Your SlideShare is downloading. ×
A+ Study Guide (220-702)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

A+ Study Guide (220-702)

4,131
views

Published on

This is our study guide for CompTIA's A+ certification exam (220-702). We hope you find this guide useful in your studies. Listed below is the breakdown of the test percentages by domain, which should …

This is our study guide for CompTIA's A+ certification exam (220-702). We hope you find this guide useful in your studies. Listed below is the breakdown of the test percentages by domain, which should help prioritize your studying:

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
4,131
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. A+ Study Guide (220-702) This is our study guide for CompTIA's A+ certification exam (220-702). We hope you find this guide useful in your studies. Listed below is the breakdown of the test percentages by domain, which should help prioritize your studying: Domain 1.0: Hardware Domain 1.1: Given a scenario, install, configure and maintain personal computer components  Storage devices o HDD: Hard drives  SATA: Installation for SATA drives is slightly different than for PATA drives, as there is no jumper setting necessary – the SATA controller does the work – and every SATA drive connects directly to a connector; there is no master/slave relationship with SATA drives. The installation process is straightforward:  Special note: With this general procedure, as with any procedure that involves handling components and working inside a computer, it is imperative the technician take proper ESD precautions before beginning: wearing a properly fitted wrist strap attached to an antistatic mat or grounded against the computer chassis; working at a grounded workstation, preferably on an antistatic rubber mat or special antistatic carpet; using anti-ESD bags to store components until needed. See the A+ 220-701 study guide for a more detailed breakdown of ESD precautions. It is assumed that technicians will follow ESD precautions as a first step before beginning work in any and every procedure.  If the tech isn’t sure an internal bay is available, open the system and check for an open 3.5-inch drive bay.  If a 3.5-inch drive bay is not available but a 5.25-inch drive bay is, attach an adapter kit and rails to the SATA drive.  Attach the SATA cable to the drive. SATA cables are keyed so there’s only one way they can be connected.  Slide the drive into the appropriate bay; use screws or snap rails into place to attach the drive to the bay. Domain Percentage of Examination 1.0 Hardware 38% 2.0 Operating Systems 34% 3.0 Networking 15% 4.0 Security 13% Total 100%
  • 2.  Attach the power connector to the drive. If an edge connector is not available, use the Molex-edge connector adapter to convert one. It may be necessary to purchase a power connector, but unlikely, since SATA is the current drive standard.  Attach the data cable to the host adapter on the motherboard or SATA adapter.  Verify correct data and power connections.  Turn on the computer and go into the BIOS if the SATA host adapter is built into the motherboard. Ensure the SATA host adapter is activated, save changes if applicable and restart your system.  If the SATA drive is connected to an adapter card, watch for startup messages to ensure the host adapter BIOS has located the drive.  If applicable, install drivers for the OS to enable the SATA drive and host adapter when prompted.  PATA: For older machines that still use PATA drives (also known as EIDE or IDE), the installation process is similar:  If the tech isn’t sure an internal bay is available, open the system and check for an open 3.5-inch drive bay.  If a 3.5-inch drive bay is not available but a 5.25-inch drive bay is, attach an adapter kit and rails to the PATA drive.  Set the drive jumpers according to the configuration being used. 40-wire cables use master and slave settings, whereas 80-wire cables use either cable select or master and slave settings. Hard drives should only use 80-wire cables, although other drives can use either 40-wire or 80-wire cables.  Connect the drive cable to the drive, matching the colored marking on the cable edge to the drive connector’s pin 1. Pin 1 might be marked with a square solder hole on the drive’s underside or by silk-screening. Otherwise, pin 1 is generally the one nearest the power connector. If necessary, disconnect the cable from the host adapter or other PATA drive to create sufficient slack.  Slide the drive into the appropriate bay; use screws or snap rails into place to attach the drive to the bay.  Attach the power connector to the drive; most PATA hard drives use the Molex power connector originally used on 5.25-inch floppy disk drives. If necessary, use a Y-splitter to split one connector into two.  Reattach the data cable to the other PATA drive and/or adapter if necessary.  If there’s another PATA drive on the same cable, change the jumper on the other PATA drive. With 80-wire cables, both drives can be jumpered to cable select, with the drive at the far end of the cable acting as master, and the middle drive as slave. Drives on 40- wire cables generally only use master and slave jumper positions.
  • 3. When moving jumpers, use a pair of tweezers or needle-nose pliers to carefully grab the jumper and gently pull straight off the pins; it’s best to change jumper settings before inserting the drive into the bay, as case configurations can make it tough to do afterward.  Verify correct data and power connections.  Turn on the computer and go into the BIOS. Make sure that the BIOS is properly recognizing the following information: o Hard drive geometry, which consists of:  Number of sectors per track  Number of read/write heads  Number of cylinders o Data transfer rate o LBA translation o Drives must be recognized by the system BIOS before they can be prepared and used by the OS. Most system BIOS will auto-detect a drive and obtain the correct configuration from the drive. Make sure the system detects the hard drive during an install.  Save BIOS changes if applicable and restart your system.  Solid state: Because of their high cost, solid state drives (SSD) are currently overwhelmingly used in laptops and mobile computers, so installing SSD devices will essentially be identical to replacing hard drives, meaning the process is a matter of turning off the laptop, accessing the drive bay, removing the old drive if present (a matter of simply pulling it out of the bay), inserting the new drive and closing everything up. o FDD: Floppy drives. Although considered an obsolete technology, floppy drives are still commonly used, and technicians will likely have to support them for a while yet. The installation procedure is fairly straightforward:  Select an empty 3.5-inch external drive bay; one specifically for the floppy drive should be available, if the case supports it.  Remove the dummy plate from the case front, if present.  If the case is an ATX system, remove the left side panel as seen from the front. If the case is a BTX system, remove the right side panel. If the case is a desktop system, remove the top.  If the 3.5-inch drive bay is a removable ―cage,‖ remove it from the system; this might involve pushing on a spring-loaded tab or removing a screw. Some drive bays pull straight out, while others swing out to one side.  Remove the floppy disk drive from its protective packaging. Ensure the drive screws you’ll use are correctly threaded and the right length.  Look for pin 1 markings on the bottom or rear panel of the drive; if no markings are found, pin 1 is the pin closest to the power connector.  Secure the drive to the drive bay with screws.  Replace the drive bay into the case if it was removed.  Attach the 34-pin connector at the end of the floppy disk drive data cable with the twist to the drive.
  • 4.  Connect the other end of the floppy disk drive data cable to the floppy disk drive interface on the motherboard or adapter card.  Attach the correct type of four-wire power cable to the drive.  Double-check the power and data cable connection, ensuring the cables are connected in accordance with how they’re keyed, before starting the computer.  Follow these steps in reverse to remove the drive from the system. o Optical drives: CD and/or DVD drives, including CD/DVD-writer, +RW drives and Blu-ray drives. The installation procedure is identical to that of hard drives, with the exceptions that no special BIOS configuration is needed (auto-select will be sufficient) and that in order to play CDs and DVDs through the optical drive, it may be necessary to connect an audio connector on the back of the optical drive to a 4-pin connector on the sound card; there is a special cable, usually gray with black connectors, used for this purpose. Newer drives often process sound output through the SATA connection, so do not have the sound connector. o Removable: Removable drives is a term for drives that use removable media, which includes the Iomega Zip and REV drives, as well as older technologies such as the Jaz and SuperDisk drives. The media is usually a cartridge with either platters or flexible magnetic disks, similar to floppy disks, inside. Internal removable drives come in SCSI, PATA (ATAPI) and IEEE 1394 versions, and the installation procedure is virtually identical to that of optical drives. Tape drives, though generally used only for backup purposes and thus would be special cases, are also considered removable media, and their installation procedures are the same. o External: External drives are generally hard drives, although external removable media and optical drives are sometimes used. Most external drives use USB or IEEE 1394 ports, but some external SCSI drives are also available. External hard drives of the USB or IEEE 1394 variety are generally preformatted with FAT32 and designed to work out of the box; attach the drive, and it should appear in My Computer/Computer or Explorer. Note that if an external drive is connected to a computer that lacks the appropriate drivers, the external device cannot be used until drivers are installed, but Windows from XP forward includes drivers for most external drives, although SCSI external drives need to prepared for use with a formatting program either built into the SCSI adapter BIOS or provided by the SCSI adapter manufacturer. External USB hard disks are available in 3.5-inch, 2.5-inch and 1.8-inch form factors; most use the larger 3.5-inch or 2.5-inch standards.  Motherboards: The motherboard is the central circuitry of the computer, where all the major components intersect and work together to create a computing unit. While there are several aspects of a motherboard that will be examined, this guide will start with the general procedure for preparing and installing an ATX motherboard in a case: o Preparing: The first step in preparing the motherboard is to review the system documentation to determine the correct sizes of memory supported, processors supported and configuration information. Next, install the RAM, as it is often difficult to do this once the motherboard is in place. Install the processor (CPU) and heat sink next, then configure CPU speed, multiplier, type and voltage
  • 5. jumpers or DIP switches on the motherboard, if used; most current motherboards configure these options through the BIOS, making the task far easier. o Installing: After the motherboard is prepped and ready for installation, the technician will follow these general steps, deviating where needed per the motherboard documentation:  Place the new motherboard over the old motherboard to determine which mounting holes should be used for standoffs – plastic supports that prevent shorts against the chassis – and which should be used for brass spacers.  Move brass spacers as needed to accommodate mounting holes. Getting this step correct will prevent shorts and operation issues later.  Insert the I/O shield and connector at the back of the case. Make sure all port cutouts are completely removed before installing the I/O shield.  Secure the motherboard using the original motherboard screws.  If applicable, reattach the wires to the speaker, reset switch, IDE host adapter and power lights. Not all of these options will be available on newer machines; check the case documentation if in doubt.  If the system has a floppy drive and/or EIDE drives – hard drive or optical – reattach the drives’ ribbon cables to the motherboard’s EIDE and floppy disk drive interfaces, matching the cables’ colored sides to the respective pin 1.  Reattach the drives’ SATA cables to the motherboard’s SATA ports. SATA port 1 will be assigned to the first SATA drive and so on.  Attach the power supply connectors to the motherboard.  If moving adapter cards from the old motherboard, install them, making sure the existing adapters don’t duplicate any features built into the new motherboard. Any adapter that will be used in place of an integrated feature must have the integrated feature disabled in the BIOS first.  Mount header cables using expansion card slot brackets (such as cables for additional USB ports) into empty slots and connect the cables to the appropriate motherboard ports.  Attach any cables used by front-mounted ports such as USB, serial or IEEE 1394 ports to the motherboard and case. o Jumper settings: Jumpers are plastic pin covers with metal inside used to connect pins and complete a circuit. Most current motherboards don’t use jumpers – which replaced its predecessor, DIP switches – for configuration information, but one common use for jumpers in storing settings is with BIOS; motherboards often use jumpers to control access to BIOS settings and to lock access to the computer. Jumpers on the motherboard can be taken from their default ―parked‖ settings – where a jumper is on one pin only – and set to clear passwords or allow flash updates. o CMOS battery: The CMOS is a volatile memory chip, which requires a small amount of power to store the settings. Generally, this energy comes from the power supply, but motherboards come with a small battery to keep the CMOS powered in case the computer is unplugged. This battery can be removed and changed.
  • 6. o Advanced BIOS settings: There are several manufacturers of BIOS on the market – the main ones being Phoenix, AMI and Award – and the settings considered advanced depend on the makers. Overall, though, the Advanced BIOS Settings/Features menu typically covers configuration settings that determine how a computer boots. For example, enabling the Quick Boot feature skips certain tests to allow the computer to start faster, mainly memory and drive tests. Enabling Boot Sector Protection interferes with write attempts to the boot sector, and thus provides some protection against computer viruses. Boot Up Num-Lock LED activates the Num Lock key at boot. Another option frequently found here is Boot Sequence, which for everyday usage should be set to this:  First device: Hard drive  Second: Floppy (if present) or optical drive. Some computers prompt the user to press a key in order to boot from the optical drive even if a bootable disk is found; the computer will proceed to the next device in the boot sequence otherwise.  Third: Optical drive or USB device o Bus speeds: Currently, different processors support different system bus speeds, which is the maximum signal frequency the system bus can send. Intel processors currently support bus speeds of 800, 1066, 1333 and 1600 megahertz (MHz). AMD processors currently support system bus speeds of 800, 1000 and 1800 MHz. One MHz is equal to 1,000,000 cycles per second. o Chipsets: A chipset is a collection of controllers and microchips that function together to support the processor socket and type, as well as control the system memory, the various buses and a few peripheral devices. Most chipsets available presently come from Intel, AMD, NVIDIA and SiS. Different chipsets have different focuses; NVIDIA chipsets, for example, tend to work well in high-end gaming systems because NVIDIA is best known for its graphics controllers, which integrate well into their chipsets. Intel processors naturally integrate well with Intel chipsets; ditto for AMD. o Firmware updates: Firmware is the programming that controls a hardware device from a chip built into the device; CMOS is considered firmware. Updates to the BIOS programming on a CMOS is often available through the computer or motherboard manufacturer’s site, as these companies usually modify the BIOS from the base configuration the BIOS maker uses. In some cases, such as with Dell computers, firmware updates can be downloaded through an update utility. o Socket types: Intel processors use different socket types than AMD processors, and are not interchangeable. Intel processors presently use a land grid array (LGA) architecture, which uses lands (which look like pads) instead of pins to connect to the CPU. The LGA socket style was introduced with the LGA775, which had 775 lands; current socket types are the LGA 775 (Socket T), LGA 771 (Socket J) and the LGA1366 (Socket B). AMD uses a pin grid array (PGA) architecture, with rows of pins placed around the socket, to make contact with the CPU. The current AMD socket types are the Socket 940, Socket 754, AM2, AM2+ and AM3. o Expansion slots: Expansion slots allow more I/O devices and high-speed graphics cards to be installed in computers. The most common expansion slots on recent
  • 7. systems include PCI, AGP and PCI-Express, or PCIe. Some systems also feature audio modem riser (AMR) or communications network riser (CNR) slots for specific purposes. o Memory slots: Current motherboards include a minimum of two memory slots, and some models hold as much as six. To boot, a modern computer must have at least one memory slot filled, or it will not function. Slot design varies; systems that used SDRAM required three-section memory slots designed for 168-pin modules, while DDR SDRAM machines require two-section 184-pin memory slots. DDR2 and DDR3 SDRAM machines have two-section memory slots for 240-pin modules. Regardless of slot design, however, each memory slot includes locking levers that swivel into place and secure the modules automatically when memory is correctly installed. o Front panel connectors: Front panel connectors are generally pins soldered onto the motherboard that connect to the typical front panel options: a hard drive light to indicate disk access activity, a power light and, if available, an internal speaker. Although many computers offer additional ports on the front, such as USB ports and speaker/headphone jacks, these are actually connected to different circuits through header cables, and aren’t to be confused with the front panel functions. o I/O ports: Current motherboards have a number of I/O ports integrated into them, including USB 1.1/2.0, parallel, Ethernet, PS/2 (for some units), IEEE 1394 and serial ports. Some motherboards also integrate video card capability, S/PDIF and sound mini-jacks as well. In most cases, there will be a port cluster positioned at the back of the computer, with header cables splitting off to give port capabilities in the front of the machine as well. Increasingly, motherboards are forgoing ―legacy‖ ports, such as the PS/2, serial and parallel ports, as USB devices become more varied.  Power supplies: What technicians refer to as a power supply is really a power converter, which provides power to the computer by transforming high-voltage alternating current (AC) from the wall socket to low-voltage direct current (DC) the computer can use. It takes a significant amount of wire coils and other components to perform this task, and bountiful heat is created as a side effect of the conversion. Most power supplies use one or two fans to dissipate this heat, but some supplies designed for silent operation use passive heat sink technology. o Installing: Installing a power supply is fairly simple, as there aren’t a lot of parts involved. Still, it requires attention, particularly when it comes to making connections. Follow these general steps:  Shut down the computer. Turn off the power supply’s power switch as well, if present.  Unplug the power cord from the computer.  Open the case to show the power supply. Consult the system documentation to look up specifics on this aspect.  Unplug the power supply from the motherboard. Note there is a catch securing the power supply connector, which must be tripped to unplug the connector.  Unplug the power connectors from all drives.  Unplug the power supply from the case and CPU fans.
  • 8.  Remove the screws attaching the power supply to the back of the computer case.  Remove any screws holding the power supply inside the case, if present.  Unplug the power supply switch from the front of the case, if present.  Lift or slide the power supply from the case. Compare the replacement power supply to the original, ensuring the form factors, power connectors and switch locations match. o Wattages and capacity: Power supplies are rated in wattage, a measure of how much power they can provide. While there is no set standard for how large a power supply’s wattage rating should be, there are a few things to keep in mind. First, power supplies produce marginally more wattage at room temperature than at operating temperature, so look for peak and actual ratings, which are measured at room and operating temperatures respectively. If a supply doesn’t have both, assume the listed rating is the peak rating for room temperature and reduce the wattage rating by 10-15% to estimate operating wattage. When determining a system’s expected power usage, add up all the loads for installed devices, including passive USB and IEEE 1394 devices that draw power from the bus, and add 30% to the total. o Connector types and quantity: ATX power supplies use either 20-pin main power connectors, used by older motherboards, or 24-pin power connectors that meet the ATX12V 2.x power supply standard, although some high- capacity power supplies with 20-pin connectors may include a 20-pin to 24- pin adapter. In addition, some motherboards may also use some of the following connector types:  Four-wire ATX12V connector, which provides additional 12 V power to the motherboard. Known as a ―P4‖ or ―Pentium 4‖ connector.  Eight-wire EPS12V connector; replaces the ATX12V power connector.  Six-wire AUX connector; found on older motherboards.  Four-pin Molex power connector; used to power drives and internal devices.  Reduced-size Molex power supply connector; used to power floppy drives.  L-shaped thinline power connector; powers SATA drives.  Six-pin PCI Express power cable; provides additional 12 V to PCI Express x16 video cards.  Y-splitters are commonly used to split one power connection into two, but these can lower the power supply’s ability to work, and these connectors often short out. Adapters from Molex to reduced-size Molex or SATA connectors are also available. o Output voltage: Maintaining a level and consistent output voltage is important for power supplies, as the components use far lower voltage, and a different type of current, than what is coming in from the wall. A certain amount of variance is expected, but very little: a power supply should vary no more than 5% from nominal on every rail. For computer components, that means a narrow range of voltages is acceptable:
  • 9.  For the +5.0 output: +4.8–5.2  For the +12.0 output: +11.4–12.6  For the +3.3 output: +3.14–3.5  Power Good: +3.0–6.0  Processors: The central processing unit (CPU) is the brain of the computer, and as such, one of the most important parts of the computer. Matching the capabilities and technologies built into the CPU with the rest of the machine is very important, as is exercising the utmost care when installing a CPU, using the following general process: o Installing: There are several different socket types available for computers, as was noted earlier in the guide. Two of the most common architectures for current computers are PGA and LGA. o First, to install a PGA processor into a zero insertion force (ZIF), locate the pin 1 corner of the CPU, which is generally marked with a dot or triangle, or even a line pointing toward pin 1.  Line up the pin 1 corner with the pin 1 socket corner. If the chip is placed incorrectly and power is applied, the chip is destroyed.  Insert the CPU into the socket, after ensuring the ZIP lever is vertical, and verify the pins are fitting into the correct holes.  Snap the lever into place to secure the processor.  Check if the heat sink has a thermal, or phase-change, pad or if thermal compound needs to be applied to the processor core. Apply the thermal pad or thermal compound as needed – keep in mind there must be some type of thermal material between the processor and heat sink.  Attach the heat sink to the processor as directed by the processor vendor, if the heat sink came with the processor, or heat sink vendor for aftermarket heat sinks. In some cases, mounting hardware may need to be attached to the motherboard before attaching the heat sink.  If installing an active heat sink – one with a fan – connect the fan to the appropriate motherboard connector. o To insert an LGA775 processor, locate the notches on each side of the CPU that correspond with key tabs in the socket, and use this process:  Ensure the load plate assembly is completely open. The plastic cover can be removed later.  Align the notches in the CPU with the key tabs in the processor socket to ensure the processor’s Pin 1 is properly aligned.  Lower the processor into place, with the metal heat spreader plate face up and the gold pads face down. Do not drop the processor; such an impact could damage the socket’s lands.  Push down the load plate and close the load plate assembly cam lever.  Lock the lever in place on the side of the socket. Remove the plastic cover and put it aside.  Check if the heat sink has a thermal, or phase-change, pad or if thermal compound needs to be applied to the processor core. Apply the thermal pad or thermal compound as needed – keep in mind there must be some type of thermal material between the processor and heat sink.
