Networking.docx

Full Transcript

Rolling Back Updates
Very rarely you will find that a Microsoft or third-party update has created a problem on the operating system. When this happens, it’s pretty easy to roll back updates by uninstalling them. Simply open the Settings app, then Update & Security, then View Update History, then Uninstall Updates, and finally select the update and choose Uninstall, as shown in Figure 24.32
Figure 24.32 Uninstalling an Update
1317
On the left of the Installed Updates screen, you can select Uninstall a Program. This will take you to the Programs and Features - Uninstall or Change a Program screen. From here, you can uninstall third-party updates. After uninstalling an update, it’s a good idea to reboot before testing to see if it fixed the issue.
 An alternative to uninstalling an update is to use System Restore to revert to an earlier time before the update. However, System Protection must have been turned on before the update was installed. System Protection in Windows 10 is turned off by default. You can turn it on by clicking the Start menu, then type Recovery and select it, then clcik Configure System Restore, Select the System drive, then Configure, Select Turn on System Protection, and finally click OK.
Rolling Back Device Drivers
When you isolate a hardware problem to a faulty device driver, it is sometimes necessary to roll back the current driver to a prior version. This action will roll back the driver to the original version detected by Windows, also called the out-of-box driver. In some cases, it may roll back to a generic driver, which reduces functionality until a proper driver is installed.
This process can be completed by right-clicking the Start menu, selecting Device Manager, select the device, right-click and select Properties, choose the Driver tab, then Roll Back Driver, answer the reason for rolling back the driver, and finally click Yes, as shown in Figure 24.33. When the roll back is complete, you should reboot the computer before testing to see if it fixed the issue.
Figure 24.33 Rolling back a driver
Applying Updates
1318
Occasionally, applying an update will fix a problem, mainly because that is what updates do: They fix problems. Once you’ve identified that applying an update is the solution, you need to download, distribute, and install the update. Luckily, by default Windows 10 automatically installs updates for the operating system to keep you up-to-date and problem-free.
In large-scale networks, the organization may employ a corporate patch-management solution. Microsoft offers a free patch-management solution called Windows Server Update Services (WSUS). Microsoft also sells a licensed solution called System Center Configuration Manager (SCCM), which performs many other functions in addition to patch management. If an update is required and your organization uses one of these products, the patch must be approved, downloaded, and deployed. Third-party patch-management solutions may also be used in your organization. Third-party solutions are usually specific to an application or suite of applications, such as Adobe or Autodesk.
In small office, home office (SOHO) environments and small network environments, the update may be a one-off installation for a specific application. In this case, the update just needs to be downloaded and installed, per the vendor instructions. Always make sure to have a plan to roll back from a bad update. Turning on System Protection is a good idea before the update. If an update fails, you can simply use System Restore to restore the operating system to a prior point in time.
Repairing Applications
If an application is crashing and acting erratically, it may be due to another application that has overwritten critical files used by the application, or the files may have become corrupted. In either case, choosing to repair an application will validate it is installed properly and the process will replace any missing critical files for the application. Data files and configuration files will not be touched while the application is being repaired; only critical files (such as DLLs) will be checked and repaired.
You can repair an application by right-clicking the Start menu, selecting Apps and Features, then Programs and Features (under the Related Settings heading), right-click the application, and then select Repair, as shown in Figure 24.34. The application’s installer will launch and start to repair the application.
Figure 24.34 Repairing an application
Updating the Boot Order
1319
When you have a multi-boot installation and the wrong operating system is loading, the boot order must be updated to reflect the proper default. The boot order can be updated a variety of ways. The first way is to use the System Configuration utility (msconfig.exe) and the Boot tab, as shown in Figure 24.35. You can access the utility by clicking the Start menu, then type System Configuration and select it from the results, select the Boot tab, select the operating system, then choose Set as Default. You can tell which operating system is the default and which operating system is currently booted by looking at their descriptions on the Boot tab.
Figure 24.35 Updating the boot order in System Configuration
1320
The second way to update the boot order is through the System Properties on the Advanced tab (Startup and Recovery), as shown in Figure 24.36. You can access the Startup and Recovery dialog box by clicking the Start menu, then typing System, and select System under the Settings heading, then Advanced System Settings, then the Advanced tab, then Settings… (Startup and Recovery), select the operating system from the drop-down as the Default Operating System, as shown in Figure 24.36.
Figure 24.36 Startup and Recovery in System Properties
There are a variety of other ways to change the boot order, including using the bcdedit .exe utility. You would first use the bcdedit /ENUM command (to see the various options), and then use the bcdedit /DEFAULT {GUID-ID} command, replacing GUID-ID with the identifier for the operating system you want to boot as default—for example, bcdedit /DEFAULT {ce10a3ba-801f-11e8-be04-ae230169ca59}.
 The bcdedit utility is a very versatile tool for changing boot attributes. To learn more about bcdedit, visit:
https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/editing-boot-options
Disabling Services
1321
Once you’ve identified a problem with a service at boot up, you can disable the service by accessing the System Configuration (msconfig.exe) utility. Most of the services that are displayed in the Service tab are Microsoft services related to the operating system and can be ignored. You can filter out Microsoft services by clicking the Hide All Microsoft Services check box, as shown in Figure 24.37. You can temporarily disable a service by clicking the Start menu, type System Configuration and select it from the results, then select the Service tab, then deselect the appropriate service, and click reboot.
Figure 24.37 Disabling a service in System Configuration
An alternate way to disable a Windows service is to use the Services snap-in under Computer Management, as shown in Figure 24.38. This method will allow you to remotely disable a Windows service. You can disable a service with this method by right-clicking the Start menu, select Computer Management, then Services, then right-click the service, select Properties, and then change the Startup Type to Disable in the drop-down box, select OK and reboot.
Figure 24.38 Disabling a service in Computer Management
1322
Disabling Applications at Startup
After you have identified that a particular program at startup is slowing down the login process, you need to disable the application to fix the performance issue. Applications are automatically started upon login, as the operating system uses a variety of mechanisms, such as reading the Registry as well as the Startup folders for both the system and the user. The Registry keys and the path of the Startup folders read, are as followed:
Registry

