5.01.1 Troubleshoot common Windows OS problems Part 1

Introduction 

You’ve learned about the different parts of an operating system and tools that can help resolve issues. Now, let's dive into troubleshooting some common Windows OS problems you’ll likely encounter as an IT Helpdesk Technician.

These real-world issues are the kind you’ll face regularly, and knowing how to approach them will help you quickly resolve problems and keep users’ systems running smoothly. Let’s get started on how to identify and fix these typical challenges. 

Legacy BIOS Boot Process 

Definitions:

Master Boot Record (MBR) - A sector on the hard drive that contains boot information.

WINLOAD.EXE/EFI - Loads the Windows operating system.

NTOSKRNL.EXE - The Windows kernel, which is the core part of the operating system.

If the system uses Legacy BIOS, the boot process follows these steps: 

1. Initializes and performs Power-On Self-Test (POST): 

  • This checks the hardware components like RAM, storage devices and input devices to ensure they are functioning correctly. 

  • After POST is completed successfully, BIOS looks for a bootable device, by checking the boot order configured in the BIOS setting. 

2. Read the Master Boot Record (MBR): A sector on the hard drive that contains boot information. 

  • The firmware scans the boot device, usually the hard drive, and reads the Master Boot Record (MBR) located in the first sector of the disk. 

  • The MBR identifies the boot sector of the partition marked as active, which tells the computer where to start loading the operating system. 

3. Start the Windows Boot Loader: 

  • If there is only one operating system installed, the boot manager loads WINLOAD.EXE from the system root folder on the boot partition.  

  • If multiple operating systems are installed, the boot manager displays a boot menu for the user to choose from.

4. Load the Kernel and Drivers: 

  • WINLOAD.EXE continues the process by loading the Windows kernel (NTOSKRNL.EXE), the Hardware Abstraction Layer (HAL.DLL), and the necessary boot device drivers

  • Control is then handed over to the kernel, which initializes the system.

5. Wait for User Login: Once the kernel finishes its job, the WINLOGON process starts, and the system waits for the user to log in.

UEFI Boot Process

Definitions:

BIOS/UEFI - Firmware that initiates the boot process.

POST (Power-On Self-Test) - Verifies hardware components are working correctly.

GPT (GUID Partition Table) - A modern partitioning system used with UEFI.

BCD (Boot Configuration Data) - A file that stores information about the operating systems installed.

With BIOS/UEFI (Unified Extensible Firmware Interface), the boot process is a bit different: 

1. Read the GUID Partition Table (GPT): A modern partitioning system used with UEFI. After POST which verifies hardware components are working properly, the UEFI firmware reads the GUID Partition Table (GPT) from the boot device.

2. Locate the EFI System Partition: 

  • The GPT points to the EFI System Partition (ESP), which contains the EFI boot manager and the BCD file. 

  • The equivalent of the bootmgr.exe file used in the BIOS boot process is the bootx64.efi file.  This file is typically located in the EFI System Partition (ESP) and is responsible for loading the operating system. 

  • Each Windows installation has its own folder under *\EFI\Microsoft* with a BCD file and a boot manager file called BOOTMGFW.EFI.

3. Load the Windows Boot Loader: 

  • BOOTMGFW.EFI reads the BCD to see if a boot menu should be shown and locates WINLOAD.EFI, which then starts the Windows boot process. 

  • From here, the steps are similar to the Legacy BIOS process: WINLOAD.EFI loads the kernel and boot drivers, and the system proceeds to the login screen.

Boot Recovery Tools Overview 

If your computer has trouble starting up, you can use a set of tools to troubleshoot and fix the issue. These tools allow you to enter an environment where you can run tests, make repairs, and restore your system.

Advanced Boot Options 

The Advanced Boot Options menu lets you choose different startup modes that help with troubleshooting. This menu is automatically displayed if the system can't start the operating system (OS). You can also open it manually: 

  • BIOS Boot: Press F8 before the OS starts loading. 

