Windows 7 Resource Kit- P22

Chia sẻ: Thanh Cong | Ngày: | Loại File: PDF | Số trang:50

0
42
lượt xem
3
download

Windows 7 Resource Kit- P22

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'windows 7 resource kit- p22', công nghệ thông tin, hệ điều hành phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:
Lưu

Nội dung Text: Windows 7 Resource Kit- P22

  1. PT10M PT1H true false IgnoreNew true true true false false true true false false false 7 C:\Windows\System32\calc.exe Importing Tasks Tasks that have been exported can also be easily imported to another computer or the same computer . To import a task, follow these steps: 1. Right-click a task folder under the Task Scheduler Library and then select Import Task, or select Import Task in the Action pane . 2. Browse to where the .xml file is located and click Open . The task will be automatically imported into the library using the settings contained in the .xml file . note To ensure that the task runs properly, it is recommended that you verify the prop- erties of the task after you import it. Using Task Scheduler CHapTER 21 1003 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  2. Using SchTasks.exe for Creating and Managing Tasks This section describes the SchTasks .exe command-line syntax and parameters . The Schtasks .exe command-line interface utility allows an administrator to create, delete, query, change, run, and end scheduled tasks on a local or remote system through the command shell . Command Syntax The SchTasks .exe command interface uses the following syntax: SCHTASKS / [arguments] Command parameters The available parameters for SchTasks .exe are as follows: n /Create Creates a new scheduled task n /Delete Deletes the scheduled task(s) n /Query Displays all scheduled tasks n /Change Changes the properties of the scheduled task n /Run Runs the scheduled task immediately n /End Stops the currently running scheduled task n /? Displays a help message Creating Tasks The general syntax for Schtasks .exe is as follows: SCHTASKS /Create [/S system [/U [/P []]]] [/RU [/RP ]] /SC schedule [/MO ] [/D ] [/M ] [/I ] /TN /TR [/ST ] [/RI ] [ {/ET | /DU } [/K] [/XML ] [/V1]] [/SD ] [/ED ] [/IT] [/Z] [/F] The following is an example command . SCHTASKS /Create /S system /U user /P password /RU runasuser /RP runaspassword /SC HOURLY /TN rtest1 /TR notepad Deleting Tasks The general syntax for deleting a task is as follows: SCHTASKS /Delete [/S [/U [/P []]]] /TN [/F] 1004 CHapTER 21 Maintaining Desktop Health Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  3. The following is an example command . SCHTASKS /Delete /TN "Backup and Restore” Running Tasks The general syntax for running a task is as follows: SCHTASKS /Run [/S [/U [/P []]]] /TN The following is an example command . SCHTASKS /Run /TN "Start Backup" Ending Tasks The general syntax for ending a task is as follows: SCHTASKS /End [/S [/U [/P []]]] /TN The following is an example command . SCHTASKS /End /TN "Start Backup" Querying Tasks The general syntax for querying a task is as follows: SCHTASKS /Query [/S [/U [/P []]]] [/FO ] [/NH] [/V] [/?] The following is an example command . SCHTASKS /Query /S system /U user /P password SCHTASKS /Query /FO LIST /V Changing Tasks The general syntax for changing a task is as follows: SCHTASKS /Change [/S [/U [/P []]]] /TN { [/RU ] [/RP ] [/TR ] [/ST ] [/RI ] [ {/ET | /DU } [/K]] [/SD ] [/ED ] [/ENABLE | /DISABLE] [/IT] [/Z] } The following is an example command . SCHTASKS /Change /RP password /TN "Backup and Restore" Using Task Scheduler CHapTER 21 1005 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  4. Task Scheduler Events In Windows Server 2003 and earlier versions, scheduled tasks used a Schedlgu .t xt log file to track tasks and their status . Windows Vista implements all new event logs for applications, and Task Scheduler now logs all operational information about scheduled tasks into its own event log . The Scheduled Tasks event log Microsoft-Windows-TaskScheduler is located under Application Logs . Important errors or warnings about task or service failures are logged to the System log so that administrators can readily see them and take action . Task Scheduler 2 .0 will normally log an event on task registration (at creation), at task launch, and when the task instance has been sent to the engine . Events will also be logged on task failures and any task-related problems . This section provides examples of typical events that are logged by the Scheduled Tasks service . Task Registration An Event ID 106 is logged when a task is created . This event is also referred to as task registration . Task Launch Tasks can be started by either a user request or a trigger . An Event ID 110 is normally logged when a user manually starts a task . An Event ID 107 is normally logged when a task is started as the result of a trigger . Task Execution An Event ID 319 indicates that the Task Engine received a message from the Task Scheduler service requesting task launch, and it is the best indicator of a task launch . In these events, the Task Engine is identified by the user SID, and the task name is also logged . Task Completion An Event ID 102 is normally logged when a task completes successfully . Troubleshooting Task Scheduler Task or service failures are logged to the system event log . It is important to note that the events will vary and will be based on what failed . A user will see different events based on whether a task failed to start or if the task started successfully but the action failed . The key to troubleshooting Task Scheduler is understanding specifically where the failure occurred in the process . A task is defined as an action, the trigger for the action, the conditions under which the task will run, and additional settings . The event log will show whether the failure is in the trigger, the task action, the conditions, or the settings of the task . 