MCTS 70-680: Windows 7 Disk Tools and Removal Device Policy
Uploaded by itfreetraining on 07.02.2012
Transcript:
Welcome back to your free training course for Windows 7. In this video I will look at
caching options that Windows uses for fixed hard disk and removable devices. I then look
at removable device policy. Removable device policy allows you to quickly configure security
for removable devices on your system. Lastly I will look at the disk checking tool included
with Windows 7 simply called check disk. Without further to do I will change to my Windows
7 computer. First of all I want to look at the caching
options for my local hard disk. To do this, open Windows explorer and then select the
properties for one of the hard disks. From drive properties select the hardware tab.
From here you can see all the device drivers for all the disk drives in the system not
only the ones for the hard disk. To access the caching settings for the hard disk select
the properties for the hard disk and then select the option change settings.
From here select the tab policies. Notice that “enable write caching on the
device” is enabled by default. If the device has an on board cache which it should, Windows
will use this cache to speed up writing to the hard disk.
The risk with having this option enabled is that if power is lost to the system then any
data in the cache will be lost. Remember that any data in the cache has not been written
to the hard disk. This may sound dangerous having this on by default but the thing to
remember is that the NTFS file system which Windows 7 uses by default is a transaction
based file system. What this means is that before a write is written to the hard disk
a transaction is written to a log stating what is about to happen. If power is lost
before the write is complete Windows will pick this up and check the drive for errors.
Having said this, any data in the cache will be lost. Windows in most cases will be able
to fix the file system preventing data corruption and damage to file system. NTFS is a lot
more robust than the older file systems such as fat but I would still shut your system down
correctly, don’t just pull out the power cord.
. If I right click on my task bar and select start task manager, you will notice that under
physical memory there is figure for cached. This is how much memory the computer is current
using for the cache. The cache is dynamic meaning that it will
automatically get bigger and smaller as required. Under this is a figure called available. This
is how much RAM is available for programs at any one time. At the bottom there is a
figure called free. This is very small precent. This is how much RAM is not being used.
Looking at only the free figure it would appear that no RAM is left and programs need to be
closed or more RAM purchased and installed. What happens is that Windows will use the
entire spare RAM for cache when it is not being used for anything else. When a program
requires more RAM, it will make the cache smaller and give some RAM to the program.
You can now understand why when you run more programs there is less RAM for cache. Even
though you may have enough RAM for all your programs the cache size gets smaller and this
can affect performance. If I now change back to my Windows 7 computer,
I will cancel out of the cache settings for the hard disk. I will now select the device
driver for my USB thumb drive, once again select properties, change settings and then
select the polices tab. The settings for USB devices like thumb
drives are different from hard disks. The default is quick removal. This setting disables
write cache on the device. If you have ever opened a document on a flash drive and saved
it you may have noticed a couple of seconds pause while the application saved the file.
When you do not have write cache enabled the application must wait for the write to
be completed to the USB thumb drive. The second option, better performance, will
enable write cache to the USB thumb drive. When this is enabled and data is saved to
the USB flash drive from an application, the file will appear to save straight away
returning control back to the application. The reality is that behind the scenes Windows
is transferring the data from the cache to the USB thumb drive.
This is where the problem comes in, if you have it set to better performance and you
save a file to the USB thumb drive and then pull the USB thumb drive out of the computer.
What happens is that the file has not finished being transferred from the cache to the USB
device. In order to ensure that all writes are completed correctly you should manually
eject the USB device. When the USB device is ejected from Windows, Windows will ensure
that all writes are completed on the device before telling you the device can be removed.
The reason that Microsoft has the default quick removal on by default is that most people
will remove the device from the system when they think the application has finished using
it. Most people don’t use the manual eject option and thus having the option set on better
performance increases the risk the average user will remove the device before Windows
is finished with it and thus losing data. If I now select the details tab for this device
driver and then select hardware ID’s. These are the hardware ID’s that plug and play
uses to identify the device. Here you can see the ID USB storage for Kingston disks.
If I want to select all Kingston USB devices I could use this hardware ID.
If I wanted to be more generic I could select the option USB storage and the generic disk
option. However this option may also select USB based hard disks. If you wanted to block
or allow certain devices on the system from being used make sure you select the correct
hardware ID’s. Dealing with hardware ID’s like these can
be a little complex, thankfully Microsoft has added some settings in Windows 7 so you
don’t have to work with hard ID’s to limit or allow access to removable storage. If I
want to block any storage device without having worrying Hardware I D’s I can instead open
group policy from the start menu and navigate down to the following, computer configuration,
administrative templates, system and then removable storage access.