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Startup Folders

C:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp
C:\Users\{Username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Fortunately, the Startup tab in Task Manager allows you to disable applications that are in all these locations, as shown in Figure 24.39. You can even see the impact1323they pose to the startup/login process. You can disable an application by pressing Ctrl+Shift+Esc, selecting the Startup tab , then right-clicking the application, and finally selecting Disable.
Figure 24.39 Disabling applications in Task Manager
As an alternative, you can visit each location and either delete the entry (Registry) or delete the file. However, restoring the entry/file is not as simple as re-enabling it, as the Task Manager allows you to perform.
Booting into Safe Boot
If Windows won’t load completely (it hangs or is otherwise corrupted) when you boot, you can often solve the problem by booting into Safe Mode, also known as Safe Boot. Safe Mode is a concept borrowed from the original Windows 95 product wherein you can bring up part of the operating system by bypassing the settings, drivers, or parameters that may be causing it trouble during a normal boot. The goal of Safe Mode (Safe Boot) is to provide an interface with which you’re able to fix the problems that occur during a normal boot and then reboot in normal mode.
To access Safe Mode, you must boot into the Windows Recovery Environment. This can be achieved a number of ways, but the prior method in Windows 7 of pressing F8 when the operating system is booting to access Advanced boot options no longer works in Windows 8/8.1 and Windows 10. To access the Startup Settings (as shown in Figure 24.40), select Reboot while holding the Shift key, once the computer reboots select Troubleshoot, then Advanced Options, then See More Recovery Options, then Startup Settings, and finally Restart.
Figure 24.40 Startup Settings
1324
The Windows Recovery Environment will reboot into the Startup Settings. You can then choose option 4, Enable Safe Mode. The operating system will boot into Safe Mode, as shown in Figure 24.41. Safe Mode will display the words “Safe Mode” in all four corners while you are booted into this mode. The Windows build and release information will also be displayed at the top of the screen.
Figure 24.41 Safe Mode
1325
From the Startup Settings, you can access a number of other boot modes that can assist in troubleshooting and solving issues, as shown in Table 24.1.
Table 24.1 Startup Settings boot options