1006 CHapTER 21 Maintaining Desktop Health Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  5. Tasks Won’t Run If the Service Is Not Started If you are having problems scheduling tasks or getting tasks to run correctly, first ensure that the Task Scheduler service is running . You can run Services .msc to verify that the Task Scheduler service status is Started . The Task Did Not Run at the Expected Time If a scheduled task does not run when you expect it to run, ensure that the task is enabled and also check the triggers on the task to ensure that they are set correctly . Also, check the history of the task, as shown in Figure 21-18, to see when the task was started and to check for errors . FIgURE 21-18 Task Scheduler History Tab The Task Will Run Only If all Conditions are Met You can set task conditions on the Conditions tab of the Task Properties dialog box . If condi- tions are not met or are set up incorrectly, the task will not execute . Using Task Scheduler CHapTER 21 1007 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  6. The Task Will Run Only When a Certain User Is Logged On If a scheduled task does not run when you expect it to run, review the Security Options set- tings in the Task Properties dialog box on the General tab . The Task Executed a program But the program Did Not Run Correctly If a task attempts to execute a program, but the program does not run correctly, first try run- ning the program manually (not from a task) to ensure that the program works correctly . You may need to add arguments to the program command or define the Start In path using the Add Arguments and Start In optional fields . The Task Failed to Start An Event ID 101 is normally logged when a task fails to start . In these events, the result code is also displayed . For more information about result and return codes, see the section titled “Interpreting Result and Return Codes” later in this chapter . The Task action Failed to Execute When a task starts but the action configured for the task fails to execute, an Event ID 103 or an Event ID 203 is normally logged . These events also display the return code . For more infor- mation about result and return codes, see the section titled “Interpreting Result and Return Codes” later in this chapter . The program Specified in the Task Requires Elevated privileges If a task is running a program that requires elevated privileges, ensure that the task runs with the highest privileges . You can set a task to run with the highest privileges by changing the task’s security options on the General tab of the Task Properties dialog box . Interpreting Result and Return Codes To interpret return codes, you can use a tool such as Err .exe, which you can obtain from the Microsoft Download Center . Err .exe parses source-code header files until it finds a match for the error . In this regard, the Scheduled Tasks service in Windows Vista still functions quite similarly to previous versions of Windows . Return codes from events that occur internally are always translated into hresult code . For example, the logon failed event will contain a result code that can be interpreted as a hresult . Task handler tasks also return result codes that you can interpret using the same tools . However, when an executable is started and fails for an unknown reason, you have no way of knowing what the result code might mean . The hresult logged in the event log will typically indicate the value returned to the service from the executable itself, and additional research and documentation may be required for accurately interpreting the code . 1008 CHapTER 21 Maintaining Desktop Health Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  7. note You can download Err.exe from the Microsoft Download Center at http://www.microsoft.com/downloads/details.aspx?familyid=be596899-7bb8-4208-b7fc- 09e02a13696c. although this tool is called the Microsoft Exchange Server Error Code Look- up tool, it actually looks up any Windows operating system error codes. Understanding the Windows System Assessment Tool You can use the Windows System Assessment Tool (WinSAT) to assess the features and capa- bilities of a Windows PC . If the WinSAT scores have not been pre-populated by the original equipment manufacturer (OEM), then WinSAT will run the following tests: 1. The DWM test during initial install or Out-of-Box Experience (OOBE), to provide the Desktop Window Manager (DWM) with the video memory bandwidth data used in determining whether Aero can run on a system . 