Windows NT Magazine Tips: April-May 1999

By Bob Chronister

The below tips are courtesy of Windows NT Magazine. For more information, go to https://www.winntmag.com or e-mail subs@winntmag.com.

On This Page

Error Checking Using Disk Administrator
Understanding What a Device is to Windows NT
Changing the Name of Frozen Objects on the Desktop
Differences Between User Mode and Kernel Mode

Error Checking Using Disk Administrator

April 12, 1999

Q: I'm not sure I understand the meaning of the tools in Disk Administrator. I know the three tools are error checking, backup, and defrag, and that you need a third-party application such as Executive Software's Diskeeper to defragment a drive in Windows NT. What do the error checking applications refer to?

A: Good question. You have two choices for error checking a drive when you run the Disk Administrator tools: fixing file system errors and remapping bad sectors. The basic procedure is to highlight a drive, click Tools, and select Properties. If you want to fix file system errors, you have to reboot your system before the error checking and correction can continue. This process is similar to the DOS command chkdsk /f /r. If you want the system to attempt to remap bad sectors, the error-checking process can continue even if the drive is locked.

Understanding What a Device is to Windows NT

April 26, 1999

Q: Can you explain the difference between a boot device setting and a system device setting? If I set a SCSI controller to system, what is the effect?

A: You need to understand what a device is to Windows NT. In your case, the device is not the SCSI controller, but the driver for the controller. Defining a device in this way has important implications. NT contains three device driver loading options (boot, system, and automatic) that work at startup, and these three options are easy to confuse. All three options start a device, but they do so in very different ways. The boot option starts the device driver on system boot before other device drivers that aren't set at boot. The system option starts the device driver as part of the NT system start, but after boot device drivers. The automatic option starts the device driver after the NT system start.

In general, devices that load at system boot (i.e., using the boot startup option for the device driver) and then fail with a blue screen of death are difficult to fix. I have had to reload NT several times because of such errant drivers. For example, you can't fix a SCSI driver that fails during the boot process if you're using NTFS. Because of these considerations, I always recommend that you create two copies of NT on a production server, one for running the OS and the other for fixing or restoring system settings. Be careful when you assign startup options for devices.

Changing the Name of Frozen Objects on the Desktop

May 10, 1999

Q: How do I change the name of frozen objects such as the Recycle Bin on the desktop?

A: Regedit comes in handy for this task. However, using a Registry editor incorrectly can cause serious, system wide problems. You may have to uninstall Windows NT to correct them. Use this tool at your own risk.

Renaming objects on the desktop is easy. In regedit, click Edit, Find to locate the Recycle Bin. After you locate this object, click Edit, Modify to change the string value. I changed the name of my Recycle Bin to Trash Bin. For the change to take effect, you must reboot the system.

Differences Between User Mode and Kernel Mode

May 24, 1999

Q: What is user mode and kernel mode in Windows NT, and what do they mean?

A: User mode and kernel mode refers to the privilege level a process has to the system hardware. The closer to the hardware the process becomes, the more sensitive the system is to provoking system failure.

In any OS, you want to separate applications from OS services because you want the OS to remain functional if an application crashes. Microsoft achieved part of this goal in NT by assigning each application its own processes and memory space. Microsoft also added the restriction that no application can read or write outside its memory space. Because NT isolates applications from the hardware and each other, NT is know as a protected-mode environment.

In simple terms, a process running in user mode can't read or write directly to OS memory. The Virtual Memory Manager, which runs in kernel mode, maintains this isolation. Crossing from user mode to kernel mode requires kernel-mode transition and the NT Executive checks whether the move is legitimate.

Microsoft defines a user-mode service as protected (in memory space) and NT starts the service at boot time. NT includes two types of protected subsystems in which a user-mode can run: Environmental and Integral. In the Environmental subsystem, a user-mode service supports applications either as written for, or native to, another OS such as DOS. In the Integral subsystem, a user-mode service performs an OS-related function such as security. The NT core subsystems also run in user-mode, but don't provide hosting to non-native NT applications. NT core subsystems perform OS-related tasks instead of application-related tasks. The basic NT core subsystems are Winlogon, Local Security Authority (LSA), Security Accounts Manager (SAM), and Service Control Manager (SCM).

Applications run in user mode while OSs run in kernel mode. Kernel mode has access to all user-mode functions but not the other way around. This kernel-mode access is referred to as Ring 0, and user-mode access is equal to Ring 3. A crash in Ring 0 is fatal to system function. The three major aspects of NT that run in kernel mode are the NT kernel, the NT executive, and the hardware abstraction layer (HAL).

Bob Chronister is a contributing editor for Windows NT Magazine and president of Chronister Consultants in Mobile, Alabama. He is co-author of Windows NT Backup and Recovery (Osborne/McGraw-Hill). You can reach him at bob@winntmag.com.

We at Microsoft Corporation hope that the information in this work is valuable to you. Your use of the information contained in this work, however, is at your sole risk. All information in this work is provided "as -is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Microsoft Corporation. Microsoft Corporation shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.