Choice
Loaded

Enable Debugging
A mode in which the Windows installation will pass information to a debugger. Used only by Windows developers and driver developers

Enable Boot Logging
Creates ntbtlog.txt in the C:\Windows directory during boot

Enable Low-Resolution Video
Normal boot with only basic video drivers. It is used when the resolution of the monitor is lower than the resolution set in Windows.

Enable Safe Mode
Provides the VGA monitor, Microsoft mouse drivers, and basic drivers for the keyboard (storage system services, no networking)

Enable Safe Mode with Networking
Same as Safe Mode but with networking

Enable Safe Mode with Command Prompt
Same as Safe Mode but without the GUI interface and drivers/services associated with it. It provides a command prompt only.

Disable Driver Signature Enforcement
Allows Windows to load drivers not digitally signed

Disable Early Launch Anti-malware Protection
Disables the anti-malware protection for early loading of drivers

Disable Automatic Restart After System Failure
Disables automatic restarting and is helpful when troubleshooting

F10
More options

Enter
Returns to the operating system with no modifications to the boot

Launch Recovery Environment
Launches the Windows Recovery Environment. Press F10 to make this option appear.

1326
Alternately, you can boot directly into Safe Mode by choosing Safe boot from the Boot tab in System Configuration, as shown in Figure 24.42. You can access the Safe Boot options by clicking the Start menu, then typing System Configuration and select it from the results, then select the Boot tab, select Safe boot, then OK, and finally select Restart.
Figure 24.42 Safe boot options in System Configuration
Selecting Safe Boot enables you to choose several other options. They are worded differently, but they are the same as the Startup Settings. Table 24.2 shows the Safe Mode options that can be selected with Safe Boot. In Exercise 24.2 you will boot into Safe Mode using the Safe Boot checkbox in this dialog box.
Table 24.2 Safe Boot options

Safe Boot Option
Safe Mode Option

Minimal
Safe Mode

Alternate Shell
Safe Mode with Command Prompt

Active Directory Repair
Only Used for Active Directory Domain Controllers

Network
Safe Mode with Networking

Another way to boot into Safe Mode is by using the bcdedit.exe utility. Opening a command prompt and entering bcdedit /SET {default} SAFEBOOT MINIMAL will set the next boot to enter Safe Mode. By adding the bcdedit / SET {default} SAFEBOOTALTERNATESHELL YES command, you can boot into Safe Mode with a command prompt. Using bcdedit /SET {default} SAFEBOOT NETWORK allows you to boot into Safe Mode with networking enabled.
1327
Keep the following rules in mind when booting in different modes:

If the problem doesn’t exist when you boot to Safe Mode but does exist when you boot to normal mode, the problem isn’t with basic services/drivers.
If the system hangs when you load drivers, the log file can show you the last driver it attempted to load, which is usually the cause of the problem.
If you can’t solve the problem with Safe Mode, try System Restore, System Image Recovery (if it is Windows 8/8.1, you can also try Refresh/Restore), or Reset This PC in Windows 10.

EXERCISE 24.2
Booting into Safe Mode

Click the Start menu and type System Configuration.
Select System Configuration from the results.
Select the Boot tab.
Select Safe Boot.
Click OK.
When prompted to Restart or Exit without Restart, select Restart.
Note which services and devices are available upon booting into Safe Mode.

