Upload
maximillian-merritt
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
COMP2221COMP2221
Networks in OrganisationsNetworks in Organisations
University of WorcesterUniversity of Worcester
MarchMarch 20122012
Week 6: Booting up a Week 6: Booting up a Network Operating SystemNetwork Operating System
Objectives:Objectives:– Describe the software layers of a network Describe the software layers of a network
operating system operating system – Describe each of the six boot-up stagesDescribe each of the six boot-up stages– Explain the terms firmware, ACPI, and Explain the terms firmware, ACPI, and
plug-n-playplug-n-play– Relate the booting up process to the Relate the booting up process to the
principle of fault toleranceprinciple of fault tolerance
Architecture of a NOSArchitecture of a NOS
os kernel (diff versions for diff hardware)
CPU, network card
operating i/o subsystem, system functions
User Interface
BIOS
Stages in Boot UpStages in Boot Up
Load & run hardware test softwareLoad & run hardware test software If hardware all OK, load essential operating If hardware all OK, load essential operating
system components into memory and executesystem components into memory and execute Either Either
– present user interface for immediate usepresent user interface for immediate use
OrOr– present logon screen present logon screen
– create user interface according to logon credentialscreate user interface according to logon credentials
Why does A Windows Boot-up Why does A Windows Boot-up take so long?take so long?
Lot of software needs to be loaded, Lot of software needs to be loaded, mostly from hard disk…mostly from hard disk…
Six “fault tolerant” stages required Six “fault tolerant” stages required before the user gets their desktop:before the user gets their desktop:– Power-on self test (POST)Power-on self test (POST)– Initial startupInitial startup– Boot loaderBoot loader– Detect and configure hardwareDetect and configure hardware– Kernel loadingKernel loading– LogonLogon
Stage 1: POSTStage 1: POST
No matter which operating system is No matter which operating system is installed…installed…– CPU starts up & loads BIOS software from CPU starts up & loads BIOS software from
motherboard ROMmotherboard ROM– CPU runs POST programCPU runs POST program
» POST = Power-On Self-TestPOST = Power-On Self-Test» essential to check that basic hardware is OK essential to check that basic hardware is OK
before loading ANY operating system into before loading ANY operating system into memory…memory…
POST…POST… Checks the following:Checks the following:
– crucial hardware matters, such as amount of crucial hardware matters, such as amount of memory presentmemory present
– presence of the devices needed to start the presence of the devices needed to start the operating systemoperating system
Retrieves:Retrieves:– low level functions from BIOS (basic input-output low level functions from BIOS (basic input-output
system)system)– system configuration settings from CMOS memory system configuration settings from CMOS memory
(complementary metal-oxide semiconductor)(complementary metal-oxide semiconductor) If POST fails… screen errors indicate If POST fails… screen errors indicate
hardware faults. Replace & restart…hardware faults. Replace & restart…
Stage 2: Initial Start-upStage 2: Initial Start-up Other BIOS-controlled processes:Other BIOS-controlled processes:
– motherboard “add-on” adapters run their motherboard “add-on” adapters run their own firmware carry out internal diagnostic own firmware carry out internal diagnostic teststests» e.g. video and hard drive controllerse.g. video and hard drive controllers
– settings in CMOS memory determine the settings in CMOS memory determine the device(s) the computer will use to load an device(s) the computer will use to load an operating systemoperating system» e.g. floppy disk, hard disk, CD/DVD, USBe.g. floppy disk, hard disk, CD/DVD, USB» fault tolerance: if device not working reboot and fault tolerance: if device not working reboot and
change CMOS “boot” settingschange CMOS “boot” settings
Stage 3: The Boot LoaderStage 3: The Boot Loader