  • 10.  Attach the heat sink to the processor as directed by the processor vendor, if the heat sink came with the processor, or heat sink vendor for aftermarket heat sinks. In some cases, mounting hardware may need to be attached to the motherboard before attaching the heat sink.  If installing an active heat sink – one with a fan – connect the fan to the appropriate motherboard connector. o Socket types: Current socket types for Intel are the LGA 775 (Socket T), LGA 771 (Socket J) and the LGA1366 (Socket B). The current AMD socket types are the Socket 940, Socket 754, AM2, AM2+ and AM3. o Speeds: Processor speed is defined as the speed at which the processor operates internally, as opposed to external operation frequency, which is the system bus frequency. The processor frequency is given as the product of the system bus frequency and a multiplier. There are many families of processor currently, so there are a number of speed ranges available. Intel’s Celeron processors, for example, range between 1.2 and 2.4 GHz, while the Core 2 Extreme processors range between 2.66 and 3.2 GHz. Similarly, for AMD, the various AMD Athlon 64 processors start at 1 GHz and run all the way up to 3.2 GHz for the Athlon 64 FX line, while processors in the Phenom line go from 1.8 to 2.6 GHz. One gigahertz (GHz) is equal to one billion cycles a second. o Number of cores: Having two or more physical processors provides a tremendous performance boost; multiple processors make a computer perform multitasking or run multithreaded programs far faster. Computers with the hardware needed to use multiple CPUs, however, are expensive to make, and many operating systems are not capable of utilizing multiple processors. To counteract these disadvantages, dual core processors – two separate processor cores bundled into one processor – were developed, giving nearly all the advantages of two physical CPUs, while staying less expensive and being fully compatible with all OS versions. Dual-core desktop processors reached the market in 2005, with competing products launched by Intel (Pentium D) and AMD (Athlon 64 X2). Since then, Intel and AMD have released a number of multi-core processor lines, including the Core 2 Duo and Athlon 64 X2 (dual-core) and the Phenom X4 Agena and Core i5 750 lines (each of which have 4 cores). Both companies have released multi-core lines going as high as 8 cores. o Power consumption: Processors use tremendous amounts of power, and there are a couple of different ways to measure this quality. Intel processors use thermal design power (TDP), a measure of the power a computer’s cooling system must dissipate, while AMD recently switched to the average CPU power (ACP) benchmark, based on average daily usage of power. These systems are not either-or scales – AMD has stated that its processors will have ratings in both systems – but they do not precisely match; a 105 watt ACP rating, for example, works out to 137 watts TDP. Either way it’s measured, modern CPUs draw prodigious power: the AMD Phenom X4 Agena has a 140 watt TDP rating, while the Intel Core i7-960 draws a 130 watt TDP rating.
  • 11. o Cache: Cache is a small section of RAM used by the processor to contain data and instruction sets the memory controller expects the processor to need next, which saves time and improves performance by avoiding excessive calls to RAM. Cache comes in three flavors: Level 1 (L1) cache, which is on the processor die, Level 2 (L2) cache, which is not on the die but part of the overall processor package and Level 3 (L3) cache, which is the cache memory farthest from the core. Cache sizes range from a tiny 64 KB of L2 cache on older Athlon processors to a whopping 6 MB of L2 cache for some Intel Core 2 Duo processors; L3 cache generally runs 6-12 MB for current processors. o Front side bus: The front side bus (FSB) is the main bus on the motherboard, the data path used by the CPU, RAM and onboard chipset. Traditionally, the FSB speed was measured in MHz, but it’s become more common among manufacturers to rate the FSB using the maximum effective data rate, which is measured in megatransfers per second (MT/s). Current FSB ratings range as high as 2600 MHz, although the most common motherboards fall in the 1066- 1600 MHz range. o 32-bit vs. 64-bit: Before the AMD Athlon 64 was developed, processors were only designed for 32-bit operating systems and applications. One drawback to this is 32-bit software is unable to address more than 4 GB of RAM – 32-bit Windows applications are limited to approximately 3.25 GB of RAM – making use of large files difficult due to memory restrictions. The Athlon 64 was the first desktop CPU to support 64-bit extensions to the 32-bit x86 architecture, known as x64, which allow access to more than 4 GB of RAM and run 64-bit operating systems while remaining compatible with 32-bit operating systems and applications. Most current processors support x64 functions.  Memory: The memory modules in the computer, or random access memory (RAM), are what store the data being actively used by the OS and the running applications. As a result, RAM has a substantial and immediate impact on the speed and efficiency with which a system runs. Memory installs are a commonplace activity for technicians, and fortunately, the process is straightforward: o Line up the modules’ connectors with the socket. o Verify the tabs at each end of the RAM socket are in the outside o (open) position. o Once the module is aligned with the socket, push the module straight down into the socket until the tabs snap into place at the top corners of the module. Be firm, as the locks need a decent amount of force to shut correctly.  Be careful not to touch the gold-plated connectors on the module’s lower half, as contact with skin can cause corrosion or ESD damage. o Although the installation process is easy, there are several tips technicians can use to make the process easier yet:  Place the system on its side before installing memory; this makes it easier to see and reduces the chances of knocking the computer over.  Open the locks on the RAM sockets before trying to insert the module.  Move cables away from the memory sockets for easier access. Disconnect them if necessary.
  • 12.  Shine a flashlight inside the case so the sockets and locking tabs can be easily seen. Use the flashlight to double-check the installation when it’s done and before closing up the case.  Replace any moved or disconnected cables before closing the case.  Adapter cards: Adapter cards are specialized circuit boards that perform various functions, and are often used to bring higher performance or handle specialized tasks for a system. There are several types of adapter cards, each with their own particular functions, but the process for installing them is similar across the board: o Installing: These instructions presume that the technician already knows what slots are open and what type of slot the adapter card takes. If this isn’t the case, do not proceed until this information is known.  Shut down the system.  Unplug the computer from AC power.  Remove the system cover. This will vary depending on case and motherboard design; consult the system documentation if unsure how to proceed.  Locate the expansion slot to be used. If a header cable is installed in the slot cover, move it to a different slot or remove it altogether, if not needed.  Remove the slot cover corresponding to the desired expansion slot. Most slot covers are secured by set screws fastening the slot cover to the case.  If unable to remove the slot cover after removing the screw, loosen the screw on the next cover. Sometimes the screw head overlaps the adjacent cover.  Remove the card from its antistatic packaging, holding the adapter card by the bracket only.  Align the connector with the slot and insert the card.  Push the card connector firmly into the slot.  Secure the card bracket, usually by replacing the set screw.  Connect any cables the card requires.  Reconnect AC power and restart the system.  Provide drivers when the system asks for them after restarting. o Graphics cards: Some general tips for graphics card installations to keep in mind:  Whenever installing a graphics card in a computer with Windows already installed, it’s recommended to uninstall the current adapter through Device Manager first. This avoids driver conflict issues.  Currently, graphics cards are available in PCI Express x16, AGP and PCI models. PCI graphics cards are intended for systems without PCI Express or AGP slots, or to provide support for additional displays on systems that already have PCI Express or AGP cards installed.  Ensure the AGP card lock tab on the front of the slot is open before installing an AGP adapter. The mechanisms can differ from board to board, so check before proceeding.
  • 13.  Install the drivers provided by the graphics card manufacturer, using the latest drivers from the manufacturer’s Web site whenever possible, when installing an adapter. o Sound cards: To complete sound card installation after physically putting the card in the computer, connect speakers and a microphone to the sound card to test the functionality. Current sound cards use the same PC99 color coding used by onboard audio solutions. Restart the system after the card installation, and Windows will prompt for the drivers, which may include a customized mixer used to select speaker types, speaker arrangements and provide speaker testing and diagnostics. Test the speakers to ensure signal is coming through the correct jacks. o Storage controllers: A storage controller, or an adapter card that controls hard drives attached to internal or external ports on the adapter, is somewhat more complex than regular adapters, as drivers are not only needed for the card connectors but possibly a RAID (Redundant Array of Inexpensive Disks) array as well. However, the basic process is the same; the installing technician may simply have to run an extra utility after the physical installation and the driver installation are finished. There are two common types of storage controller currently in use:  RAID cards: These controllers are specifically intended to set up RAID arrays, which are usually implemented in one of three ways:  RAID 0: Two or more drives are grouped into one logical drive. Data is striped, meaning written evenly across the drives. This improves performance, but offers no inherent fault tolerance. RAID 0 arrays are called striped volumes.  RAID 1: Data written to one drive is mirrored, or written in exactly the same way, to another drive. This provides fault tolerance, since the data is exactly duplicated, but offers no performance benefits. RAID 1 arrays are called mirrored volumes; in some variations, separate controllers are used for the drive, which is known as disk duplexing.  RAID 5: Data is striped across multiple drives, along with parity data that can be used to reconstruct the data if one drive goes out. This arrangement requires three volumes, and offers both fault tolerance and performance benefits (both in speed and capacity usage), though it is the most expensive. RAID 5 arrays are called RAID 5 volumes.  eSATA cards: External SATA (eSATA) cards were created to allow external devices to use SATA connections. eSATA offers up to six times the transfer rate of USB, and can be used with cables up to 2 meters (6.6 feet) long. o I/O cards: Some current machines do not include legacy support, and some machines may not provide enough ports to meet a customer’s needs, so I/O cards offer a way to expand a machine’s ability to handle different types of ports and devices. Some of the card types currently used include:
  • 14.  IEEE 1394 (FireWire): IEEE 1394 (also known as FireWire or i.Link) is a serial bus interface providing high-speed data transfer between computers and external devices. Data is sent isochronously, or without interruption, making IEEE 1394 useful for real-time applications and streaming multimedia. IEEE 1394 devices are hot-pluggable, and can be daisy-chained in a series of up to 63 devices. Currently, there are two common standards: 1394a and 1394 b; although 1394c – which allows FireWire speeds over a standard network port – was published in 2007, it isn’t commonly used. 1394a (often known as FireWire 400) and 1394b (FireWire 800) support maximum data transfer speeds of 400 Mbps and 3.2 Gbps respectively, though device limitations mean 1394b connections reach a practical maximum of 800 Mbps. 1394a cables can reach a maximum length of 4.5 meters (15 feet), allow up to 16 cables to be daisy-chained and come in 4-pin or 6-pin configurations (the extra two pins carry power). In comparison, 1394b cables can be up to 100 meters (328 feet) long, and use a 9-pin connector, although they can be connected to 1394a devices with the right connector.  USB: Universal Serial Bus (USB) was originally developed to provide a faster, simpler connection between computers and various devices. USB 1.1, the first widely adopted version, allowed a 12 Mbit/s transfer rate for high-speed devices and 1.5 Mbit/s for lower-speed devices, such as mice. USB 2.0, often known as Hi-Speed USB, allows for data transfer speeds up to 480 Mbit/s and is backward-compatible with USB 1.1. The most current revision is USB 3.0, or SuperSpeed USB, which offers a maximum possible data transfer rate of 5.0 gigabits per second (Gbit/s), which is about 10 times faster than USB 2.0. USB devices can be daisy-chained, regardless of version, to connect up to 127 devices, although power limitations of the USB bus require virtually all of the devices in the chain to have their own power supply. USB connections have four wires—two for power, two for signal transmission—and can use cables with a maximum length of three meters for USB 1.1 devices and five meters for USB 2.0 devices.  Parallel: Parallel ports were the standard connection type for peripherals such as scanners and printers for years. Parallel ports transmit data over several lines at once, sending eight bits of data at a time. Originally, parallel data could only go in one direction at a time; the Standard Parallel Port (SPP) type was unidirectional. However, later revisions such as Enhanced Parallel Port (EPP) and Extended Capabilities Port (ECP) were bidirectional, and faster as well; ECP ports use a Direct Memory Access (DMA) channel to increase transmission rates. The current standard for parallel ports is IEEE 1284, which was finalized in 1994. Although a maximum cable length is not defined, data integrity concerns offer a practical limit of 4.5 meters (15 feet), and most parallel cables come in 1.8-meter (6 feet) lengths. Parallel ports use either a 25-pin connector (DB25) or a 36-pin
  • 15. micro ribbon connector, although older units may have a 50-pin connector.  Serial: Serial ports – also known as DB9 or DB25 ports, depending on the pin configuration – are among the first connectivity standards used on PCs. Serial ports were defined by the RS-232 standard, the most recent version of which is RS-232c. Because of their common usage as modem ports, they are also referred to as COM 1/2/3/4 or UART (Universal Asynchronous Receiver/Transmitter) ports. Serial ports send data one bit at a time, are generally male connectors, and can be disabled in the BIOS if needed. These ports are set by default to the I/O address and interrupt request (IRQ) settings of 3F8 and IRQ 4 (for COM 1) and 2F8 and IRQ 3 (for COM 2). o Wired and wireless network cards: As with most adapter cards, the installation process for network interface cards (NICs) are the same as for any other adapter, regardless of whether the NIC is a wired or wireless card. The only significant difference is after the driver installation is finished, the technician must test for connectivity on the part of the network. This can be done through verifying network traffic once the cable is connected by checking the LEDs on the card, pinging the loopback address (127.0.0.1) in the command prompt and simply connecting the machine to the network. o Video capture cards: As the name implies, video capture cards are designed to capture video frames from analog or digital video sources. Card types include:  IEEE 1394 (FireWire) cards: Used to capture video from DV camcorders and other 1394 devices, such as scanners. Onboard IEEE 1394 ports can capture video as well.  Analog video capture cards: Used to capture video from analog sources, such as cable or broadcast TV, composite video or S-video; these cards often incorporate TV tuners as well.  Digital video capture card: Used to capture digital video signals from HDMI sources, such as HDTV.  ATI All-in-Wonder series: High-end cards that have capability of sending accelerated 3D video display output to monitors, as well as video capture and TV tuner support.  After installing any type of video capture card, install the driver package provided with the card, connect the card to the available video source and set up the TV tuner feature for cards that support it. o Media reader: A media reader, also known as a flash card reader, is a multislot device designed to allow users to quickly read a variety of flash cards, generally used as storage devices for digital cameras, cell phones and other portable devices. Most media readers that aren’t integrated into a computer are external USB devices, so installing them is simply a matter of connecting them to an open USB port. The computer should automatically detect the reader, assign drive letters to each slot as required, and display a notification at the end of the installation process. Older versions of Windows or other operating systems may require the driver to be installed before connecting the media reader.