2. The remaining tests on system idle (as an idle task, to be kicked off by the Task Sched- uler when the computer is not busy) . In addition, WinSAT checks once a week whether new hardware has been installed on this machine . If new hardware was installed and the current ratings are outdated, then WinSAT will run on idle to update the ratings . WinSAT can also be run on demand, when the Re-run The Assessment option is selected in the Performance Information And Tools Control Panel item . diReCt FRoM tHe SoURCe WinSAT Data Files CSS Global Technical Readiness (GTR) Team A dvanced users may want more information regarding the Windows Experience Index and system performance than is available in the performance Informa- tion and Tools Control panel item. The underlying technology that supports the Windows Experience Index is the WinSaT. This tool stores the 10 most recent assess- ments in a data store folder located at: %WinDir%\performance\WinSaT\DataStore The data store consists of XML files that contain information regarding each assessment. These XML files contain details regarding system performance and the Windows Experience Index. The files are named by the date and time the assessments ran. Understanding the Windows System Assessment Tool CHapTER 21 1009 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  8. Understanding WinSaT assessment Tests WinSAT performs a variety of assessment tests on the hardware of a computer . These assess- ment tests include: n cpu Measures the computation ability of the processor . n d3d The Direct3D (D3D) assessment is targeted at assessing a system’s ability to run 3D graphics; both business graphics and games . n disk Measures the performance of disk drives for sequential and random reads, and for mixed read-write workloads . n dwm The DWM assessment is targeted at assessing a system’s ability to run a Windows–composited desktop, usually referred to as Aero Glass . Note that these are names of Aero themes . You can run this assessment only on computers with Windows Display Driver Model (WDDM) video drivers . n features Enumerates relevant system information . This assessment is automatically run once for each invocation of WinSAT . n formal Runs the full set of assessments and saves the results in the xml format needed to populate the Windows Experience Index score and subscores in the Performance Information And Tools Control Panel item . n media Measures the performance of video encoding and decoding . n mem Runs system memory bandwidth tests . This is intended to be reflective of large memory-to-memory buffer copies, like those used in multimedia processing (video, graphics, imaging, and so on) . n mfmedia Runs the Media Foundation–based assessment . Examining the WinSaT Features assessment WinSAT automatically runs the Features assessment each time WinSAT runs, to gather the system information listed . This assessment enumerates system information relevant to the assessments, including: n An optional globally unique identifier (GUID) if the –iguid command-line switch is used . This ensures that each XML file has a unique identifier . n The iteration value from the –iter N command-line switch . n The number of processors, cores, and CPUs . n The presence of CPU threading technology . n x64 capability . n The processor signature . n The size and other characteristics of the processor’s L1 and L2 caches . n The presence of MMX, SSE, and SSE2 instructions . n Information on the memory subsystem . (Note that this is very system-dependent: Some systems will produce good detail here; others will not .) 1010 CHapTER 21 Maintaining Desktop Health Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  9. n Graphics memory . n Graphics resolution . n Graphics refresh rate . n Graphics names and device IDs . Running WinSaT from the Command Line Although in most cases, WinSAT will not need to be executed manually from a command prompt, the general format of the command line is as follows . winsat The WinSAT command-line options are not case sensitive . The command line does not require a dash or forward slash for the assessment name, but it does support either a lead- ing dash (–) or a leading forward-slash (/) character to designate an assessment parameter . WinSAT can be run from a command shell with administrative privileges . An error may be reported if any options or switches are not supported . The WinSAT tool also supports several command-line switches in addition to the assess- ment parameters . These are parsed by WinSAT before it passes control to one or more of the assessments . Some of these parameters are also supported by one or more assessments . The command-line parameters recognized by WinSAT include: n –csv This causes WinSAT to save the top-level measured metrics to a Comma- Separated Value (CSV) file . n –help or ? Displays the help content . n –idiskinfo Information on the disk subsystem (logical volumes and physical disks) is not normally saved as part of the section in the XML output . n –iguid Generates a GUID in the XML output file . Note that this is not valid with the formal assessment . n –iter N Includes the iteration number in the XML output file . n –v This specifies that WinSAT should produce verbose output . This output includes progress and status information, and possibly error information . The default is for no verbose output . This switch is passed to all of the specified assessments . n –xml file_name This specifies that the XML output from the assessment is to be saved in the specified file name . All assessments support the –xml command-line switch; a pre-existing file with the same name will be overwritten . Understanding WinSaT Command Exit Values WinSAT provides the following command exit values: n 0 All requested assessments were completed successfully . n 1 One or more assessments did not complete because of an error . Understanding the Windows System Assessment Tool CHapTER 21 1011 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  10. n 2 One or more assessments did not complete