In a pre-Windows operating system:In a pre-Windows operating system:– files all loaded from media into memoryfiles all loaded from media into memory– executed to create a command line executed to create a command line
interface…interface…– option for user to type username/passwordoption for user to type username/password
To set up a GUI (Graphical User To set up a GUI (Graphical User Interface) a lot more needs to happen…Interface) a lot more needs to happen…– especiallyespecially with Windows/NT combo… with Windows/NT combo…
» all systems XP onwardsall systems XP onwards
Stage 3: Stage 3: Windows Boot LoaderWindows Boot Loader
First boot device in the CMOS boot list First boot device in the CMOS boot list activatedactivated– ““boot loader” file (NTLDR) detected and boot loader” file (NTLDR) detected and
loaded from activated disk’s boot sector…loaded from activated disk’s boot sector… If NTLDR is not found…If NTLDR is not found…
– depending on the device:depending on the device:» EITHER an error may comes up…EITHER an error may comes up…
Fault tolerance:Fault tolerance: if file(s) corrupted, can be booted up to if file(s) corrupted, can be booted up to cmd prompt and corrupted files replaced…cmd prompt and corrupted files replaced…
» OR control may pass to the next device on the OR control may pass to the next device on the listlist
Stage 3: The Boot LoaderStage 3: The Boot Loader
NTLDR…NTLDR…– sets the system for “32-bit mode”sets the system for “32-bit mode”– ““starts” the file system (e.g. NTFS)starts” the file system (e.g. NTFS)
» i.e. loads into memoryi.e. loads into memory
» executes through CPUexecutes through CPU
– loads other essential start-up files loads other essential start-up files from designated partition on chosen from designated partition on chosen disk:disk:
» Boot.ini – partition boot optionsBoot.ini – partition boot options
» Ntdetect.com – hardware detectionNtdetect.com – hardware detection
» Ntbootdd.sysNtbootdd.sys
» Ntoskrnl.exeNtoskrnl.exe
» Hal.dllHal.dll
Hard disk
boot sector
RAM
data
CPU
Stage 4: Detecting and Stage 4: Detecting and Configuring HardwareConfiguring Hardware
NTDETECT then loaded:NTDETECT then loaded:– extracts text info from:extracts text info from:
» boot.iniboot.ini file file» the registrythe registry
– gets hardware data from firmware routinesgets hardware data from firmware routines– passes data gathered to NTLDRpasses data gathered to NTLDR
NTLDRNTLDR– structures data from NTDETECTstructures data from NTDETECT– passes it to NTOSKRNLpasses it to NTOSKRNL
Stage 5: Kernel LoadingStage 5: Kernel Loading
All this, and still no All this, and still no operating system operating system kernel has been kernel has been loaded!loaded!
Now… NTLDR creates the Now… NTLDR creates the “WINDOWS EXECUTIVE” “WINDOWS EXECUTIVE” to control the kernel…to control the kernel…
Hard disk
Operating system kernel
RAM
data
CPU
Stage 5: Setting up the Kernel Stage 5: Setting up the Kernel Windows is potentially multi-platformWindows is potentially multi-platform NTLDR selects correct hardware NTLDR selects correct hardware
abstraction layer fileabstraction layer file– HAL.dll by default (Standard Intel PC)HAL.dll by default (Standard Intel PC)
Other Example HAL files:Other Example HAL files:» Halacpi.dll (Advanced Configuration and Power Halacpi.dll (Advanced Configuration and Power
Interface (ACPI) PC)Interface (ACPI) PC)» Halmacpi.dll (ACPI Multiprocessor)Halmacpi.dll (ACPI Multiprocessor)» Halaacpi.dll (ACPI Uniprocessor)Halaacpi.dll (ACPI Uniprocessor)
Fault tolerance: as with stage 4… use cmd prompt Fault tolerance: as with stage 4… use cmd prompt to recopy file(s)to recopy file(s)
Stage 5: Setting up the Stage 5: Setting up the “Live” Registry“Live” Registry
Still controlled by NTLDR…Still controlled by NTLDR…– CPU reads & processes CPU reads & processes systemrootsystemroot\\
System32\Config\System fileSystem32\Config\System file» contains essential information for determining contains essential information for determining
which drivers need to be loadedwhich drivers need to be loaded