  • 16.  Cooling systems: As detailed in earlier sections, computers generate a substantial amount of heat, and heat is anathema to computer components. As a result, computer manufacturers have developed a number of technologies for dissipating heat in a computer. These technologies include: o Heat sinks and CPU fans: A heat sink is a finned metal device that radiates heat away from the processor. Virtually all current heat sink models are active heat sinks, meaning paired with a fan that sits on top of the heat sink and pulls heat vertically upward, except for those used in specially-designed cases where the airflow is engineered to cool the processor. Copper is a superior material for heat sinks, but aluminum is more inexpensive, and many heat sinks combine copper and aluminum. While the active heat sink model is the most common one, BTX cases use a different approach, applying a thermal duct that fits over the processor and its heat sink, with a fan at one end that directs air past the CPU. o Thermal compound: Thermal compound, or thermal grease, is a material applied to the chip of heat sink base that facilitates a more efficient transfer of heat between the component being called and the heat sink. Heat sinks packaged with CPUs might use a preapplied phase-change material on the heat sink, while OEM CPUs with third-party heat sinks usually require a paste or thick liquid thermal grease or silver-based compound to be applied. If the thermal material is pre-applied, ensure the protective tape is removed before installing the heat sink. If a heat sink is replaced, or removed and reinstalled, be sure to carefully remove any existing thermal material from the heat sink and processor die surface. Apply new thermal material to the CPU before reinstalling the heat sink. o Case fans: Like the name implies, case fans are actually part of the chassis, and for ATX cases, there are generally at least two: one at the front, and one at the rear. Case fans are generally powered directly by the motherboard or through a Y-splitter on a four-pin Molex power connector. In order to work correctly, front case fans should draw air into the case, while rear case fans should draw air out. Fans powered through the motherboard connector can be monitored by the PC Health or hardware monitor function in the BIOS, and some fans that connect to a Molex power connector have a special power connection that enables fan speed monitoring in the BIOS as well. Common case fan sizes include 80 mm and 120 mm. Domain 1.2: Given a scenario, detect problems, troubleshoot and repair/replace PC components  Storage devices: Hard drives are frequent points of failure in a computer, and since they’re involved with every operation on a computer, many things can go wrong. Some issues are specific to the drive type, but most of them are generic to the technology. o HDD – Troubleshooting and common issues  Scenario: Keyed cable – plugged pin 20 or raised projection – cannot be plugged into drives or motherboards  Replace cable with unkeyed cable or properly keyed cable  Scenario: PATA UDMA-66 or faster drive limited to slower speeds
  • 17.  Replace 40-wire cable with 80-wire cable; may need to run manufacturer speed-change program  Scenario: No power to drive  Shut down computer and plug power cable into drive  Scenario: No information displayed at boot, or drive error because drive not detected at startup, and drive can be heard spinning up  Shut down computer and ensure ribbon cable is properly aligned with connector (pin 1 to pin 1) and fully attached. With SATA drives, ensure cable is fully plugged into drive and connector on motherboard.  Scenario: BIOS does not detect drive, but configuration and drive cabling are correct; drive makes scraping or clicking noises at system bootup  Drive has been damaged by impact or sudden drop, and needs to be replaced  Scenario: System will not start when drive is attached to power, but boots when drive isn’t connected  Check if power connection to drive is on an extender or Y- splitter; if it is, connect drive directly to power supply and retest. If problem reoccurs, replace drive.  Scenario: Two drives are on a ribbon cable, and only one is being detected, or neither drive is detected.  Drives are jumpered incorrectly: if not using cable select, one drive must be master and one must be slave. Change the jumpers on the drives to master for one and slave for the other, or cable select if both drives support it and ribbon cable is 80- wire. If jumpers are correct and issue isn’t resolved, switch jumper settings (set master to slave and vice versa), move slave drive to other IDE controller and/or replace ribbon cable.  Scenario: Initial system power yields ―drive not ready‖ error, but reboot and drive comes up fine.  Hard drive is not fully spun up when computer tries to access it: adjust Delay Timer option in BIOS, disable Quick Boot or let computer do full memory count and test prior to boot.  Scenario: Intermittent drive errors or unusual error codes appear  Run drive manufacturer diagnostic programs on drive o FDD – Troubleshooting and common issues  Scenario: Drive gives ―not ready reading‖ or ―general failure‖ error when disk is inserted  Disk is not readable, corrupted or not formatted; try formatting the disk or reading a different disk  Scenario: Drive gives ―bad sector or sector not found‖ or ―track 0 bad‖ error  Disk is bad or formatted incorrectly: press I to ignore sector if available, or try reformatting disk  Scenario: Drive light comes on and stays on at boot
  • 18.  Floppy drive cable is reversed at drive or controller; shut down the computer, disconnect and properly reattach the ribbon cable, and restart  Scenario: Computer displays a floppy drive error at startup, and drive light does not come on  Data or power cable is not attached to drive; shut down, attach the missing cable and restart  Scenario: Computer displays floppy drive error at startup and drive light does come on, or drive cannot read, write or format disks at correct capacities  Drive type is set incorrectly in BIOS. Start system, go into BIOS and select correct configuration for drive  Scenario: USB floppy drive works in Windows, but inaccessible during boot or during Windows install  Drive may not be registered correctly in BIOS, or computer may not support USB floppy drives; go into BIOS and double- check configuration  Scenario: Drive occasionally reads or writes data, but gives numerous read/write errors  Read/write heads may be dirty: insert a wet-technology head cleaner, spin heads for a few minutes using Scandisk or another program, let heads dry and try again  Scenario: Disks with data from other drives can’t be read by drive, and data written by drive can’t be read on other drives  Read/write heads may be misaligned, or motor may be running too fast or too slow; replace floppy drive  Scenario: Drive doesn’t perform a seek operation at startup, and data can’t be read or written  Head-positioning mechanism may have failed; adjust or clean worm-drive mechanism to free it up  Scenario: Unable to insert disk into drive  Replace floppy drive  Scenario: When the directory command is invoked at command prompt, directory for most recent disk reads as same contents as first disk  Changeline support is not working, likely caused by problems with pin 34; shut down computer, replace floppy drive cable and restart  Any time a hardware failure of a floppy drive is suspected, this general process is useful:  Exchange the floppy disk drive cable for a known good cable. Floppy drive cables are cheap and easily damaged.  Disconnect any tape drive sharing the floppy cable. If the floppy drive works correctly on its own, replace the tape drive’s cable if still needed; otherwise, remove the tape drive.  Replace the drive.
  • 19.  If the problem persists, check the cable and drive on another system; if the problem doesn’t follow the drive and cable, replace the motherboard or adapter. o Optical drives – Troubleshooting and common issues  Note that, since optical drives use the same interface types as hard drives, they share some of the same connectivity issues and potential fixes. The following issues will deal mainly with the optical nature of the drives’ data storage capabilities.  Scenario: Read delays of 20 seconds or more after new media is put in the drive  Reading mechanism may be dirty – use a cleaning CD – or media may be scratched or damaged – gently wipe off the surface of the disc and try it again, or try a new disc  Scenario: Disc-burning program doesn’t recognize drive, doesn’t list drive as a write device, says no compatible drive was found during install or shows an error when user tries to write files to drive  Program is incompatible with drive: download the latest support files from program’s Web site, update to latest version of software, use software that came with drive or simply change to a different disc-burning application  Scenario: Disc-burning program displays an error message indicating media with room enough for files to be written needs to be inserted, and media with sufficient space is in drive  Media was likely closed when previous files were written to it; check Properties of disc to see how much space was used. If all space was used, no more files can be burned to disc, so different disc is needed  Scenario: Unable to format a disc for drag-and-drop copying  Check system tray for other writing software that may be open, ensure that media is correct type for drive and writing application and check that media is inserted correctly  Scenario: CD-ROM and/or DVD drive can’t read CD-RW media  Drive may be too old to read lower reflectivity discs; check specs for drive to ensure it can read media type in question. Install Universal Disk Format (UDF) reader software to try and read disc, or use older media (+R discs)  Scenario: Drive experiences numerous buffer underrun failures  Upgrade to a newer burning device; enable buffer underrun protection in burning program; burn at slower speeds; and upgrade drive firmware to latest version  Scenario: Drive unable to read damaged media  Clean media using CD cleaner kit materials, or polish surface scratches away with disc repair kit  Scenario: Drive unable to play music through sound card speakers
  • 20.  Connect audio cable from drive to sound card and test; check that sound is not muted or turned down in sound mixer control, or turned down in CD player application o Removable and external drives – Troubleshooting and common issues  Scenario: Drive not recognized  Ensure the interface has been enabled and the drivers have been loaded.  Install drivers and other software before connecting the drive.  Tape drive: If the tape drive isn’t recognized by tape backup software, check to ensure the drive is supported by the backup application. Update the software or use a compatible application.  Install drivers or utilities provided by backup vendor for drives instead of Windows drivers.  Check cable connections between the port and the drive; reattach cables if loose or replace them if damaged or defective.  Check that USB or IEEE 1394 port provides enough juice to run bus-powered device, particularly if on a hub or a daisy chain. Connect drive directly to a port and test, or connect an AC adapter to the drive if available.  Verify other devices plugged into USB or IEEE 1394 ports are working. If not, port or bus might have failed. Check Device Manager for port status and power available for each USB port.  If the drive is plugged into a SCSI host adapter, check the following: o Inspect terminator settings. Drives or devices at the end of the SCSI daisy-chain should be terminated; other drives/devices should not. o Verify the drive has a unique device ID. o Ensure external SCSI drive is turned on before the system is. o Check that the drive is properly connected to data cable and power cable.  If the removable-media drive is plugged into a PATA host adapter, check the following: o Drive jumpers should be set to master or slave if a 40- wire cable is used. Removable-media drive must be set to slave if existing drive is set to master. If 80-wire cable is used, both the existing drive and new removable-media drive can be set as cable select. o Check that the drive is properly connected to data cable and power cable.  Scenario: Drive is experiencing read/write problems  Test media in another drive; if media works in another drive, first drive is defective and needs repair or replacement.
  • 21.  Ensure media isn’t write-protected, either through mechanical switch or by software protection.  Run a vendor-approved cleaning media through the drive.  Check that the drive is properly connected to data cable and power cable.  Download and install the latest drivers and utilities for the drive; use vendor-created diagnostic software to test drive and diagnose issues.  Strange drive noises may be a sign of damage to the read/write mechanism or media; contact vendor for assistance.  Re-tension tapes before reading or writing.  Motherboards – Troubleshooting and common issues o Note that as the motherboard is one of the most vital parts of the computer, and touches every other part of the machine, a number of different issues and symptoms can be rooted in the motherboard. o Scenario: System will not start  Wiring of front panel may be incorrect, preventing power switch from working. Power down computer and carefully double-check pinouts on motherboard to ensure correct connections.  Power supply leads may be loose or missing. Power off computer and check connections, unplugging and reattaching connections to ensure full connectivity.  RAM modules may be loose or missing. Power off computer and check modules, making sure all are where they should be and that the modules are fully locked into place. Remove and reinstall modules if need be to ensure installation. Clean corrosion off memory contacts with careful wiping with Artgum eraser, rubbing away from memory chips. If working on older system with SIMMs, make sure the memory doesn’t mix tin contacts and gold connectors or vice versa.  BIOS chips may be experiencing chip creep and be loose in the sockets. If so, carefully press chips back into place until chip is securely mounted.  PATA/IDE cables may be connected incorrectly. Shut down computer and ensure ribbon cable is properly aligned with connector (pin 1 to pin 1) and fully attached; disconnect and reconnect if needed.  System may be shorting out (dead short) and not powering up at all. Check that a standoff is not positioned incorrectly and making contact between the motherboard and chassis, or a loose screw or slot cover is not touching a circuit on the board and shorting out. o Scenario: Hardware connected to the I/O port cluster does not work.  Check in the system BIOS to make sure the port or ports are activated; check in Device Manager to make sure it isn’t disabled in Windows.  Ensure the cable is connected to the correct port tightly, and disconnect and reconnect if necessary.
  • 22.  Test the device on another port or a different system to see if the problem follows the device (hardware failure) or stays with the machine. Defective ports can be addressed by:  Replacing the motherboard  Installing adapter card to replace port  Use a USB/port adapter o Scenario: Hardware connected to header cable doesn’t work.  Power off computer and ensure header cables are correctly connected to motherboard. o Scenario: Machine intermittently shuts down or freezes, gives occasional blue screen of death (BSOD) error, makes whining noises and doesn’t seem to have air moving in or out  Check internal fans and cooling apparatus are functioning correctly. Clean fans with compressed air and clean out case with computer vacuum to improve airflow. Check card location and cable layout inside case; tie cables down and move cards if possible to maximize airflow. Check screen in BIOS reporting internal temperature. Install additional fans if possible. Update BIOS firmware. Replace thermal compound. o Scenario: Machine starts to boot, but starts to beep repeatedly in a certain pattern and does not continue to boot  Note the beep code pattern and look up its meaning in the system documentation. Beep codes can be caused by a number of different components – memory, CPU, motherboard – but the BIOS determines what code is assigned to which error condition. Beep codes differ between manufacturers, so be sure to look up the specific set for the BIOS and/or motherboard at hand.  Power supplies – Troubleshooting and common issues o Scenario: System does not turn on: no lights, no fans spin, no sign of power at all.  Check the power cord isn’t loose or disconnected.  Check the surge protector isn’t disconnected or turned off.  Check that power is flowing from the wall socket. If the wall socket has no power, reset the circuit breaker.  Check the AC voltage switch on the power supply is set to 115 V for North America. If set to 230, turn off the power, reset the switch and restart the computer.  Check the keyboard connector, as a loose keyboard connector could cause a short.  Check that a standoff is not positioned incorrectly and making contact between the motherboard and chassis, or a loose screw or slot cover is not touching a circuit on the board and shorting out.  Verify the front-mounted power switch cable is properly connected.  If available, check fuses on the motherboard. Turn off the computer, replace any blown fuse on the motherboard with a correctly rated new fuse and test again.
  • 23.  Remove all expansion cards and disconnect power to all drives, then restart and use a multimeter to test power to the motherboard and expansion slots.  If the power tests OK with all peripherals out of the picture, reinstall the adapters one at a time and check the power after each installation. Repeat process with drives.  A card or drive with a dead short should stop the system immediately at startup once reattached. Replace the card or drive and retest.  Test the Power Good line at the power supply motherboard connector with a multimeter. o Scenario: Power supply whines at startup  Power down machine, unplug the power cord and open case to look for a short. If no short is found inside the case, and whine persists, replace the power supply. o Scenario: Computer gives off a burning smell at startup  Power down machine, unplug power cord, open case and look for signs of heat damage. If an adapter shows signs of damage, replace the card. If no damage is visible, replace the power supply. o Scenario: Computer powers down at unexpected times or sometimes freezes while running  Check that adequate power is flowing from the wall socket and output voltages are within tolerances. Move computer so it is the only large device on the individual power circuit; large appliances can use significant energy and prevent computer form getting enough. If power fluctuates or has noise on the line, install a line conditioner and/or surge protector.  Check that system is not overheating. Clean fans with compressed air and clean out case with computer vacuum to improve airflow. Check card location and cable layout inside case; tie cables down and move cards if possible to maximize airflow. Check screen in BIOS reporting internal temperature.  If all settings are good and problem persists, replace power supply.  Processors – Troubleshooting and common issues o Scenario: Computer runs slower than the advertised speed  CPU may be overheating due to fan failure caused by dirt, worn-out bearings or poor connections to the motherboard and/or power cable. Replace the heat sink fan with a ball-bearing unit if possible; if cleaning it is only option, follow these steps:  Remove heat sink from processor.  Lay down waste paper or newspaper and place heat sink on it.  Use compressed air to clean heat sink out.  Clean thermal compound from CPU and heat sink and reapply before reinstalling heat sink.  Clean or replace case fans and power supply fan, as well as the case interior, and replace any missing slot covers to maximize airflow.
  • 24.  Check that the installed heat sink is the right model for the installed CPU; replace if it is not. Ensure the CPU is properly locked into place, as the heat sink will not attach properly if the CPU isn’t locked down.  Note that the system may be underclocked due to boot failures and/or abrupt shutdowns; some BIOS automatically drop frequency and/or multiplier settings in those situations. Check the System Properties sheet in Windows or the BIOS settings to ensure clock speeds are correct; set them correctly if needed. Upgrade BIOS if needed to fully support the CPU. o Scenario: Machine starts to boot, but starts to beep repeatedly in a certain pattern and does not continue to boot  Note the beep code pattern and look up its meaning in the system documentation. Beep codes can be caused by a number of different components – memory, CPU, motherboard – but the BIOS determines what code is assigned to which error condition. Beep codes differ between manufacturers, so be sure to look up the specific set for the BIOS and/or motherboard at hand.  If all settings are good and other issues have been eliminated, replace the CPU and heat sink apparatus.  Memory – Troubleshooting and common issues o Note that since RAM is where all OS and application data lives while the system is in operation, it’s important to keep the memory in good shape. Some preventative maintenance tips can help with that, including:  Keep the RAM surfaces clean, using compressed air or a computer- rated vacuum.  Use only recommended voltage levels for the installed RAM if the BIOS permits modifying them.  Install additional case fans over or behind the location of memory modules to keep operating temperatures optimal.  Keep the front air intake vents clean.  Replace defective cooling fans. o Scenario: System randomly locks up, experiences corrupted data and/or overheats  RAM modules may be incompatible. Research specs on installed memory to make sure the modules will work in the motherboard and, if there are more than one, the modules match each other in speed and latency, among other ratings.  System may be overclocked, which runs more voltage through components and generates more heat. Make sure system is set correctly, or add adequate cooling if overclocked settings will remain.  RAM and sockets may mix metals in connectors and contacts. Mixing tin contacts and gold connectors or vice versa causes corrosion, which will cause performance issues. Make the metals match all around, and if that’s not feasible, check the modules and connectors regularly for corrosion and clean them.
  • 25. o Scenario: System halts during bootup and gives ―parity error – system halted‖ message  Parity error comes from using parity memory with non-parity memory and having parity checking enabled in BIOS. If using all parity or non- parity memory is not an option, disable parity checking in BIOS. Parity error is usually caused by:  Mixing parity and non-parity RAM on parity-checked systems  Mixing slow and fast RAM in the same bank/on motherboard  Loose or corroded chip and module connectors  Memory module/chip failure o Scenario: Installed RAM size is reported incorrectly  Incorrect memory size is caused by either a defective cache memory or defective motherboard. To narrow down the cause:  Take note of the onscreen memory count when the system reports a memory error.  Check which modules must be installed first in the system documentation.  Change one module at a time and reboot after each change, starting with the suspected defective module, until the error does not appear.  Disable cache RAM in the BIOS before testing.  If modules do not appear to be the problem, test the cache RAM next: o Disable L2 cache first; if the CPU has L2 and L3 cache, disable both. o Determine if the L2 cache is on the processor or motherboard if the problem disappears. Replace the cache memory if the motherboard uses removable cache chips or a cache module; replace the motherboard if it’s soldered onto the board. Replace the CPU if the L2 cache is built into it. o Return the original components if the replacement didn’t fix the problem. o Disable L1 cache. o Replace the CPU and retest if the system runs normally. If the computer works after that, the L1 cache was at fault.  At any point in troubleshooting, it may be beneficial to use memory diagnostic programs to give more detailed tests and precisely diagnose trouble areas. Many can be run from bootable media, thus avoiding potential system and resource conflicts.  Adapter cards – Troubleshooting and common issues o Scenario: Hardware attached to adapter card doesn’t work  Open Device Manager and check the adapter card entry to ensure the card is viewed by Windows as working. Windows uses a yellow !
  • 26. symbol to designate non-working devices and a red X for disabled devices. A driver upgrade will resolve the issue in some cases.  Look in the BIOS and make sure any onboard devices have been disabled that could interfere with the adapter.  Check that the card is firmly seated and properly secured in the expansion slot.  Ensure all appropriate power cables are connected to the adapter from the power supply to the card, as some higher-end cards – video and IEEE 1394, among others – require additional power for correct operation. o Scenario: Device Manager indicates a problem with adapter card  Use the Update Driver function in the Properties sheet in Device Manager to check for more recent driver files, either from the Internet or from a specified location, such as a driver CD or a folder on the hard drive.  Check with the vendor if firmware upgrades are possible, and the method to employ if so. Some may require a special boot disk, while others use an installer in Windows. If firmware upgrades are available, be sure not to interrupt the process once the upgrade begins, as it will ruin the card. Domain 1.3: Given a scenario, install, configure, detect problems, troubleshoot and repair/replace laptop components  Components of the LCD, including inverter, screen and video card o Although the LCD panel is not generally considered a field replaceable unit (FRU), some manufacturers do allow it to be changed in the field by authorized technicians, so it’s handy to be at least passing familiar with the overall assembly. Parts that technicians may replace or work with in the field include:  LCD front bezel: Plastic frame that serves as the front of the LCD panel assembly and helps keep the entire assembly together. The laptop manufacturer’s name is often embossed or printed on this part.  Inverter card: Just as with other inverters, this one takes AC power in and steps it down into low-voltage DC power to run the components of the LCD panel, including the sandwiched layers of crystalline material that create the picture and the backlight, the white panel that evenly distributes the light from the cold cathode fluorescent lamp (CCFL).  LCD panel: The panel is actually an assembly of parts, including the screens, the backlight and the CCFL, integrated into one assembly. Even if a technician can replace the entire display mechanism, this panel is only available as one assembly.  Hinges: The mechanism by which the display panel folds down and becomes the lid for the laptop. Because the connections between the LCD panel and the motherboard are routed by the hinges, and hidden by the hinge covers, they are treated as part of the display assembly.
