The best way to gather detailed troubleshooting information about Windows is the built-in System information tool. It generates a report that contains details about the hardware and software configuration. Here's how it works:
Here's what the report will contain:
From time to time people ask me how to deal with cases of data loss. Usually I tell them about a tutorial that was written for Private Disk - the subtleties of backing up encrypted data. The problem is that data loss can happen to anyone, not only a Private Disk user, so I decided to write another guide, which is more generic, and is about data safety in general. It is true that there are more ways in which things can go wrong with encrypted data (because if you forgot the encryption key you actually lost all the data), there are still plenty of scenarios which can make someone unhappy even if they don't use encryption.
This is a story for those who are aware of the fact that we live in a world where Murphy's laws rule, those who understand the importance of backups, and are looking for a good backup strategy.
If you don't know why backups are important and why you need them, check out the reading material section in the end, or read about Murphy's laws when you have some time.
A good backup mechanism is
These are not mandatory, but having them is a bonus:
Make a list of files and directories that you need to backup.
If you have plenty of storage, you will probably want to backup the entire partition or hard disk, but this is not a good idea because:
Decide where you will keep the backups, these rules must be taken into account:
Here is a sample environment:
Lappie - a laptop which contains the following data I care about
Each time a backup is made, the old backups are pushed down, the fresh backup becomes #1, and the oldest backup is deleted. Note that even though the image says "new files", the backup will include the old ones too. Keeping three older copies is more than enough for the average user, but if you want to be able to travel back in time and see how your files looked like back in '45, you will obviously have to keep more than three previous copies.
To get the 3 features a good mechanism must have, only 2 tools are needed:
Windows comes with a task scheduling mechanism, you can access it via Control panel\Scheduled tasks. There are alternative programs which offer more features, but you will probably want to start with the standard task scheduler because you have it for free and it is already installed. There are reasons that can convince you to choose a different program for this purpose, they will be discussed later.
The tandem is nnBackup and nnCron, both programs come from the same company, they are light and very flexible, providing a broad range of features. They are not free, though there is a special offer for ex-USSR folks, they can get it for free; therefore you might want to take a look at some of the programs described above, or look for alternatives elsewhere.
nnBackup is the program that does the actual copying. You can read about its many settings in the manual, be prepared to make notes on a paper, or in a temporary text file. Once you are done, you will end up with a set of command line arguments that do what you want, for example:
nnbackup.exe verz -n 2 -sdn "onenote" -i D:\Stuff\MyNotes -o \\Servo\backups\Onenote -s -e -sa -zip -v -pc
nnbackup.exe verz -n 2 -sdn "Documents" -i D:\Stuff\TXTs -o \\Servo\backups\Documents -s -e -sa -zip -v -pc
nnbackup.exe verz -n 2 -sdn "trillian" -i D:\Soft\Trillian -o \\Servo\backups\Trillian -s -e -sa -zip -v -pc
And so on... as you can see, all the lines are identical, the only part that varies is the one that concerns the path of the source (where files are copied from) and the target path (where the files will be copied).
For the curious minds, here is what the command line arguments mean in the examples above:
In the same manner, I wrote the commands that will backup my other folders. Whenever I have a new type of data I want to backup, I can copy/paste an existing line and alter it accordingly. All these commands are saved in a BAT file, thus they will be executed one after another. All we need now is to launch this BAT file automatically on a weekly basis.
Watch out! some programs lock the files they use, so the files cannot be accessed by other processes (such as nnBackup, trying to make the copy). In this cases you have to make sure that the application is not running (ex: the mail client must be closed before the backup process is started, otherwise the mail archive cannot be read). To counter this, see if the program in question provides command line arguments (or any other mechanism) that allows you to close it correctly. Once you find out how to do that, perform that action before calling the backup script. If you don't know how to do that, then just close the programs by hand - but note that this goes against our philosophy - the backup must not require human intervention of any kind, because we can't trust humans...
nnCron comes into action now, this program will take care of running the backup script at the right time, re-run it if necessary, check if the network is active, etc. Creating a new task with nnCron is very easy, the screenshots below should be more than enough.
