Use Windows Backup And Restore

Windows 10 includes the Backup And Restore (Windows 7) tool, which allows the creation of backups of your data. This backup feature was not included in Windows 8, but it has returned in Windows 10 to enable users who might have upgraded from Windows 7 to this version to restore data contained in Windows 7 system image backups.

In addition to restoring files and folders, you can also use this tool to create backups of files contained in folders, libraries, and whole disk volumes.

You cannot save your backups to the disk on which Windows 10 is installed, so you must provide another location, such as an external USB drive, network drive, or non-system local disk. To launch the Backup And Restore (Windows 7) tool in the GUI, open the System And Security section of Control Panel or use the Backup And Restore (Windows 7) item listed in the Settings app.

To create a backup of your files and folders and a system image, follow these steps:

1. Open the Settings app, and then click Update & Security.

2. In the navigation pane, click Backup, and in the details pane, click Go To Backup And Restore (Windows 7).

3. In the Backup And Restore (Windows 7) window, click Set Up Backup.

4. On the Select Where You Want To Save Your Backup page, choose the location and click Next.

5. On the What Do You Want To Back Up page, click Let Windows Choose (Recommended) and click Next.

6. On the Review Your Backup Settings page, click Change Schedule.

7. On the How Often Do You Want To Back Up page, leave the Run Backup On A Schedule (Recommended) check box selected and, if necessary, modify the backup schedule.

8. Click OK.

9. On the Review Your Backup Settings page, click Save Settings And Run Backup.

The backup begins, and you see the progress bar as shown in Figure 4-1. The first backup takes the longest time because it is a full backup. Subsequent backups are incremental and can take only a few minutes to complete.

When the backup is complete, use the links on the Backup And Restore (Windows 7) page to see the size of the backup on disk, edit the schedule, and manage the disk space the Backup And Restore (Windows 7) tool uses.

When backing up your system, you can opt for the recommended settings, which create a backup of all files and folders in your user profile (including libraries) as well as a system image. The system image files are large, likely to be approximately 10 GB in size. You can specify the frequency and time when Windows 10 performs backups or retain the default backup schedule of Sunday at 7 PM every week.

If you require more specific scheduling, you can modify the triggers in the AutomaticBackup job in Task Scheduler after you have enabled scheduled backups. Available options to trigger a scheduled backup include:

• On A Schedule

• At Logon

• At Startup

• On Idle

• On An Event

• At Task Creation/Modification

• On Connection/Disconnect To A User Session

• On Workstation Lock/Unlock

If you want to choose specific libraries and folders for the backup manually, select Let Me Choose on the What Do You Want To Back Up page when initially setting up the backup. Although you cannot select individual files for backup, you can clear the check box to include a system image of the drive.

The Backup And Restore (Windows 7) tool uses the Volume Shadow Copy Service (VSS) to create the backups. The initial backup creates a block-level backup of the files to the backup file and uses the virtual hard disk (.vhdx) file format. VSS greatly enhances the performance of the backup operation because subsequent backups only copy the data that has changed since the previous backup, which is typically a smaller amount of data, thus creating the incremental backup much faster.

Each time you run a backup, the Backup And Restore (Windows 7) tool creates a new restore point, which the Previous Versions feature in File Explorer can use (and is covered later in this chapter).

To restore libraries, folders, or files from a backup, you can use the Restore My Files link in the lower-right of the Backup And Restore (Windows 7) screen. You can select which backup set to use and restore items to their original locations or to different locations. To restore data from a backup, use these steps.

1. On the Backup And Restore (Windows 7) page, click Restore My Files.

2. The Restore Files dialog box presents you with access to the latest backup. If you want to choose an alternative backup, click Choose A Different Date, select the correct backup, and click OK.

3. Locate the files or folders you intend to restore by using one of the three options for you to find your files to recover.

   • Search Type part of the name of the file you intend to restore. Click the file or Select All to restore all the found files. Click OK. (The search speed is very fast.)

   • Browse For Files Click the backup name with the correct date and time stamp and browse to the folder that contains the items you want. Select the items and click Add Files.

   • Browse For Folders Click the backup name with the correct date and time stamp and browse to the folder that you want. Select the folder and click Add Folder.

     You can choose multiple files and folders and use any of the three options or combinations of the options to locate the items you want.

4. Click Next.

5. On the Where Do You Want To Restore Your Files page, choose to restore to the original location or browse and select a different location.

6. If you restore an item to a location that contains the same item name, you are prompted to choose one of the following.

   • Copy And Replace The item restored from the backup overwrites the item in the destination location.

   • Don{{#}}8217;t Copy Nothing changes, and no item is restored.

   • Copy, But Keep Both Files The original items remain as is, and the file name of the restored item is modified to show it is a version of the same item.

   • Do This For All Conflicts If you’re restoring multiple items, you can apply the same choice to each conflict.

7. When the restoration is complete, the Your Files Have Been Restored page appears, and you can click the link to View Restored Files.

8. Click Finish.

Perform a backup and restore with WBAdmin

In addition to the Backup And Restore (Windows 7) tool, Windows 10 includes another backup tool, the Windows Backup tool, which you can use from a command line. This tool is also found in Windows Server and is useful if you need to automate or create a backup job on several computers. Use the WBAdmin.exe command to create, configure, and restore backup jobs. In this section, you review some of the commonly used applications for WBAdmin.

WBAdmin get versions -backupTarget:E:

WBAdmin start recovery -version:05/31/2017-17:12 -itemType:Volume -items:\?
Volume{a6f2e427-0000-0000-0000-501f00000000} -BackupTarget:D: -RecoveryTarget:E:

Configure File History

File History is a file recovery method that provides users with a very easy and user-friendly method of retrieving files after they have been accidently deleted or modified. Once enabled, File History will automatically create a backup of all user files that have been modified on an hourly schedule. So long as the backup destination location does not become full, the File History can continue to store changes indefinitely.

To turn on File History, follow these steps:

1. Launch Settings, click Update & Security, and select Backup.

2. Click the Plus (+) icon labeled Add A Drive.

3. File History will search for drives.

4. In the Select A Drive dialog box, select the external hard drive that you want to use for File History.

5. On the Back Up Using File History page, verify that the Automatically Back Up My Files toggle is On.

Once enabled, File History will save copies of your files for the first time. This will happen as a background operation, and you can continue to work normally.

File History saves your files from your user profile and all the folders located in your libraries, including OneDrive, that are synced to your device if OneDrive is used. You can manually include or exclude folders on the Backup Options page. To manually include additional folders to be monitored by File History, you need to perform the following steps:

1. Open Settings, click Update & Security, and select Backup.

2. Click the More Options link.

3. On the Backup Options page, click Add A Folder.

4. Select the folder that you want to back up and click Choose This Folder as shown in Figure 4-3.

   

5. Ensure that the folder is listed in the list of folders under Back Up These Folders.

6. Close the Backup Options page.

There are two other methods for adding a folder to the File History list of folders:

• Add folders to one of the existing libraries already backed up by File History File History will protect these folders.

• Use File Explorer Select the folder, click History in the Home ribbon, and then click the Include It In Future Backups link.

You can configure many of the File History settings multiple ways, and you need to be familiar with each of them:

• File History in Control Panel

• Backup within the Settings app

• History item on the File Explorer ribbon

Within the advanced settings screen of File History, accessed from the See Advanced Settings link on the Backup Options page, you configure the following:

• Modify the frequency of the File History backup from every 10 minutes to daily.

• Share the backup drive to other HomeGroup members.

• Open File History event logs to view recent events or errors.

• Define the length of time to keep saved versions of your files.

• Manually clean up older versions of files and folders contained in the backup to recover space on the backup drive. You could also use the command line tool FhManagew.exe to delete file versions based on their age stored on the File History target device.

Restore previous versions of files and folders

Previous Versions has been reintroduced in Windows 10 and is a file and folder feature that enables users to view, revert, or recover files that have been modified or deleted by mistake. Previous Versions uses the File History feature or restore points created during backups in Backup And Restore (Windows 7). One of these features must be configured to use the Previous Versions feature.

After you have enabled File History or created a Backup And Restore (Windows 7) backup, you need to browse in File Explorer to the location where the modified or deleted files are stored. If one of these methods has “protected” the file or folders being browsed, the Previous Versions tab shown in File Explorer will list the available restore points for your data. Until one of these tasks has been performed, the Previous Versions tab will be empty.

VSS is used by Previous Versions to monitor and preserve copies of modified files on an automatic schedule. Earlier in the chapter, you saw that the Backup And Restore (Windows 7) tool also creates a restore point each time you create a backup. After the initial File History restore point has been created, subsequent restore points may take only a few minutes to complete.

If you configure File History and also use the Backup And Restore (Windows 7) tool, multiple restore points will be available in the Previous Versions tab. The Previous Versions feature is available on all file systems if File History is used. The Backup And Restore (Windows 7) can only be used to back up data using New Technology File System (NTFS) volumes.

To revert files to a previous version, use the following steps:

1. Ensure that File History is turned on.

2. Create a folder on your computer, for example, C:Travel PlansYork, and then create or save a text file called Things to do in the folder.

3. In File History, click Run Now.

4. Open Things to do, modify the contents, save, and exit the file.

5. In File History, click Run Now.

6. Right-click Things to do and select Restore Previous Versions.

7. On the Previous Versions tab, note that the Things to do.txt file has one previous version listed, which is the original file. Modify the file again. There will not be another Previous Version listed until the next Restore Point is created by File History.

8. To manually create a new Restore Point, return to File History and click Run Now. Return to the Things to do file and notice that it now has two file versions listed, as shown in Figure 4-5.