In here you can block many storage devices not just the removable ones. Most of them
will have the options to deny execute, read and write access. From here you can block
optic drives, floppy drives, any type of removable disks, tape drives and WPD devices or Windows
Portal devices. WPD devices include devices such as smart phones, digital cameras and portal
media players. There are a lot of options in here, to make
it easier Microsoft give you the option to simply deny access to all removable storage
devices via one setting. One interesting setting that Microsoft gives you below this is allow
all removable storage devices to be available when the user is accessing the computer via
a remote desktop. All of these settings will not take effect
until you reboot the computer. At the top you have the option to force a reboot after
so many seconds. This prevents the user staying logged in permanently meaning the changes
will never take effect. This covers all the removable device policies.
The next thing that I want to cover is how to check a hard disk for errors. If I close
group policy and go back to the properties on my C drive, the tab I want to select is
tools. Notice the option at the top check now. When
I select this I get two options. By default Windows will automatically fix any file system
errors that it finds. The second option will scan all the sectors on the hard disk to make
sure that all sectors are useable. This process does take a long time to complete and I would
not worry about performing this step on hard disks that are working well. If you do believe
there is a problem with your hard disk you are best to perform this step. Hard disks
with bad sectors are generally an indication that something is wrong with the hard disk
and it is starting to fail. When this occurs it is best to replace the drive quickly.
Disk check can also be run from the command line. To do this I will open a command prompt
from the start menu making sure that I open it with administrator privileges. If I run
the command chkdsk from the command prompt with no switches this will start check disk.
Notice that check disk will run in read only mode. If it finds any problems it will not
attempt to fix them. I will cancel check disk by pressing control C and then run it again
this time using the slash f switch. The slash f switch will fix any errors that
it finds. Notice that when I run it I get a message saying that the drive is locked.
This means there are open files that check disk can’t check. This is to be expected
since the Windows operating system on this hard disk. Check disk will now ask if I want
to schedule the disk check next time the computer starts up. This will ensure that no files
are open. If I were to run check disk from the gui interface
I would have got a simpler message. In this case I will press no. If you want to check
for bad sectors you can run check disk with the slash r switch. Once again I will be asked
if I want to check the hard disk when the computer starts up.
This time I will select yes. To restart the computer, I will run the command shutdown
with the slash r switch for reboot and the slash t switch with 0 for reboot right now.
Once Windows 7 has rebooted and is starting up, I will get a message telling me that a
disk check has been scheduled. Windows will give you 10 seconds to press a key to cancel
the disk check. You may have seen this message before. If Windows crashes and Windows thinks
it is wise to check the hard disk, Windows will automatically perform a disk check when
the computer starts up. That is for this video. In the next video
I will start looking at the event viewer. The event viewer is an important tool to understand
in the troubleshooting process. I hope you have enjoyed this video, thanks for watching.
caching options that Windows uses for fixed hard disk and removable devices. I then look
at removable device policy. Removable device policy allows you to quickly configure security
for removable devices on your system. Lastly I will look at the disk checking tool included
with Windows 7 simply called check disk. Without further to do I will change to my Windows
7 computer. First of all I want to look at the caching
options for my local hard disk. To do this, open Windows explorer and then select the
properties for one of the hard disks. From drive properties select the hardware tab.
From here you can see all the device drivers for all the disk drives in the system not
only the ones for the hard disk. To access the caching settings for the hard disk select
the properties for the hard disk and then select the option change settings.
From here select the tab policies. Notice that “enable write caching on the
device” is enabled by default. If the device has an on board cache which it should, Windows
will use this cache to speed up writing to the hard disk.
The risk with having this option enabled is that if power is lost to the system then any
data in the cache will be lost. Remember that any data in the cache has not been written
to the hard disk. This may sound dangerous having this on by default but the thing to
remember is that the NTFS file system which Windows 7 uses by default is a transaction
based file system. What this means is that before a write is written to the hard disk
a transaction is written to a log stating what is about to happen. If power is lost
before the write is complete Windows will pick this up and check the drive for errors.
Having said this, any data in the cache will be lost. Windows in most cases will be able
to fix the file system preventing data corruption and damage to file system. NTFS is a lot
more robust than the older file systems such as fat but I would still shut your system down
correctly, don’t just pull out the power cord.
. If I right click on my task bar and select start task manager, you will notice that under
physical memory there is figure for cached. This is how much memory the computer is current
using for the cache. The cache is dynamic meaning that it will
automatically get bigger and smaller as required. Under this is a figure called available. This
is how much RAM is available for programs at any one time. At the bottom there is a
figure called free. This is very small precent. This is how much RAM is not being used.
Looking at only the free figure it would appear that no RAM is left and programs need to be
closed or more RAM purchased and installed. What happens is that Windows will use the
entire spare RAM for cache when it is not being used for anything else. When a program
requires more RAM, it will make the cache smaller and give some RAM to the program.