Your operating system will not reboot into Safe Mode. You can exit Safe Mode by clicking the Start menu and selecting Reboot. If the operating system reboots back into Safe Mode or you do not want it to reboot into Safe Mode, you can enter the command bcdedit /Deletevalue {current} SAFEBOOT. This will remove the entry in the BCD that notifies the operating system to boot into Safe Mode.
Resetting Windows Profiles
When a problem has been determined to be a profile-related issue, it is necessary to reset the Windows profile. When performing this action, ensure that the user’s data is backed up. It is best to keep an entire copy of the profile before resetting it. The following are the most common places data is kept by the operating system:

Contacts
Desktop Items
Documents
Favorites
Links
Music
Pictures
Videos
Saved Games (optionally)
Downloads (optionally)
3D Objects (optionally)

1328
To back up a local profile, log into an administrative account (other than the one you are backing up), and then copy the profile under C:\Users to a new location. Do not move the profile, because the operating system references it in the Registry.
You can then reset a local profile through the Advanced tab of System Properties, as shown in Figure 24.43. You can access the User Profiles dialog box by clicking the Start menu, then typing System, select System under Settings, then Advanced System Settings, then the Advanced tab, then Settings… (User Profiles), select the profile to reset, click Delete, then answer Yes to confirm the deletion. Then log in as the user. Windows will create a new profile. The user’s files can then be manually copied over.
Figure 24.43 Deleting a local user profile
You can also use the preceding procedure to delete a roaming user profile that has been left on the Windows operating system. However, performing the preceding procedure on a roaming profile will not reset the profile. The procedure will only remove the profile, to clear space. To reset a network-based roaming profile, perform the following steps:

Ensure the user is logged out completely.
Delete all local copies of the user’s profile left on any machine.
Navigate to the network location containing the user’s profile and rename the folder.
Log the user into the machine on which you have deleted the locally cached copy.
Copy any useful items back to the user’s profile.
Log the user out to ensure the roaming profile is saved back.

 User profile management can become complicated, depending on how it is implemented. For the CompTIA A+ exam, you will need to have a basic understanding. For more information, visit:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb776892(v=vs.85).aspx
Troubleshooting Security Issues
1329
Many viruses will announce that your system is infected as soon as they gain access to it. They may take control of your system, flash annoying messages on your screen, or destroy your hard disk. When this occurs, you’ll know that you’re a victim. Other viruses will cause your system to slow down, cause files to disappear from your computer, or take over your drive space. The Windows Defender Security Center can show you what security measures are set on your system (see Figure 24.44).
Figure 24.44 The Windows Defender Security Center
 Viruses are the most common type of malware. In this section, we use the term virus to refer to many types of malware.
1330
There are a number of common symptoms CompTIA expects you to know for the 220–1002 exam when it comes to security issues. Many of these issues also appear in other CompTIA certification exams—namely, Security+. Rest assured that for the 220–1002 exam, you do not need to know the content as well as you would if you were preparing for the Security+ exam. In particular, you should look for some of the following symptoms when determining if a virus infection has occurred:

The programs on your system start to load more slowly. This happens because the virus is spreading to other files in your system or is taking over system resources.
Unusual files appear on your hard drive, or files start to disappear from your system. Many viruses delete key files in your system to render it inoperable.
Program sizes change from the installed versions. This occurs because the virus is attaching itself to these programs on your hard drive.
Your browser, word-processing application, or other software begins to exhibit unusual operating characteristics. Screens or menus may change.
The system mysteriously shuts itself down or starts itself up, and a great deal of unanticipated disk activity occurs.
You mysteriously lose access to a hard drive or other system resources. The virus has changed the settings on a device to make it unusable.
Your system suddenly doesn’t reboot or gives unexpected error messages during startup.
You notice an X in the notification area over the icon for your virus scanner, or the icon for the scanner disappears from the system tray altogether.