– CPU creates HKEY_LOCAL_ MACHINE\SYSTEM CPU creates HKEY_LOCAL_ MACHINE\SYSTEM registry keyregistry key» usually includes several “control sets” as subkeysusually includes several “control sets” as subkeys» set up and presented as menu options before the set up and presented as menu options before the
system key can be usedsystem key can be used
Stage 5: Kernel Fault ToleranceStage 5: Kernel Fault Tolerance(Registry - System key “control sets”)(Registry - System key “control sets”)
Configuration depends on the registry. Configuration depends on the registry. Fault tolerance provides a range of Fault tolerance provides a range of “Control Sets”:“Control Sets”:
» \CurrentControlSet, a pointer to a ControlSet\CurrentControlSet, a pointer to a ControlSetxxxxxx subkeysubkey
wherewhere xxx xxx represents a control set number, such as represents a control set number, such as 001 designated in the \Select\Current entry001 designated in the \Select\Current entry
» \Clone\Clone a copy of \CurrentControlSet, created each time the a copy of \CurrentControlSet, created each time the
computer startscomputer starts
» \\Select options (next slide)Select options (next slide)
\SELECT control set options\SELECT control set options 1. Default:1. Default:
– points to the control set number for next points to the control set number for next startupstartup» e.g. 001=ControlSet001e.g. 001=ControlSet001» if no error or manual invocation of the if no error or manual invocation of the
“LastKnownGood” startup option“LastKnownGood” startup option assuming that a user is able to log on successfully…assuming that a user is able to log on successfully… BECOMES the Default, Current, and BECOMES the Default, Current, and
LastKnownGood entriesLastKnownGood entries
2.2. Current:Current:– last control set that was used to start the last control set that was used to start the
systemsystem
\SELECT control set \SELECT control set optionsoptions
3. “Failed”:3. “Failed”:– a control set that did not start Windows XP a control set that did not start Windows XP
Professional successfullyProfessional successfully– updated when the LastKnownGood option is used updated when the LastKnownGood option is used
to start the system.to start the system. 4. LastKnownGood:4. LastKnownGood:
– the control set used during the last user sessionthe control set used during the last user session– updated during logon with configuration
information from the previous user session
Creating the “Hardware” KeyCreating the “Hardware” Key Once the Control Set is loaded…Once the Control Set is loaded…
– kernelkernel uses the data structures provided by NTLDR uses the data structures provided by NTLDR to create the HKEY_LOCAL_MACHINE\to create the HKEY_LOCAL_MACHINE\HARDWARE keyHARDWARE key
» hardware data collected at system startuphardware data collected at system startup» includes information about various hardware components includes information about various hardware components
and system resources allocated to each deviceand system resources allocated to each device
The Starting up progress indicator at the bottom The Starting up progress indicator at the bottom of the screen monitors and displays aspects of of the screen monitors and displays aspects of the kernel load process during the creation of the kernel load process during the creation of this keythis key
Drivers, Services, and Drivers, Services, and Kernel InitiationKernel Initiation
Drivers:Drivers:– kernel-mode components required by kernel-mode components required by
devices to function with the operating devices to function with the operating systemsystem
Services:Services:– components that support operating system components that support operating system
functions and applicationsfunctions and applications– can run in various different contextscan run in various different contexts– typically do not offer many user-configurable typically do not offer many user-configurable
optionsoptions Drivers are treated as services…Drivers are treated as services…
Which Services are loaded Which Services are loaded during kernel initiation?during kernel initiation?