  • 27.  LCD interface cables: This cable set provides a signal path between the video card and the LCD panel set, as well as power to the inverter and other parts.  LCD rear cover: With the LCD front bezel, the rear cover comprises the shell that contains the whole assembly. o Although the exact process for disassembling and removing LCD display assemblies differs with every manufacturer, most technicians will find that the general process will look like this process:  Disconnect the antenna leads from the integrated wireless Ethernet adapter going to the display, if present.  Remove the keyboard frame and keyboard.  Disconnect the FPC cable – which transmits power and data to the LCD panel assembly – from the system board.  Remove the antenna leads from the wireless Ethernet adapter from the top cover clips, if present.  Rotate the display assembly at a 90-degree angle to the base unit.  Take out the screws holding the display assembly together.  Remove the display assembly from the base unit.  Save all screws, ground springs and other hardware removed during the disassembly process; if a partitioned screw carrier is available, place the parts removed in each partition in order of removal so the process can be easily reversed.  Hard drive and memory o Hard drives: Laptop hard drives use very different specifications than their desktop counterparts. Mobile computer hard drives are 2.5-inch or 1.8-inch form factors, not the 3.5-inch form factor drives used in desktops. Also, while SATA power and data connectors are identical, mobile computer PATA drives utilize a 44-pin connector to deliver both power and data. o Removal and installation – hard drives  Turn off the laptop and disconnect it from the AC adapter.  Remove the battery.  Loosen or remove the screw(s) that retain the drive cover.  Remove the drive cover.  Remove the screws fastening the drive to chassis, if that is the configuration.  Push the drive away from the retaining screw holes and remove it from the chassis.  Remove the screws holding the drive to the drive cover or frame, if applicable.  Remove the drive from the drive cover or frame.  Insert the new drive into the drive cover or frame.  Replace the fastening screws.  Insert the drive into the chassis. Replace the cover screw if the drive fastens to the cover.  Replace the chassis screws.  Replace the cover.
  • 28.  Replace the battery.  Connect the machine to the AC adapter. o Memory: Mobile computers usually have one or two RAM sockets, which hold SODIMMs in current models but sometimes were proprietary memory configurations in older machines. Because space is so limited, it’s advised when obtaining memory for mobile computers to get the largest-capacity modules the motherboard will support. o Removal and installation – memory  Turn off the laptop and disconnect it from the AC adapter.  Remove the battery.  Remove the memory upgrade socket cover on the bottom of the system.  Remove any screws or fastening devices.  Remove the old memory, if necessary.  Insert the new memory, ensuring the contacts on the back or edge of the module connect firmly with the socket.  Push on the top of the module until the latches lock if installing a SODIMM or small-outline Rambus stick.  Install screws to secure the RAM if the socket utilizes them.  Test the module by booting up and watching the memory count; use diagnostic software if available.  Close the cover and fasten it.  Disassemble processes for proper reassembly o Document and label cable and screw locations: When disassembling a mobile computer, it’s easy to get overwhelmed by all the little screws, springs, pins and other parts that are used. Before beginning, it’s recommended that the tech obtain a pillbox or other partitioned container in which to keep the screws and other parts removed from the machine during the disassembly process. Some techs recommend taping the screws and parts next to the relevant step in the process; whatever way helps keep the parts logically grouped and organized for the tech is the right way to go. Additionally, when taking apart a machine, the tech should carefully mark the location and arrangement of cables in the system, either by marking them on the machine lightly or by making notes and drawings as the tech goes. A misplaced cable can affect the final reassembly, as well as its functionality once reassembled. o Organize parts: Keeping parts organized not only makes it easier for the tech to find when needed, but helps keep them from getting lost. As importantly, organized parts make it easier for another tech to step in if the first tech is unable to complete the job for some reason. o Refer to manufacturer documentation: Every disassembly process is different, and sometimes procedures vary wildly between model lines, even specific models within a line, something that Apple technicians constantly face. Whenever possible, the tech should make sure that the service manual for the exact model being worked on is available and ready to be used. Even for experienced techs, disassembling a mobile computer without the specific service manual is not recommended.
  • 29. o Use appropriate hand tools: Manufacturers often specify certain hand tools in the documentation to ensure that the technician minimizes the potential for structural and cosmetic damage during the repair process. Apple technicians, for example, often need to use a black nylon stick in disassemblies, because Apple has engineered so many of their machines to require a firm but non- damaging lever to pry and push tabs and arrange cables in small spaces. Also, having the correct tools avoids problems in the long run; trying to remove a Philips screw with a Torx driver, for example, leads to stripped screws, a damaged driver and a greatly reduced chance the disassembly can proceed.  Recognize internal laptop expansion card types: For space reasons, laptops don’t use regular expansion slots. A series of expansion slot types have been created specifically for mobile hardware:  PCMCIA: The first PCMCIA card specification, PC Card, used the 16- bit ISA bus and eventually developed into a set of specifications known as Type I (up to 3.3 millimeters (mm) thick and mostly used to add RAM), Type II (up to 5.5 mm thick and often used for modems) and Type III (up to 10.5 mm thick, and can accommodate a portable hard drive or two Type I or Type II cards). PC Cards can be hot swapped.  CardBus used the 32-bit PCI bus, but was backward-compatible with PC Card devices; however, CardBus devices can’t be used in 16-bit PC Card slots, due to a raised strip across the connector end of the device. CardBus slots are Type II or Type III slots. CardBus cards can be hot-swapped.  The current PCMCIA slot standard is ExpressCard, which uses the PCI-E or USB 2.0 standard. ExpressCard devices come in 34 mm and 54 mm widths – known respectively as ExpressCard/34 and ExpressCard/54 – and are 75 mm long and 5 mm thick. ExpressCard devices are not backward-compatible with PC Card or CardBus, but are hot-pluggable, hot-swappable and can be autoconfigured.  Mini-PCI: Most current mobile computers with built-in modem, Ethernet or Wi-Fi support use a smaller version of the PCI standard, mini-PCI. There are three primary mini-PCI types:  Type I  Type II  Type III  Type I and Type II cards use a 100-pin stacking connector which connects directly to the motherboard. Type II cards, unlike Type I cards, have built-in network or modem connectors. Type III, which uses an edge connector, has become the most popular format. Like Type I, Type III mini-PCI cards do not incorporate RJ-11 or RJ-45 connectors; Type I and Type III cards use connectors built into the system. Although mini-PCI cards are sometimes considered FRUs, they can only be purchased from the portable computer manufacturer, since they are matched to the characteristics of a specific product line. Mini-PCI cards configure different features on particular mobile
  • 30. computers, and since they can be replaced, defective or obsolete components can be replaced without swapping out a motherboard. Not all cards can be replaced easily, however; some Wi-Fi cards have antenna leads that are soldered to the card, and can only be replaced by factory-trained technicians.  Upgrade wireless cards and video card o Video card: Note that if it’s possible to replace the video card – and in many systems, it’s not, unless the whole motherboard is replaced, since many machines use integrated video – it is a complex process, often requiring a complete disassembly of the machine. With that in mind, the general process (the exact process is detailed in the service manual for the particular machine) will be similar to this:  Take ESD precautions.  Unplug AC power.  Remove the battery.  Remove the hinge covers carefully.  Detach the keyboard from the chassis (usually by either removing screws or depressing tabs).  Lift the keyboard carefully and unplug the cable from the motherboard.  Remove the display assembly.  Unplug the video and Wi-Fi antenna cables.  Remove the optical drive.  Remove the bottom shell of the computer.  Remove the video card.  Install the new video card.  Reassemble the computer.  Boot the machine and install new drivers. o Wireless cards: Since most current wireless cards use the mini-PCI standard, this general process for upgrading the wireless card will focus on that specification:  Turn off the computer.  Unplug the computer from the AC adapter and remove the battery.  Locate the mini-PCI card in the unit, which may be accessible from the underside, or it may be necessary to remove the keyboard or other components.  Remove the cover or components over the card.  Release the spring latches retaining the card.  Lift the top of the card until the socket releases the card.  Slot the new mini-PCI card’s edge connector into place.  Push the top of the card down into the socket until the spring clips lock.  Replace the cover or components removed to access the socket.  Reinstall the battery.  Plug the computer into the AC adapter.
  • 31.  Start the computer. Install required drivers. Note that for Wi-Fi cards, it will likely be necessary to take the antenna cables from the old card before removing it; check the system documentation. Domain 1.4: Given a scenario, select and use the following tools  Multimeter: Used for testing power at wall sockets and inside the computer. Most useful for diagnosing power outputs and motherboards.  Power supply tester: Tests power supply capacity and output, and is generally safer than other methods. More precise, but more expensive; only worth the investment if checking power supplies is a regular occurrence (such as in repair shops).  Specialty hardware/tools: Depending on nature of machines supported, certain specialty tools such as a soldering iron, specialized Torx bits and drivers or Allen wrench set may be necessary to have on hand. Most PC technicians will probably never need specialty hardware, as a screwdriver is the main tool in use with most PC work.  Cable testers: Cable tester loops a cable into adapter ports and runs a signal through it to determine the resistance and signal strength. This tool can determine what kind of cable is being tested (if it’s old or not clearly marked) and whether it’s functional or not. Most often used with network cables.  Loopback plugs: Used for testing NICs and I/O ports. The plugs send a signal back to themselves – ―loop back‖ – or transmit lines to receive lines during diagnostic testing. Common types of loopback plugs include serial, parallel, USB 1.1/2.0 and Ethernet.  Extension magnet: A long extendible wand with a magnetic head or tip, strong enough to retrieve dropped screws or other components from within a case but not strong enough to materially affect storage media. Commonly used with printers and inside PC cases. Domain 1.5: Given a scenario, detect and resolve common printer issues  Symptoms o Paper jams: Curved paper paths increase the likelihood of paper jams, particularly in environments that are less than ideal for paper, such as high humidity. Many laser printers use an S-shaped paper path, which has a higher mechanical complexity and greater chance of deforming or catching the paper. Printers with C-shaped paper paths – like many inkjets, pulled horizontally from the front of the printer, pulled through and around a series of rollers inside the printer during the print process and ejected through the front or top of the printer onto a paper tray – are less prone to jams. A straight-through path, often used for heavier papers like cardstock and envelopes, reduces the chance of mechanical issues, though the heavier paper itself is more inclined to jam. Beyond the paper path, jams can be caused by incorrect paper loading, overloading the input tray or using thicker media than recommended. If the printer jams, open the cover or remove the paper tray(s) as needed to clear the jam. It’s generally recommended to fan the pages before inserting new paper to avoid any pages sticking due to static or residue.
  • 32. o Blank paper: Blank pages printed immediately after a toner cartridge change generally means the tape that holds the toner in place during shipping wasn’t removed; take out the toner cartridge and ensure the tape is taken out. If the blank page comes out after hundreds or thousands of pages, depending on the model, the toner cartridge is likely empty; replace it. o Error codes: Most printers either have a formatter board built-in – essentially a motherboard – or are host-based printers, meaning the OS does all of the processing. As such, a printer can display either on-printer error codes and messages – provided by an LCD display or signal lights flashing – or Windows printer driver error messages, which are displayed within the print spooler window or a print progress dialog. Although error codes vary between manufacturers, HP LaserJet printers are a de facto standard, and use the following error codes to describe printing problems:  13 or 13.xx: Paper Jam (.xx stands for specific numeric values indicating where the paper jam occurred)  20: Insufficient memory; press Go to print partial page  40: Bad transmission to EIO interface card  41.xx: Various printer errors involving media or other issues (.xx stands for specific numeric values indicating specific error)  49.xx: Firmware error  50.x: Fuser error  51.x: Beam detect (.1) or laser error (.2)  52.x: Scanner speed errors; startup error (.1); rotation error (.2)  53.xy.zz: DIMM memory error in specified module (x= DIMM type; y=location; zz=error number)  54.1: Sealing tape not removed from toner cartridge  54.4: Line voltage error  55.xx: Internal communications error; can be caused by formatter, firmware, DIMM, engine controller board or fuser problems  56.x: Error in paper input or accessory (.1) or output bin (.2) connection  59.x: Main motor error (.0), startup error (.1), or rotation error (.2)  62.x: Printer memory error in internal memory (.0) or DIMM slots (.1– .4)  64: Scan buffer error  66.xx.yy: External paper-handling device error  68: NVRAM or permanent storage error  69.x: Temporary printing error  79: Printer detected error (can be caused by memory, firmware, EIO, formatter)  8x.yyyy: EIO device or slot error o Out of memory error: Sending a page to a printer that requires more memory than the printer has causes the printer to try and print the page, but stop once the printer’s memory fills us. The printer displays an error message or blinks error status lights, and the page must be manually kicked out with only part of the page printed. Most modern printers can compress data coming in to avoid
  • 33. this kind of issue, although it slows the printing down. To avoid this, a user or technician can:  Lower the resolution of the print job. Dropping the graphics resolution to the next lower figure (from 1,200 to 600 dpi, or 600 to 300 dpi) will reduce the memory requirement for printing the page by a factor of four. This can be done in the Graphics or Advanced – Printing Defaults – Paper/Quality Properties sheet. Reducing the resolution will not affect the text resolution, but graphics will look noticeably poorer.  Eliminate or reduce the size of graphics.  Convert color photos to black-and-white photos before printing. This could increase output quality from a monochrome laser printer, in addition to reducing the memory needs of the pages.  Add RAM to the printer. This is the best option; the ones listed above are simply workarounds. o Lines and smearing: For laser printers, smearing or wet print indicates a problem with the fuser; it isn’t getting hot enough to fuse the toner, meaning it needs reseating or, more likely, replacement. Lines can indicate a problem with the drum not holding charge well or being cleaned sufficiently; if that’s the case, replacing the drum is the best option. For inkjet printers, lines and smearing generally mean a clogged printhead or nozzles. Cleaning the printhead or running a cartridge cleaning cycle is recommended, but if that doesn’t help and manual cleaning has no effect, replacing the printhead and/or cartridge is next. o Garbage printout: A printout of nonsense and gibberish could mean a cable problem, but more often, it’s a printer driver issue. Has the driver been updated? Is it the correct driver? Is it the correct version of the driver (PCL vs. PostScript)? Check the cable first, as it’s easy to swap out with a known good one if disconnecting and reconnecting doesn’t help, but if that doesn’t fix it, focus on the driver. Remove it and reinstall if needed. o Ghosted image: Most often, ghosted images mean the drum isn’t being fully cleaned, and leftover toner is causing the ghosting. If available, cleaning the drum with the manufacturer’s printer maintenance application should be tried first, then replacing the toner cartridge, which is where much of the mechanical pieces of the printing process are. If that doesn’t help, replace the image drum. o No connectivity: A printer that can’t be reached over the network could have a number of issues at hand, ranging from the trivial to the serious. As with everything else, start simple: check to make sure the printer’s online first. If so, and the printer is shared over the network and connected to a computer, power-cycle the printer first, then reboot the computer it’s attached to locally. Make sure the print job is being sent to the right printer on the right port. Test that the computer it’s directly connected to can print to it as a local printer. Test if the user can print to other network printers. If the printer prints locally and other printers are accessible, remove the driver and reinstall it. If the printer is directly connected to the network, ping the printer and see if it can be found. Try a different cable, possibly even a different NIC. Check for error
  • 34. messages of status light patterns. Remove and reinstall the drivers on the user’s machine. Run diagnostic software if available.  Issue resolution o Replace fuser: Do this to fix smearing issues on laser printouts where the toner comes out still wet. o Replace drum: Do this to fix ghost images or speckles on laser printouts. o Clear paper jam: Do this whenever the printing process stops with paper still inside the printer, or when error codes or status light patterns indicate. Usually occurs when wrong paper or too much is fed into the printer. May also happen in extreme environmental conditions, such as high humidity. o Power cycle: Do this if printer loses network connectivity or to clear the print queue, particularly if the pages are printing out with garbage characters. o Install maintenance kit (reset page count): Do this every so often to keep the paper path functioning and the printer operating at peak capacity; the printer will usually prompt with an error message when it’s time. Resetting the page count is necessary to know when the printer will likely need periodic maintenance again. Not installing maintenance kits regularly will shorten the working lifespan of the printer, and raise maintenance and replacement costs needlessly. o Set IP on printer: A network printer needs an IP address to communicate over a network, which will need to be set manually if DHCP is not in place. However, it may be necessary to manually set the IP address on the printer for testing purposes or to avoid conflicts. o Clean printer: Cleaning a printer, even if nothing ever spills, is periodically necessary to keep the paper path from getting clogged and to keep the printheads/cartridges functioning. With laser printers, it’s even more important, as toner particles are very fine and get into every mechanism inside a printer. Also, especially with laser printers, dirt and foreign material inside the printer can affect the imaging and writing process, producing poor-quality printouts. Domain 2.0: Operating Systems (refers to Windows 2000, XP Home/Professional/Media Center, Vista Home/Home Premium/Business/Ultimate, Windows 7 Starter/Home Premium/Professional/Ultimate unless otherwise noted) Domain 2.1: Select the appropriate commands and options to troubleshoot and resolve problems  Msconfig: The Microsoft System Configuration Utility, or msconfig, is used to selectively disable startup programs and services, which is useful in troubleshooting slow operation, intermittent issues or startup/shutdown issues. To run msconfig, click Start -> Run, type msconfig and hit Enter. The tabs allow users to select the type of startup -- Normal, Diagnostic (clean boot) or Selective Startup (where the user selects which items and services are loaded) – launch System Restore or modify the startup applications and processes.  Dir: Command available in command prompt and Recovery Console that shows a list of files and subfolders in a folder, and lists file/folder attributes for each item listed.