because of interference . n 3 WinSAT was canceled by the user . n 4 The command given to WinSAT was invalid . n 5 WinSAT did not run with administrator privileges . n 6 Another instance of WinSAT is already running . n 7 WinSAT cannot run individual assessments (for example, D3D or DWM) on Remote Desktop server . n 8 WinSAT cannot run a formal assessment on batteries . n 9 WinSAT cannot run a formal assessment on Remote Desktop server . n 10 No multimedia support was detected, so the WinSAT tests could not be run . n 11 This version of WinSAT cannot run on Windows XP . n 12 The WinSAT watchdog timer timed out, indicating something is causing the tests to run unusually slowly . n 13 Can’t run a formal assessment on a Virtual Machine . diReCt FRoM tHe SoURCe When Does WinSAT Run? Server performance Group Windows Fundamentals I n Windows Vista, all WinSaT tests were run during OOBE (the first-run install or out-of-box experience) in order to ensure that all systems had detailed ratings, but it took time (about 3-5 minutes). In Windows 7, we’ve made the OOBE experience faster; only the DWM WinSaT test needs to run during OOBE. That test provides the video bandwidth data used by the DWM to determine whether aero can be turned on. The remaining WinSaT tests (other than the DWM test) run as idle tasks. after the initial scores are populated, WinSaT checks weekly to see whether hardware has changed sufficiently that the tests should be re-run. Customers can also choose to manually re-rate the system at any time using performance Infor- mation and Tools in Control panel. By default, WinSaT tracks the history of scores on a machine. If the hardware components have not changed, the highest score is maintained. This prevents temporary minor fluctuations in scoring; for example, if someone re-ran the assessment while a complex application was also running and competing for resources. To re-rate a system from scratch without taking history into account, performance Information and Tools has an advanced Tools option to “Clear all Windows Experience Index scores and re-rate the system.” 1012 CHapTER 21 Maintaining Desktop Health Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  11. In addition, WinSaT in Windows 7 now supports the new “prepop” syntax. Customers and partners who update images prior to rolling out installations can generate winsat.xml files containing scoring data for their particular systems. During OOBE, WinSaT looks for prepopulated files that match that system configuration. If the files are present, WinSaT will use them to supply the WinEI scores for performance Infor- mation and Tools. Benefits of prepopulation include the following: n The DWM test does not run during OOBE, because the corresponding winsat.xml file is already there. n The customer has a complete set of WinEI scores from the start with no need to wait for the remaining WinSaT tests to run on idle. n Components that make decisions based on WinSaT data will have the information as early as possible so they can modify their behavior based on prepopulated settings instead of using defaults. For example, SuperFetch is aware of advances in storage technology and will turn itself off automatically when the system disk has a WinEI Disk score greater than or equal to 6.5. (SuperFetch helps the common occurrence in which retrieving data from disk is relatively slow; when the system disk is extremely fast, SuperFetch gracefully backs off.) Running WinSaT Using performance Information and Tools If WinSAT has not assessed the system at all, or if hardware has changed since the initial installation, the Windows Aero Glass features may not be available . If you have installed new video hardware or other hardware that might affect the system rating, you may need to run WinSAT from Performance Information And Tools in order to reassess the computer . To run WinSAT again and reassess the hardware, perform these steps: 1. Click the Action Center icon in the system notification area to open the Action Center . 2. Click the View Performance Information link on the left to display the Performance Information and Tools Control Panel item, shown here . Understanding the Windows System Assessment Tool CHapTER 21 1013 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  12. 3. Click the Re-run The Assessment link at the bottom right . The Windows Experience Index dialog box will be displayed with a status bar . The reassessment process can take a few minutes and the screen may flash while the system is being assessed . note You cannot use performance Information and Tools in Safe mode. The main screen of Performance Information and Tools includes the following sections, from top to bottom: n System Capabilities n Help links for more information n A link to Print detailed system information n OEM Upsell And Online Help You can use Group Policy to configure what is displayed on the Performance Information And Tools Control Panel for targeted computers . The policy settings for doing this are found here: Computer Configuration\Policies\Administrative Templates\System\Performance Control Panel 1014 CHapTER 21 Maintaining Desktop Health Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  13. System Capabilities Section The System Capability details section contains scores derived from the WinSAT data and provides the Windows Experience Index scores and subscores for each area . The Windows Experience consists of the base score (Index) and the subscores for the following