   

9. Delete the Things to do.txt file.

10. To recover the last version of the file that was saved by File History, right-click the C:Travel PlansYork folder and select Restore Previous Versions.

11. On the Previous Versions tab, select the Travel Plans folder, click the drop-down Open menu item, and select Open In File History.

12. File History launches. Double-click the folder that contained the deleted file.

13. Select the deleted file, and choose the green restore button.

14. Verify that the Things to do file has been restored to the C:Travel PlansYork folder.

Recover files from OneDrive

OneDrive allows you to store your files online. You can sync files between your PC and OneDrive. You can access files from OneDrive.com from just about any device that is connected to the Internet. You can use the OneDrive Recycle Bin to recover files that you accidentally delete from your OneDrive account.

The OneDrive Recycle Bin can retain deleted items for between three and 30 days, if you are signing in using your Microsoft account. If you sign in with your Office365 account, deleted items are retained for up to 93 days. The actual retention period is dependent on the size of the Recycle Bin which is set to 10 percent of the total storage limit by default. If the Recycle Bin is full, old items will be deleted to make room for new items as they are added to the Recycle Bin and this may have an impact on the default retention period

To recover deleted files from your OneDrive.com, follow these steps:

1. Browse to your OneDrive.com, or right-click the cloud icon in the notification area and click View Online.

2. On the left side of the page, select the Recycle Bin.

3. If the Recycle Bin is not visible, click the three horizontal lines in the top left corner of the screen and select Recycle Bin.

4. Select the items that you want to recover.

5. Click Restore on the menu.

OneDrive will restore the items and they will be removed from the Recycle Bin.

At present, you are not able to modify the retention settings or increase the size of the Recycle Bin for OneDrive.com. If you use the Recycle Bin often and you are concerned about whether your deleted files will be protected by the Recycle Bin, you could consider increasing the space provided to the Recycle Bin by upgrading to a paid OneDrive storage plan such as Office 365 Personal. If space is limited, you could also review the items currently in the Recycle Bin and select items for permanent deletion to free up space, as shown in Figure 4-6.

When you delete files using the OneDrive.com interface or from your OneDrive folders within File Explorer, the deleted files will be automatically synchronized to the OneDrive.com Recycle Bin and the File Explorer Recycle Bin (or Trash if you are using OneDrive on a Mac). If you use the Restore All or Empty Recycle Bin options, you need to be aware that these tasks are irreversible.

The Search feature within OneDrive.com is a powerful method of locating files stored in your OneDrive. Search results do not include items in the OneDrive Recycle Bin or the File Explorer Recycle Bin.

Onedrive Document Version History

For Office documents, such as Microsoft Word and Microsoft Excel, OneDrive.com maintains previous versions of these documents where available. To view the available versions stored in OneDrive, navigate to the Office file, right-click it, and choose Version History. OneDrive will open the file in a new browser tab. You can then see the list of available versions on the left pane, and you can review the contents of each file as shown in Figure 4-7.

The older versions are listed together with the date and time when the file was last saved. If you select an older version of the document from the list of older versions in the left pane, OneDrive will open the older file in the tab, and it will display the name of the modifier. You can choose to Download or Restore this older version from the link displayed in the left pane.

Configure a recovery drive

Most Windows 10 PCs will have a recovery partition, which contains a full image of the system. If your computer does not start properly, you can use the recovery partition to start up.

The contents of the recovery partition can also be copied to a removable storage device so that if your recovery partition becomes inaccessible or corrupted, you will still be able to recover your system.

Disk drive space on many small form factor devices and tablets is often smaller than available on a laptop or PC. This can limit the availability for an original equipment manufacturer (OEM) to include a recovery partition on devices shipped with Windows 10. If there is no recovery partition, you can still create a bootable Universal Serial Bus (USB) flash drive–based recovery drive; you can use this drive to boot into the Recovery Environment (RE). You will then need to access a system image that you have created or that is provided by the OEM.

To create a recovery drive, follow these steps:

1. Search for Recovery Drive and select Create A Recovery Drive.

2. Accept the User Account Control (UAC) prompt, providing the necessary credentials, if required.

3. Select the Back Up System Files To The Recovery Drive option.

4. Click Next. Windows 10 will prepare the recovery image.

5. If you have not already connected a backup device to the system, on the Connect A USB Flash Drive page, connect a drive that has at least 16 GB capacity.

6. On the Select The USB Flash Drive page, select the drive for the recovery drive, as shown in Figure 4-8, and click Next.

   

7. On the Create The Recovery Drive page, read the warning that the USB drive contents will be deleted, and click Create. The Creating The Recovery Drive page appears with a progress bar, which will indicate which phase of the process is being performed. The process can take up to 30 minutes, depending on the performance of the PC and the media. The tool performs the following actions:

   • Prepares the drive

   • Formats the drive

   • Copies Recovery Drive utilities

   • Backs up system files

8. On the last page, click Finish.

When the recovery drive has been provisioned on the removable media, if your device has a recovery partition, you will see a link to delete the recovery partition from your PC. This relates to the Windows 10 device recovery partition and not the newly created recovery drive. If you want to free up the space on your device, you need to select this option. It is important to store the recovery drive in a safe place because you will not be able to recover your device if you have lost the recovery drive and you have deleted the recovery partition.

You should carefully label your Recovery Drive media after they have been created. Note that a 64-bit (x64) recovery drive can only be used to reinstall a device with 64-bit architecture. The Windows 10 Recovery Drive cannot be used to repair earlier versions of Windows.

Configure System Restore

You might have used System Restore in a previous version of Windows, such as Windows XP or Windows 7, to restore a computer that has become unstable. System Restore has been retained in Windows 10, and it offers a familiar and reliable method of recovering systems by restoring the operating system to a restore point created during a period of stability.

Once enabled, System Restore will automatically create restore points at the following opportunities:

• Whenever apps are installed If the installer is System Restore compliant.

• With updates Whenever Windows 10 installs Windows updates.

• Based on a schedule Windows 10 includes scheduled tasks, which can trigger restore point creation.

• Manually You can create a System Restore from the System Protection screen.

• Automatically When you use System Restore to restore to a previous restore point, Windows 10 will create a new restore point before it restores the system using the selected restore point.

To turn on System Restore and manually create a System Restore point, follow these steps:

1. Open Control Panel and click System and Security.

2. Click System, and then in System, select the System Protection link in the left pane. The System Properties dialog box appears with the System Protection tab open.

3. To turn on the System Restore feature, select the Local Disk (C:) (System) drive, and then click Configure.

4. On the System Protection For Local Disk (C:) dialog box, select Turn On System Protection.

5. Under Disk Space Usage, move the slider for the Max Usage to allow room on the restore points to be saved (five percent is a reasonable amount), as shown in Figure 4-9.

   

6. Click OK twice.

You can also use PowerShell to configure System Restore. Some of the available commands that you need to review include:

• Enable-ComputerRestore Enables the System Restore feature on the specified file system drive

• Disable-ComputerRestore Disables the System Restore feature on the specified file system drive

• Get-ComputerRestorePoint Gets the restore points on the local computer

• Checkpoint-Computer Creates a system restore point

The following command enables System Restore on the C: drive of the local computer:

Click here to view code image

PS C:> enable-computerrestore -drive "C:"

If the amount of space allocated for the restore points becomes full, System Restore will automatically delete the oldest restore points. If you require more restore points to be available, you need to allocate a larger proportion of the hard disk to the feature.

Once the system has created restore points, you are protected, and the system should be recoverable.

To recover your system, you can launch the System Restore Wizard from either:

• System Protection If your system will allow you to sign in to Windows, you can launch System Restore from the Windows 10 graphical user interface (GUI).

• Windows Recovery Environment (Windows RE) If the system will not allow you to sign in, you can boot to the Windows RE and launch the System Restore Wizard from the Advanced options.

Launching Windows RE

To launch the Windows RE and use safe mode or other advanced troubleshooting tools, you can attempt to start Windows 10 in advanced troubleshooting mode by using one of the following options:

• If available, select Restart Now under Advanced Startup in the Recovery section of the Settings app.

• Restart the device using the Recovery Drive.

• Boot the device using Windows 10 installation media and select the Repair Your Computer option.

• Press the Shift key and select the Restart option on the Start menu.

In addition to the methods above, Windows will automatically start in the WinRE after detecting the following issues:

• Two consecutive failed attempts to launch Windows

• Two consecutive unexpected shutdowns that occur within two minutes of boot completion

• A Secure Boot error

• A BitLocker error on touch-only devices

Once Windows 10 boots to the advanced troubleshooting mode, you need to click Troubleshoot, then on the Advanced Options screen, you can access some or all the following options, as shown in Figure 4-11:

• System Restore Use a System Restore point to restore Windows.

• Uninstall Updates Remove quality or feature updates.

• System Image Recovery Recover Windows using a system image file.

• Startup Repair Fix problems that are preventing Windows from starting.

• Command Prompt Used for advanced troubleshooting.

• Startup Setting Change Windows startup behavior.

If your system has a unified extensible firmware interface (UEFI) motherboard, you will also be offered an additional option:

• UEFI Firmware Settings Used to modify UEFI settings.

The advanced troubleshooting mode shown in Figure 4-11 allows you to select the Startup Settings, which restarts Windows in a special troubleshooting mode that might be familiar to users of other versions of the Windows operating system. Selecting the Startup Settings troubleshooting mode presents you with the following options:

• Enable Debugging Start Windows 10 in troubleshooting mode, monitoring the behavior of device drivers to help determine if a specific device driver is causing Windows 10 to behave unexpectedly.

• Enable Boot Logging Windows 10 creates and writes to a file named Ntbtlog.txt to record the device drivers installed and loaded during startup.

