1) Try to find the "mmc.exe" file on the windows CD.
Or download here Site1 Site 2
If you can find it there then just copy and paste it to
C:/windows/system32.
Check Control Panel\Hareware\Device manager tab.
2) You can try manually loading the Device Manager by running devmgmt.msc at the command prompt (Start > Run). If that doesn't work, try mmc%windir%\system32\devmgmt.msc
3) Run box on the Start Menu and type in:sfc /scannow
This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.
IF you turned off Windows File Protection (WFP); System File Checker (sfc)won't help you.
Run box on the Start Menu and type in:gpedit.msc
Computer Configuration\System\Windows File Protection\Set Windows File Protection scanning(Double-click to select enabled)(Note: This setting affects file scanning only. It does not affect the standard background file change detection that Windows File Protection provides.)
Can I turn off Windows File Protection...
If Windows File Protection protects system files then how exactly can they be updated with newer versions?
Well Microsoft has made the following methods Windows File Protection "aware" Meaning the newer files will replace the old system files and a copy of the new file will be stored in the dllcache folder. The security catalogues are also updated so the Windows File Protection service always knows what version of the digitally signed file is current!
Replacement of protected system files is supported using the following mechanisms:
• Windows Service Pack installation (UPDATE.EXE) e.g. XP SP2
• Hotfix distributions installed using (HOTFIX.EXE) e.g. KB825035
• Operating system upgrade (WINNT32.EXE)
• Windows Update Website
• Windows Device Installer
Can I turn off Windows File Protection...
The official answer form Microsoft is NO and this is be design. (The only exception is if you are using a kernel debugger.)
However, there is a way to do it, BUT there is no reason for you to do so!!!
On a close inspection of the system file sfc.dll it is possible to see a reference, in part of the code, that checks the value of the SFCDisable in the WinLogon key... (Something we talk about in a moment!)
This key is: 0ffffff9dh
This is NOT a documented feature from Microsoft and should NOT be used unless you REALLY are sure you need to disable the service!
(NB - It is interesting to note that the virus "W32/CodeRed.D", that caused so much mayhem by shutting down Internet Servers in the summer of 2002, used this very same undocumented setting to stop the Windows File protection service from running. The virus could then release its Trojan payload to do damage and replicate itself around the Internet!
The registry key to change is:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable
By default, SFCDisable is set to 0, which means Windows File Protection is active.
Setting SFCDisable to 1 will disable Windows File Protection . Setting SFCDisable to 2 will disable Windows File Protection for the next system restart only (without a prompt to re-enable).
Important: You must have a kernel debugger attached to the system via null modem cable to use SFCDisable = 1 or SFCDisable = 2. More on Kernel Debugger
After Windows File Protection is disabled using the SFCDisable = 1 setting, the following message will appear after logon:
Warning! Windows File Protection is not active on this system. Would you like to enable Windows File Protection now? This will enable Windows File Protection until the next system restart..
Clicking Yes will reactivate Windows File Protection until the next system restart. This message will appear at every successful logon until SFCDisable is set to 0.
NOTE: The above message will only be presented to Administrators.
To verify that Windows File Protection has been disabled after rebooting click on Start menu > Control Panel > Administrative Tools > Event Viewer.
An event will be logged to indicate Windows File Protection is disabled on the PC. If this event hasn’t been logged in Event Viewer then the service has NOT been disabled...
The Windows File Protection service constantly monitors for any changes to the main system files. Well Windows XP keeps a cache (copy) of these essential files at the following location:
C:WINDOWS\System32\Dllcache (assuming C: is your system root which it probably is.)
NB - The dllcache folder is extremely important so Windows XP hides it from you! To view it go to: My Computer > Tools > Folder Options > View > "uncheck" Hide protected operating system files.
If that's the case on your computer then there is normally no need for the original XP CD to be inserted as your computer has a "copy" it can get hold of in this cache...
But, if the Dllcache folder, or part of it, has become corrupted for some reason then you will be prompted for the XP CD - so your computer can get a clean copy!
Stopping annoying requests for the XP CD.
As well as having a cache of all the system files on your PC, you would like to have the I386 folder from the XP CD installed on the computer as well. After doing this you then modify the registry to tell it the source path for these files... Why? Well not only does this prevent 99% of request for the the XP CD with Windows File Protection. But the I386 folder also contains many other files that are sometimes needed by the operating system and this stops those requests for the XP CD too!