Services loaded before user loginServices loaded before user login– act independently of the user act independently of the user – typically stored in the typically stored in the systemrootsystemroot\System32 and \System32 and
systemrootsystemroot\System32\Drivers folders\System32\Drivers folders– use .exe, .sys, or .dll file name extensionsuse .exe, .sys, or .dll file name extensions
Each Service has a “start” value to determine Each Service has a “start” value to determine conditions of loading…conditions of loading…– can be altered by those with admin rightscan be altered by those with admin rights
Service “Start” valuesService “Start” values 0 (Boot)0 (Boot)
– Specifies a driver that is loaded (but not started) Specifies a driver that is loaded (but not started) by firmware calls made by Ntldr. If no errors occur, by firmware calls made by Ntldr. If no errors occur, the kernel starts the driver.the kernel starts the driver.
1 (System)1 (System)– Specifies a driver that loads at kernel initialization Specifies a driver that loads at kernel initialization
during the startup sequence by calling Windows during the startup sequence by calling Windows XP Professional boot drivers.XP Professional boot drivers.
2 (Auto load)2 (Auto load)– Specifies a driver or service that will be initialized Specifies a driver or service that will be initialized
at system startup by Session Manager (Smss.exe) at system startup by Session Manager (Smss.exe) or Service Controller (Services.exe)or Service Controller (Services.exe)
More “Start” valuesMore “Start” values
3 (Load on demand)3 (Load on demand)– a driver or service that is manually a driver or service that is manually
started by a user, a process, or started by a user, a process, or another serviceanother service
4 (Disabled)4 (Disabled)– a disabled (not started) driver or a disabled (not started) driver or
serviceservice
Loading Services and creating Loading Services and creating the system keythe system key
During kernel initialization:During kernel initialization:– NTLDR reads HKEY_LOCAL_MACHINE\NTLDR reads HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Services\SYSTEM\CurrentControlSet\Services\servicename, then…servicename, then…» Ntldr searches the Services subkey for drivers Ntldr searches the Services subkey for drivers
with a Start value of 0with a Start value of 0 e.g. hard disk controllerse.g. hard disk controllers
» Ntoskrnl.exe searches for and starts drivers, Ntoskrnl.exe searches for and starts drivers, that have a Start value of 1that have a Start value of 1
e.g. network protocolse.g. network protocols
Kernel Control…Kernel Control… Starts the Starts the session managersession manager
– SMss.exeSMss.exe Important initialization functions:Important initialization functions:
– creates system environment creates system environment variablesvariables
– starts kernel-mode part of the starts kernel-mode part of the Windows subsystemWindows subsystem» loaded from loaded from systemrootsystemroot\System32\\System32\
Win32k.sysWin32k.sys
More about Session ManagerMore about Session Manager
Enables Windows to switch from text mode Enables Windows to switch from text mode (16-bit) to graphics mode (32-bit)(16-bit) to graphics mode (32-bit)
User-modeUser-mode portion of the Windows portion of the Windows subsystem loaded from subsystem loaded from systemrootsystemroot\System32\Csrss.exe \System32\Csrss.exe – Windows-based applications can run in Windows-based applications can run in
“Windows subsystem”“Windows subsystem”– applications can now access operating system applications can now access operating system
functions, e.g. displaying information to the functions, e.g. displaying information to the screenscreen
Session Manager (continued)Session Manager (continued)
Windows subsystem and the Windows subsystem and the applications that run within it are all applications that run within it are all “user mode” processes“user mode” processes– run at a lower priority than kernel-mode run at a lower priority than kernel-mode
processes processes – no direct access to hardware or device no direct access to hardware or device
driversdrivers– virtual memory (if required) dependent on virtual memory (if required) dependent on
the kernel to page memory from user-mode the kernel to page memory from user-mode processes to diskprocesses to disk
Session Manager (continued)Session Manager (continued) Logon Manager loaded from Logon Manager loaded from
systemrootsystemroot\System32\Winlogon.exe\System32\Winlogon.exe– creates additional virtual memory paging creates additional virtual memory paging
filesfiles– performs delayed rename operations for performs delayed rename operations for