This list is by no means exhaustive. What is an absolute, however, is the fact that you should immediately quarantine the infected system. It is imperative that you do all that you can to contain the virus and keep it from spreading to other systems within your network and beyond. Some enterprises have a no-tolerance (zero tolerance) policy for infected systems, and they are always physically destroyed, although this is an extreme. In many organizations, the hard drive will be sanitized, and the operating system will be reimaged or reloaded from scratch.
The following sections describe some of the common systems in detail.
 It cannot be overstated that establishing security policies and procedures, updating your operating systems, updating your applications, and updating your network devices are all good measures to help to eliminate potential security problems.
Pop-Ups
Pop-ups (also commonly known as popups) are both frustrating and chancy. When a user visits a website and another instance (either another tab or another browser window) opens in the foreground, it is called a pop-up; if it opens in the background, it is called a pop-under. Both pop-ups and pop-unders are pages or sites that you did not specifically request and may only display ads or bring up applets that should be avoided.
Pop-up blockers are used to prevent both pop-ups and pop-unders from appearing. While older browsers did not incorporate an option to block pop-ups, most current browsers, including the latest versions of Internet Explorer and Edge, have that capability built in.
Overlays are the next generation of pop-ups. In an overlay, JavaScript is written to overlay a screen on top of the desired page. This screen requests a signup, is an ad, or tries to redirect you (as discussed next). The only way to avoid overlays is to use JavaScript toggle plug-ins, which enable you to turn off JavaScript on a web page. However, JavaScript toggles also break the web page if it requires JavaScript in order to be displayed.
Browser Redirection
Pharming is a form of redirection in which traffic intended for one host is sent to another. This can be accomplished on a small scale by changing entries in the hosts file and on a large scale by changing entries in a DNS server (poisoning). In either case, when a user attempts to go to a site, they are redirected to another site. For example, suppose Illegitimate Company ABC creates a site to look exactly like the site for Giant Bank XYZ. The pharming is done (using either redirect method) and users trying to reach Giant Bank XYZ are tricked into going to Illegitimate Company ABC’s site, which looks enough like what they are used to seeing that they give their username and password.
As soon as Giant Bank XYZ realizes that the traffic is being redirected, it will immediately move to stop it. But while Illegitimate Company ABC will be shut down, it was able to collect data for the length of time that the redirection occurred, which could vary from minutes to days.
Another form of browser redirection is called affiliate redirection. This type of browser redirections can be very subtle. For example, when you search for a product and click the link in the results, the malware will redirect your browser to the intended site with an affiliate link attached. Now anything you purchase will credit a commission to the person who redirected the browser with the affiliate link. This malware is usually related to an unscrupulous plug-in in the browser.
Because an attacker can use many different tactics to launch browser redirection, the mitigation is not straightforward. However, implementing end-user education, maintaining updates for browsers and operating systems, and ensuring that your anti-malware/antivirus software is up-to-date are best practices to protect against browser redirection.
Security Alerts
Users have plenty of real viruses and other issues to worry about, yet some people find it entertaining to issue phony threats disguised as security alerts to keep people on their toes. Some of the more popular hoaxes that have been passed around are the Goodtimes and the Irina viruses. Millions of users received emails about these two viruses, and the symptoms sounded awful. The mention of these two hoaxes serves to outline the most well known hoaxes. Since these came out, there have been many different hoaxes, most of which were not as well known as these.
Both of these warnings claimed that the viruses would do things that are impossible to accomplish with a virus. When you receive a virus warning, you can verify its authenticity by looking on the website of the antivirus software you use, or you can go to several public systems. One of the more helpful sites to visit to get the status of the latest viruses is that of the CERT organization (www.cert.org). CERT monitors and tracks viruses and provides regular reports on this site.
 Though the names are similar, there is a difference between cert.org and us-cert.gov. While the latter is a government site for the United States Computer Emergency Readiness Team, the former is a federally funded research and development center at Carnegie Mellon University.
When you receive an email that you suspect is a hoax, check the CERT site before forwarding the message to anyone else. The creator of the hoax wants to create widespread panic, and if you blindly forward the message to co-workers and acquaintances, you’re helping the creator accomplish this task. For example, any email that includes “forward to all your friends” is a candidate for research. Disregarding the hoax allows it to die a quick death and keeps users focused on productive tasks. Any concept that spreads quickly through the Internet is referred to as a meme.