NB - With today's large hard drives you are not going to notice this 475 MB folder on your computer, but older systems may not have the space for this...
Step 1
You will need to get your XP CD and locate the folder called:
I386
This is a major folder and should be one of the first you see, now copy this onto your hard drive into the system root. For most of you that is going to be C:\ so you should end up with a folder that looks like: C:\I386
-----------------------------
Step 2
Now you will need to tell your computer you now have the files on your PC. We do this is the registry (type regedit in the Run box on the start menu) by navigating to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Setup
You will see various entries here on the right hand side. The one we want is called:
SourcePath
It probably has an entry pointing to your CD-ROM drive, and that is why it is asking for the XP CD. All we need to do is change it to:
C:\
Simply double click the SourcePatch setting and a new box will pop up allowing you to make the change.
Now restart your computer and try scannow sfc again!
Other Problems with scannow sfc...
#1
Has the CD Drive's drive letter changed (perhaps by the addition of another hard drive, partition, or removable drive) since Windows XP was first installed? If so, simply edit the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Setup\SourcePath to reflect the changed drive letter.
After you restart the computer, WFP and sfc /scannow uses the new source path instead of prompting for the Windows XP installation CD-ROM
#2
Has the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Setup\SourcePath got an incorrect entry? The SourcePath entry does NOT include the path location till the I386 folder. It completes one folder ahead to reach the I386 folder.
Example:
If the I386 directory is at C:\I386, the SourcePath value would be C:\
#3
If the problem persists and you have the correct path for your I386 folder then the I386 folder is corrupted. To solve this problem copy I386 folder from the CD-ROM to your system restart the system and then
perform sfc /scannow again.
#4
You do not have an XP retail CD with an I386 folder on it. If you have a restore CD from your PC manufacturer then you may have to explore the CD to find the folder.
#5
You still keep being prompted for the XP CD yet you have done all in this article! There is another setting in the registry that may be causing the problem. Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SourcePath
Make sure the entry here is the same path to the I386 folder as used above.
#6
Systems administrators can enforce security policies that may include changes to the Windows File Protection settings. You will need to speak with your network administrator about this, but it is important to bear in mind when Windows starts up, the Windows File Protection service synchronizes (copies) the WFP settings from the following registry key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Windows File Protection
to the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Therefore, if any of the following values are present in the HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Windows File Protection key, they will take precedence over the same values under the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon key.
This will not effect scannow sfc so much, but WILL make an impact if any of the other sfc.exe "switches" have been used! (More about these at the end of this article.)
#7
When you run scannow at logon you do not get a progress bar... This can easily be remedied by adding a new DWORD: SFCShowProgress to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
the values available are: 0 = disabled, 1 = enabled
------------------------------------
What about Windows Updates.....
You may be asking yourself how does sfc.exe know how to check for updated Windows system files? Well during OS upgrades, service pack installations etc.. the dllcache folder should be updated with these new files.
As an example the recent Windows XP Hotfix - KB828035 updated the system file wkssvc.dll A new version of the file was placed in C:\WINDOWS\system32 and a copy in the cache: C:\WINDOWS\system32\dllcache A copy of the old system file is archived in: C:\WINDOWS\$NtUninstallKB828035$
There is another location the Windows File protection service uses and that is the I386 folder in C:\WINDOWS\ServicePackFiles When you install a service pack, like SP1. Any new system drivers are cached in this location too.
If you have odd problems with running scannow sfc and nothing else in the article has resolved it, then take a look at the entry in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Setup
\ServicePackSourcePath
This should be pointing to the location C:\WINDOWS\ServicePackFiles (assuming C:\ is the boot drive.)
-------------------------------------------------------
For those of you who are familiar with sfc.exe under Windows 2000 professional. It is worth noting that the following two options are NOT available under Windows XP.
These are:
sfc /cancel - In Windows 2000, this command immediately cancels all pending scans of protected system files. This option has no effect in Windows XP.
sfc /quiet - In Windows 2000 this sets Windows File Protection to replace any incorrect system files detected with the appropriate version from the dll cache without any user notification. This option has no effect in Windows XP.
More info can be found about the various switches available with sfc.exe under Windows XP here.
View blog reactions
0 comments:
Post a Comment