areas: n Processor n Memory (RAM) n Primary hard disk n Desktop graphics n 3D and gaming graphics The base score is a positive integer that starts at 1 and can continue to grow as new technology comes out . For example, in Windows Vista, the maximum score was 5 .9, while in Windows 7, the maximum score is 7 .9 . Each of the subscores also has a rating . The System Capabilities section can be in one of three different states: n Unrated The computer has not yet been rated . n Normal The computer has been rated and the rating is up to date . n Outdated Hardware configuration changed and the Windows Experience Index score and subscores should be updated . OEM Upsell and Help Section The OEM Upsell And Help section provides the following features: n An area for OEM suppliers to place their logos and a link to a local page or their Web sites n A link for additional information online accessing advanced performance Tools Additional options available on the left side of Performance Information And Tools include: n Adjust Visual Effects Opens the Performance Options dialog box n Adjust Indexing Options Opens the Indexing Options dialog box n Adjust Power Settings Opens the Power Options dialog box n Open Disk Cleanup Opens the Disk Cleanup Options dialog box n Advanced Tools Opens an Advanced Tools screen that provides access to other performance-related tools (see Figure 21-19) Understanding the Windows System Assessment Tool CHapTER 21 1015 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  14. FIgURE 21-19 Advanced Tools HoW it WoRKS Understanding the System Performance Rating Microsoft Global Technical Readiness platforms Team I t is important to note that the System performance Rating number indicates the general speed and power of a computer running Windows Vista. The rating per- tains only to the performance aspects that affect how well features in Windows and other programs will run on this computer and does not reflect the overall quality of the computer. a higher performance rating means the computer will generally perform better and faster—especially when performing more advanced and resource-intensive tasks—than a computer with a lower performance rating. The rating system is designed to accommodate future advances in computer tech- nology. In general, the standards for each level of the rating system stay the same (within tenths). For example, a computer that is rated as a 4 should remain a 4 unless the computer’s hardware changed. as technology continues to improve, additional higher-level Windows Experience scores will be introduced, and new tests added. 1016 CHapTER 21 Maintaining Desktop Health Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  15. Understanding Windows Error Reporting Windows Error Reporting (WER) is the client component for the overall Watson Feedback Platform (WFP), which allows Microsoft to collect reports about failure events that occur on a user’s system, analyze the data contained in those reports, and respond to the user in a meaningful and actionable manner . WER is the technology that reports user-mode freezes, user-mode faults, and kernel-mode faults to the back-end servers at Microsoft and replaces Dr . Watson as the default application exception handler . note WER in Windows Vista and later has support for any kind of problem event as defined by the developer, not just critical failures as in Windows Xp. Overview of Windows Error Reporting The WFP is illustrated in the high-level flow diagram in Figure 21-20, with WER labeled as the Watson Client . Step 1: Problem event occurs Step 2: WER plug-in code calls WER APIs Step 3: WER collects the bucketing parameters and prompts the user for consent (if needed) Step 4: WER sends bucketing parameters to the Watson back-end Step 5: If Watson requests additional data, WER collects the data and prompts the user for consent (if needed) Step 6: WER executes pre-registered recovery and restart functions if applicable, and the data is compressed and uploaded behind-the-scenes Step 7: If a response is available from Microsoft, a notification is shown to the user FIgURE 21-20 Watson Feedback Platform flow diagram A significant improvement of WER in Windows Vista and later versions is the concept of queuing . In Windows XP, WER reports could be sent only at the time the event occurred, with few exceptions . Beginning with Windows Vista, WER provides a flexible queuing architecture where users, administrators, and WER integrators can determine the queuing behavior of their WER events . Understanding Windows Error Reporting CHapTER 21 1017 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  16. During the OOBE phase of installing Windows 7, the user can choose whether WER should automatically send basic problem reports to Microsoft . Basic problem reports include only the minimum amount of information necessary to search for a solution . Later you can choose to send additional information automatically as well . How WER Works WER consists of the following conceptual components: n Report Processor n Data Collection Module n Transport System n Store Management System Client-side WER functionality is provided through the WER service . Report processor The Report Processor is a conceptual component that is responsible for managing the state of a report after it has been sent to WER . Applications use WER APIs to create and submit reports . At that point, the Report Processor decides whether to queue the report or submit the report . The