files listed in the registry key files listed in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Control\Session Manager\PendingFileRenameOperationsPendingFileRenameOperations» e.g. prompts to restart the computere.g. prompts to restart the computer
after installing a new driver or application after installing a new driver or application so that the file in use can be replacedso that the file in use can be replaced
Session Manager (continued)Session Manager (continued) Finally, searches the registry for service Finally, searches the registry for service
information that is contained in the following information that is contained in the following subkeys:subkeys:– HKEY_LOCAL_MACHINE\SYSTEM\HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\Session ManagerCurrentControlSet\Control\Session Manager– HKEY_LOCAL_MACHINE\SYSTEM\HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\CurrentControlSet\Services\servicenameservicename– HKEY_LOCAL_MACHINE\SYSTEM\HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\Session ManagerCurrentControlSet\Control\Session Manager\Subsystems\Subsystems
Subkey Information for SMssSubkey Information for SMss
Session Manager key provides a list of Session Manager key provides a list of commands to be executed before commands to be executed before loading servicesloading services– e.g. Autochk.exe toole.g. Autochk.exe tool
» specified by the value of the BootExecute specified by the value of the BootExecute entry and virtual memory (paging file) settings entry and virtual memory (paging file) settings stored in the Memory Management subkeystored in the Memory Management subkey
» version of the Chkdsk toolversion of the Chkdsk tool
» runs at startup if the operating system detects runs at startup if the operating system detects a file system problem that requires repair a file system problem that requires repair before completing the startup processbefore completing the startup process
Subkey Information for SMssSubkey Information for SMss
Service Control Manager key initializes Service Control Manager key initializes services that the Start entry has services that the Start entry has designated as Auto-loaddesignated as Auto-load
Finally, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Finally, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubsystemsControl\Session Manager\Subsystems
– available subsystemsavailable subsystems– allows Csrss.exe (user-mode portion of the allows Csrss.exe (user-mode portion of the
Windows subsystem) to be selectedWindows subsystem) to be selected NO WONDER IT TAKES SO LONG!!!NO WONDER IT TAKES SO LONG!!!
Stage 6: Logon PhaseStage 6: Logon Phase Managed by Winlogon.exeManaged by Winlogon.exe
– initializes security and authentication initializes security and authentication componentscomponents
– starts the Services subsystem or Service starts the Services subsystem or Service Control Manager (SCM): services.exeControl Manager (SCM): services.exe» starts the Local Security Authority (LSA) starts the Local Security Authority (LSA)
process (lsass.exe)process (lsass.exe)» parses the Ctrl+Alt+Del key combination at the parses the Ctrl+Alt+Del key combination at the
Begin Logon promptBegin Logon prompt
Logon PhaseLogon Phase
The The Graphical Identification and Graphical Identification and AuthenticationAuthentication (GINA) component: (GINA) component:– collects the user name and passwordcollects the user name and password– passes this information securely to the LSA passes this information securely to the LSA
for authenticationfor authentication– if the user supplied valid credentials, if the user supplied valid credentials,
access is granted by using either the access is granted by using either the Kerberos V 5 authentication protocol or Kerberos V 5 authentication protocol or NTLMNTLM
Logon PhaseLogon Phase After the user has logged on:After the user has logged on:
– control sets are updated according to control sets are updated according to group policy settingsgroup policy settings
– changes to local registry settings take changes to local registry settings take effecteffect
– user startup programs run e.g.user startup programs run e.g.» login scriptslogin scripts» programs in startup foldersprograms in startup folders» services found in registry subkeys & folder services found in registry subkeys & folder
locationslocations
Logon PhaseLogon Phase ServicesServices loaded from these registry subkeys: loaded from these registry subkeys:
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunonceWindows\CurrentVersion\Runonce
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RunWindows\CurrentVersion\policies\Explorer\Run
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindows\CurrentVersion\Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ RunNT\CurrentVersion\Windows\ Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunCurrentVersion\Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceCurrentVersion\RunOnce