• Enable Low-Resolution Video Start Windows 10 in a low-resolution graphics mode.

• Enable Safe Mode Windows 10 starts with a minimal set of drivers, services, and applications to allow you to troubleshoot the system using the GUI. Safe mode does not include network connectivity.

• Enable Safe Mode With Networking Safe mode with networking enables network connectivity.

• Enable Safe Mode With Command Prompt Safe mode using a command prompt window rather than the Windows GUI.

• Disable Driver Signature Enforcement Allows you to load device drivers that do not have a digital signature.

• Disable Early Launch Anti-Malware Protection Start Windows 10 without the early launch antimalware functionality running. This mode is useful for identifying whether early launch antimalware is affecting a driver or app from being loaded.

• Disable Automatic Restart After System Failure Stops Windows 10 from automatically restarting after a system failure occurs.

You can cancel and reboot your system normally by pressing Enter. To select an option that you require, you need to press the number key or function key F1–F9 that corresponds to the list of items as shown in Figure 4-12.

If you press F10, you are taken to another screen with the option to launch the recovery environment. This option reboots the system and returns you to the Advanced Options screen, as shown previously in Figure 4-11.

Reset This PC

If other methods of recovering your system fail or your problems reoccur, you can revert your system to the state similar to how it was when you purchased it or when Windows 10 was first installed. Typical issues that prevent the use of other tools mentioned in this chapter might include a damaged hard drive or a malware attack that encrypts the drive.

Windows 8 first introduced the option to refresh or recycle your computer; Windows 10 has improved the performance and reliability of this feature. You will see the words recycle and reset used interchangeably by Microsoft to mean the same thing, although the Windows interface options typically use the term reset. The Reset This PC option consolidates the two options (Refresh Your PC and Reset Your PC) that were available in Windows 8 and Windows 8.1.

For enterprise users who suffer from an unstable or corrupted system, often the quickest remediation is to deploy a fresh system image from the deployment server to the device. Home users and small organizations can utilize a similar solution, but rather than use a deployment server on the network such as Windows Deployment Services (Windows DS), Windows 10 is able to re-image the device itself. Selecting the Reset This PC option effectively reinstalls the Windows 10 operating system and allows you to either keep your files or remove everything.

To start the recovery process, follow these steps:

1. Launch the Settings app.

2. Click Update & Security.

3. Select Recovery.

4. On the Reset This PC page, click Get Started.

   The screen will be dimmed, and you will be presented with the options shown in Figure 4-13 as follows:

   • Keep My Files Removes apps and settings but keeps your personal files

   • Remove Everything Removes all your personal files, apps, and settings

5. Select Keep My Files.

   A warning appears informing you that your apps will be removed; it lists any apps that will need to be reinstalled.

6. Click Next.

   On the Ready To Reset This PC page, you are reminded that resetting the PC will remove apps and reset all settings back to defaults.

7. Click Reset to restart the PC and allow the reset process to begin.

After the reset process has completed and you’ve signed in, you will have a list of removed apps on the desktop. This file, called Removed Apps, is discussed more in the next section.

If you selected to Remove Everything, then you are also asked if you want to clean the drive(s), too. Cleaning the drive helps to ensure that your content is not recoverable by the new owner of the device. This option is ideal if you are seeking to recycle your PC and want to make it difficult for someone to recover your removed files. When the system reset is complete, you are offered the OOBE. You must configure the device, install any apps, and modify any settings that you would like.

Perform a Fresh Start

Windows 10 also provides another way to reset the system called Fresh Start. Fresh Start performs three actions:

• Reinstalls Windows 10 while retaining your data

• Removes all installed apps and bloatware

• Installs the latest security updates

You can access the Fresh Start feature using the following steps:

1. Launch Windows Security, which is a built-in Microsoft Store app.

2. Select Device Performance And Health and then under Fresh Start, click Additional Information.

3. On the Fresh Start page, click Get Started and accept the UAC prompt.

   The screen will be dimmed, and you will be presented with the warning, as shown in Figure 4-14.

   

4. To proceed, click Next.

5. Fresh Start will then display a list of apps that will be removed. Fresh Start saves a list of apps removed, called Removed Apps, which will be found on the desktop once the process is completed.

6. Click Next.

7. On the Let’s Get Started page, click Start.

8. The PC is then reset, which can take up to 20 minutes.

When the device restarts after the Fresh Start has completed, you can sign in with the same username and password, and all your data will be retained. Any applications that you use must be reinstalled. Crucially, any apps that came preinstalled on your system by the OEM will have been removed. If you need access to the list of removed apps, a file is created during the process, which can be found on the desktop after you sign in to the device. Within the Fresh Start page in Windows Security, you will see a history of when the Fresh Start feature has been used and a link to the list of Removed Apps.

Creating a system image backup

As already mentioned, included with Windows 10 is the Backup And Restore (Windows 7) tool, which you can use to back up and restore selected files and folders. You can also use this tool to create a system image of your computer.

To create a system image backup, follow the steps:

1. In Settings, select Update & Security and then click the Backup tab.

2. In the Details pane, click Go to Backup And Restore (Windows 7)

3. On Backup And Restore (Windows 7), click Set Up Backup.

4. On the Select Where You Want To Save Your Backup page, choose the location and click Next.

5. On the What Do You Want To Back Up page, click Let Me Choose and then click Next.

6. Select any folders that you want to back up, but make sure you select the Include A System Image Of Drives check box, as shown in Figure 4-15.

   

7. On the Review Your Backup Settings page, click the Change Schedule Link.

8. On the How Often Do You Want To Back Up page, leave the Run Backup On A Schedule (Recommended) check box selected, and choose when you want the backup to be performed.

9. Click OK.

10. On the Review Your Backup Settings page, click Save Settings And Run Backup.

11. The backup will begin.

Creating a system repair disk

In addition to a system image, you can use the Backup And Restore (Windows 7) tool to create a system repair disk. You can use a system repair disk to recover Windows 10 in the event of a drive or other catastrophic failure.

A system image can be incorporated into any backup when using the Backup And Restore (Windows 7) tool. However, creating a system repair disk requires that you manually create a repair disk, as follows:

1. Open Backup And Restore (Windows 7) in Control Panel.

2. Insert a blank writable CD or DVD into your device.

3. On Backup And Restore (Windows 7), click the Create A System Repair Disc link.

4. On the Create A System Repair Disc page, click Create Disc.

5. Click Create disc, as shown in Figure 4-17.

   

The system repair disc is useful if Windows 10 will not automatically boot in the advanced startup options. In this situation, insert the system repair disc and your computer will boot from the recovery media automatically. If it doesn’t, you might need to change the boot order.

Components of the startup architecture

There are four main components in the startup architecture. These are:

• Windows Secure Boot All computers are potentially vulnerable to malicious software, such as computer viruses. This is especially true during the early startup phases when the operating system’s protective components may not yet be available. To mitigate this issue, Windows 10 implements Secure Boot. If your computer supports the Unified Extensible Firmware Interface (UEFI), you can enable Secure Boot in your computer’s UEFI settings. Once enabled, when the computer starts and before control is transferred to the operating system, each piece of software is checked for a valid digital signature. Only software deemed safe is loaded, including all low-level operating system drivers and files.

• Windows Boot Manager This consists of a single file, BOOTMGR, which resides in the root directory of the active disk partition. This partition is not assigned a drive letter. The Windows Boot Manager, BOOTMGR, reads the Boot Configuration Data (BCD) from the boot store. BOOTMGR replaces the NTLDR program from Windows XP and earlier. The BCD identifies the location and state of any operating systems installed on the local computer. The BCD is a database. Windows XP used a simple text file called Boot.ini.

• Windows OS Loader Winload.exe is located in the WindowsSystem32 folder on the operating system partition, which is typically assigned the drive letter C. Winload.exe initializes memory and then transfers control to the Windows kernel; this is a file called Ntoskrnl.exe located in C:WindowsSystem32.

• Windows Resume Loader Winresume.exe is also located in the WindowsSystem32 folder on the operating system partition. If the boot store identifies that there is a hibernation image (hiberfil.sys) on the local computer, then BOOTMGR has passed control to Winresume.exe rather than Winload.exe. Winresume.exe then returns the computer to its pre-hibernation state.

The Windows 10 startup process

When you start a computer installed with Windows 10, as shown in Figure 4-18, the following process occurs:

1. Power-on self-test When you power up your computer, the UEFI or, on older computers, the Basic Input Output System (BIOS), performs a number of fundamental checks. This is referred to as the power-on self-test (POST).

   The critical check that the POST performs is to verify the presence and accessibility of a configured boot device, such as a hard disk. The hard disk must contain a valid master boot record (MBR). The MBR enables the computer to identify and access partition information on the attached disk. The computer accesses the primary active partition (which contains the Windows 10 boot sector) and loads BOOTMGR.

2. Read the boot configuration data BOOTMGR accesses the BCD from the system partition. This enables BOOTMGR to determine the location of any installed operating systems and, where necessary, to display a startup menu on computers configured with multiple operating systems (referred to as dual-boot or multiboot systems). BOOTMGR also determines whether the computer has a hibernation file.

3. Winload.exe or Winresume.exe If a Hiberfil.sys file exists, BOOTMGR passes control to Winresume.exe to restore the operating system from the pre-hibernation state. If no Hiberfil.sys file exists, BOOTMGR passes control to Winload.exe.

   Winload.exe initializes memory and scans the computer’s registry to locate device drivers configured with a Start value of 0. These include low-level hardware components, such as hard disk controllers and peripheral bus components. Winload.exe then scans the registry for device drivers assigned a Start value of 1.