Report Processor will attempt to hand over the report to the Transport System if the following conditions are met: there is network connectivity, the report is for an interac- tive application, and a user interface can be shown . Otherwise, the Report Processor will hand over the report to the Queue Management System . The Report Processor will also invoke the user interface component if applicable . Data Collection Module The Data Collection Module is responsible for collecting the following data: n Heap dump data n WMI query results n Registry key data n Registry tree data n Files n File version information n User documents n Minidump n Microdump (that is, a minidump that has been stripped of all other information except the faulting stack trace) 1018 CHapTER 21 Maintaining Desktop Health Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  17. Transport System WER uses two separate modes of transport: n live Watson Mode In this mode, WER uses a four-stage protocol based on top of HTTP to communicate with the live Watson back-end servers . n Agentless Exception Monitoring (AEM) Support for the file share–based Corporate Error Reporting (CER) transport mode used in previous versions of Windows has been discontinued in Windows Vista . Instead, support for Agentless Exception Monitoring (AEM) has been added to Windows Vista for use in corporate environments . AEM is a component of the Client Monitoring feature in Microsoft System Center Operations Manager (SCOM) 2007 that lets you monitor operating systems and applications for errors within your organization . For more information about AEM, see http://technet.microsoft.com/en-us/library/bb309493.aspx. Store Management System The WER Store Management System component is responsible for maintaining the error report stores (folders) and for scheduling the prompts that a user will see when there are unsent queued error reports . WER uses user stores for user-level problems and machine stores for system-level problems . The type of store affects the WER prompts that a user sees and the location where the error report data is stored . In addition, user and machine stores contain two subfolders named ReportQueue and ReportArchive . These folders store the queued (unsent) and archived report contents, respectively . The actual data for each error report is stored in individual subfolders within the ReportQueue and ReportArchive folders, which are compressed by default using NTFS compression . When an error report is generated, the queue subsystem evaluates the WER configuration and connection status to determine the appropriate store to use . The WER queuing structure and behavior is discussed later in this section . USER STORE The WER user store is located in the following folder: Users\\AppData\Local\Microsoft\Windows\WER The default WER behavior is to store error report data in user stores . Error reports are written to the current user’s store if the following conditions are true: n Reporting failed for any reason other than the user clicking Cancel . n The application developer designed the application using WER APIs to specify queuing as the default behavior . n The ForceAdminQueue policy is not enabled . Understanding Windows Error Reporting CHapTER 21 1019 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  18. COMpUTER STORE The WER computer store is located in the following folder: ProgramData\Microsoft\Windows\WER You can configure WER by using Group Policy or the registry to force all error report data to be written to the machine store . Reports are written to the machine store if either of the following conditions is true: n The process submitting the report is not running in an interactive desktop (includes system services) . n The ForceAdminQueue policy is enabled . REpORTQUEUE FOLDER The ReportQueue folder contains reports that are queued for sending at a later time . These reports have either the necessary consent and are pending a network connection for upload, or they need consent from the user before they can be uploaded . When a report has been successfully uploaded, it is removed from the ReportQueue folder . This folder is referred to as the Upload or Signoff queue. After a report is successfully submitted, the report, along with any uploaded data, is copied into the ReportArchive folder . The location of the ReportQueue folder is either of the following: n Users\\AppData\Local\Microsoft\Windows\WER\ReportQueue (for reports in the user store) n ProgramData\Microsoft\Windows\WER\ReportQueue (for reports in the computer store) Note that when the error data is collected initially and before it is queued in the Report- Queue folder, the collected error report files are stored in subfolders within the following folder: Users\\AppData\Local\Temp REpORTaRCHIVE FOLDER The ReportArchive folder contains reports that have been uploaded or denied upload (via policy or explicit user action) . This folder is referred to as the Archive store. Reports that are successfully submitted from the queue store(s) are automatically transferred to the archive store . You also can create an Event Reporting Console (ERC) folder in the WER store folder(s) . The subfolders in the ERC folder store response metadata and templates used for displaying the response data in the Problem Reports And Solutions Control Panel . You don’t need to modify the data in the ERC folder, and modifying the data is not supported . The location of the ReportArchive folder is either of the following: 