  • 35. Useful for troubleshooting file access issues. Has a number of switches and options built into it, including: o [drive:][path][filename] – Specifies the drive, directory and/or files to display. o /P: Pauses after each screen. o /W: Uses wide list format. o /A: Displays files with specified attributes:  D: Directories  R: Read-only files  H: Hidden files  A: Files ready to be archived  S: System files  -: Prefix meaning not o /O: List by files in sorted order:  N: Alphabetic by name  S: Arranged by size, smallest listed first  E: Alphabetic by extension  D: Arranged by date and time, earliest listed first  G: Group directories first  -: Prefix to reverse order  A: By last access date, earliest listed first o /S: Displays files in specified directory and all subdirectories. o /B: Uses bare format, meaning no heading information or summary. o /L: Uses lowercase. o /V: Verbose mode. o Switches and options for DIR can be used in combination, with no requirements for order of options.  Chkdsk: Used to check hard drives for errors. Available in Windows from the user interface, but can also be run from the command prompt. Recommended to run Chkdsk before running any other disk tools such as Disk Defragmenter. Windows allows Chkdsk to run with the option of automatically fixing file system errors and trying to recover bad sectors. By default, Chkdsk runs automatically at boot if a drive has errors (―dirty‖). If run from the command prompt, Chkdsk uses switches: o /F: Fix file system errors, including lost clusters (data not belonging to any file) and cross-linked clusters (data belonging to more than one file) o /R: Search for and recover bad sectors, areas of the drive marked as defective  Edit: Used to read and modify batch files, system files and other text files. Use the syntax ―edit filename‖ to open a file in edit mode. Switches and options used with the Edit command include: o /B: Forces monochrome mode. o /H: Displays maximum number of lines possible for display hardware. o /R: Load file(s) in read-only mode. o /S: Forces the use of short filenames. o The Edit window has pull-down menus that can be activated by mouse or keyboard. Hold down the Alt key and press the first letter of each menu to display the menu if a mouse driver isn’t loaded. Edit window uses same keyboard shortcuts Windows does:
  • 36. o Ctrl+X: cuts text o Ctrl+C: copies text o Ctrl+V: pastes text o Del: clears text  Copy: Used to copy files from one drive and folder to another. Folder specified in the Copy command must already exist on the destination drive. Copy command doesn’t work with system or hidden files, which require the Xcopy32 command. Switches and options used with Copy include: o /A: Indicates ASCII text file. o /B: Indicates binary file. o /V: Verifies new files are written correctly. o /Y: Suppresses prompting to confirm overwriting destination file. o /D: Allow the destination file to be created decrypted. o /N: Uses short filename, if available, when copying file with a non-8.3 name. o /Z: Copies networked files in restartable mode. o Example of syntax: COPY *.PDF C:TEMP  Xcopy: Similar to Copy, but has a number of advantages: copies files into RAM before copying to the destination, which speeds up the operation; can create destination folder if needed; able to operate as backup utility through modifying the archive bit ad can copy files changed/created on or after a specific date. Switches and options included with Xcopy include: o /A: Copies only files with the archive attribute set, doesn’t change the attribute. o /M: Copies only files with the archive attribute set, turns off attribute. o /D:m-d-y: Copies files changed on or after the specified date, or copies only files with source time newer than destination time if no date is provided. o /EXCLUDE:file1[+file2][+file3]...: Specifies a list of files containing strings. Each string should be in a separate line in the files, and if any of the strings match any part of the absolute path of the file to be copied, that file will be excluded; specifying a string like pdf or .pdf, for example, will exclude every file in the directory pdf or with a .pdf extension. o /P: Prompts before creating each destination file. o /S: Copies directories and subdirectories except empty ones. o /E: Copies directories and subdirectories, including empty ones; may be used to modify /T. o /V: Verifies each new file. o /W: Prompts to press a key before copying. o /C: Continues copying even if errors occur. o /I: If destination does not exist and copying more than one file, assumes destination is a directory. o /Q: Does not display file names while copying. o /F: Displays full source and destination file names while copying. o /L: Displays files that would be copied. o /G: Allows the copying of encrypted files to destination that does not support encryption. o /H: Copies hidden and system files.
  • 37. o /R: Overwrites read-only files. o /T: Creates directory structure, but does not copy files and does not include empty directories or subdirectories. o /U: Copies only files that already exist in destination. o /K: Copies attributes. o /N: Copies using the generated short names. o /O: Copies file ownership and ACL information. o /X: Copies file audit settings (implies /O). o /Y: Suppresses prompting to confirm overwrite of an existing destination file. o /-Y: Causes prompting to confirm overwrite of an existing destination file. o /Z: Copies networked files in restartable mode.  Format: Used to delete all existing files and folders from a system; overwrites current contents of the target drive unless /Q (Quick Format) option is used, which only overwrites the file allocation table and root folder. Format has different switches and capabilities, depending on the media being targeted. These switches include: o Volume: Specifies the drive letter (followed by a colon), mount point or volume name. o /FS:filesystem: Specifies the type of the file system (FAT, FAT32 or NTFS). o /V:label: Specifies volume label. o /Q: Performs a quick format. o /C (NTFS only): Files created on new volume will be compressed by default. o /X: Forces the volume to dismount first if necessary, making opened handles to the volume invalid. o /A:size: Overrides the default allocation unit size. Default settings are strongly recommended for general use. o The following options apply to floppy disks only:  /F:size: Specifies size of the floppy disk to format  /T:tracks: Specifies number of tracks per disk side.  /N:sectors: Specifies number of sectors per track.  Ipconfig: Used to display the computer’s present network configuration, including current IP address, subnet mask and default gateway. The ipconfig /all command shows all current network information. Other options exist, but the two most common are ipconfig /release, which causes the computer to relinquish the lease on the DHCP- assigned IP address, and ipconfig /renew, which creates a new lease and obtains a new IP address from the DHCP server.  Ping: Used to discover if a specific IP address is available and/or receiving traffic. Generally used with loopback address (127.0.0.1) or to see if traffic is reaching an address on a network. Command sends four packets to address and records time of the round trip; the lower the time, the faster the connection. Switches include: o –t: Ping host until stopped (Ctrl-C or Command-Break) o –a: Resolves addresses to host names o –n (count): Number of requests to be sent o –w (timeout): Time to wait for each reply (given in milliseconds) o –l: Send buffer size  Md/cd/rd: Used to make a directory, change to a directory or remove directories. The commands are pretty basic; although cd and rd do have switches, they aren’t
  • 38. commonly used. Directories, or folders, are referred to as either absolute, meaning they provide a full folder path, or relative, meaning they refer to one level down from the present directory location. Examples of usage: o MD Temp: Makes the Temp folder one level below the current drive’s root folder o CD Temp: Changes to the Temp folder o RD Temp: Deletes the Temp folder, if it’s empty  Net: Used for displaying and using network resources from the command line. Some of the Net commands available: o net help: Shows help for a Net option. o net use: Maps a network drive to a shared resource on the network. o net view: Displays other hosts on the network. o net helpmsg errorcode#: Shows meaning of any Microsoft error code.  Tracert: Used to delineate path a packet takes from host PC to an Internet destination, showing number of hops and how long each hop takes. Generally used to discover bottlenecks or points of failure. Known as traceroute on many UNIX systems. Syntax: tracert <destination hostname>.  Nslookup: Used to determine information about the DNS. When run without options, nslookup displays the name and IP address of the default DNS server before displaying a DNS prompt. Enter the name of a Web site/server to determine its IP address; enter the IP address of a Web site/server to determine its name.  [command name] /?: Used to show commands and appropriate syntax. Works for all valid commands in the command interpreter.  Sfc: Used to check protected system files – generally, .DLL, .SYS, .OCX, and .EXE files, and some font files used by Windows – and replaces incorrect or missing files with correct files. SFC can fix problems with built-in Windows apps caused by installation of obsolete Windows system files, user error, deliberate erasure, virus or Trojan horse infections and other issues. Type SFC at the command prompt, along with the desired switch, to run the utility. Common switches include: o /scannow: Scans all protected files immediately. o /scanonce: Scans all protected files at next boot. SFC will prompt to reinsert Windows distribution disc so files can be copied to DLL cache if missing files are discovered. o /scanboot: Scans all protected files every time system starts. o /revert: Returns scan setting to the default. o /purgecache: Allows user to delete file cache. o /cachesiz=x: Allows user to modify file cache size. Domain 2.2: Differentiate between Windows OS directory structures (Windows 2000, XP, Vista and Windows 7) Directory structure Windows XP/2000 Windows 7/Vista User file locations %SystemDrive% (usually C:) Documents and Settings{username} %SystemDrive%Users/User User profile and program files %SystemDrive%Documents and Settings{username} %SystemDrive%Users{username}
  • 39. System file locations The Windows directory, usually C:Windows, formerly C:WINNT %SystemDrive%Windows Fonts %windir%fonts %windir%fonts Temporary files %SystemDrive%Documents and Settings{username}Local SettingsTemp %SystemDrive%Users{username} AppDataLocalTemp Program files %SystemDrive%Program Files %SystemDrive%Program Files, %SystemDrive%Program Files (x86) (only in 64-bit version) Offline files and folders %systemroot%CSC (hidden folder) %systemroot%CSC (hidden folder) Domain 2.3: Given a scenario, select and use system utilities/tools and evaluate the results  Disk management tools o Defrag: As files are erased and added to the hard drive, the blocks of data that make up system and user files become fragmented, stored on different areas of the drive. Disk Defragmenter, as well as several third-party utilities, can move these blocks on the drive so that data is stored in contiguous sections, increasing read speeds and decreasing overall resource usage. Disk Defragmenter can be run:  From the Accessories menu’s System Tools submenu  From the drive’s Properties sheet’s Tools tab  From the command line: defrag (use defrag /? for options) o NTBackup: NTBackup is a backup program that can be run from the Windows XP/2000 GUI or from the command line. NTBackup can be run:  From the Accessories menu’s System Tools submenu  From the command line: ntbackup  From the Tools menu of the drive’s Properties sheet  NTBackup supports backups to a number of drive types, including tape drives, floppy disk drives, removable-media drives and external hard disks. A backup can be saved to a CD or DVD burner if the backup fits on a single disc, but the backup file must be created first and can’t be burned to the disc during the backup process. The backup process allows users to choose: o Which drive(s) to back up o Which files to back up: all data files, or new and changed files only o Whether to back up the Windows Registry o Where to create the backup: tape drive, floppy disk, another hard drive or a removable-media drive o Whether to replace an existing backup on the backup medium or to append it to existing backup files o How to run the backup: whether to use data compression, password protection, verification and/or
  • 40. volume shadow copy, enabling open files to be backed up  XP’s version of NTBackup adds the ability to perform an Automated System Recovery (ASR) backup/restore to rebuild Windows after system failure, but the Windows 2000 Emergency Repair Disk (ERD) functionality isn’t supported. o CheckDisk (chkdsk): Used to check hard drives for errors. Chkdsk can attempt to recover data from bad sectors, but can’t fix the sectors. It can be run from the command line or the Tools tab in the Properties window of the hard drive, accessible through the right-click context menu in the My Computer or Computer window. Windows allows Chkdsk to run with the option of automatically fixing file system errors and trying to recover bad sectors. By default, Chkdsk runs automatically at boot if a drive has errors (―dirty‖).  Disk Management: Disk Management is a snap-in, part of the Computer Management console; it’s the Windows application for analyzing and configuring hard drives. Disk Management has a number of options and configuration possibilities, and allows the user to set up: o Active, primary, extended and logical partitions: When setting up drive partitions, a user can choose from four types, which are closely interrelated. A primary partition is treated as an individual drive, or volume, by Windows; only a primary partition can be made active, or bootable. A single drive can hold up to four primary partitions, but only one primary partition can be active. An extended partition can’t itself take a drive letter, but can contain one or more logical partitions, which can each take a drive letter. In addition, an extended partition can’t be bootable, nor can any drive inside the extended partition. Only one extended partition can be stored on each physical drive. o Mount points/mounting a drive: A mount point is an empty folder that essentially acts as a shortcut to a mounted drive. To act as a mount point, a folder has to be both empty and stored on an NTFS volume. Mounted drives use drive paths, which provides for more drives than using drive letters, and provide more space for temporary files. To mount a drive, follow these steps:  Right-click the partition or volume to mount and select Change Drive Letters and Paths.  Click Add in the window that appears.  Browse to the intended mount point and click OK for both windows.  To remove the mount point, open Disk Management, right-click the mounted volume and select Change Drive Letters and Paths, and select Remove. o FAT32, NTFS, FAT64 (exFAT): As detailed in previous sections, FAT32 is an older (introduced in 1995) 32-bit file allocation table system that can handle logical partitions sizes up to 2 TB, and can be used for hard drives, flash memory and removable media. NTFS is the native file system for Windows 7, Vista, XP and 2000, and is widely considered the superior file system, as it has many upgrades and additional features, including the native ability to compress files, folders and drives; a theoretical partition limit of 16
  • 41. exabytes (EB); support for encryption; the ability to mount drives and treat them as regular drives, which allows the use of removable media; and disk quota support. FAT64, or exFAT, is a 64-bit file allocation table system that doesn’t have the storage limitations of FAT32 or the security features of NTFS. It’s most often used with low-end systems where security is of no concern.  External hard drives/flash drives: For compatibility purposes, virtually all external hard drives and flash drives are formatted with FAT32. o Drive status: Disk Management has several status classes for drives connected to the system. These classes include:  Foreign: Remote disk, or dynamic disk added from another system  Healthy: Volume is accessible and functioning correctly. May see ―Healthy (boot),‖ which means the active partition on the first drive.  Formatting: Drive or partition is being formatted.  Unallocated: Space that hasn’t been assigned to a partition  Failed: Volume or partition is not accessible.  Dynamic: Volume or partition can be managed and resized without restarting the computer.  Offline: Dynamic disks that cannot be reached due to various possible reasons. The disk may be remote.  Online: Volume or partition is accessible. o System Monitor: The System Monitor, or Performance Monitor, is often used to determine the memory usage on a computer and whether more should be added. Many performance factors can be determined through the measurement of objects, which include physical devices such as the processor and RAM and software such as protocols and services, with counters.  Administrative tools: Windows has certain tools and applets built-in to allow administrative-level users to make configuration changes and perform certain tasks on a system. These tools include: o Performance Monitor: The System Monitor, or Performance Monitor, is often used to determine the memory usage on a computer and whether more should be added. Many performance factors can be determined through the measurement of objects, which include physical devices such as the processor and RAM and software such as protocols and services, with counters. It can be accessed by typing perfmon.exe in the Run prompt and hitting Enter, then clicking Performance Monitor, or through the Administrative Tools applet in Control Panel. o Event Viewer: Windows provides a built-in tool called Event Viewer to examine various troubleshooting or diagnostic log files, which can be viewed by right-clicking the Computer/My Computer icon on the desktop or entry in the Start Menu, clicking Manage and clicking Event Viewer; it’s also available from the Administrative Tools applet in Control Panel. Event Viewer captures a number of different logs, but the three most useful to technicians are usually the Application, Security and System logs. To view an entry, click on a log in the left pane and entries will appear in the right pane.
  • 42. o Services: A service is program designed to run in the background without user intervention and perform specific tasks. In Windows, the Services console controls the various Windows and third-party services installed on the computer. The console can be reached from the Administrative Tools applet in Control Panel, or typing services.msc in the Run prompt and hitting Enter. In the console, the service name will be on the left, with a description of what it does to the right, its status right next to that and the startup type to the right of the status. Startup type can be Automatic (Delayed Start), meaning it starts after Windows boots to avoid delaying user login; Automatic, or starting with Windows; Manual, or starts only when needed; or Disabled. o Computer Management: Unlike most of the other programs mentioned here, Computer Management isn’t a tool in itself, but more of a handy one-stop interface for using the others. It’s usually simpler to use Computer Management, as it has most of the configuration tools – Event Viewer, the Device Manager, Local Users and Groups, Services, and disk tools such as Disk Management – in one window. Computer Management can be accessed by these methods:  Click Start -> Right-click Computer/My Computer -> Click Manage  Click Start -> All Programs/Programs -> Administrative Tools -> Computer Management  Press Windows+R to open the Run prompt (or open the Start Menu) and type compmgmt.msc.  Device Manager: Device Manager is the main tool for managing hardware in Windows; it provides a graphical method of viewing hardware configurations and resources, including drivers. Device Manager can be accessed by typing devmgmt.msc at a Run prompt and hitting Enter, or right-clicking My Computer/Computer – from the desktop or the Start Menu – and selecting Properties. Within Device Manager, a user can perform several tasks: o Enable/Disable: Devices can be disabled for troubleshooting purposes quickly in Device Manager, either through right-clicking the device in the main Device Manager window and selecting Disable, or by going to the Driver tab in the device’s Properties sheet and clicking Disable. To enable a disabled device, use the same procedure, but select Enable for either path. o Warnings/Indicators: Device Manager uses a yellow ! symbol to designate non-working devices and a red X for disabled devices; in Vista and Windows 7, users may see a white circle with a black down-pointing arrow to signify disabled devices. Device Manager also uses error codes in the Device Status field on the General tab of the device’s Properties sheet; these error codes can be used to discover the cause of device failures.  Task Manager: The Task Manager utility allows users to see, in real time, the behind- the-scenes functioning of Windows and its installed applications. Task Manager can be invoked in a number of ways, including: o Right-click the taskbar and select Task Manager o Press Ctrl+Shift+Esc o Open the Run prompt and type taskmgr
  • 43. o Press Ctrl+Alt+Del and select Task Manager from the Windows Security dialog box. o The Task Manager has a number of tabs, including:  Applications – shows what programs are running  Processes -- shows the program components loaded in RAM  Performance – statistics on CPU, memory, pagefile usage and caching.  XP version has a Networking tab, which lists network utilization by adapter, and a Users tab, which enumerates the currently logged-in users.  Windows Vista adds a Services tab, which shows the active services on the computer and present status. o The Process tab can be useful when trying to determine what may be behind a lockup or freezing issue; the processes can be examined by resource usage, and processes that are stuck or using excessive amounts of system resources can be terminated by using the End Process button. Processes can also be killed by right-clicking the process in question and selecting End Process of End Process Tree. Although not generally recommended, it also possible to modify the process priority – its chance of getting processor time, based on a ranking by the OS – of a process or program in Task Manager, by right- clicking the process and selecting Set Priority.  System Information: The System Information utility – msinfo32 – details the settings and specifications for the hardware and software installed in the computer, ranging from audio codecs to print jobs to the amount and type of RAM. Most commonly used to check system memory and BIOS version, msinfo32 can also be used to check which drivers successfully loaded at startup. It can be accessed by typing msinfo32 at the Run prompt, or through the System applet in Control Panel.  System Restore: System Restore enables users to reset a PC’s configuration to an earlier state, generally to fix issues caused by a bad hardware or software installation. Driver and software files installed stay, as does user-created data, but Registry changes made by the defective installation are reversed, so the system works as it did before. Restore points can be created by the user with System Restore, and are created automatically by the system before new hardware or software is installed. To create a restore point in Windows 7 and Vista, use this process: o Right-click Computer and select Properties. o Click the System Protection tab. o Click Create. This opens the System Protection window. o Enter a name for the restore point and click Create.  In Windows XP, use this process: o Navigate to Start, All Programs, Accessories, System Tools, System Restore. o Click Create a Restore Point and click Next. o Enter a descriptive name for the restore point, such as Before I Installed DuzItAll Version 1.0 and click Create. o System Restore stores the computer’s current hardware and software configuration as a new restore point.  To restore a Vista/7 system to an earlier condition: o Access the System Protection tab again, and click System Restore.
  • 44. o Select either Recommended Restore or Choose a Different Restore Point. o The Recommended Restore point will ask for confirmation. Select a different restore point if needed and confirm. o The system will initiate the restore and automatically restart. Windows 7 and Vista allows users to undo a system restore if it did not repair the issue.  To restore an XP system to an earlier condition: o Navigate to Start, All Programs, Accessories, System Tools, System Restore. o Click Restore My Computer to an Earlier Time and click Next. o Select a date from the calendar; bolded dates have restore points. o Select a restore point and click Next. o Close any open programs and save all work before clicking Next to start the process; Windows will shut down and restart. o The system will initiate the restore and automatically restart. o Note that System Restore is vulnerable to virus or malware infection, since if a restore point is created during an infection, reverting the system to that restore point could reestablish an infection. Most anti-virus vendors recommend System Restore be disabled before removing computer viruses.  Remote Desktop Protocol: Windows from XP forward includes Remote Desktop, a feature that enables a user to access the system remotely and use its desktop, applications, peripherals and other resources. Only one connection can be active at a time; if another user is currently logged on locally, he or she must log off to allow the remote connection. Windows Vista and XP Professional automatically runs the Terminal Services service, which is required for Remote Desktop incoming connections. To accept remote connections: o Make sure the remote user has been added as a user for this computer and has a password. Use the User Accounts applet in Control Panel to check. o Configure the firewall to permit connections via TCP port 3389. If the system uses Windows Firewall, selecting Remote Desktop on the Exceptions menu automatically opens this port, but for a third-party firewall, the setting may need to be set up manually. o Open the System Properties sheet, click the Remote tab, and select Allow Users to Connect Remotely to This Computer in the Remote Desktop portion. o Click Select Remote Users to view the list of Remote Desktop Users. If the user to be added isn’t in the list, click Add. On the Select Users dialog, enter the user name and click Check Names. o Repeat Step 4 until all remote user names are added. Click OK when finished.  To start the connection process: o Click Start, All Programs, Accessories, Remote Desktop Connection. o Enter the name or IP address of the remote computer, and click Connect. o Provide a username and password from the list of authorized remote users and click OK when prompted. The remote desktop appears.  To quit the remote session: o To end the remote session but stay logged in, click the X in the remote dialog tab and click OK on the Disconnect Terminal Services Session dialog. o To log out of the remote session, click Start Log Off, and click Log Off when prompted.
  • 45. o To disconnect, click Start, Disconnect and click Disconnect when prompted.  Task Scheduler: Task Scheduler is a utility that allows users to set up recurring events on the computer, such as Disk Defragmenter or NTBackup. To access Task Scheduler in Windows 7 and Vista, click Start -> All Programs -> Accessories -> System Tools -> Task Scheduler, or in XP, the Scheduled Tasks wizard by clicking Start -> Control Panel -> Scheduled Tasks.  Regional settings and language settings: When configuring Windows for users who use language settings other than American English, the Region and Language applet in Windows 7 and Vista, or Regional and Language Options in XP, is the tool that allows users to change keyboard layouts, alter how numbers and dates are displayed and switch default locations, among other settings. These applets are in the Control Panel, and can quickly be configured. It’s most often used for keyboard settings. Domain 2.4: Evaluate and resolve common issues  Operational problems o Windows-specific printing problems: Printers are complex machines, driven by equally complex drivers and controlled by an OS that represents a massive amount of programming and logic. It’s no surprise, then, that there are certain printing issues that crop up more frequently than others. Two of the more common ones are:  Print spooler stalled: Windows runs the print spooler as a service, so if the spooler seems to freeze or stop, restarting the service is a common fix. To restart the print spooler, use this procedure:  Open Computer Management.  Expand Services and Applications and click on Services.  Scroll to the Print Spooler entry.  Right-click it and select Restart from the menu. Another way to restart the spooler is to open a command prompt, type net stop spooler to stop the service, and net start spooler to start it again.  Incorrect/incompatible driver: Nonsense characters printing can have several causes, but a corrupted or incompatible printer driver is the most common. To install a new driver for an existing printer, use the New Printer Driver wizard; start it with the New Driver button on the Advanced tab of the printer’s Properties sheet. This wizard displays XP drivers for a variety of printers, and allows for loading a driver from a disk or folder. Note that this may not work for printers that use a setup program to install the driver, such as many inkjet printers. If that’s the case, download an updated driver from the vendor’s Web site and run the setup. The printer should be turned off before running setup to avoid interference. If a printer continues to print gibberish after the update, look for cable or port damage. o Auto-restart errors: Ever seen an error that immediately caused the system to reboot? That’s an auto-restart error. There is no difference between an auto- restart error and a STOP/BSOD error itself; the only real difference is a Stop/BSOD error triggers auto-restart on systems configured to restart the
  • 46. computer when a Stop error occurs. Systems that require 24/7 availability and rarely experience Stop/BSOD errors should probably be configured to restart automatically; the default setting is to force a manual restart. Follow these steps to set this option:  Open the System Properties window.  Click the Advanced tab.  Click Settings under the Startup and Recovery section.  To enable auto restart, click the empty checkbox for Automatically Restart under the System Failure section. Clear this checkbox to disable auto-restart if enabled.  In order to diagnose a STOP/BSOD error on an auto-restart-enabled system, ensure the Write an Event to the System Log option is enabled. o BSOD: A blue screen of death (BSOD), also known as a Stop error, generally occurs during startup or after the machine is running. When a BSOD occurs, the system completely stops, which is by design, and requires the user to power cycle the machine. Note the error code displayed on the screen when a BSOD happens; this error code can reveal what component or subsystem has generated the BSOD, which can be caused by any of the following:  Incompatible or defective hardware or software  Restart the PC in Safe Mode and uninstall the last item added to the system, whether it was hardware or software. Obtain the latest updates to the driver or software before reinstalling, and swap out the RAM (a common BSOD cause) or run memory diagnostics.  Registry problems  Reboot and select Last Known Good Configuration from the Windows boot menu.  Viruses  Use an antivirus program to scan the PC and remove any found.  Miscellaneous causes  Open Event Viewer and check the System log, and look up the error code on Microsoft’s online support site.  To determine the exact cause of the error:  Record the exact error message before restarting the computer.  Research the error at Microsoft’s online support site if the BSOD keeps happening. o System lockups: A system lockup can be a frustrating problem to have, since there are a number of possible causes that may seem unrelated, including:  Corrupted or outdated display, mouse or DirectX drivers  Overheating  Memory configuration issues in BIOS  If the computer won’t start except in Safe Mode or VGA mode, has frequent lockups or display signal corruption when the mouse is moved, it’s likely the system needs updated display, mouse or DirectX
  • 47. drivers. As a temporary workaround, the video acceleration settings can be reduced:  In Windows 7 and Vista, right-click the desktop and select Personalize.  Click the Display Settings link at the bottom of the window.  Click Advanced Settings.  Select the Troubleshoot tab and click Change settings.  To reduce video acceleration in Windows XP:  Open the Display Properties window.  Click the Settings tab.  Click Advanced.  Click the Troubleshoot tab.  If unsure which setting to try, follow these steps:  Start the computer.  Open the Troubleshooting or Performance dialog box as described previously.  Slide the acceleration pointer one notch to the left from its current position.  Click Apply, OK, and then OK again to close the Display Properties dialog box.  Use your normal software and perform typical tasks.  If the computer now performs acceptably, use this setting until updated drivers can be installed. If the computer continues to have problems, repeat Steps 2–5 and move the pointer one step to the left each time until the problems stop or drivers can be updated. o Device driver failure: If an error message such as ―Device x referred to in System.ini/Win.ini/Registry not found‖ appears, the most likely cause is the file invoked has been removed from the system incorrectly. Use the appropriate option to uninstall or remove undesired programs and/or devices:  For hardware, use the Remove option in Device Manager before you physically remove the hardware. Using Remove removes Registry and .ini file entries so it won’t be referred to restart.  Open Programs and Features in Vista and Windows 7, or Add/Remove Programs in XP in the Control Panel, select the program to remove. This starts the uninstall process for applications and utilities listed on the menu.  Use the program’s own uninstall option or a third-party uninstaller. Any of these options should remove both the program and references to it in the Registry and other locations, such as System.ini or Win.ini. If the program is removed by deleting its folder, leaving references in the Registry or .ini files, use the error message to determine which file contains the reference.  Application install/start/load failure: Programs might not start or load for several reasons, which include:  Invalid working directory
  • 48.  Missing or damaged shortcut  System hardware, system configuration or OS version not compatible with program  Program components not properly listed in registry  The Invalid Working Directory error might be displayed if a program is configured to use a folder that’s unavailable. In that case, try these options:  Configure the program to use an available folder using the program’s Properties sheet.  Make sure the user is logged onto the network if the working folder is on a network drive.  Ensure the user has inserted the correct media before beginning work if the working folder is a removable-media drive. If the drive is present but has been assigned a different drive letter, use Disk Management to assign the correct drive letter.  A program not listed on the Start Menu or the Windows desktop may indicate a shortcut was deleted or was never created. Follow these steps to add a desktop shortcut:  Make sure desktop icons are visible. If they aren’t, right-click an empty part of the Windows desktop, select Arrange Icons By and select Show Desktop Icons.  Right-click an empty part of the Windows desktop and select New, Shortcut.  Enter the path to the program or click Browse to locate the program for which the shortcut is being created. Click Next.  The shortcut name created by Windows is displayed. Click Finish to keep the name, or change it and click Finish.  Another way to enable operation of troublesome programs by using the Program Compatibility Wizard, located in the Accessories menu, to select an older Windows version to emulate for a particular program or customize display settings. If the program is not compatible with the Windows version installed, check the manufacturer’s Web site for patches, updates or workarounds. If a program worked previously, its components might be damaged or erased; reload the program if possible, or reregister the .dll components with the command-line tool Regsvr32. o Service fails to start: Services can be run automatically or manually and are controlled through the Services node of the Computer Management Console. Right-click My Computer/Computer and select Manage, then expand the Services and Applications node and click Services, or access the Services dialog from the Services applet in Administrative Tools. The Services dialog lists each service by name, provides a description, status message, startup type and whether the service is for a local system or network service. To view the properties for a particular service, double-click the service listing. Users can stop, pause or resume a service from this dialog, as well as from the Services dialog. Use the Log On tab if the service should be configured to run for a
  • 49. specific user, the Recovery tab to specify what to do if the service fails, and the Dependencies tab to see what other services work with the specified service. If a system cannot perform a task that uses a service, go to the Services dialog and restart the service. If a service prevents another task from running, go to the Services dialog and stop the service.  Error messages and conditions o Boot – Common errors and likely causes  Error: Invalid boot disk  Hard drive is not formatted  File allocation table is corrupted  No bootable CD or media in drive  Check for hard drive issues  Error: Inaccessible boot drive  BIOS unable to find drive  Check for BIOS setup errors  Error: Missing NTLDR  OS boot loading program could not be found  Check for hard drive issues o Startup – Common errors and likely causes  Error: Device/service failed to start  OS unable to load service  OS unable to load device drivers  Check for corrupted .ini files or registry  Error: Device or program in registry not found  Windows may be corrupted  Device driver might be missing or corrupted  Check for corrupted .ini files or registry o Event viewer (errors in event log): In Event Viewer, the System log records error information regarding drivers and system files, while the Application log records information and errors about applications within the operating system. o System performance and optimization  Aero settings: Although Aero is a popular addition to Windows technologies, it can present an impediment to system operation, as it presents a significant load on memory and graphics processors. In some situations, it may be recommended to disable Aero. To disable Windows Aero, click the Theme link from within the Personalize window. Then, from the Theme drop down menu, select Windows Classic.  Indexing settings: Indexing too much content can lead to poorer system performance, particularly on systems that are not packing the latest and greatest hardware. To adjust indexing settings in Vista and Windows 7, go to Start, Control Panel, System and Maintenance and click Indexing Options, which allows users to modify whether folders are indexed by clicking on the Modify button and selecting or deselecting specific folders. Selecting an entire volume is not recommended, as it will slow the system down. Use indexing for
  • 50. specific folders where important data is stored. Follow these steps to disable indexing altogether:  Click Start, then right-click Computer and select Manage to bring up Computer Management.  Expand Services and Applications in the left window pane and click Services.  Scroll down to Windows Search in the right pane, right-click it and select Stop. Check the startup type by right-clicking the service and selecting Properties. If the startup type is set to Automatic, change it to Manual or Disabled, or the service will start up again when the computer is restarted.  Indexing for individual drives can be turned off as follows: o Open Windows Explorer. o Right-click the volume to stop indexing on and select Properties. o At the bottom of the window, deselect Index This Drive for Faster Searching.  Follow these steps to turn off indexing in Windows XP: o Click Start, then right-click My Computer and select Manage to bring up Computer Management. o Expand Services and Applications in the left window pane and click Services. o Scroll down to Indexing Search in the right pane, right- click it and select Stop.  Indexing can be deactivated on any volume by right-clicking the volume, selecting Properties and deselecting Allow Indexing Service to Index This Disk for Fast File Searching.  UAC: User Account Control (UAC) is a security component introduced in Windows Vista that keeps every user except the Administrator account in standard user mode instead of administrator mode, even if they belong to the administrators group. UAC was created with two goals in mind: eliminate unnecessary requests for excessive administrative-level access and reduce the risk of malicious software using administrator access to infect OS files. While the UAC is an important part of Windows security, disabling the UAC box may provide a slight performance gain; it’s not recommended, but in some situations, it may be useful to have the extra boost.  To change UAC status, go to Start, Control Panel, User Accounts and Family Safety, then select User Accounts, and Turn User Account Control On or Off. UAC can be turned on and off by checking or unchecking the box. The system will need a restart after making the change.  Sidebar settings: Introduced with Vista, the Windows Sidebar is a new desktop window pane used to house gadgets, or mini-applets that provide a range of services and interact with other applications. For performance reasons, the Sidebar can be modified by right-clicking it
  • 51. and selecting Properties. There, users can choose whether the Sidebar starts with Windows, change its orientation and remove gadgets.  Startup file maintenance: Most PCs are set to run programs and services at startup. Windows can also start programs automatically from these locations:  Startup folder in the Start Menu for all users  Startup folder in the Start Menu for the current user  Registry keys, such as HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCu rrentVersionRun, HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurr entVersionRun, HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCu rrentVersionRunOnce, HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurr entVersionRunOnce  Startup programs might wind up in the Task Bar or the systray, or they might be in a window or full-screen. To keep a program from loading at startup, configure the program not to run at startup if possible, or use msconfig.exe to block the program from running at startup.  Background processes: Windows can be configured to use more memory for background services – minimized windows, printing – instead of the default setting favoring foreground applications. This is recommended when the computer is a file or print server on a small network. Use these steps to make that configuration happen:  Open System Properties and click the Advanced tab.  Click Settings in the Performance box to open Performance Options.  Click the Advanced tab.  Adjust for best performance of either Programs or Background services. Click OK. Domain 3.0: Networking Domain 3.1: Troubleshoot client-side connectivity issues using appropriate tools  TCP/IP settings: Configuring the TCP/IP settings correctly means the difference between a fully networked device and one that just sits there, able only to access what’s installed on it. There are certain settings and configurations that need to be in place for the networking connection to function, including: o Gateway: This setting identifies the IP address of the device that connects the computer to the Internet or other network. Most current networks use DHCP to automatically assign TCP/IP settings, including the gateway address, but if DHCP is not used on the network, this address will have to be entered manually. To do that, open Network Connections, right-click the network connection, select Properties, click Internet Protocol (TCP/IP) or Internet
  • 52. Protocol (TCP/IP)v4 in the list of protocols and features and click Properties. Users can select the Use the Following IP Address radio button to enter the information. o Subnet mask: This setting identifies a value that is used to distinguish between the network portion of the IP address, and the host portion. It’s also used to define subnetwork segments. As with the gateway, it is usually assigned by DHCP in modern networks, but can also be configured manually in the same method as detailed before. o DNS: The Domain Name Service setting identifies the address of the DNS servers, which are responsible for resolving IP addresses into readable domain names and vice versa. It is also generally configured through DHCP, and manually configured in the same way as already detailed. If it is necessary to manually enter the DNS server address, it’s general practice to input two server addresses, so in case one fails, the ability to use the network is preserved. o DHCP: The Dynamic Host Configuration Protocol is designed to manage a limited number of IP addresses by assigning them automatically to a pool of machines on an as-needed basis. DHCP makes managing networks easier, and joining networks easier yet. All the configuration work is done at the server end; a client only has to set the network configuration to Obtain an IP Address Automatically. This is in stark contrast to the older method of network configuration, using static IPs, where every device had to have the network information – IP address, gateway, subnet mask, DNS servers, WINS servers – entered in for each and every machine. o NAT: Network Address Translation (NAT) is another technology created to manage resources. NAT maps a group of private IP addresses, which use non- public address ranges, to a single public IP address in a technique known as IP masquerading. It has security purposes to it as well, but its main effect has been to conserve IP addresses until TCP/IPv6 is widely adopted. Most wireless access points and routers sold for small office/home office (SOHO) setups use a form of NAT.  Characteristics of TCP/IP o Loopback address: The loopback address – 127.0.0.1 – is part of a special class of IP addresses; the range of addresses that begin with 127 is reserved for testing and experimental purposes. 127.0.0.1 is used to test network connectivity, as a ping command sent to that address will come right back to the sending device. o Automatic IP addressing: Automatic IP addressing (APIPA) is an addressing scheme used by computers to assign IP addresses when DHCP is not available. APIPA assigns addresses in the 169.254.x.x range, which allows LAN connections, but a machine assigned an IP address through APIPA will not connect to the Internet.  Mail protocol settings: o SMTP: Simple Mail Transfer Protocol (SMTP) sends email from a client system to an email server, which uses SMTP to send the message to the receiving server. SMTP packets generally use port 25.
  • 53. o IMAP: Internet Message Access Protocol (IMAP) enables messages to remain on the email server so the user can retrieve messages from any location. IMAP also supports folders, so messages can be organized into a directory structure. IMAP-based email accounts must have IMAP selected as the email server type, and the name of the server, the user’s user name and password and whether the server uses SSL must be configured in the client. IMAP packets generally use port 143. o POP: Post Office Protocol (POP), the more popular of two receiving email protocols, supports downloading messages from the mail server to a computer’s local folders. Travelers may want to stay away from POP systems, as it is not suitable for users who frequently switch computers due to email being spread out over multiple computers. POP3 is the current standard. POP3 users typically use SMTP to send messages. POP packets generally use port 110.  FTP settings o Ports: File Transfer Protocol (FTP) is designed to allow access to specialized servers for file transfers up and down to users. FTP traffic generally uses ports 20 and 21. o IP addresses: FTP servers are hosts in the same way that HTTP servers are, so Web browsers can be used to access FTP sites by typing in a URL than begins with ftp://. FTP sites can also be reached through their IP addresses; if using a command prompt to access the site, this is a common method to use. It’s not a bad idea to ping the IP address first to make sure it’s active. o Exceptions: When configuring a firewall on a computer, the user may want to leave ports 20 and 21 open to allow FTP traffic. While standard practice, FTP is not a secure method of file transfer, as all its transmissions are in clear text. FTP is considered a deprecated protocol by many, and it’s recommended that any implementation of FTP-like services be carried out through secure FTP, which uses Secure Shell (SSH) to keep packets secure. SSH uses port 22. o Programs: Windows incorporates a command-line FTP program, ftp.exe, into the command prompt, and Internet Explorer is a functional FTP client as well, but it’s generally recommended to use a third-party program for FTP traffic, as third-party software often provides a multitude of features to make FTP more secure and easier to use. CuteFTP and WinFTP are two examples of well-known FTP clients.  Proxy settings o Ports: Proxy servers are computers that intercept Web requests from users on the internal network for the Internet. The proxy caches the requested files, and substitutes its IP address for requests to outside servers, much like NAT. Proxies are frequently set up to act as firewalls for an organization’s internal network and a gateway. Traffic to proxy servers can be set on any port, but since they usually handle secure connections as well, which use SSH, note that port 22 will need an exception set for it on the firewall. o IP addresses: Users that utilize a proxy server may not even realize it, especially in large corporations with IT departments to handle that configuration for them. Settings for using proxy servers are usually configured
  • 54. in the Web browser being used, and the IP addresses and/or fully qualified domain names of the servers are included, along with the ports the proxy traffic is on. o Exceptions: Port 22 will need an exception as noted earlier, as well as exceptions for whichever port(s) the proxy traffic is using for Web packets. HTTP traffic generally uses port 80, but administrators may change that for security and monitoring purposes. o Programs: Most users and technicians will work with proxy servers only in the context of Web browsers: Internet Explorer, Mozilla Firefox, Google Chrome and a few others. Configuring a proxy server is outside the scope of the A+ exams.  Tools (use and interpret results) o Note that all of the following tools, unless otherwise noted, are command-line utilities. o Ping: Used to discover if a specific IP address is available and/or receiving traffic. Often used with loopback address (127.0.0.1) to test individual machine’s setup or to see if traffic is reaching an address on a network. Standard command without switches sends four packets to address and records time of the round trip; the lower the time, the faster the connection. Syntax: ping <switches> <destination address>. Switches and other information can be looked up by typing ping /?, although most common usage is to simply type in the command with an address – say, ping 65.55.12.249 – and seeing what the results are. If the packets are returned with ―Reply from <address>‖ and statistics regarding the bytes, time and TTL, the ping was successful and connectivity is proved. If the packets are returned with ―Request timed out,‖ that could indicate a need for further testing, if the address is known to be good. o Tracert: Used by Windows to follow the route taken by data traveling from the computer to a specified IP address or website. By default, tracert will check up to 30 hops between the computer and the website or IP address. To use tracert to check routing, follow these steps:  Start your Internet connection.  Open a command prompt.  Type tracert <IP address> or tracert <servername> and press Enter. Tracert displays the IP addresses and URLs of each server used to relay the information, as well as the time required. o Nslookup: Used to determine DNS information about the DNS. If run without switches, nslookup displays the name and IP address of the default DNS server before displaying a DNS prompt. Enter the name of a Web site/server to determine its IP address; enter the IP address of a Web site/server to determine its name. o Netstat: Used to display network activity statistics, such as programs making connections, which is displayed by using the –b switch. Netstat can run until manually interrupted using Ctrl-Break or for a set number of iterations, and then output to a text file. Useful for determining possible sources of network resource hogging.
  • 55. o Net use: Used to create connections to remote computers, sever connections or show information about all connections; in practice, most often used to map network drives. Net use command without switches just shows connections. To map network drives to a drive letter, use UNC paths (servernameshare). o Net /?: Displays complete list of commands using net. If used with |More switch, user can scroll through them. /? is the standard switch to use to bring up help documentation on commands and switches. o Ipconfig: Used to display the computer’s present network configuration, including the NIC’s MAC address, current IP address, subnet mask and default gateway. Ipconfig has a number of switches, but the most common usage is:  Ipconfig /all: Shows all current network information.  Ipconfig /release: Causes computer to relinquish IP address lease  Ipconfig /renew: Causes computer to renew IP address lease o Telnet: Used to make text-based connections to a remote computer or device and use it as if the user was physically present. To use telnet, open a command prompt and type telnet a.computer.com, where a.computer.com is the remote computer. Remote computers must be configured to accept telnet access, and TCP port 23 must be open for a telnet connection to work. o SSH: Secure Shell (SSH), designed to create a secure channel for data transmission between computers. More secure than FTP and telnet, and is the security protocol used for secure FTP (SFTP). SSH traffic uses port 22.  Secure connection protocols o SSH: As noted before, SSH is more secure than FTP and telnet, and is the basis for SFTP. While Windows supports SSH, there are no native Windows clients for it, so third-party client software must be installed to utilize it. Applications that use SSH version 2.0 and higher offer the best security. o HTTPS: The secure version of HTTP encrypts Web browser/server data before sending and decrypts it before it is processed. Like FTP and telnet, HTTPS is an application-level protocol. In most browsers, the presence of https:// in the URL and the padlock icon (or something similar) indicate the Web connection is using HTTPS.  Firewall settings o Open and closed ports: Firewalls – which check data packets sent over a network to make a determination, based on various data in the packet and rules programmed into the firewall, on whether to block the packets or send them on to the intended destination – work essentially by guarding the open ports on a system. By default, a firewall should close off all ports except the ones that need to stay open, including common ports such as 20, 21, 22, 23, 25, 53, 80, 110 and 143. o Program filters: In addition to port security offered by restricting all but a few ports, firewalls can offer control port traffic by using program filters, in which only designated programs are allowed to send and receive traffic on certain ports; for example, blocking every program on a computer from port 80 except for Chrome, a Web browser. Program filters offer more targeted protection, but require more overhead.
  • 56. Domain 3.2: Install and configure a small office/home office (SOHO) network  Connection types: Before the rest of the office can be set up, a tech must configure the Internet connection that will be used. There are a number of options a SOHO can use, but the connection will fall into three broad types: o Dial-up: It’s unlikely a tech will be setting up a new dial-up connection, and even less likely a SOHO will be running on one, but the process of creating one is straightforward enough. To create a dial-up connection, the tech will need:  Client software, including the preferred browser, dial-up information and TCP/IP configuration information  Dial-up access numbers  Modem types supported (33.6Kbps, 56Kbps, v.90, v.92)  User name and initial password  Windows Vista and 7 does support dial-up networking (DUN) and can create DUN connections through the Network and Sharing Center. Windows XP and 2000 can create DUN connections through Network Connections in XP or Network and Dial-Up Connections in Windows 2000.  Setting up a DUN connection follows these basic steps:  Install an external modem or modem adapter card and the necessary drivers, making sure Windows recognizes the modem.  Connect the modem to a live phone jack with good-quality phone cable, directly or only through a surge protector if possible.  Open the Network and Sharing Center on Windows Vista and 7 machines, and click Set Up a Connection or Network. In XP, open Network Connections and click Create a New Connection.  Choose Set Up a Dial-Up Connection and click Next.  Enter the information provided by the ISP, including the phone number and login information. Click Connect, or OK.  Test the connection to make sure it was done correctly. o Broadband: Broadband has become the new standard in Internet service, covering a range of technologies delivering data throughput of 300 kbps and more. There are several varieties of broadband delivery available, including:  DSL: Digital subscriber line (DSL) uses the telephone line to deliver Internet service. A DSL modem, which sends and receives signals at different frequencies than the voice band, connects the computer to DSL service, and typically connect through the computer’s Ethernet port or a USB connection. Setting up a DSL connection can be simpler than setting up a DUN connection, because much of the configuration work is usually automated through vendor-provided software. To set up a DSL connection:
  • 57.  The vendor will send the DSL modem and software around the same time the phone lines have been activated for DSL. Once the modem arrives and the lines are live, follow the setup instructions for the modem, as procedures vary widely. Some require the software to be installed first.  Put microfilters – which usually come with the modem – on every phone and device in the house that uses a phone line, such as fax machines or digital video recorders (DVRs). This prevents interference from other devices from degrading the network connection.  Connect the DSL modem to a wall jack; do not use a microfilter on the modem line. Power up the modem and connect it to the computer.  Open the Network and Sharing Center on Windows Vista and 7 machines, and click Set Up a Connection or Network. In XP, open Network Connections and click Create a New Connection.  Choose Connect to the Internet and click Next.  Choose Set Up My Connection Manually and click Next. Select Connect Using a Broadband Connection That is Always On and click Next. Click Finish after the wizard completes.  Test the connection to make sure it was done correctly.  Cable: Cable Internet service is delivered through the same coaxial cable that provides a cable TV signal. Nearly all current cable Internet service is a high-speed duplex signal that shares the fiber-optic network used for digital cable and music services. Cable Internet can reach download speeds anywhere from 1Mbps up to 10Mbps or faster; upload speeds generally are restricted at 128 kbps, but some plans offer higher upload speeds. When cable TV and Internet service share the same cable, a splitter must be used to prevent the signals from interfering with each other. Virtually all cable modems are external devices that plug into a RJ-45 or USB port. To set up a cable modem connection:  Connect the cable modem to the pre-selected cable jack from the wall, and power on the modem.  Connect the computer to the modem via Ethernet port. If using the USB connection, read the instructions carefully first, as it may require a different order of steps.  Open the Network and Sharing Center on Windows Vista and 7 machines, and click Set Up a Connection or Network. In XP, open Network Connections and click Create a New Connection.  Choose Connect to the Internet and click Next.  Choose Set Up My Connection Manually and click Next. Select Connect Using a Broadband Connection That is Always On and click Next. Click Finish after the wizard completes.
  • 58.  Test the connection to make sure it was done correctly. The cable company may have a checklist of steps to complete in order to finish the connection, including providing them with the modem’s MAC address.  Satellite: Satellite Internet service uses parabolic dish antennas to send and receive signals between geosynchronous and home receiving stations. Satellite modems connect the computer to the satellite dish through a USB or Ethernet port, similar to DSL or cable modems. As the Federal Communications Commission requires professional installation for satellite Internet service, technicians will not likely have to do much with hardware, setting up the Windows configuration after the dish has been installed, the double coaxial cables have been run from the dish to the modem and everything has been hooked up correctly and tested. Depending on the service used, the satellite technician may even set up the Windows configuration.  ISDN: ISDN (Integrated Services Digital Network) is an older technology originally developed to provide an all-digital method for connecting multiple devices to a single telephone line and provide a faster connection for teleconferencing for remote users. A home/small office-based connection can also provide an all-digital Internet connection at speeds up to 128 kbps. ISDN has been mostly supplanted by DSL, so it’s unlikely techs will see a new ISDN connection being set up, but if so, the Windows side of the configuration is identical to creating a DUN connection. o Wireless: Wireless networking is really another form of broadband, but with the major difference of not having to be physically connected to the router or network access point. Before setting up a wireless network, it’s useful to understand the various configurations and technologies that will come into play, which include:  All 802.11 types: 802.11 is the blanket term for a set of wireless protocols compatible with wired Ethernet, also known as wireless LAN (WLAN) standards. Wireless Ethernet is commonly known as Wi-Fi. These standards include:  802.11a: Runs in the 5 GHz range, with a maximum data throughput of 54 Mbps. Needs dual-mode (802.11a/b or 802.11a/g) hardware to run on current machines; 802.11n networks support 5 GHz frequency.  802.11b: Uses 2.4 GHz range, with maximum throughput of 11 Mbps. Interoperable with 802.11g  802.11g: Uses 2.4 GHz range, with maximum throughput of 54 Mbps. Interoperable with 802.11b, 802.11n.  802.11n: Uses 2.4 GHz range (standard), can use 5 GHz range (optional). Maximum throughput up to 600 Mbps, but 300 Mbps is typical maximum. Interoperable with 802.11b, 802.11g, 802.11a on networks also supporting 5 GHz frequency.
  • 59.  Wireless Ethernet hardware supports both the star (infrastructure) network topology – uses a central wireless access point to transfer data between devices, or nodes – and peer-to-peer topology, where every device in the network communicates directly with another device.  WEP: Wired Equivalent Privacy (WEP) was the first encryption protocol for wireless networks, defined in 802.11b. WEP used 64- or 128-bit encryption keys, though since the user only had access to 40 of the 64 bits, it was often referred to as 40-bit WEP encryption. WEP is no longer considered secure for several reasons and is not recommended for wireless networks; it’s not even supported in 802.11n.  WPA: Wi-Fi Protected Access (WPA) was developed in part to address certain disadvantages WEP presents. WPA comes in two levels of security: WPA, which uses TKIP encryption, and the more robust WPA2, using AES encryption. WPA/WPA2 supports a key length from 8 up to 63 alphanumeric characters. All clients and wireless access points (WAP) or wireless routers on a network must use the same encryption standard, the highest level supported by all devices on the network. WPA2 is recommended for all devices, even though WPA2 encryption may require upgraded drivers and firmware for older network adapters, WAPs and wireless routers.  SSID: The Service Set Identifier (SSID) is essentially the name of the wireless access point’s network, and all wireless networks must have an SSID; by default, the manufacturer’s name or the device’s model number is frequently used as the SSID out of the box.  MAC filtering: Most wireless routers and WAPs allow users to specify the allowable MAC addresses so that only these devices may use the network. In some cases, routers can be set to block specific MAC addresses from accessing the network. While MAC address filtering can block casual hackers from gaining access, it is possible to change the MAC address of a network device, and since MAC addresses are not encrypted – and thus detectable by network hacking software – MAC address filtering is not a foolproof security method.  DHCP settings: Virtually all WAPs and wireless routers are configured to act as DHCP servers, which is convenient for users trying to set up a wireless network but a headache for users trying to secure one. The most recommended setting for wireless routers and WAPs is to disable DHCP and assign static IP addresses to devices. If that isn’t feasible, the next best setting is to limit the number of IP addresses that can be assigned and specify a narrow range of addresses that can be assigned. o Routers/access points: The router, or access point, is the key piece in a wireless network, the central point from which all information flows. Setting up a wireless access point (WAP) to connect to the Internet is only the first
  • 60. step. Once done, there are several actions the tech should take to secure the wireless network. These include:  Disable DHCP: Using DHCP makes it easier for clients to use the network, but it also means that someone who gains unauthorized access to the network is treated just like an authorized user in terms of network resources. Whenever possible, it’s recommended to disable DHCP and assign static IP addresses to devices. If that isn’t feasible, the next best practice is to limit the number of IP addresses that can be assigned (preferably to the number of devices known to be on the network) and specify a narrow range of addresses that can be assigned.  Use static IP: Using a static IP system ensures that only devices that have been specifically configured to use the network can access it. It also makes it possible to identify what clients are using the network at any given time, and know who has been configured to use the network. However, using a static IP system requires more administrative overhead.  Change SSID from default: Most manufacturers use a default SSID on WAPs that identify the make and model of the device, which makes it easy for would-be unauthorized users to look up certain pieces of information to assist in attacking the network. It’s recommended to change the default SSID to something not easily guessed or deduced to help protect against the possibility of attacks.  Disable SSID broadcast: By default, WAPs broadcast the SSID of the wireless network with every transmission. Changing the SSID from the default is a good step, but it should be accompanied by disabling the SSID broadcast in the WAP configuration utility so that anyone looking for a connection doesn’t just see the network.  MAC filtering: Every network device has a unique Media Access Control (MAC) address built into it, and most wireless routers and WAPs allow users to specify the allowable MAC addresses so that only these devices may use the network. In some cases, routers can be set to block specific MAC addresses from accessing the network.  Change default username and password: Virtually all WAPs come from the factory with a default username and password, usually ―admin‖ for both or a blank field for one of the choices. While this makes it easy for novice users to get in and set up the WAP, it’s terrible from a security standpoint, as the default configuration info is readily available from manufacturer and other Web sites. Once the WAP is up and the tech is in the configuration utility, the default username and password should be changed in accordance with strong password standards, and recorded somewhere secure.  Update firmware: Firmware for nearly every device that uses it is occasionally updated by manufacturers. Generally, firmware is updated for performance and security issues, so especially for WAPs, it’s important to keep firmware as up to date as possible to keep the network safe from intrusion. Check the manufacturer’s Web site for
  • 61. firmware updates; in some cases, firmware updates can be downloaded through an update utility.  Firewall: Firewalls check data packets sent over a network to make a determination, based on various data in the packet and rules programmed into the firewall, on whether to block the packets or send them on to the intended destination. Most WAPs can be configured as firewalls, and even if individual clients on the network have firewalls installed on them, the WAP should be configured as a firewall as well: closing all ports except the well-known ports and setting up exceptions as needed. o LAN (10/100/1000BaseT, speeds): Wired local area networks (LAN) are rated in terms of cabling and/or speed. The cabling often defines the standard used and the length of network segments. The most common wired LAN types technicians will see are:  10BaseT: 10 Mbps max speed  100BaseT: 100 Mbps max speed; standard for most large organization networks  1000BaseT: 1 Gbps (1000 Mbps) max speed; known as Gigabit Ethernet o Bluetooth (1.0 vs. 2.0): Bluetooth is a short-range wireless network technology designed to operate in peer-to-peer, or ad hoc, mode between computers and devices such as printers, smart phones, mice and keyboards. Bluetooth uses the same 2.4 GHz frequency used by IEEE 802.11b/g/n networks, but minimizes interference by using spread-spectrum frequency- hopping signaling. There are three versions of the Bluetooth standard, version 3.0 being the newest; most devices technicians will see for a while will be Bluetooth 1.0 and 2.0. Version 2.0 uses significantly less power than version 1.0 (2.5 mw vs. 100 mw maximum power usage) and is much faster (3 Mbps vs. 1 Mbps maximum speed). Version 2.0 is also far better at device interoperability, and is backward-compatible with version 1.0. o Cellular: Cell phone networks can be used for Internet access and remote networking, making mobile work and play even simpler. A cellular modem with a data access plan purchased from a carrier is needed to allow a mobile computer to use a cellular network for data access; these modems can be connected to USB ports or installed into CardBus or ExpressCard slots. Modems can be bundled with a data access plan or bought separately, but if purchased from a vendor different than the cellular carrier, make sure it supports the access method used by the carrier. o Basic VoIP (consumer applications): Voice over IP (VoIP) is a popular method for providing consumer and business telephone service. VoIP uses an organization’s or home’s internal network and the Internet to phone calls. Presently, companies such as Vonage, Skype, AT&T, Verizon and others provide VoIP services. Adding VoIP service to an existing network requires either an analog telephone adapter (ATA) or a VoIP router. An ATA enables standard phones to work with VoIP services, and connects to the present
  • 62. router in use. A VoIP router can replace an existing router, wired or not. Typical VoIP routers support most or all of the following features:  Quality of Service (QoS) support: Streaming media, such as VoIP phone calls and audio or video playback, takes higher priority than other network packets.  One or more FXO ports: An FXO port allows regular phones to be used with VoIP service.  Real-time Transport Protocol/Real-time Transport Control Protocol (RTP/RTCP): Supports streaming media, video conferencing, and VoIP applications.  Session Initiation Protocol (SIP) support: Signaling protocol used for multimedia distribution and multimedia conferences.  Basics of hardware and software firewall configuration o Port assignment/setting rules (exceptions): Firewalls can generally be configured either on a port basis or an exception basis, meaning using specific ports or rules based on applications and traffic. When set by port, it means that only specific ports are opened for traffic. When set by exception, all ports are closed except to traffic from explicitly designated programs. These programs are designated by rules the firewall follows in parsing network traffic. Whenever possible, it’s recommended to use exception-based rules on a firewall. o Port forwarding/port triggering: Port forwarding is a term describing the process of sending traffic designated for a specific computer and port to that device. A common example is using port 80 to send traffic to a Web server, where the Web server is the only device allowed by the firewall to get traffic on that port. Port triggering is when a device on a network opens another port in response to traffic, and closes the port afterward; an example would be a device that has port 110 closed until it receives traffic from port 25, then opens port 110 just long enough to send traffic. Port forwarding requires a static IP address to send traffic to, but port triggering has no such requirement.  Physical installation o Wireless router placement: The wireless router should be placed roughly in the middle of the functional area. If possible, placing in a high area to maximize signal coverage can help, and if the area where the clients are located is open, that also helps. Walls can block signal, especially if they have a lot of metal. Keep interfering devices, such as microwave ovens or large appliance motors, away from the router. Finally, restricting physical access to the router is recommended, to lower the chance of malicious or accidental damage, theft or misadventure. o Cable length: With virtually all Ethernet cabling presently in use, a network segment can be up to 100 meters (328 feet) long from endpoint to endpoint, although network performance on a segment of that length would likely be noticeably slower. Using hubs and repeaters, devices that amplify and forward on network signal, are recommended for larger sites that have substantial cable runs, but most SOHOs and small businesses won’t likely need such devices.