   Finally, control is passed to the operating system Kernel, Ntoskrnl.exe, and all drivers in memory; the Kernel is then initialized.

4. Load drivers After the kernel initializes, any remaining required drivers are loaded and initialized.

5. Session Manager The Kernel loads the Windows Session Manager (Smss.exe), which among other things, initializes the Windows subsystem (Csrss.exe). The display will now switch from character mode to graphical mode.

6. Sign in After the Windows subsystem loads, the Winlogon service starts. This displays the sign-in page, and the local user can sign in to the computer.

   

Available options for startup recovery

If your computer does not start properly, or at all, you can choose from a number of repair and recovery tools, depending on the particular situation. These tools are:

• Windows RE If your computer won’t start, then start from the product DVD and select Repair Your Computer In Setup. You can then access the full set of recovery tools in Windows RE, including System Restore, System Image Recovery, Startup Repair, Command Prompt, and Startup Settings. Generally, if the problem is related to low-level startup files, such as the boot sector, BOOTMGR, and the BCD, choosing the Startup Repair option is generally successful in fixing startup problems.

• Advanced Startup Settings If the startup problem lies elsewhere than with the startup files, you should be able to successfully start your computer in Safe Mode. Start from the product DVD, and in Setup, click Repair Your Computer. From the Advanced options menu, select Startup Settings, and then choose Safe Mode. Advanced Startup Settings include:

  • Enable Debugging

  • Enable Boot Logging

  • Enable Low-Resolution Video

  • Enable Safe Mode

  • Enable Safe Mode With Networking

  • Enable Safe Mode With Command Prompt

  • Disable Driver Signature Enforcement

  • Disable Early Launch Antimalware Protection

  • Disable Automatic Restart After Failure

• System Configuration tool If your computer starts, but with errors, you can access Safe Mode by running the System Configuration tool (Msconfig.exe). On the Boot tab, shown in Figure 4-19, select the appropriate Safe Boot option. Note that the computer remains in Safe Mode until you return to System Configuration to revert to Normal startup on the General tab.

  

• Automatic Failover If your computer experiences startup problems, assuming that your computer still has the (default) recovery partition, Windows will failover to Windows RE from this recovery partition.

The boot store

The boot store contains information that enables the low-level startup components of Windows 10 to locate any installed operating systems on the attached hard disk(s). Generally, it is not necessary to make changes to the BCD. However, it is important that you know how to make changes in case you must troubleshoot the startup environment.

Typically, you make changes to the BCD by reconfiguring Windows. For example, you might use the System Configuration tool to force Safe Mode. You might decide to make changes to the Startup And Recovery settings to choose the default operating system (assuming several are installed). Both these changes are made in the user interface but are reflected in the BCD. However, you can also work directly with the BCD using a number of command-line tools. For example, Figure 4-20 shows the output from the BCDEdit.exe /Enum command; this command enumerates and displays all boot store entries.

Managing Devices and Device Drivers

For hardware to function properly, it requires special software designed for Windows 10 to communicate with it. This software is referred to as a device driver. When Windows 10 detects new hardware, the system automatically attempts to install one of the built-in drivers included as part of the operating system. These drivers are either located within the Windows 10 Driver Store, or you can download them through Windows Update. A common reason for a computer to fail to start, or to start with errors, is because a device driver is faulty or corrupted.

Install Devices

New and updated hardware device drivers are regularly submitted to Microsoft by the equipment vendor for testing and cataloging. If the Windows Update feature is enabled, Windows 10 automatically detects the presence of new device drivers, downloads them, and installs them.

New hardware is typically installed automatically when it’s added to Windows 10; the operating system detects and identifies the new hardware through the Plug and Play feature. Windows 10 supports new hardware connected through a variety of connection methods, including USB (1.0 through 3.1), Wi-Fi, and Bluetooth. In addition to backward compatibility for existing and earlier hardware, emerging technologies, such as near-field communication (NFC) and Miracast for wireless displays, also have built-in support in Windows 10.

For advanced users or for managing or troubleshooting a hardware device issue, you can use Device Manager. Device Manager provides information about each device, such as the device type, device status, manufacturer, device-specific properties, and device driver information.

There are multiple ways to load the Device Manager, including:

• Right-clicking the Start button and selecting Device Manager

• Typing Device Manager into Search

• Opening Control Panel, selecting Hardware And Sound, and then selecting Device Manager

The Device Manager default view (devices by type) is shown in Figure 4-21.

You can expand and explore each node in Device Manager and then select a device. All devices have properties, and these can be viewed by right-clicking the desired device and selecting the properties.

The Properties dialog box for a device is shown in Figure 4-22.

If you added a new peripheral and Windows 10 does not immediately recognize it, first check that the device is connected properly and that no cables are damaged. You should ensure that the external device is powered on and not in sleep or standby mode. You can also open Device Manager and launch the Scan For Hardware Changes Wizard from the Action menu, which will locate previously undetected hardware and then configure it for you.

PnPUtil.exe -a -d <path to the driver> <drivername>.inf

Resolve driver issues

One of the most common issues with device drivers relates to users attempting to install a driver designed for an earlier operating system or a different architecture. In some cases, on previous versions of Windows, it might have been possible to install a Windows 7 driver on a Windows 8–based computer, but this is not a supported operation for Windows 10 and should be avoided in a production environment. As is the case with other software installations, you can’t use a 32-bit driver for a 64-bit resource. You can’t use a 64-bit driver to communicate with a 32-bit resource either.

Disable Updates

Sometimes a specific update or driver will not be compatible with your system. Although all updates and drivers should be thoroughly checked before they are made available for installation, it is almost impossible to test every combination of software and hardware that can coexist on a computer. In some configurations, the new software might produce unsatisfactory results. You saw earlier that one method to avoid this situation is to turn off updates completely.

Disabling automatic driver updates might have a more widespread effect than you want, especially if you only need to disable or prevent the installation of a single driver. To enable you to block a specific update, Microsoft has released the Show Or Hide Updates troubleshooter package, available from the Microsoft Download Center at https://support.microsoft.com/kb/3073930.

This troubleshooter, shown in Figure 4-25, searches for available drivers and Windows updates and then enables you to hide them, which prevents Windows from automatically installing them.

Each time you experience an issue with a driver or update that you don’t want installed, you can run this troubleshooter and select the updates that you want to disable.

Note Device Manager Error Troubleshooting

Device Manager marks a device that is not operating normally with a yellow exclamation point. When troubleshooting a device, you can check the error that Device Manager reports. For a detailed list of errors that Device Manager reports, see the article at https://docs.microsoft.com/en-gb/windows-hardware/drivers/install/device-manager-error-messages.

Use Driver Verification Tools

If you encounter issues with drivers that seem to relate to malware or missing drivers, you can use a command-line tool called Sigverif.exe, which checks whether any drivers have been installed on the computer that have not been signed. The check can take several minutes to complete. To run this tool, perform the following steps.

1. Open a command prompt. (Standard user privilege level is OK.)

2. Type sigverif.exe and press Enter. The File Signature Verification Tool appears.

3. Review the Advanced options.

4. Click Start and view the results, as shown in Figure 4-26.

   

The sigverif.exe tool is useful if you need to locate an unsigned driver. However, there is a more powerful driver verification tool, Driver Verifier, which is built into Windows 10.

Exam Tip

In the advanced settings of the Signature Verification tool is the file name of the log file; this is a good thing to know for the exam. Review the log file found at %SystemRoot%Sigverif .txt after the operation has completed.

With the enhanced kernel mode operation and reliance on signed drivers, Windows 10 should be less prone to frequent Stop errors. Although less likely, even signed drivers can cause problems, especially if you have an exotic combination of hardware inside your computer. If you do encounter instability, use the built-in Driver Verifier to discover whether a faulty driver is causing the problem.

Driver Verifier Manager can help you troubleshoot, identify, and resolve common device driver problems, and you can then remove, reinstall, or roll back the offending driver with Device Manager.

To run the series of driver tests, follow these steps:

1. Open a command prompt (Admin), using administrative privileges.

2. Type verifier.exe and press Enter. The Driver Verifier tool appears.

3. Review the settings in the tool. Depending on which option you choose, you might need to restart your computer for the tool to recognize all loaded drivers.

4. After you have selected drivers to be tested, restart the computer, restart the application, and then select Display Information About The Currently Verified Drivers.

Driver Verifier Manager tests each specified driver at startup and then enables you to perform a live test of each loaded driver by running a range of tests, as shown in Figure 4-27. If it detects a problem, the tool can identify the driver, and then you can disable it.

Support For Older Hardware

Some of the advanced settings in Device Manager are seldom used but have been retained for backward compatibility with older devices that do not support Plug and Play. Modern hardware peripherals must support Plug and Play, which allows Windows 10 to assign hardware resources automatically to new devices. If you look on the Resources tab of a device Properties dialog box in Device Manager, you see that a check box is selected indicating that Windows 10 is using automatic settings, as shown in Figure 4-28. The setting is unavailable and not changeable unless you disable the BIOS/UEFI setting, which declares that the operating system is Plug and Play–compliant.

The Plug and Play standard for connecting devices to Windows is nearly two decades old. Some hardware still exists that requires the administrator to install it manually. In Device Manager, the Add Hardware Wizard enables you to install hardware that does not support Plug and Play. To install such hardware, perform the following steps.

1. Open Device Manager.

2. On the Action tab, click Add Legacy Hardware.

3. On the Welcome To The Add Hardware Wizard page, click Next.

4. Select one of these options:

   • Search For And Install The Hardware Automatically (Recommended)

   • Install The Hardware That I Manually Select From A List

5. Follow the wizard prompts to finish the configuration of the hardware and provide the driver when requested.

Note Non-Pnp (Older) Devices Are Not Shown In Windows 10

Since Windows 8 and Windows Server 2012, non-PnP devices have not been represented in Device Manager as viewable nodes.

Manage driver packages

When device drivers are created by the original equipment manufacturer (OEM), they are deployed with the hardware in a driver package that includes all the files and information required for Windows 10 to communicate with the hardware. You see how driver packages are managed and how to install, provision, and import driver packages on Windows 10 devices.

PnPUtil.exe a <path to the driver> <drivername>.inf

PnPUtil.exe -a C:TempMyDevice.inf

PS C:> Enable-PnpDevice -InstanceId 'USBVID_5986&;PID_0266&;MI_007&;1E5D3568&;0&;0000'

Get-Help <cmdlet name> -Examples

Managing Services

Another possible cause of startup problems in Windows 10 is services; these are software components that function with the operating system and usually require no user intervention. Usually, services start before a user signs in to a Windows computer.

If your computer experiences problems when starting, you can use the following tools to help to identify whether the issue relates to operating system services:

• Event Viewer If services have problems, then generally, errors are written to the Windows log files. You use the Event Viewer tool to access these log files. Event Viewer is discussed in more detail later in this chapter.

• Log files Outside of the built-in capabilities of the Windows logs, you can also enable additional logging within specific Windows components or within a particular app. For instance, you can enable more detailed logging of the startup process by selecting Boot Logging in the Advanced Startup Options menu.

• Stop codes Windows 10 is very robust and system crashes are rare. However, when they occur, you can use the stop codes generated to help to identity the cause. These stop codes might suggest that a service is the root cause of a system crash.

• Notifications Within the Action Center, you can view notifications from Windows about system events, including possible problems.

If your computer does not start as a result of an issue with services, you can attempt to resolve the problem in a number of ways. These include:

• Safe Mode Start your computer in Safe Mode; this reduces the number of services running and might enable you to start your computer successfully. Once started, you can then investigate the possible causes using the tools listed above.

• Windows RE Start your computer into Windows RE and then select the Command Prompt tool. Using commands such as Net.exe and Sc.exe enables you to manually control service behavior.

• MSConfig.exe The System Configuration tool has a Services tab that you can use to control service startup. You can choose to disable specific services from this console. You can also focus only on those services that are not built in to Windows, as shown in Figure 4-31.

  

Windows as a service

Windows as a service is more about Windows deployment than it is updating; in other words, the update mechanism is used to deliver, or deploy, new builds of Windows instead of relying on more traditional deployment methods.

As an organization, this means that instead of planning and performing operating system upgrades, such as from Windows 7 to Windows 10, you use Windows Update to continually introduce new Windows 10 features as the operating system evolves.

Microsoft now deploys the following types of updates:

• Feature updates These add significant functionality to the Windows 10 operating system, and to date, these updates have been deployed twice a year—spring and fall. These updates are usually identified by their year and month. For example, this book and its companion exam, are based on Windows 10 1809, which shipped in September 2018. Other feature updates include Windows 10 1703, Windows 10 1709, and Windows 10 1803.

• Quality updates These provide reliability and security updates and fixes. Microsoft deploys these updates monthly on the second Tuesday of the month. They are cumulative, meaning that even if you miss an update, by applying a subsequent update, you receive all previous updates.

Users of Windows 10 Home editions have no control over how their computers receive these updates. However, users in business and educational organizations who are using Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education editions can control their update experience using

• Servicing channels Microsoft provides several servicing channels. These channels determine when updates are applied to a computer. These channels are

  • Windows Insider Program

  • Semi-Annual Channel

  • Long-Term Servicing Channel

• Deployment rings You can define deployment rings by using Group Policy Objects (GPOs) or Microsoft Intune. These deployment rings use a selected servicing channel and additional Windows settings to determine when updates apply. By configuring groups of computers with matching settings, you can control updates to that group.

Select the servicing channel

To configure the appropriate servicing channel for a device, use the following procedure:

1. Open Settings.

2. Select Update & Security and then, on the Windows Update tab, click Advanced Options.

3. As shown in Figure 4-32, under the Choose When Updates Are Installed heading, select the appropriate servicing channel. Options are

   

   • Semi-Annual Channel

   • Semi-Annual Channel (Targeted)

4. You can also choose to defer the application of both Feature and Quality updates by selecting a value from the appropriate drop-down menu. You can defer feature updates for up to 365 days. You can defer quality updates for up to 30 days.

The Windows Insider Program enables users of Windows 10 to gain an insight into features update before they’re released. They can also provide feedback to Microsoft during their evaluation of those feature updates. To opt in to the Windows Insider Program channel, use the following procedure:

1. Open the Settings app.

2. Select Update & Security and then select the Windows Insider Program tab.

3. As shown in Figure 4-33, on the Windows Insider Program tab and under the Get Insider Preview Builds heading, click Get Started.

   

Using deployment rings

By selecting an appropriate servicing channel, and then configuring feature update and quality update deferral values, you can create deployment rings. You might decide that you require a test group of computers that get updates early. You may also decide to create a group of computers that receive updates reasonably quickly after release. After testing, you might then want to enable the bulk of your remaining computers to receive the updates. You could achieve this by using the deployment rings described in Table 4-3.

Table 4-3 Suggested deployment rings

To configure deployment rings for Active Directory Domain Services (AD DS) domain-joined devices, use GPO settings. These settings are discussed in the next section. To configure deployment rings for non-domain-joined devices, use Microsoft Intune. You can configure the deployment rings using the Microsoft 365 Device Management portal, as shown in Figure 4-34. Details about this process are beyond the scope for this book, as they are not covered in the MD-100 Windows 10 exam. Note, in the Microsoft 365 Device Management portal, deployment rings are referred to as update rings.

Configuring settings on an individual computer

To configure the Windows Update settings on an individual computer, open the Settings app and select Update & Security. You can then configure the following settings.

Windows Update

Select the Windows Update tab, as shown in Figure 4-35.

You can then configure active hours, view update history, and configure advanced options (discussed above).

• Change Active Hours This setting allows the user to identify the period of time when they expect the device to be in use. Automatic restarts after an update will occur outside of the active hours. The default is 8 AM to 5 PM.

• View Update History Provides access to the links to uninstall updates and to access recovery options. You can also see a list of recent updates, as shown in Figure 4-36. To uninstall updates, click the link and select the update you want to remove.

  

• Advanced options On the advanced options page, shown in Figure 4-37, you can configure the following properties:

  • Give Me Updates For Other Microsoft Products When I Update Windows Users can choose to include updates for other Microsoft products in addition to Windows, and use the users’ sign-in info to automatically sign back in to the device to complete the installation following an update.

  • Automatically Download Updates, Even Over Metered Data Connections Enables users to ensure they receive updates, even when connected using cellular data.

  • Update Notifications Allows Windows to display a notification when a restart is required following updates.

  • Pause Updates Enables the user to turn off updating for a period of up to 35 days.

The remaining settings were discussed earlier in this skill.

Delivery Optimization

In Windows 10, you have several options regarding how Windows updates and Microsoft Store apps are delivered to the computer. By default, Windows obtains updates from the Microsoft Update servers, computers on the local network, and on the Internet. Windows Update Delivery Optimization allows the application of updates more quickly than previous versions of Windows. Once one PC on your local network has installed an update, other devices on the network can obtain the same updates without downloading directly from Microsoft.

This process is similar to popular peer-to-peer file sharing apps. Only partial file fragments of the update files are downloaded from any source, which speeds up the delivery and increases the security of the process. If you allow delivery optimization to take place, you then can choose from the following options how your PC will obtain updates and apps from other PCs:

• PCs On My Local Network Windows will attempt to download from other PCs on your local network that have already downloaded the update or app.

• PCs On My Local Network, And PCs On The Internet Windows will attempt to download from the PCs on your local network, and Windows also looks for PCs on the Internet that are configured to share parts of updates and apps.

If Delivery Optimization is enabled, your computer can also send parts of apps or updates that have been downloaded using Delivery Optimization to other PCs locally or on the Internet. To enable Delivery Optimization, from Settings, in Update & Security, select the Delivery Optimization tab, as shown in Figure 4-38.

Note that there are additional delivery optimization settings that you can configure by using GPO settings. These settings are discussed in the next section.

Configuring settings using GPOs

Although you can configure all your computers running Windows 10 manually, it is far easier and quicker to use Group Policy to configure your domain-joined computers. You can configure the following Windows Update settings using GPOs:

• Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows Update as shown in Table 4-4.

  Table 4-4 Windows 10 GPO settings in the Windows Update node

  Gpo Setting	Description
  Turn Off Auto-Restart For Updates During Active Hours	Allows you to specify the active hours during which the PC won’t restart.
  Specify Active Hours Range For Auto-Restarts	Allows you to specify the maximum number of hours that active hours can be set. This time can be set between 8 and 18 hours.
  Specify Deadline Before Auto-Restart For Update Installation	Allows you to enforce a restart between 2–14 days after a restart is scheduled.
  Configure Auto-Restart Reminder Notification For Updates	Allows you to specify when auto-restart reminders are displayed.
  Turn Off Auto-Restart Notifications For Update Installations	Allows you to turn off all auto restart notifications.
  Configure Auto-Restart Required Notifications For Updates	Allows you to specify how the restart notifications are dismissed. By default, this is automatic after 25 seconds.
  Configure Automatic Updates	Configure whether Windows Update can enable automatic updates on your computer. If this setting is enabled, you must select one of the four options in the Group Policy setting (note there is no option 1): 2 = Notify for download and auto install 3 = Auto-download and notify for install 4 = Auto-download and schedule the install 5 = Allow local admin to choose setting If you select option 4, you can also modify a recurring schedule; otherwise all installations will be attempted every day at 03:00.
  Specify Intranet Microsoft Update Service Location	Configure whether Windows Update will use a server on your network to function as an internal update service.
  Do Not Allow Update Deferral Policies To Cause Scans Against Windows Update	Allows you to prevent update deferral policies to cause scans against Windows Update.
  Remove Access To Use All Windows Update Features	Enabling this policy removes user access to Windows Update scan, download, and install features.
  Specify Engaged Restart Transition And Notification Schedule For Updates	Enabling this policy allows you to configure settings related to PC restart following a period of time when auto restart settings have been configured.
  Do Not Include Drivers With Windows Updates	If you enable this policy setting, Windows Update will not include drivers with Windows quality updates.
  Configure Auto-Restart Warning Notifications Schedule For Updates	Controls when users receive notification reminders and warnings to restart their devices following an update installation.
  Update Power Policy For Cart Restarts	For EDU devices that remain on charging carts overnight to receive updates to reboot during the scheduled install timeframe.
  Defer Windows UpdatesSelect When Feature Updates Are Received	Controls the type of feature updates to receive and when based on branch readiness level.
  Defer Windows UpdatesSelect When Quality Updates Are Received	Controls the type of quality updates to receive and when to receive them based on branch-readiness level.

• Computer ConfigurationAdministrative TemplatesWindows ComponentsData Collection And Preview Builds as shown in Table 4-5.

  Table 4-5 GPO settings in the Data Collection And Preview Builds node

  Gpo Settings	Description
  Toggle User Control Over Insider Builds	Determines whether users can access the Insider build controls in the Advanced Options for Windows Update.
  Allow Telemetry	Determines the amount of diagnostic and usage data reported to Microsoft by Preview Build users, as follows. 0= Security (Enterprise, EDU, Server, and IoT Operating Systems will send minimal telemetry data to Microsoft) 1= Basic (Limited amount of diagnostic and usage data) 2= Enhanced (Sends enhanced diagnostic and usage data). 3= Full (Sends enhanced diagnostic and usage data plus additional diagnostics data during a crash).
  Configure The Commercial ID	Allows you to define the identifier used to uniquely associate the device for when telemetry data is being sent to Microsoft.
  Configure Authenticated Proxy Usage For The Connected User Experience And Telemetry Service	Allows you to block or allow the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft.
  Disable Pre-Release Features Or Settings	Determines the level to which Microsoft can experiment with the product to study user preferences or device behavior as follows: 1 = Allows Microsoft to configure device settings only. 2 = Allows Microsoft to conduct full experimentations.
  Configure Connected User Experiences And Telemetry	Forward Connected User Experience and Telemetry requests to a proxy server.
  Do Not Show Feedback Notifications	Allows you to prevent devices from showing feedback questions from Microsoft.

• Computer ConfigurationAdministrative TemplatesWindows ComponentsDelivery Optimization as shown in Table 4-6.

  Table 4-6 GPO settings in the Delivery Optimization node

  Gpo Settings	Description
  Absolute Max Cache Size (In GB)	Allows you to limit the maximum size in GB for the Delivery Optimization cache. The default size is 10 GB.
  Enable Peer Caching While The Device Connects Via VPN	Can allow the device to participate in Peer Caching while connected via VPN to the domain network to download from or upload to other domain network devices, while either on the VPN or via the corporate network.
  Download Mode	Configure the use of Windows Update Delivery Optimization for downloads of Windows apps and updates as follows: 0=HTTP only: No peering 1=LAN: HTTP blended with peering behind the same NAT 2=Group: HTTP blended with peering across a private group 3=Internet: HTTP blended with Internet Peering 99=Simple: Download mode with no peering 100=Bypass mode: Do not use Delivery Optimization and use BITS instead
  Group ID	Used to create a group ID to which the device belongs. Used to limit or to group devices.
  Max Cache Age (In Seconds)	Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. Default setting is 3 days.
  Max Cache Size (Percentage)	Specifies the maximum cache size that Delivery Optimization uses as a percentage of available disk size. Default is 20%.
  Maximum Download Bandwidth (In KB/S)	Specifies the maximum download bandwidth that the device can use across all concurrent download activities using Delivery Optimization.
  Max Upload Bandwidth (In KB/S)	Defines the maximum upload bandwidth that a device will utilize for Delivery Optimization.
  Minimum Background QoS (In KB/S)	Specifies the minimum download QoS (Quality of Service or Speed) for background downloads. Default is 500 KB/s.
  Allow Uploads While The Device Is On Battery While Under Set Battery Level (Percentage)	Specify the value between 1 and 100 to allow the device to upload data to LAN and Group peers while on battery power. The device can download from peers while on battery regardless of this policy.
  Minimum Disk Size Allowed To Use Peer Caching (In GB)	Specifies the required minimum disk size for the device to use Peer Caching. Default is 32 GB.
  Minimum Peer Caching Content File Size (In MB)	Specifies the minimum content file size in MB enabled to use Peer Caching. Default value is 100 MB.
  Minimum RAM Capacity (Inclusive) Required To Enable Use Of Peer Caching (In GB)	Specifies the minimum RAM size in GB required to use Peer Caching. Default value is 4 GB.
  Modify Cache Drive	Specifies the drive Delivery Optimization will use for its cache.
  Monthly Upload Data Cap (In GB)	Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. Default value is 20 GB.
  Maximum Download Bandwidth (Percentage)	Specifies the maximum download bandwidth that Delivery Optimization uses. The default value is 0.

• Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows UpdateWindows Update for Business as shown in Table 4-7.

  Table 4-7 GPO settings in the Windows Update for Business node

  Gpo Settings	Description
  Manage Preview Builds	You can control whether your users’ computers can be configured into the Insider Build servicing channel. Enable this value to configure the device into the Windows Insider Program.
  Select When Preview Builds And Feature Updates Are Received	This value enables you to select the servicing channel. You can choose between: Preview Build – Fast Preview Build – Slow Release Preview Semi-Annual Channel (Targeted) Semi-Annual Channel You can then also select a deferment value.
  Select When Quality Updates Are Received	If you enable this value, you can then define a deferment value (in days) for quality updates.

To set a GPO to configure Windows Update, complete the following steps:

1. On a domain controller, open Group Policy Management.

2. Right-click a suitable GPO and then click Edit.

3. In the Group Policy Management Editor, shown in Figure 4-39, navigate to the appropriate node and edit the appropriate setting(s) as per the following tables.

   

4. Close the editor when you are finished. The GPOs will refresh to domain-joined computers.

There are seven GPO settings that relate to the Windows 10 Preview Builds, as described in Table 4-5.

The third table of GPO settings allows you to modify the Delivery Optimization settings in Windows 10, so that you can fine tune and regulate the peer caching of updates.

Windows Update for Business settings in GPO enable you to control which deployment ring your users’ computers are configured for. By using these settings, you control which servicing channel your users’ devices use, and deferment values for both feature and quality updates.

Roll back updates

With the rhythm of regular updates becoming the method of keeping devices secure and up to date, there might be instances when an update causes problems and you need to consider removing the update completely by rolling it back. You might have experience with driver rollbacks; the same concept is used for rolling back Windows updates.

Sometimes you need to remove a single Windows update. You can perform this task in a number of ways–through Control Panel, the Settings app, or the command prompt.

Uninstall A Windows Update By Using The Command Prompt

Sometimes you will want to remove the same update from multiple devices. After you have tested the command-line tool on your test device, you can use the command prompt or Windows PowerShell to script the command and distribute it to multiple devices by using Group Policy or Windows PowerShell.

You can use the Windows Management Instrumentation (WMI) command-line utility to generate a list of installed Windows Update packages on a Windows 10–based device, as shown in Figure 4-43.

To generate the list of installed Windows Update packages on your device, open a command prompt, (or Windows PowerShell) and type the following command.

Click here to view code image

wmic qfe list brief /format:table

When you have identified an update that you want to remove, you can use the Windows Update Stand-Alone Installer (Wusa.exe) command-line tool to uninstall updates by providing the package number (from the Microsoft Knowledge Base) of the update to be uninstalled. The syntax for the tool is as follows.

Click here to view code image

wusa.exe /uninstall /kb:<KB Number>

Substitute <KB Number> in the command with the actual KB number of the update you want to uninstall. The WMIC and WUSA commands work in either the command prompt or Windows PowerShell.

Understand event logs

You can start Event Viewer, as shown in Figure 4-44, by typing eventvwr.msc.

Upon opening, the console retrieves the events that have occurred on your computer and displays them. You can configure the Event Viewer to work with event logs from remote computers; you must enable remote management in your firewall.

There are two types of log files.

• Windows logs Includes Application, Security, Setup, System, and Forwarded Events

• Applications and services logs Includes other logs from applications and services to record application-specific or service-specific events

Because logs are created as part of the operating system, they can provide forensic-level metadata that can help you understand problems that are difficult to diagnose, using real-time analysis of the system.

The Windows logs are described in more detail in Table 4-9.

Table 4-9 Built-in Windows logs

The default Windows 10 event log maximum file size is 20 MB. If your system reaches this maximum size, new events will overwrite old events.

Open Event Viewer and take some time to familiarize yourself by reviewing some logs. There are several levels of events, with meanings as follows.

• Information These logs provide information about changes related to a component or system process, usually a successful outcome.

• Warning These events are not critical, although they could lead to more serious problems and should be investigated.

• Error Events warn you that a problem has occurred.

• Critical These events are the most severe and could lead to failure or loss of function. They are highly significant and indicate that a problem is occurring or has occurred.

• Audit Success/Failure If you have enabled auditing, these log entries appear in the security log.

In Event Viewer, select each of the Windows logs and look at the types of events that have been generated. The Actions pane on the right side provides tools and wizards to help you work with logs, including saving a log, clearing/deleting entries in a log, opening a previously saved log, and attaching a task to an event.

Create a custom view

When you explore Event Viewer, you might find so many entries that it is hard to locate specific issues. You’ll want to remove entries, but you should not clear a log on a production machine without first saving the log. A better method of removing log entries, such as informational or warning log entries, is to create a custom view that shows only specific events. This acts like a saved filter that you can invoke.

To create a custom view in Event Viewer that displays only Critical events in the System log, follow these steps:

1. Open Event Viewer.

2. On the Action menu, click Create Custom View.

3. On the Filter tab, select the Critical check box in Event Level.

4. In By Log, use the Down arrow and expand Windows Logs; select only the System check box and then click OK.

5. Type a name, such as System-Critical for the log name, and click OK.

6. The custom view immediately refreshes and displays log entries that match the criteria.

7. Your custom view filter—in this case, named System-Critical—is located in the left pane under the Custom Views node.

8. Close Event Viewer.

With all events, you can double-click the event log entry to reveal its Properties dialog box. The Event Properties dialog box provides you with additional detailed information together with a Copy button so that you can copy the event data to the Clipboard and then work with the data or seek help. Event descriptions have become easier to understand than in previous versions of Windows. The experience of reading event log entries will also help build your understanding.

Configure event subscriptions

You can configure Event Viewer to gather other computers’ event logs. Manually connecting to other computers on a regular basis can be cumbersome. You can automate the collection of event logs from other computers by creating event subscriptions.

All computers participating in a subscription must be configured to allow remote administration. This is achieved by enabling the Windows Remote Management service on the source computer. On the collector computer, start the Windows Event Collector service, which enables the computer to collect events from remote devices. To configure the computers to collect and send events, perform the following two short procedures.

Access event logs remotely

When you need to quickly view event logs on a remote computer, you don’t need to create a subscription. Instead you can view the event logs directly. To view event logs on a remote system, follow these steps:

1. Open Event Viewer.

2. Right-click Event Viewer (Local) in the left pane and choose Connect To Another Computer.

3. When the Select Computer dialog box opens, click Another Computer and enter the name, type the domain name or IP address of the computer, or click Browse to search for the computer on your network.

4. If you need to specify logon credentials, select the Connect As Another User check box. Click Set User and type the logon credentials for a local administrator or user on the remote device and then click OK.

Monitor performance using Task Manager

If you have used an earlier version of Windows, you probably have used Task Manager. This is one of the most useful tools available in Windows for gaining an immediate insight into how a system is performing.

Access Task Manager

The Task Manager built into Windows 10 shows you which processes (tasks) are running on your system and, importantly, shows the system resource usage that directly relates to performance. If a particular task or process is not responding or continues to run after you have closed the application, you can use Task Manager to view this behavior and force the offending process to end.

When troubleshooting, you might find that some users are comfortable using Task Manager to review the system status and end problematic tasks.

If you are moving to Windows 10 from Windows 7 or earlier, notice that Task Manager has been redesigned extensively and is now much more user-friendly, informative, colorful, and slightly less technical.

To open Task Manager, right-click the Start button and then click Task Manager. There are several other ways to open Task Manager, including

• Pressing Ctrl+Shift+Esc

• Right-clicking the taskbar, Cortana, or the Task View button and then clicking Task Manager

By default, the Task Manager opens to show only the running applications, as shown in Figure 4-46. While using this view, you can highlight any of the listed applications and click End Task to stop a running app.

If you click More Details, Task Manager reopens and displays seven tabs, which enable you to review specific areas of your computer activity. The tabs are described in Table 4-11.

Table 4-11 Task Manager tabs

Task Manager Tab	Description
Processes	Shows all running apps and background processes
Performance	Shows real-time statistics for CPU, memory, disk, Ethernet, Bluetooth, and Wi-Fi usage
App History	Shows historical data for universal and modern apps usage for the previous month
Startup	Lists the apps that start when the computer boots
Users	Lists all the users currently logged on to the computer locally and remotely
Details	Shows detailed statistics on all running and suspended processes
Services	Displays all running and stopped system services

Each tab offers you a different view of the system. Most users might be interested only in the simple view, whereas most IT professionals will only use the detailed version of Task Manager.

Using The Performance Tab

The Performance tab provides a graphical, real-time, statistical view for CPU, Memory, Disk, and Ethernet. If you have multiple Ethernet devices, such as Wi-Fi, these are listed. Figure 4-47 shows the Performance tab with Disk 0 selected. In the lower pane, below the graphics, you see additional information, such as read/write speed, capacity, and average response time. If you are connected to Wi-Fi and click Ethernet, you see the adapter name, Service Set Identifier (SSID), Domain Name Service (DNS) name, connection type, IPv4 and IPv6 addresses, and signal strength.

At the bottom of the Performance tab is an Open Resource Monitor link to the management console.

Monitor performance using Resource Monitor

The Resource Monitor displays more information and activity statistics relating to your system resources in real time. It is similar to Task Manager, but it also enables you to dive deeper into the actual processes and see how they affect the performance of your CPU, disk, network, and memory subcomponents.

Open the Resource Monitor by using the link on the Performance tab of Task Manager or search for Resource on the Start button. The executable for Resource Monitor is Resmon.exe, which you can run from a Run dialog box or command prompt.

When you open Resource Monitor, you see an overview of your system with graphs for each area of the system subcomponent. Four further tabs are available: CPU, Disk, Network, and Memory. The statistics tracked on the Overview tab include the following:

• % CPU Usage

• CPU Maximum Frequency

• Disk I/O Bytes Per Second

• Disk % Highest Active Time

• Network I/O Bytes Per Second

• % Network Utilization

• Memory Hard Faults Per Second

• % Physical Memory Used

Review each tab; each subcomponent offers additional components, as shown in Table 4-12.

Table 4-12 Resource Monitor components

In each data collector, you can sort the output by clicking the column title. If you select one or more processes in the topmost section, selecting the check box on the left side creates a filter for the items across all four tabs. The selected item is highlighted in orange, so that you can see how the item compares to the overall output, as shown in Figure 4-48.

The Resource Monitor is useful for troubleshooting performance issues that relate to high resource usage, and you need to establish which process is using a more than normal amount of resource such as memory.

For more advanced analysis, you can right-click any column and choose additional columns by choosing Select Columns. Each tab has associated columns; the CPU panel offers the following additional columns.

• Average Cycle Average percentage of CPU cycle time for the process (over a 60-second interval).

• Cycle Current percentage of CPU cycle time the process is using.

• Elevated The elevation status of the process. (If this is Yes, it is an elevated process.)

• Operating System Context The operating system context in which the process is running.

• Platform The platform architecture that the process is running.

• User Name The name of the user or service that is running the process.

If you want to freeze the screen so that you can analyze the display or capture an image, you can click the Monitor menu item and select Stop Monitoring.

Monitor performance using Performance Monitor and Data Collector Sets

You can use the Performance Monitor Microsoft Management Console (MMC) snap-in to monitor and track your device for the default set of performance parameters or a custom set you select for display. These performance parameters are referred to as counters. Performance Monitor graphically displays statistics and offers real-time monitoring and recording capabilities. By default, the update interval for the capture is set to one second, but this is configurable.

You can use the tool to record performance information in a log file so that it can be played back and used as part of your overall benchmarking process on a system being tested, or when collecting information to help you troubleshoot an issue. You can also create alerts that notify you when a specific performance criterion, such as a threshold or limit, has been met or exceeded.

The easiest way to learn how to use Performance Monitor is to run one of the two built-in collector sets and review the results.

• System Diagnostics Data Collector Set collects the status of local hardware resources and configuration data, together with data from the System Information tool.

• System Performance Data Collector Set reports the status of local hardware resources, system response times, and processes.

Run The Performance Monitor Data Collector

To run the System Performance data collector and view the report, follow these steps:

1. Type Performance into Start and click Performance Monitor in Control Panel.

2. On the navigation pane, select Data Collector SetsSystem and click System Performance.

3. On the toolbar, click the Run icon (green triangle). The collector runs for 60 seconds and then stops.

4. After the collector has stopped, in the navigation pane, select Reports and expand System.

5. Click the chevron arrow next to System Performance and then click the Report icon related to the collector you just ran. The latest report should be listed at the bottom. The System Performance Report appears in the results pane.

6. Review the System Performance Report and then close Performance Monitor.

When you review the report, as shown in Figure 4-49, you can see how extensive and detailed the monitoring is. The report is saved and can be printed and refreshed to provide an up-to-date report, which you can compare to other reports.

The diagnostic or performance-monitoring data collector sets are very useful when identifying the cause of performance deterioration, which might be a warning sign of potential malfunction or failing hardware.

You can manually configure Performance Monitor to report on one or many parameters you select for display. You choose the counters that relate to the hardware and software installed on your system. If you add new hardware, such as a new network card, Performance Monitor updates the set of performance counters for the new resource.

Monitor system resources

Every computer system has a performance threshold that, if pushed beyond this level, will cause the system to struggle to perform optimally. If you overload the system, it eventually slows down as it attempts to service each demand with the available resources. Most systems include a capable processor and sufficient amount of RAM for everyday or general needs. Memory is automatically reclaimed from apps that are closed. However, when apps or web browser tabs are left open, and more apps are then opened, the overall ability for the system to perform is degraded.

