Troubleshooting Tools and Strategies
System File Checker (SFC) is a command-line tool that scans protected system files and replaces files overwritten with the correct system files provided by Microsoft. It is part of the Windows File Protection feature of Windows 2000.
Windows File Protection
The Windows File Protection (WFP) feature protects your system files with two mechanisms. The first runs in the background: WFP is implemented when it is notified that a file in a protected folder is modified. After this notification is received, WFP determines which file was changed, and if it is protected, looks up the file signature in a catalog file to determine if the new file is the correct Microsoft version or if the file is digitally signed. If it is not, a replacement file is retrieved from either the %systemroot%\System32\Dllcache folder or the Windows 2000 operating system CD. By default, WFP displays the following message to an administrator and logs it to the System event log:
A file replacement was attempted on the protected system file <file name>. To maintain system stability, the file has been restored to the correct Microsoft version. If problems occur with your application, please contact the application vendor for support.
The second WFP mechanism is SFC, which allows an administrator to scan all protected files to verify their versions. SFC also checks and repopulates the Dllcache folder. If the Dllcache folder becomes damaged or unusable, use SFC with the /purgecache switch to repair its contents. Most SYS, DLL, EXE, TTF, FON and OCX files on the Windows 2000 operating system CD are protected. However, for disk space considerations, maintaining cached versions of all of these files in the Dllcache folder is not always preferable on computers with limited available storage space.
SFC also checks all catalog files used to track correct file versions. If any catalog files are missing or damaged, WFP renames the affected catalog file and retrieves a cached version of that file from the Dllcache folder. If a cached copy of the catalog file is not available, WFP requests that you insert the Windows 2000 operating system CD to retrieve a new copy of the catalog file.
SFC Syntax
The command-line syntax for SFC is as follows:
sfc [/scannow] [/scanonce] [/scanboot] [/cancel] [/enable] [/purgecache]
[/cache size=x] [/quiet]
SFC Switches
The SFC switches are listed in Table 31.9.
Table 31.9 SFC Switches
Switch |
Description |
|---|---|
/scannow |
Scans all protected system files immediately. |
/scanonce |
Scans all protected system files at the next system start. |
/scanboot |
Scans all protected system files at every start. |
/cancel |
Cancels all pending scans of protected system files. |
/enable |
Enables WFP for normal operation. |
/purgecache |
Purges the file cache and scans all protected system files immediately. |
/cachesize=x |
Sets the file cache size, in megabytes. |
/quiet |
Replaces incorrect file versions without prompting the user. |
/? |
Displays this list. |