the operating system shell.

There are two types of bootstrap code in recent MS-Windows versions, the one used in MS-Windows 3 to MS-Windows XP, and the one used since MS-Windows Vista.

Windows 7 moving partitions

It is often convenient for backup or storage reconfiguration to move around partitions, and also MS-Windows partitions. The NTFS filetrees contained in them can be shrunk or expanded using the ntfsresize tool of the cite class="thing">ntfsprogs collection, so the contents of a partition can be conveniently copied using dd or equivalent, and quickly too as it is a streaming sequential copy (if there are few other streams on the same disks).

Unfortunately most versions of MS-Windows have been designed to partially ignore the partition structure of a storage device, and they rely also and instead on different mechanisms, especially for bootable partitions.

Some terminology is important:

There are some important details:

When the disk identifier or the offset in sectors from the beginning of the storage device change all disk signatures must be manually updated in all three places where they are relevant: