System Recovery Options
Configure system recovery options. This objective may include but is not limited to configure startup settings; configure System Restore; determine when to choose Last Known Good Configuration; perform a complete restore; perform a driver rollback; and perform a push button refresh or reset.
The ability to isolate problems, select the right tool(s) to resolve them and return a system to a functional state quickly is a key skill that all administrators need.
You just completed a new install of an application, updated a device driver for an existing piece of hardware, or removed a service that you think you no longer needed. In most situations, all will go well and you can expect Windows 8 to perform as expected. At some point in the future, at the most inopportune time, your Windows 8 system will start to boot but for one reason or another it will not work the way you expect it to. When this happens, you will need to have the tools and experience to return the system to a functional state as quickly as possible.
The key to learning how to effectively troubleshoot your system starts with having a basic understanding of the startup process. Once you know what is supposed to happen when a Windows 8 system boots normally, you will gain the insight you need to isolate the problem, determine the appropriate tool to use, and eventually repair the system.
In this article, you learn about the tools available with Windows 8 and how they can help you return your Windows 8 system to a functional state.
Understanding the Windows 8 Startup Process
Understanding what happens from the point that you turn on the power to your Windows 8 client computer until you log on and see the desktop will help you isolate and troubleshoot problems quickly.
The Windows 8 startup process consists of the following phases:
- Power-on self-test (POST) phase:
When you first turn the computer on, it loads the BIOS or Extensible Firmware Interface (EFI) and runs a hardware self-test procedure that detects the devices installed in the system and configures the using settings stored in non-volatile memory. After the main POST, any devices with their own BIOS firmware (such as video display adapters) can run their own self-test procedures. On BIOSequipped computers, the system reads the BIOS settings to determine which hardware device it should use to boot the computer. When booting from a hard disk, the system loads the master boot record (MBR) from the disk and locates the active (bootable) partition. The system then loads and runs a stub program called Bootmgr, which switches the processor from real mode to protected mode and loads the Windows Boot Manager application. EFI computers have their own built-in boot manager, which Windows 8 configures to run the same Windows Boot Manager application, eliminating the need for the interim disk location steps. POST passes control to the operating system loader also known as the Windows Boot Manager. - Windows Boot Manager phase:
The system reads the Boot Configuration Data (BCD) file, which contains the system's boot menu information and provides the user with access to the boot menu. If there are multiple operating systems installed, the boot menu appears, providing the user with 30 seconds to select one of the operating systems before it loads the default. The Windows Boot Manager then starts the Windows Boot Loader. - Windows Boot Loader phase:
The system initiates the memory paging process and loads various operating system elements into memory, such as the Windows kernel, the hardware abstraction layer (HAL), the system registry hive, and boot class device drivers, but it does not actually run them. The Windows Boot Loader then passes control to the operating system kernel. - Kernel loading phase:
The system runs the Windows Executive (consisting of the Windows kernel and the HAL), which processes the registry hive and initializes the drivers and services specified there. The kernel then starts the Session Manager, which loads the kernel-mode part of the Win32 subsystem, causing the system to switch from text mode to graphics mode. Then the kernel loads the user-mode portion of Win32, which provides applications with indirect, protected access to the system hardware. At this time, the system also performs delayed rename operations resulting from system updates that must replace files that were in use when the update was installed. Finally, the kernel creates additional virtual memory paging files and starts the Windows Logon Manager. - Logon phase:
The system loads the Service Control Manager (SCM) and the Local Security Authority (LSA), and then presents the logon user interface (LogonUI). The interface passes the credentials supplied by the user to the LSA for authentication, and the SCM loads the Plug and Play services and drivers that are configured for auto loading. If the authentication is successful, the Logon Manager launches Userinit.exe, which is responsible for applying group policy settings, creating user environment variables and running the programs in the Startup group, and then loads the Windows File Explorer shell, which provides the Windows desktop.
Troubleshooting Startup Failures:
A computer that will not start can be very frustrating and impacts a user's ability to get work done. Understanding what happens during startup can help you isolate the problem and select/use the right tool to get the computer back online.
The symptoms of a startup failure differ depend on where in the process the failure occurs. Therefore, the first step to take when a Windows 8 computer fails to start is to determine exactly where in the startup sequence the problem occurs.
POST FAILURES
One of the most fundamental questions a troubleshooter can ask is whether a problem is being caused by a hardware or a software failure. If a computer fails to make it through the POST successfully, the problem is unquestionably hardware-related. In most cases, the BIOS will display an error message or produce a series of beeps identifying the exact problem that is causing the failure. Consult the BIOS documentation for more information on its error messages and/or beep codes.
Some BIOS programs enable you to select between a "quick" POST or an extended "diagnostic" sequence. At the first sign of a hardware problem, you should switch to the diagnostic mode to gather as much information as possible about the problem.
INITIAL STARTUP FAILURES
A failure during the POST phase typically results in a "Non-system disk or disk error," which means that there is an issue with the BIOS configuration, the storage subsystem, or the file system. Startup failures that occur before the progress bar appears are typically caused by one of the following problems:
- Incorrect BIOS Settings:
If the boot settings in the BIOS are misconfigured, the system might be attempting to boot from the wrong device. For example, if the BIOS is configured to boot from the CD or DVD drive, and there is no bootable disk in the drive, the computer will be unable to start. - Hardware faults:
If anyone has recently worked inside the computer's case, you might want to begin by checking the hard drive's power and data connections. Also, if there is an internal problem with the hard disk, such as corruption of the MBR, the system might not be able to locate the active partition. - Missing startup files:
If some of the required startup files are missing or damaged, the computer will fail to boot. This could be due to the installation of another operating system, accidental deletion of system files, or data corruption on the hard disk. - Data corruption:
Corrupted data on a disk drive can be the result of a hardware fault, environmental factors (such as magnetic fields), or some form of malware.
Resolving these problems can require the replacement of a hardware component, but in many cases you can repair them using the specialized recovery tools provided with Windows 8, as discussed later in this lesson.
DRIVER AND SERVICE FAILURES
When a startup failure occurs before the logon user interface appears, the problem could be hardware-related, but it is most likely due to an issue with one of the drivers or services that the kernel is attempting to load. Resolving the problem is a matter of determining which of the drivers or services is at fault.
To locate the offending driver or service, you must first attempt to get the computer started by using the Safe Mode. Then you can examine the event logs, enable the boot log, and run the System Information tool to gather information on what is affecting the startup sequence. Finally, use Device Manager or the Services console to disable the offending drivers or services. Once you are able to get the computer started in normal mode, you can begin to examine the problematic driver or service, perhaps replacing them with an updated version or rolling back to a previous one.
LOGON FAILURES
When the startup process fails after the user has supplied logon credentials, the problem is most likely due to one of the applications running from the Startup group. To troubleshoot this type of problem, you would need to boot into Safe Mode.
In Windows 8, booting into Safe Mode (discussed in "Using the Last Known Configuration" section of this article) and troubleshooting applications in the Startup group involves the following steps.
TROUBLESHOOT LOGON FAILURES
Log into the Windows 8 client computer with administrative privileges on the computer and then perform the following steps:
- Press the Windows logo key + r.
- In the Run dialog box, type taskmgr and then click OK.
- Click the Startup tab.
- Right-click the application(s) that you think might be causing the problem and choose Disable from the menu that appears.
- Restart the computer.
Repeat steps 1-5 to isolate the offending application. Once discovered, you can attempt to reconfigure, upgrade, or uninstall it until the problem is eliminated.
Configuring System Restore Points
Installing a new program or driver can sometimes make Windows 8 crash or function in a way you never expected. If this happens, you will want to return the PC's system files and programs to a time when things were working while not affecting your personal documents or other data.
Windows 8 System Restore is a recovery option for your computer that saves information about your drives, registry settings, programs, and files in the form of restore points . You use the restore points to return these items to an earlier state without impacting your personal files. You should create restore points prior to performing any major system event such as the installation of a program.
Windows 8, by default, automatically creates restore points every seven days if you have not created one during that time period. You can also create restore points manually anytime you choose.
CREATE A SYSTEM RESTORE POINT
To create a system restore, perform the following steps:
- Log into the Windows 8 client computer with local Administrative privileges.
- Press the Windows logo key + w and then type System Restore.
- In the R esults list, click Create a r estore point.
- On the System Protection tab, click Configure and confirm the option Turn on system protection is selected.
- Under Disk Space Usage , drag the slider to set the maximum disk space you want
to use for system protection, click Apply and then click OK .
As the amount of drive space is fi lled up, restore points will be deleted to make room for new ones. - Click Create to create a new restore point.
- Type a description for the restore point in the dialog box.
- Click Create.
- Click Close when notified the restore point was created successfully.
- Click OK to close the System Properties dialog box.
PERFORM A SYSTEM RESTORE
To perform a system restore, perform the following steps:
- Log into the Windows 8 client computer with local Administrative privileges.
- Press the Windows logo key + w and then type System Restore.
- In the Results list, click Create a r estore point.
- Click System Restore from the System Protection tab.
- Click Next to start the System Restore wizard.
System restore does not affect your documents, pictures, or other personal data. Recently installed programs and drivers may be uninstalled. - Choose the restore point and click Scan for affected programs.
After the scan is completed, you can see programs and drivers that will be deleted and programs and drivers that might be restored. - Review and click Close and then click Next.
- Confirm your restore point and click Finish.
Note:
If you changed your Windows password, you should also create a password reset disk. This can be done by pressing the Windows logo key + Q and searching or Create a password reset disk. - Click Yes to begin the system restore process.
Windows restarts the computer, restores your fi les and settings, restore the registry, and removes temp fi les as part of the restore process. - Log back into the Windows 8 client computer when the restore process is completed.
Using the Last Known Good Configuration
After installing a new device driver or disabling a critical service, you may run into trouble getting into your Windows 8 system. Although Windows 8 no longer uses the Last Known Good Configuration, you can still access the Advanced Startup menu to enter Safe Mode and repair the system.
The Last Known Good Configuration (LKGC) option, found in Windows 7 and earlier operating systems by pressing F8, is no longer available in Windows 8. The LKGC was a recovery option used to restore registry and driver settings that were in place the last time your system started successfully. The registry is a database in Windows that stores information on services, installed programs and their settings, user profiles, and system hardware. When a Windows system shuts down successfully, certain settings in regard to services and device drivers are recorded in the registry.
The LKGC was used in situations for which you installed a new device driver that caused your system not to boot or you disabled a driver or critical service by accident that was needed by Windows. It would not be used to repair deleted system files or in cases where you are able to boot into Windows and the system froze after you logged in. In the latter case, Windows will have already overwritten the LKGC backup.
The Last Known Good Configuration can be accessed in Windows Server 2012 by pressing the F8 key during startup.
In Windows 8, you need to use the Advanced Startup menu and boot the computer into Safe Mode. The approach you use to gain access to this menu depends upon how much access you have on the Windows 8 machine. Following is a quick summary of your options for accessing the menu:
- Boot from your Windows 8 installation media and select Repair Your Computer option.
- Boot from a Windows 8 Recovery drive.
- Press the Windows logo key + i and then click Change PC Settings . General. Under Advanced Startup, click Restart Now.
- Press the Windows logo key + i, hold the Shift key while selecting the Power icon, and then click Restart.
- Press the Windows logo key + r and then, in the Run dialog box, type shutdown /r /o.
After the system reboots, you can use these steps to access the Advanced menu and boot into Safe Mode with Networking:
BOOT INTO SAFE MODE
To boot into Safe Mode with Networking, perform the following steps:
- Boot into your computer from your Windows 8 installation media and select Repair Your Computer.
- On the Choose an option screen, click the Troubleshoot tile.
- On the Troubleshoot screen, click the Advanced options tile.
- On the Advanced options screen, click the Startup Settings tile.
- On the Startup Setting s screen, click Restart.
- Choose #5-Enable Safe Mode with Networking.
- Log into the Windows 8 client computer with your administrator credentials and password. The words Safe Mode should now appear in all four corners of your screen.
From this point, you can uninstall drivers, restart services or make other changes to troubleshoot and get your system running again.
Performing a Complete Restore
If you experience a crash of your Windows 8 system and your hard drive is no longer functional, you can perform a complete restore from a system image you have prepared previously.
To prepare for a complete restore, you will need to create a system image of your computer. The system image is an exact copy of the drives required for Windows to run. This includes the Windows 8 operating system, system settings, programs and files. When you restore from an image, it is a complete restore; therefore, you will not be able to choose individual items.
The option to create a system image can be found in the Control Panel\Windows 7 File Recovery. A system image can be stored on a hard disk formatted with NTFS, on one or more DVDs or on a network location.
CREATE A WINDOWS 8 SYSTEM IMAGE
To create a Windows 8 system image, perform the following steps:
- Log into the Windows 8 client computer with local Administrative privileges.
- Press the Windows logo key + w and then type Windows 7 File Recovery.
- In the Results list, choose Windows 7 File Recovery.
- Click Create a system image.
- Select the option On a network location and then click Select.
- On the Select a network location screen, click Browse and navigate to the network location where you want to store the system image and click OK.
- Under Network credentials, type a user name and password that can access the share and then click OK.
- Click Next to continue.
- Confirm your backup settings and click Start backup.
Windows 8 saves the system image backup to the location you specifi ed under a folder named
WindowsImageBackup\ , computername . where computer name is the name of the computer you are running the backup from. - Select a CD/DVD drive, insert a blank disc and click Create disc.
- Read the message about using the system repair disc and then click Close.
- Label the disc as indicated in the previous step.
- When the backup reports it has completed successfully, click Close.
Note:
You will need to create a shared folder on another computer in your domain to store the image and must have access to the Windows 8 installation media to complete this article.
CREATE A SYSTEM REPAIR DISC (OPTIONAL)
To create a Windows 8 system repair disc, log into the Windows 8 client computer with administrative credentials and then perform the following steps:
- Press the Windows logo key + w and then type Windows 7 File Recovery.
- In the Results list, choose Windows 7 File Recovery.
- Click Create a system repair disc.
- Select the CD or DVD drive, insert a blank disc and then click Create disc.
- In the Using the system repair disc dialog box that appears, read the information provided about labeling the disc and then click Close.
- After the message System repair disc complete appears, click OK.
- Eject and label the disc as directed in Step 6 and store it in a safe place.
PERFORM A COMPLETE SYSTEM RESTORE
To perform a complete system restore of Windows 8, perform the following steps:
- Insert the System repair disc you created for the Windows 8 computer.
- Restart the Windows 8 computer and when you see the " Press any key to boot from CD or DVD ..." press Enter.
- On the Choose your keyboard layout screen, select U.S.
- On the Choose an option screen, click the Troubleshoot tile.
- On the Troubleshoot screen, click the Advanced options tile.
- On the Advanced options screen click the System Image Recovery tile.
- Select Windows 8 as the target operating system.
- When the message Windows cannot fi nd a system image on this computer appears, click Cancel.
- Click Next to continue.
- Click the Advanced button and then choose Search for a system image on the network.
- When prompted to connect to the network, click Yes.
- Specify the path to the system image and then click OK.
This is the location you backed it up to in the earlier article. - Type the user name and password of an account that has access to the share and then click OK.
- Choose the image to restore and then click Next.
- Select the date and time of the image you want to restore and then click Next.
- Click Format and repartition disks and then click Next.
- Click Finish to start the restore.
- Read the message that states all disks to be restored will be formatted and replaced with the layout and data in the system image and then click Yes.
- Log into the Windows 8 client computer after the system is restored to confirm functionality.
Performing Driver Rollbacks
When installing a device driver for a new piece of hardware or updating and existing driver, you may discover your system is no longer functioning properly. If this occurs, you can quickly recover your system by rolling it back to the previous device driver.
Each piece of hardware in your Windows 8 client computer has a device driver. The operating system is designed to interact with this driver instead of directly with the hardware device itself. It accomplishes this by calling functions in the driver that carries out a specific action.
Driver files in Windows 8 are digitally signed which means they have been tested and verified to be compatible with Windows 8 and will be reliable and function appropriately with the operating system. These tests are conducted by the Windows Hardware Quality Labs (WHQL) and are designed to ensure your system remains stable. This signature is also used as a safety mechanism to ensure another program will not overwrite it during its installation process. Each time you install a driver, the operating system will check for the digital signature. If it does not find one, a message will be generated allowing you to ignore or exit out of the install process.
The Local Group Policy editor (gpedit.msc) or the Group Policy Management console (gpmc. msc) can be used to create a policy that determines how the Windows 8 system will respond when a user tries to install a device driver that is not digitally signed. The following options can be configured with a policy:
- Block - Directs the system to refuse to install unsigned files.
- Ignore - Directs the system to proceed with the install even if the driver is unsigned.
- Warn - Notifies the user that the driver files are not digitally signed and will let them decide if they want to proceed with the installation of the unsigned files.
Driver roll back is a recovery feature in Windows 8 that will let you reinstall the last device driver that was functioning. This feature is not available if you have not updated the driver since it was first installed.
ROLL BACK A DRIVER
To roll back a driver, log into the Windows 8 client computer with administrative credentials and then perform the following steps:
- Press the Windows logo key + w and then type Device Manager.
- Expand the category of devices and locate the device that uses the driver you want to roll back.
- Right-click the device and choose Properties.
- Click the Driver tab.
- Click Roll Back Driver.
ROLL BACK A DEVICE DRIVER
To roll back a device driver, log into the Windows 8 client computer with local Administrative privileges and then perform the following steps:
- Press the Windows logo key + w and then type Device Manager.
- Expand Network Adapters.
- Right-click the adapter and choose Update Driver Software.
- Click Browse my computer for driver software.
- Click Let me pick from a list of device drivers on my computer.
- On the Select Network Adapter screen, uncheck Show compatible hardware.
- Choose a different network adapter and click Next. For example, Marvel 3COM 3C2000-T Gigabit Adapter.
- When you receive the Update Driver Warning message, click Yes.
- Click Close and then restart the computer.
- Open Device Manager and locate the network adapter you updated the driver for.
It should have a yellow warning symbol with an exclamation point. - Right-click the adapter and choose Properties.
- Click the Driver tab and then click Roll Back Driver.
- When prompted to roll back the driver, click Yes and then click Close.
Exploring PC Refresh and PC Reset
Over time as you add/remove applications and make changes to your system, you may find it no longer functions quite as well as it used to. If this happens, you can use the PC Reset and PC Refresh options to return your system to a functioning state.
A PC Reset is used when you need to return your PC back to the original state it was in when you purchased it or first set it up. This will remove any custom settings you have made, erase your personal data and remove traditional as well as Windows apps from the computer. This is basically a full reinstall of the Windows 8 operating system minus the need to answer the setup questions.
If you want to take a less intrusive approach, you would perform a PC Refresh . A PC Refresh allows you to keep your personal data, your Windows Store apps, and basic settings (mapped drives, drive letter assignments), personalization settings, BitLocker or BitLocker To Go and wireless settings. A PC Refresh does not keep your PC settings, file associations, display settings or traditional applications. If you have traditional applications installed (from disk or a website), an HTML file will be placed on your desktop following a PC Refresh. This will contain information about the traditional application's name along with a link that will take you to the manufacturer's website to download and reinstall it.
PERFORM A PC RESET
To perform a PC Reset on Windows 8 client computer, log into the Windows 8 client computer with local Administrative privileges and then the following steps:
- Press the Windows logo key + w and then type Re move.
- In the Results list, choose Remove everything and reinstall Windows.
- On the Reset your PC screen, click Next.
- Click Just remove my files.
- On the Ready to reset your PC screen, read the information provided and then click Reset.
- Read and select I accept the license terms for using Windows, and then click Accept.
- Select a color scheme, type a name for your PC, and then click Next.
- Select Use express settings.
- Type your email address as a Microsoft Account and then click Next.
- Type a password for your Microsoft Account and then click Next.
- Type a phone number and an alternate email address, and then click Next.
- Log into the Windows 8 client computer.
PERFORM A PC REFRESH
To perform a PC Refresh on a Windows 8 client computer, Log into the Windows 8 client computer with local administrative privileges and then perform the following steps:
- Press the Windows logo key + w and then type Refresh.
- In the R esults list, choose Refresh your PC.
- Review the summary screen and then select Next.
- Click Refresh and the system will restart.
- If prompted, click Yes to turn on sharing and connect to devices.
- Press the Windows logo key to toggle back to your desktop.
- Double-click the Removed Apps link.
- Review the lists of traditional apps that will need to be reinstalled.
- Reinstall any applications that you need.
- Delete the Removed Apps link when you are done.
If you want to keep your settings and traditional applications, you can use a utility called recimg.exe . Recimg.exe captures an image of your PC, after you install the applications and make any personal customizations, and stores it in a folder you specify. The next time you perform a PC Refresh, the image is used and your settings and traditional apps are retained.