Troubleshoot performance issues

In normal operating conditions, the majority of users rarely experience performance issues with their devices after they have been configured with the necessary security, antimalware, productivity, and specialist software. Out of the box, Windows 10 is optimized for general user environments.

Over time, the device might gradually seem to become slower. If the user notices this decreased system performance, he or she might request help from the help desk.

You can avoid some performance degradation by performing regular maintenance, such as using the Disk Cleanup utility to remove temporary or unwanted files. Windows 10 does a good job at self-healing and maintaining the system and schedules many maintenance tasks to run automatically for you.

If poor performance occurs, investigate and troubleshoot the reason to establish whether there is a bottleneck—perhaps a memory-hungry app, multiple startup programs, or even malware. Another gradual but common occurrence is when a system runs out of disk space, especially because the majority of devices are now using solid-state drives (SSDs) that are typically smaller-capacity drives.

When looking at the factors that might influence your PC, consider some of the following.

• Windows 10 architecture: x86 or x64

• Processor speed, processor quantity, onboard cache memory, and cores

• Physical hard disks input/output speed, buffer size, and defragmentation state

• Memory: capacity, speed, and type

• Graphics card: throughput, memory, onboard processing speed, quantity, and drivers

• Network interface throughput, onboard processing capability, quantity, and drivers

• Application number, type, available optimizations, and architecture

• System, peripheral, and application drivers

Understand how system bottlenecks can occur, how to diagnose a system that is suffering from a performance bottleneck, and how to respond and recover from the problem. Some common performance bottlenecks that are useful to know about when troubleshooting are shown in Table 4-14.

Table 4-14 Performance bottlenecks

Monitor and manage printers

Windows 10 provides some additional options for you to manage your printing compared to previous versions of Windows. A new Print Management desktop app and the new Printers & Scanners options in the Settings app provide basic printer management such as Add, Remove, and Set As Default Printer.

You still have previous printer tools in the Devices And Printers section of Control Panel or from the link at the bottom of the Printers & Scanners options in the Settings app. The Devices And Printers Control Panel item is the same interface as in previous versions of Windows 7. This section focuses on the new features relating to Printer With Windows 10, but for the exam, you should also review the older printer tools.

Manage Printers By Using Print Management

A new Print Management console is available for you to manage your device printers from a single management console. Print devices connected to your PC can be shared, and you can manage the properties of the device. The Print Management MMC, as shown in Figure 4-51, is included in the Administrative Tools of Windows 10 Pro and Enterprise editions, and it lists all printers, drivers, and other print servers that you are connected to.

You can also launch the Print Management console by typing Printmanagement.msc in the Start menu.

The Print Management console offers you a single location to perform the following printer-related management tasks:

• Add and delete print devices

• View printers and print servers

• Add and remove print servers

• Add and manage print drivers

• Deploy printers using Group Policy

• Open and manage printer queues

• View and modify status of printers

• Use the filter feature to view printers based on filters

If you right-click a printer, you are presented with a list of some action items that can be performed on the selected printer. These can include the following tasks:

• Open Printer Queue

• Pause Printing

• List In Directory

• Deploy With Group Policy

• Set Printing Defaults

• Manage Sharing

• Print Test Page

• Enable Branch Office Direct Printing

• Properties

• Delete

• Rename

• Help

Note Remote Printers

You can use the Print Management console to manage both local and remote printers. Devices And Printers in Control Panel can only manage locally connected printers.

Get-Command -Module PrintManagement

Configure indexing options

To maintain the performance of Windows 10 search, the system automatically indexes data on your computer in the background. This data includes user-generated files, folders, and documents. Most users will never modify the default indexing settings, but you can add new areas to be indexed and exclude others. Common locations include your user profile areas and app data that you access frequently, such as Office apps.

If you store a lot of data in a storage space or a removable drive, you can add this location to Indexing Options to significantly speed up the performance of future searches in this location.

To view your existing indexing locations, type Index on the Start screen and click Indexing Options in Control Panel to see the Indexing Options dialog box shown in Figure 4-52.

You can use the Modify button to add or remove locations. In the Indexed Locations dialog box, you see the summary of locations. If you click Show All Locations, Windows 10 displays all the hidden locations, and this enables you to fine-tune the indexing to specific subfolders, if necessary. To select the Downloads and Documents folders within your profile, select the arrow next to the Users folder and then locate and select Downloads and Documents in your user profile.

After you apply changes to indexing, the indexing process doesn’t happen immediately; rather, it runs as a background task whenever your machine is running but not being used. While the indexing process is incomplete, the message in the dialog box indicates that Indexing Speed Is Reduced Due To User Activity. When the process has finished, the message states Indexing Complete.

Be careful not to index everything on your disk. A large index can affect the search performance negatively.

In the Indexing Options dialog box, the Advanced button enables you to configure Index Settings and specify File Types to be excluded. You can include or exclude encrypted files, treat similar words as different words, delete and rebuild the index (useful if you suspect search is not working), and change the index location from the default C:ProgramDataMicrosoft.

On the File Types tab, you can exclude file types from the index and configure whether the index searches in the file contents or just in the file properties. You can also manually add new file types that have not been automatically included to index.

Evaluate system stability by using Reliability Monitor

Members of the desktop support team often report that it is difficult to ascertain the precise nature of calls that relate to poor performance or system instability. Reliability Monitor is an excellent tool for these situations because it enables you to review a computer’s reliability and problem history and offers both the help desk and you the ability to explore the detailed reports and recommendations that can help you identify and resolve reliability issues. Changes to the system such as software and driver installations are recorded, and changes in system stability are then linked to changes in the system configuration.

To launch Reliability Monitor, type reliability in the Start screen and click View Reliability History in Control Panel, or type perfmon /rel at a command prompt. The tool displays a summary of the reliability history for your system, as shown in Figure 4-53.

The top half of the Reliability Monitor screen shows a line graph with a scale of 1 to 10 and date timeline along the bottom axis. You can toggle the view from weeks to days. The graph rises and sinks over time, and at the low points are colored markers in red, blue, or yellow. Below the graph are the details that relate to system configuration changes, such as software and driver installations. When system changes result in a negative system stability, such as an app crashing or a service stopping, there might be a relationship between the two, and these can be further explored. The graph gradually reaches the maximum level of 10 if the system does not experience negative system stability over a prolonged period.

Reliability Monitor is enabled by default in Windows 10. Reliability Monitor requires the Microsoft Reliability Analysis task, RacTask, to process system reliability data, which is a background process that collects reliability data. RacTask can be found in the Task Scheduler library under the MicrosoftWindowsRAC node.

The Reliability Monitor main features include:

• System stability chart Provides summary of annual system stability in daily/weekly increments. The chart indicates three levels of stability data: information, warning messages, and critical errors.

• Records key events in a timeline Tracks events about the system configuration, such as the installation of new apps, operating system patches, and drivers.

• Installation and failure reports Provides information about each event shown in the chart, including:

  • Software Installs/Software Uninstalls

  • App Failures

  • Hardware & Driver Failures

  • Windows Operating System Failures

  • Miscellaneous Failures

Because the tool offers a rolling view of reliability history, you can retain a copy of a point-in-time report. Click the Save Reliability History link to save complete details at periodic time points, such as annually. System builders and repair shops often use the report to demonstrate computer stability for future reference.

At the bottom of the Reliability Monitor screen are two additional links that list all computer problems and attempt to locate problem solutions from the Internet. The Problem Reports And Solutions tool helps you track problems that are reported and checks for all available solution information to problems.

Configure and manage services

A service can best be described as a software component that interacts at one level with device drivers and, at another level, with app-level components. In a sense, services sit between apps and hardware devices and are considered a core part of the operating system, controlling user requests, through apps, to hardware resources.

These operating system services provide discrete functions in Windows 10 and require no user interaction. You can manage services in a number of ways, including from the command prompt, by using Windows PowerShell, and by using the management console.

Using The Services Management Console Snap-In

The most straightforward way to manage services is to use the Services management console snap-in, as shown in Figure 4-54.

You can use this console to view and manage services in the operating system. For example, to manage the status of a service (assuming it is not running), right-click the service and then click Start. If you want to stop or restart a running service, right-click the running service and then click either Stop or Restart.

You can also manage the settings of a service by double-clicking the desired service. In the Properties dialog box for the named service, as shown in Figure 4-55, you can then configure the properties shown in Table 4-16.

Table 4-16 Configurable options for a Windows 10 service

Tab	Options And Explanation
General	Service name. You cannot change this value, but it is useful to know what name Windows assigns to the service so that you can reference it when using a command-line tool or Windows PowerShell. Startup type: Disabled, Manual, Automatic, Automatic (Delayed Start). This option enables you to determine the startup behavior of the service. Start parameters. You can add properties to configure the service behavior when it starts.
Log On	Log on as Local System Account or This Account. Some services run in the context of the Local System Account. Others must be configured to use a specific, named account (for example, when communicating across the network with another service). You can create special local user accounts for the purpose of running services. When you define a specific user account and change the user password, you must update the password information on the Log On tab for the services that use that account.
Recovery	You can configure what happens when a service fails to start or crashes. Specifically, you can configure Windows 10 to attempt a restart of a service if it fails to start on the first attempt. On second attempts, you can choose another option, such as Restart The Computer. Available options for failures are Take No Action, Restart The Service, Run A Program, and Restart The Computer. If you select Run A Program, you can configure additional options for the path and name of the program, plus any runtime switches you want to apply.
Dependencies	Some services depend on other services, or groups of services, to run. In this way, Windows 10 can start efficiently by making sure only the required services are in memory. You cannot make changes on this tab, but it is informative to know whether a service has dependencies, especially when a service is failing to start properly.