You can now understand why when you run more programs there is less RAM for cache. Even
though you may have enough RAM for all your programs the cache size gets smaller and this
can affect performance. If I now change back to my Windows 7 computer,
I will cancel out of the cache settings for the hard disk. I will now select the device
driver for my USB thumb drive, once again select properties, change settings and then
select the polices tab. The settings for USB devices like thumb
drives are different from hard disks. The default is quick removal. This setting disables
write cache on the device. If you have ever opened a document on a flash drive and saved
it you may have noticed a couple of seconds pause while the application saved the file.
When you do not have write cache enabled the application must wait for the write to
be completed to the USB thumb drive. The second option, better performance, will
enable write cache to the USB thumb drive. When this is enabled and data is saved to
the USB flash drive from an application, the file will appear to save straight away
returning control back to the application. The reality is that behind the scenes Windows
is transferring the data from the cache to the USB thumb drive.
This is where the problem comes in, if you have it set to better performance and you
save a file to the USB thumb drive and then pull the USB thumb drive out of the computer.
What happens is that the file has not finished being transferred from the cache to the USB
device. In order to ensure that all writes are completed correctly you should manually
eject the USB device. When the USB device is ejected from Windows, Windows will ensure
that all writes are completed on the device before telling you the device can be removed.
The reason that Microsoft has the default quick removal on by default is that most people
will remove the device from the system when they think the application has finished using
it. Most people don’t use the manual eject option and thus having the option set on better
performance increases the risk the average user will remove the device before Windows
is finished with it and thus losing data. If I now select the details tab for this device
driver and then select hardware ID’s. These are the hardware ID’s that plug and play
uses to identify the device. Here you can see the ID USB storage for Kingston disks.
If I want to select all Kingston USB devices I could use this hardware ID.
If I wanted to be more generic I could select the option USB storage and the generic disk
option. However this option may also select USB based hard disks. If you wanted to block
or allow certain devices on the system from being used make sure you select the correct
hardware ID’s. Dealing with hardware ID’s like these can
be a little complex, thankfully Microsoft has added some settings in Windows 7 so you
don’t have to work with hard ID’s to limit or allow access to removable storage. If I
want to block any storage device without having worrying Hardware I D’s I can instead open
group policy from the start menu and navigate down to the following, computer configuration,
administrative templates, system and then removable storage access.
In here you can block many storage devices not just the removable ones. Most of them
will have the options to deny execute, read and write access. From here you can block
optic drives, floppy drives, any type of removable disks, tape drives and WPD devices or Windows
Portal devices. WPD devices include devices such as smart phones, digital cameras and portal
media players. There are a lot of options in here, to make
it easier Microsoft give you the option to simply deny access to all removable storage
devices via one setting. One interesting setting that Microsoft gives you below this is allow
all removable storage devices to be available when the user is accessing the computer via
a remote desktop. All of these settings will not take effect
until you reboot the computer. At the top you have the option to force a reboot after
so many seconds. This prevents the user staying logged in permanently meaning the changes
will never take effect. This covers all the removable device policies.
The next thing that I want to cover is how to check a hard disk for errors. If I close
group policy and go back to the properties on my C drive, the tab I want to select is
tools. Notice the option at the top check now. When
I select this I get two options. By default Windows will automatically fix any file system
errors that it finds. The second option will scan all the sectors on the hard disk to make
sure that all sectors are useable. This process does take a long time to complete and I would
not worry about performing this step on hard disks that are working well. If you do believe
there is a problem with your hard disk you are best to perform this step. Hard disks
with bad sectors are generally an indication that something is wrong with the hard disk
and it is starting to fail. When this occurs it is best to replace the drive quickly.
Disk check can also be run from the command line. To do this I will open a command prompt
from the start menu making sure that I open it with administrator privileges. If I run
the command chkdsk from the command prompt with no switches this will start check disk.
Notice that check disk will run in read only mode. If it finds any problems it will not
attempt to fix them. I will cancel check disk by pressing control C and then run it again
this time using the slash f switch. The slash f switch will fix any errors that
it finds. Notice that when I run it I get a message saying that the drive is locked.
This means there are open files that check disk can’t check. This is to be expected
since the Windows operating system on this hard disk. Check disk will now ask if I want
to schedule the disk check next time the computer starts up. This will ensure that no files
are open. If I were to run check disk from the gui interface
I would have got a simpler message. In this case I will press no. If you want to check
for bad sectors you can run check disk with the slash r switch. Once again I will be asked
if I want to check the hard disk when the computer starts up.
This time I will select yes. To restart the computer, I will run the command shutdown
with the slash r switch for reboot and the slash t switch with 0 for reboot right now.
Once Windows 7 has rebooted and is starting up, I will get a message telling me that a
disk check has been scheduled. Windows will give you 10 seconds to press a key to cancel
the disk check. You may have seen this message before. If Windows crashes and Windows thinks
it is wise to check the hard disk, Windows will automatically perform a disk check when
the computer starts up. That is for this video. In the next video
I will start looking at the event viewer. The event viewer is an important tool to understand
in the troubleshooting process. I hope you have enjoyed this video, thanks for watching.