Logon PhaseLogon Phase
ServicesServices loaded from these folder loaded from these folder locations…locations…– ssystemdriveystemdrive\Documents and Settings\All \Documents and Settings\All
Users\Start Menu\Programs\StartupUsers\Start Menu\Programs\Startup– systemdrivesystemdrive\Documents and Settings\\Documents and Settings\
usernameusername\Start Menu\Programs\ Startup\Start Menu\Programs\ Startup– windirwindir\Profiles\All Users\Start Menu\\Profiles\All Users\Start Menu\
Programs\StartupPrograms\Startup– windirwindir\Profiles\\Profiles\usernameusername\Start Menu\\Start Menu\
Programs\StartupPrograms\Startup
Concluding Logon Phase…Concluding Logon Phase… Winlogon provides Plug and Play support for Winlogon provides Plug and Play support for
computers equipped with ACPI firmware computers equipped with ACPI firmware (Advanced Configuration & Power Interface):(Advanced Configuration & Power Interface):– enables enhanced features, e.g hardware resource enables enhanced features, e.g hardware resource
sharingsharing– especially useful for “especially useful for “mobile” mobile” usersusers
» use portable computers that support standby, hibernation, use portable computers that support standby, hibernation, hot and warm docking, or undocking featureshot and warm docking, or undocking features
Plug and Play Device DetectionPlug and Play Device Detection– runs asynchronously with the logon processruns asynchronously with the logon process– relies on system firmware, hardware, device driver, relies on system firmware, hardware, device driver,
and operating system e.g. ACPI to detect and and operating system e.g. ACPI to detect and enumerate new devicesenumerate new devices
Protecting the Server SoftwareProtecting the Server Software
All hardware can go wrong and should have a All hardware can go wrong and should have a backupbackup
What of software… need tools…What of software… need tools…– what to backup?what to backup?– when to backup?when to backup?– how to backup?how to backup?– where to put the backup?where to put the backup?– how long to keep the backup?how long to keep the backup?– can the backed up software be fully restored…can the backed up software be fully restored…
Client Files BackupClient Files Backup
Windows (XP onwards) presents four Windows (XP onwards) presents four backup choices:backup choices:– all filesall files– current user settingscurrent user settings– all user settingsall user settings– custom choicecustom choice
» can choose between anything from all files and can choose between anything from all files and folders to nonefolders to none
Where to backup to?Where to backup to? Computer hard disk?Computer hard disk?
– ideal backup location is a separate partition on the same diskideal backup location is a separate partition on the same disk– e.g. hard disk is partitioned into drive C and drive De.g. hard disk is partitioned into drive C and drive D
» data is on drive Cdata is on drive C
» can safely it back up to drive D.can safely it back up to drive D.
Zip drive or other removable media?Zip drive or other removable media?– unfortunately, the Windows Backup utility can't save files unfortunately, the Windows Backup utility can't save files
directly to a CD-RW drive (!)directly to a CD-RW drive (!)
Shared network drive? Limited only by the amount of Shared network drive? Limited only by the amount of free space on the network sharefree space on the network share
External hard disk drive?External hard disk drive? USB? IEEE 1394 (ie LAN)? FireWire? Cloud?USB? IEEE 1394 (ie LAN)? FireWire? Cloud?
Prioritising Server Backup?Prioritising Server Backup?
Servers typically hold a lot of dataServers typically hold a lot of data Generally accepted that “system state” Generally accepted that “system state”
files are those that are most important files are those that are most important for keeping the NOS functioning for keeping the NOS functioning normallynormally– need to be backed up on a regular basisneed to be backed up on a regular basis
System stateSystem state Windows “essential files” for boot up:Windows “essential files” for boot up:
– Active Directory (NTDS)Active Directory (NTDS)– System Volume (SYSVOL)System Volume (SYSVOL)– Boot filesBoot files– RegistryRegistry– COM+ class registration databaseCOM+ class registration database
Windows “backup” program enables Windows “backup” program enables system state files to be saved to system state files to be saved to another locationanother location– they can be copied back via cmd line in they can be copied back via cmd line in
event of a crash that won’t rebootevent of a crash that won’t reboot