  • 63. Domain 4.0: Security Domain 4.1: Given a scenario, prevent, troubleshoot and remove viruses and malware  Use antivirus software: Having an up-to-date antivirus (AV) program on a computer is a necessity, one of the hard and fast rules of computer usage in the modern world. An up-to-date copy of a major AV/antimalware program helps find and remove viruses and Trojan horse programs. If the computer doesn’t have a licensed AV program, but it has a working Internet connection, use a free online scanning service, such as Trend Micro’s HouseCall or BitDefender Online Scanner to scan the system. Windows from XP forward does include Windows Defender, a real-time, scan-based protection tool against malware such as Trojan horses and worms, but Defender by itself is not sufficient; having a full AV program at work and defending a system is paramount.  Identify malware symptoms: Once a system is infected with malware, it can display a number of symptoms, some of which can be caused by other factors. In general, a malware infection will display one or more of the following: o Pop-up ads when Web surfing o Slow system performance and application loading o Excessive disk access cycles and increasing numbers of bad sectors o Drive access lights turn on when no activity is happening o Unusual error messages o Less memory or disk space available than usual o Strange graphics or noises from computer o Optical drive no longer recognized o Filenames with unusual characters o Unusually large files, or disappearing and reappearing files o Changing file extensions o Corrupted files appearing o System hangs during boot o E-mails stating an infected message has been sent o Messages from antivirus program o Unfamiliar processes running in Task Manager o Changes in home page and/or toolbars in Web browser o Difficulty in surfing the Web or visiting AV vendor Web sites  Quarantine infected systems: If a system becomes infected, it is necessary to quarantine, or separate it from the network and other machines, immediately to avoid spreading the infection. The simplest way to do this is immediately disconnect the network cable, or tuning off the wireless NIC. Larger networks can use network monitoring software to block access to network resources, restrict an infected device to a dedicated network or simply drop it off the network. If it is necessary to have the computer retain some network access, boot the machine into Safe Mode with Networking, which may prevent or slow down the malware while the tech works on cleaning the system.  Research malware types, symptoms and solutions (virus encyclopedias): Techs may find programs that seem to be malware, but may not be. If unsure, don’t make a guess; do research and find out. Every major AV vendor, such as Symantec/Norton,
  • 64. Sophos, AVG and Trend Micro, maintains a support base and virus encyclopedia that lists known virus/malware files, symptoms and tips on how to clean them. In addition, there are several reputable sites online not affiliated with companies that offer useful information. A little research can go a long way toward helping resolve infection issues.  Remediate infected systems: Once a system has been identified as infected, quarantined and researched, it’s time to remediate, or clean, the system. o The first step is to run AV software on the machine, preferably from a boot disk so the infection won’t be active and interfere with efforts to clean it. Many vendors, including Microsoft and BitDefender, have boot disks that include AV products that can be upgraded once the boot disk has been loaded, if the computer can get network access temporarily. If the computer didn’t already have AV software, the tech can try to install it now and clean the system that way. There are many reputable products out there, from vendors such as Panda, Kaspersky, AVG, Symantec and many others. Another approach to getting AV software to clean the computer is to network it to another machine, but this introduces an unnecessary element of risk by exposing another machine. When cleaning a system, the AV software should be updated, allowed to scan and clean the machine, then should be updated if available and scanned again, repeating until the AV software can’t find anything else. If possible, scanning the machine with two separate AV products is recommended, as no single AV product will find everything. o After running AV software, run antimalware or antispyware software; although AV software often searched for malware and spyware, those searched are general in nature, whereas antimalware/antispyware software is engineered for those specific threats. Vendors such as Lavasoft, Malwarebytes and Webroot provide well-regarded cleaning programs that routinely find malware that even the best AV program will miss. The pattern should mimic that of AV programs when remediating: update, scan, clean, update again, scan again and repeat until the program can find nothing else. o Once the software scans are over, the tech should clean up anything left by the process: quarantined files, orphaned entries in the Registry, files that couldn’t be cleaned or deleted by the scanners, startup entries that generate errors at startup. All of those should be cleaned, either manually or by using products such as CCleaner and msconfig. Any files that are deleted at this stage should be emptied from the Recycle Bin to ensure they stay gone. If a file was running during the scans and missed detection, the tech may need to use Task Manager to kill its process and then delete the file; it’s a good idea to check processes after scans for that reason. o Those steps will take care of active infections, but the remediation isn’t over. The tech now needs to clear out areas where the infections might be lying in wait, which means turning off System Restore if active and purging restore points created since the infection first appeared – more likely, all restore points to be safe – and cleaning out the browser cache and Temporary Internet Files folders, manually or with Disk Cleaner or third-party utilities. It also
  • 65. means cleaning out the Registry, using CCleaner, RegClean or any number of reputable utilities designed for that purpose. o At this point, the system is most likely clean. However, some infections dig deep, and may need advanced cleaning to eradicate. If the system is still demonstrably infected at this point, and the system is not vital or has all its important data backed up, it may be more cost-effective to format the drive and rebuild it. Otherwise, the tech will need to examine processes using Task Manager or a more in-depth tool such as Microsoft’s Process Explorer; obtain a rootkit removal tool and scan the system; and use a boot block repair tool to check the master boot record (MBR). o Finally, the system is clean. Make sure it stays that way by installing AV software, antimalware/antispyware software and, if not already present, a firewall solution. Make sure these programs update automatically and frequently, make sure Windows Update runs automatically and without user intervention and educate the end users about security measures.  Update antivirus software: An outdated AV program represents a security risk, and is next to useless, since new viruses and infections appear on a daily basis. Keeping the AV program up to date is vital to protecting a machine. o Signature and engine updates: With AV programs, a virus signature is a file that describes a virus’s structure and behavior; it’s what allows the AV program to find and quarantine or delete the virus. An engine update is a software upgrade to the program that allows it to function more effectively. o Automatic vs. manual: Most AV programs can update themselves automatically, meaning they are set to connect to the manufacturer’s servers every so often and check for updates to the signature library and/or program. Some AV programs, however, require manual updating, meaning the user has to initiate the update process. Whenever possible, a computer should use an AV program that updates automatically, to avoid lag times and security gaps caused by inconsistent user intervention.  Schedule scans: Users can schedule scans with AV programs on a recurring basis, which is highly recommended to keep a machine secure and as important as keeping the AV program up to date. Default settings include daily and weekly scans, as well as custom settings that can be modified as needed. The time and type of scan – quick scan, full scan, only certain folders and drives – can also be set by the user. A full scan at least once a week is recommended, as well as daily quick scans.  Repair boot blocks: When an infected computer isn’t booting, it’s possible the infection has infected or corrupted the boot sector of the hard drive, or the BIOS code has been corrupted. If the BIOS code is corrupted, it may be possible to fix it by restoring to default settings or reflashing the CMOS. If the boot sector is the issue, then repairing the first sector of the hard drive – the boot block, also known as the master boot record (MBR) – is the next step. This can be done by booting into WinRE, accessing the command prompt and using bootrec /fixmbr to repair the MBR and bootrec /fixboot to repair the OS boot record; in XP, boot into the Recovery Console and use fixmbr and fixboot.
  • 66.  Scan and removal techniques: When scanning a system, it sometimes isn’t possible to do the job correctly while Windows is running. In those cases, the tech can choose to use different options: o Safe Mode: Since Windows loads a minimal set of drivers and files in Safe Mode, malware often won’t run in Safe Mode or will run much slower. If the tech suspects normal Windows operations are interfering with AV scans, attempting to run them in Safe Mode is a good start. Either Safe Mode or Safe Mode with Networking can be used in this regard; however, some AV programs will not run in Safe Mode. o Boot environment: Using a boot disk or the Windows repair tools – WinRE or Recovery Console – is another way of obtaining access to the drive without letting the infection proceed. Using boot disk tool sets, like the Knoppix LiveCD, Microsoft’s DaRT or an AV boot disk, can allow a tech to scan a hard drive without fear of spreading the infection or having it be disguised, since the boot disk is providing the interface and not running any potentially infected files.  Educate end user: Some malware and black hat techniques, such as social engineering, depend on the user’s personal interaction and sense of helpfulness to work; others, like phishing, play on users’ hopes and desires. Regardless of the method, users can be trained to recognize potential security threats and risks and deal with them correctly. In general, users should know to: o Keep AV, antispyware and antimalware programs updated, if manual intervention is required o Scan computers for various malware o Understand major malware types and techniques o Scan removable-media drives for viruses and malware o Configure scanning programs for scheduled operation o Respond to security program notifications when viruses, spyware or malware have been detected o Quarantine suspect files o Report suspect files to the help desk and/or software vendor o Removal of malware o Disable AV when needed, such as during software installations, and re-enable AV when necessary o Use antiphishing features in browsers and mail programs Domain 4.2: Implement security and troubleshoot common issues  Operating systems: Security is not just a matter of AV programs and passwords; it also depends on the operating systems being set up correctly and using built-in tools to protect its users and the organization. o Local users and groups: On large networks that use a domain and/or Active Directory structure, users are assigned accounts and privileges based on their job responsibilities and level of access needed within the network. Assigning users just the level of access they need and no more is not only good organization, it’s good security. From an OS standpoint, most users are going to fall into one of four groups:
  • 67.  Administrator: This role can make all sorts of changes to the computer and/or network’s configuration, affecting security of the system and other accounts, including some that could render the system inoperative if done incorrectly. Administrator is the highest level of access available, and should only be assigned to a small handful of people, the fewer the better. A local account with Administrator access can modify the computer and OS settings, but not the network.  Power User: Power users have slightly more rights than regular users, capable of installing applications and performing limited administrative tasks, such as backups. Any technician working on a system will likely need a Power User account to do the majority of repair work.  User: The standard account for Windows is a user account, allowing a user to use the hardware and software on the machine and make a few system changes, but cannot make changes that may affect the security of the system or other users. Many applications can’t be installed with a user account.  Guest: The guest account is a very limited one, and is disabled by default in Windows. Guest account users would be limited to using a few applications and Web surfing, for all practical purposes. o Vista/Windows 7 User Account Control (UAC): UAC is a security component in Windows Vista and 7 that keeps every user except the Administrator account in standard user mode instead of administrator mode, even if they belong to the administrators group. UAC was created with two goals in mind: eliminate unnecessary requests for excessive administrative-level access and reduce the risk of malicious software using administrator access to infect OS files. Its implementation in Windows 7 is less intrusive than in Vista by default, but still security-focused. o NTFS vs. share permissions: When configuring permissions in a network environment, it’s important to distinguish between share permissions, which only apply to shared network folders, and NTFS permissions, which apply both on local systems and over a network. There are a number of NTFS permissions – including Modify, Read and List Folder Contents – but only three share permissions: Read, Change and Full Control.  Allow vs. deny: Setting access to a resource can be configured to allow access or deny access; however, since deny is a restrictive permission, and restrictive permissions override lenient permissions and pass down the line, setting a deny permission can have major effects, preventing accounts from accessing folders and files up and down the network hierarchy. As a result, it’s more common to simply not select a setting for Allow when the administrator doesn’t want to grant access to a specific resource.  Difference between moving and copying folders and files: Copying a folder or file means that the information is duplicated and placed in another location, leaving the original file or folder unaffected. Moving a folder or file sends the resource to the new location and removes it
  • 68. from the old location. Depending on the permissions in place, it may not be possible to perform one operation, but be able to perform the other.  File attributes: File attributes are designations used to show certain conditions, such as which files have been archived or need to be archived, which files should be invisible to users and which files are used by the system. Additional attributes, such as when a file was created and last modified, encryption and compression, are available in Windows and NTFS. Basic file attributes include:  Archive: Shows if files have been backed up  Read-only: Can’t be overwritten or deleted without modification of the attribute  System: Used by the OS; often hidden as well  Hidden: Not visible to users, and can’t be copied o Shared files and folders: A shared file or folder is one that is made accessible to other users on a network. Sharing is relatively straightforward to do – in XP, for example, right-clicking a folder, selecting Sharing and Security and clicking Share This Folder on the Network will do it – but there are other factors to consider when setting up shares.  Administrative shares vs. local shares: Administrative shares are hidden shares that only administrators can access, and can be identified by a $ on the end of the share name. These shares cannot be seen by standard users when browsing over the network. All the shared folders including administrative shares can be found by navigating to Computer Management > System Tools > Shared Folders > Shares. Note that every volume has an administrative share (for example, C$ is the administrative share for the C: drive). A local share is simply a non-administrative share.  Permission propagation/inheritance: When a subfolder, or child folder, takes the permissions that were assigned to the folder it’s contained in, or the parent folder, that passing of permissions is permission propagation. Inheritance is the state of deriving permissions from a parent object, which can be a folder or drive; it applies to a larger set of objects than permission propagation, which refers to folder to folder passing. o System files and folders: System files and folders are those used by the OS, and are thus marked with the System attribute. They are usually marked with the Hidden attribute as well, meaning users cannot see them in normal view. o Encryption: Encryption is the encoding of information to make it unreadable except by parties with the correct key to decode it, is an important part of security practices. Two of the major technologies available in Windows for encryption are:  EFS: The Encrypted File System (EFS) allows files and folders to be encrypted within Windows. To run EFS, the hard drive must be formatted with NTFS, and the OS must be a Professional, Business, Ultimate or Enterprise version of XP, Vista or Windows 7. When
  • 69. using EFS, a folder that is encrypted automatically encrypts any file inside it or copied to it, although encryption can be specified to be only for that folder or all of its subfolders. Encrypted files stay encrypted if moved to another folder on the same or another NTFS drive, even if the destination isn’t encrypted. When using EFS, it’s recommended to encrypt at the folder level. EFS files can be opened only by the encrypting user, an administrator or by EFS keyholders, meaning individuals who have been provided with the EFS certificate key. Explorer and My Computer/Computer show files encrypted with EFS with green filenames.  BitLocker: BitLocker allows a user to encrypt an entire volume, and any other volume, on the drive. Intended to work in conjunction with file and folder encryption, BitLocker – which is based on the Advanced Encryption Standard (AES) and uses a 128-bit encryption key – is one of several drive encryption schemes available, though it’s the only one native to Windows. To use BitLocker, a user will need:  A Trusted Platform Module (TPM), which is a motherboard module that stores the encrypted keys, or an external USB key to store the encrypted keys. The Group Policy will need to be changed in order to use BitLocker without a TPM.  A hard drive with two volumes, preferably created during Windows installation. One volume, which will be encrypted, is for the OS, while the other is the active unencrypted volume so the computer can boot. If the computer was configured with only one drive, download the BitLocker Drive Preparation Tool from Windows Update. o User authentication: With BitLocker, user authentication can be carried out on systems without a TPM by using a startup key stored on a USB flash drive, which must be installed before the computer boots. This method of checking the user’s identity against an authorized user database is not as secure as using authentication protocols in combination with TPM, but is more so than not using encryption methods at all.  System: Applying physical security measures to a computer in combination with software and OS security measures is recommended to maximize the protection against unauthorized access. Some of the measures that can be incorporated include BIOS security technologies, including: o Drive lock: When enabled, a drive lock, or HDD password, prompts for a password to be entered for the hard drive when the machine boots. If the user doesn’t enter the correct password, the drive will lock down, preventing the OS from booting. This password is empty by default on most machines, but if the password has been set and then forgotten, it can generally be reset within the BIOS. o Passwords: Virtually all machines have this feature available to prevent unauthorized users from altering BIOS information. One caveat: If the setup password is lost, the CMOS chip used to store BIOS settings can usually be reset through a jumper setting on the motherboard or by removing the CMOS
  • 70. battery for several minutes, which may be handy in some cases but could represent a problem if an unauthorized user gains physical access to the machine. o Intrusion detection: Fortunately, another option for BIOS security is intrusion detection, which uses a sensor connected to a set of pins on the motherboard to detect if the case is opened. If it is, an interrupt is sent by the sensor, which is recorded by the BIOS. o TPM: A Trusted Platform Module (TPM) is a motherboard chip used to store encrypted keys for various encryption methods, including BitLocker. It provides security because, even if an unauthorized user simply removed the hard drive from a system, the drive would not allow access without the TPM’s encrypted keys. Note that if a system using BitLocker has a motherboard failure, a backup copy of the keys will be needed to access any data.