1020 CHapTER 21 Maintaining Desktop Health Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  19. n Users\\AppData\Local\Microsoft\Windows\WER\ReportArchive (for reports in the user store) n ProgramData\Microsoft\Windows\WER\ReportArchive (for reports in the computer store) QUEUE REpORTING When a new error report is successfully submitted to any of the queues or directly to the Watson back-end servers, WER enters Queue Reporting mode . In Queue Reporting mode, WER will prompt you to send the queued report(s) if conditions permit . If conditions are not optimal for reporting, WER schedules itself to be started when a network connection is estab- lished (SENS) or when the current user logs on the next time (HKCU\Run) . This ensures that at some point in the future when conditions are right for reporting, infrastructure will be able to show the queued reporting console . In Queue Reporting mode, WER performs the following checks in the following order: 1. Is the failing process running in an interactive desktop? If not, WerMgr .exe terminates . This is necessary because WER dialog boxes should not be shown for noninteractive desktops, such as the ones that the service accounts own . 2. Does the current user have reports in her queue, or is the current user an administrator and is administrative queuing enabled? If neither of the conditions is true, the current user has no reports to report . In this case, WER will ensure that network and logon triggers for the current user are removed, and it will exit immediately . If either of the conditions is true, WER attempts to prompt you to report entries in the queue . 3. WER sets the network and logon triggers for the current user in case conditions are not optimal for reporting at this time . 4. WER checks network access to see if the last reporting time has expired . If either of these checks fails, WerMgr .exe terminates . 5. Open the Problem Reports And Solutions Control Panel to prompt you and update the last reporting time . STORE MaINTENaNCE By default, the Queue Management System performs maintenance such as deleting stale data and trimming the size of the queue on a report store whenever 50 saved reports are in the store . When the total queued report count exceeds the number defined in the registry value MaxQueueCount or the registry value MaxArchiveCount for archive stores, the queue subsystem deletes the oldest .cab files from the queues in the following order until the size of the queue reaches MaxQueueCount or no more CABs remain to delete: 1. Archive Store 2. Signoff Queue 3. Upload Queue Understanding Windows Error Reporting CHapTER 21 1021 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  20. The metadata for a report persists for one calendar year unless the user has disabled the archive via the DisableArchive setting . WER queue data retention policies can be configured using Group Policy . If no queuing policies are configured, the Archive queue will retain 1,000 reports and the Upload/Signoff queue will retain 50 reports . If a queue becomes full and a new report is created, the new report will overwrite the oldest report in the respective queue . QUEUE TRIGGERS This section describes the launch triggers that WER uses to ensure that the queued report- ing prompt is started for users when they have unsent reports in their queues . Triggers are persistent across reboots . WER launch triggers include: n Network trigger This trigger starts WerMgr .exe in Queue Reporting mode for a specific user when a network connection is established . The network trigger is imple- mented through the SENS API that senses the presence of a network connection . n logon trigger This trigger starts WerMgr .exe in Queue Reporting mode for a specific user when the user logs on . WerMgr .exe is responsible for WER error queue management . n Administrator trigger The administrator trigger notifies an administrator of unsent entries in the machine queue . This trigger occurs only for administrators on the system . WER Service The WER service is responsible for obtaining the information that is provided to the back-end Watson servers when an application exception occurs . The service library, Wersvc .dll, is hosted in its own Svchost .exe process . When a process crashes, the WER service calls Werfault .exe (or Werfaultsecure .exe, discussed later in this section) to obtain all of the necessary data for the crashing/hanging process . Werfault .exe loads Dbgeng .dll and Dbghelp .dll to collect the appli- cation error data . It also loads Faultrep .dll to perform the reporting to the back-end Watson servers . If the WER service is not started when an application exception occurs, Werfault .exe and the dependent libraries will still be started to perform the data collection and reporting tasks for the fault . WER in Windows Vista and later also supports error reporting for secure processes . Secure processes are processes that contain data encrypted with a private key and restricted permis- sion . If a crash occurs in a secure process, the WER service uses Werfaultsecure .exe to obtain the necessary data for the crashing/hanging process . The report is encrypted when created and queued automatically to prevent any possibility of exploitation through the user interface . The encrypted data is then sent to the back-end Watson servers, where it is decrypted and analyzed . 1022 CHapTER 21 Maintaining Desktop Health Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Đồng bộ tài khoản