  • UEFI Boot: You need to restart the computer and hold the SHIFT key while selecting Restart from the Power menu on the lock screen (you don't need to sign in to see this menu).

How to Use Advanced Boot Options: 

  1. From the Choose an option screen, select Troubleshoot

  2. Next, select Advanced options

  3. Click Startup Settings and then select Restart

  4. After the restart, press F4 to choose Safe Mode, or select other options if needed.

Safe Mode: 

  • Safe Mode loads only the basic drivers and services required to run Windows. 

  • This mode is helpful to isolate problems caused by extra drivers or services and avoids having to fully reinstall Windows. 

  • Safe Mode can also be used to run repair tools like chkdsk, System Restore, or antivirus software.

Windows Recovery Environment (WinRE) and Startup Repair 

If your system won't boot and you can't access the startup options, you can try using recovery media or tools like Startup Repair. These tools can be run from: 

  • Product media (e.g., a Windows installation disc). 

  • A repair disk

  • A recovery partition on the computer.

How to Access Recovery Media: 

  • You may need to configure the BIOS or UEFI to boot from the recovery media first. 

  • If you don't have recovery media, you can create one using Create a recovery drive in Windows (must be done while the computer is still working).

Using WinRE for Repairs: 

  1. Boot into the recovery environment and select Troubleshoot

  2. Go to Advanced options

  3. Use Startup Repair if boot files are corrupted. 

  4. You can also: 

  • Launch System Restore to revert to a previous system state. 

  • Restore from a backup image

  • Perform a Refresh or Reset of Windows. 

  • Run a memory diagnostic test. 

  • Open the WinRE command prompt to manually repair the system.

Command Prompt Tools in WinRE: 

  • diskpart: Manage disk partitions. 

  • sfc: Check and repair system files. 

  • chkdsk: Check and repair disk errors. 

  • bootrec: Repair boot records. 

  • bcdedit: Edit boot configuration data. 

  • regedit: Modify the Windows registry.

These tools offer a variety of ways to troubleshoot and repair boot problems without needing to fully reinstall the OS.

System Restore Overview 

System Restore helps you roll back your computer to a previous configuration, undoing system changes that may have caused issues. It allows you to return your system's registry and configuration settings to a previous state without affecting your personal files. System Restore is particularly useful after faulty program installations or system updates. 

Key Features of System Restore: 

  • Rollbacks: It can undo system changes, like program installations or updates. 

  • Restore Points: Automatically created points that save your system’s state. You can also manually create restore points. 

  • User Data: System Restore does not affect your personal files, like documents or pictures.

Configuring System Protection 

To enable System Restore and manage how it works, follow these steps:

  1. Open the System Protection tab through the Advanced System Settings

  2. Select which disk(s) to enable for system restore. 

  3. Configure how much disk space can be used for restore points. The disk must: 

  • Be formatted with NTFS. 

  • Have at least 300 MB of free space. 

  • Be larger than 1 GB.

Restore points are automatically created when: 

  • A new program is installed. 

  • A system update is applied. 

  • No restore points have been created in the last seven days (automatically done when the system is idle). 

You can also manually create restore points from the System Protection settings.

Using System Restore 

To restore your system to an earlier point: 

  1. Open the System Restore tool by typing rstrui.exe in the Run dialog or searching for it. 

  2. Choose a restore point and follow the prompts to roll back to that state.

You can also access System Restore from: 

  • The Windows Recovery Environment by selecting Repair Your Computer

  • A product disk or recovery disk.

Important Considerations: 

  • System Restore does not reset passwords unless it’s run from the product disk. 

  • Running System Restore from the product disk will reset passwords to what they were at the time the restore point was created. 

  • It's a great tool for troubleshooting system issues, especially after a problematic software update or installation.

Update and Driver Rollback Overview 

When a system update or driver causes issues, you can either uninstall the update or roll back to a previous driver. These features are essential for troubleshooting problems that arise after installing new software or drivers.

Uninstalling Problematic Updates 

If an update is causing issues, you can try to uninstall it through the Programs and Features applet. Here’s how: 

  1. Open Programs and Features (search for it or find it in Control Panel). 

  2. Click on View installed updates

  3. Select the problematic update. 

  4. Click Uninstall to remove the update.

You may also be able to remove the update using System Restore by rolling back to a restore point created before the update.

Rolling Back Drivers 

If a new driver is causing device problems, you can use the Roll Back Driver feature in Device Manager. This feature allows you to revert to a previously installed driver, which might be more stable or compatible with your system.

Steps to roll back a driver: 

  1. Open Device Manager

  2. Right-click the problematic device and select Properties

  3. Go to the Driver tab. 

  4. Click the Roll Back Driver button to revert to the previous version. 

Device Manager

Select Properties

Expanded device menu

Driver tab > Roll Back Driver

Key Considerations: 

  • Driver Rollback is useful when a newly installed driver is not functioning properly on your specific system. 

  • Uninstalling updates helps when system instability or bugs are introduced after a recent update. 

  • System Restore can also be used to undo updates or driver changes by restoring the system to a previous state.

System Repair, Reinstall, and Reimage Overview 

When your computer faces serious issues that System Restore or Startup Repair can’t fix, you may need to perform more advanced recovery options like system repair, reinstalling Windows, or restoring from a backup image. These steps ensure your system can recover from major failures, but they should only be used after other recovery options have been attempted.

Creating and Using a Recovery Image 

A system image is a full backup of your system configuration and files. It creates an exact copy of your system that can be restored if necessary. Keep in mind: 

  • You need sufficient space on your backup device, ideally double the size of your system.

Example: A 20 GB system could produce a 10 GB image, but results vary based on the file types.

  • Regularly update your system image to ensure it's up-to-date, or maintain separate data backups.

To create a system image

  1. Open the Backup and Restore applet in Control Panel

  2. Select Create a system image from the task pane. 

  3. Choose your backup destination (external drive or network location).

To recover from a system image: Use the Advanced Boot Options or System Image Recovery option from a repair disk or recovery environment.

Reinstalling Windows 

If you don’t have an up-to-date image or System Restore isn’t fixing your issues, you may need to reinstall Windows. Windows 10 provides a built-in Reset this PC option for reinstallation. 

Steps to reinstall Windows

  1. Enter the recovery environment from Startup Repair or Advanced Boot Options

  2. Choose the Reset this PC option. 

  3. You can either: 

  • Keep my files: This keeps your personal files but removes desktop apps and resets PC settings to default. 

  • Remove everything: This erases all files and data from your system, which is recommended if you're transferring ownership of the PC.

Key Considerations: 

  • Keep my files: Preserves your personal files and settings but removes desktop applications. 

  • Remove everything: Erases all data, including personal files and apps. There’s also a secure delete option if you want to wipe the drive entirely, which can take several hours.

This option is best used when you’ve exhausted all other troubleshooting methods and need a fresh start or if you're handing over the PC to someone else. Always ensure you have a backup before performing any resets or reinstalls. 

Summary: 

In this lesson, we covered the steps involved in the boot process for both Legacy BIOS and UEFI systems, explaining how each method identifies the boot device and loads the operating system. We explored troubleshooting tools like Advanced Boot Options, Safe Mode, and the Windows Recovery Environment (WinRE) to help fix startup issues. The lesson also discussed how to use System Restore to roll back changes, uninstall problematic updates, and roll back drivers to solve system problems. 

By mastering these troubleshooting techniques, you’re equipping yourself with the skills to solve some of the most common and critical computer issues that arise. Every step you take strengthens your ability to handle real-world problems and ensures that you're ready to tackle even more advanced challenges ahead. Keep going—your confidence and expertise will grow as you continue to dive deeper into the world of system repair and maintenance!