You can play with the other settings too, their names are self-explanatory. You will probably want to use the "host exists" feature, to verify whether the target backup machine is online; there are also various plugins that make it possible to use other conditions when evaluating whether a task has to run or not.
nnCron can keep track of multiple tasks; in this scenario, you will want two different scripts (one for backing stuff up on \\Servo, the other one for \\Hive), each script will have different settings for the time it should be run.
You don't necessarily need another computer for the backups, if you have an external disk, you can use it as the target path (i.e. instead of \\Servo\backups use F:\backups, replacing 'F' with the letter that corresponds to the external disk once it is mounted).
In the beginning you will probably not want to run the tasks in the background, because you want to see the progress of the transfer process, spot errors (if any). But after you do this a couple of times and you're sure everything works as you think it does, you can trust the system and let it work in the background.
The tips above are a set of general guidelines that are supposed to help you understand that good backups are a lot more than just copying and pasting files by hand in Windows Explorer.
A good backup mechanism must be thoroughly analyzed and tested before you can actually trust it. Do not let the apparent complexity dampen your spirits (I refer to finding the right command line arguments), once you get it figured out it is easy; but the most important part is that it is worth it. You will realize that when the first crisis comes and you get over it with no pain, trust me on that one.
Feel free to experiment with other similar tools (I will greatly appreciate it if you leave a comment and share your impressions), there are many of them out there.
Other reading material
Note: all the computer names were made up, coincidences with real world entities are just that - coincidences.
It has been reported that in certain circumstances the system will shutdown instead of rebooting itself when the user restarts it while Private Disk is running and an encrypted disk is mounted.
This was a problem difficult to trace; while it repeats itself 10/10 times on a "problematic" machine, on "non-problematic" ones everything is working correctly and it is impossible to simulate the problem.
This is what makes it of reason to make an educated guess that this is caused by a third-party component present on the system, which somehow alters the standard behaviour of Windows. The tough part is that even when you think you have disabled all the non-standard programs, there is a myriad of low-level components that one can't see with the naked eye.
A report published recently by IC3 (Internet Crime Complaint Center), provides a lot of insightful tips to those who often engage in Internet commerce. The study was carried out in cooperation with the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance.
The study is extremely useful, as modern life is a path that will inevitably intersect with the Internet, whether we want it or not. The web helps us - consumers, do things faster and easier; the problem is that fraudsters get the same benefits. As a result, if you fall for an Internet scam, the damage can be of a greater magnitude, and it can be inflicted upon you so quickly that you won't even notice it happened. Here are some numbers that put things in perspective:
It is highly recommended that you look through it and study the charts, and the recommendations section, which explains how to deal with such cases, as well as prevent them from happening. The remaining part of this article focuses on the issue of identity theft, which sadly was not given enough attention in the survey.
It is interesting that the study concludes that identity theft is one of the smaller troubles, as shown in the chart below.
Such a state of things is quite strange, because another study (the Computer Security Institute survey for 2007) found identity theft a much more serious problem. Could it be so that the victims of identity theft are not yet aware of their status?
Another possible explanation is that the scope of the IC3 report is simply different, it focuses on issues that occur after a transaction is complete (i.e. it is assumed that everything was ok before the final click in the process), while the truth is that identity theft has much more serious consequences. There is no need to use fake cheques, there is no need to engage in a long conversation with a "Nigerian scammer", nor there is a need to get involved in auction bidding. With your data in their pocket, a fraudster can do anything in a clean way - the sellers will not suspect that something is wrong, because from their point of view, they are dealing with an honest person, and everything is legal.
Identity theft occurs when someone else uses your personally identifying information without your knowledge or permission, to obtain credit cards, loans and mortgages, buy various products on your behalf, leaving you responsible for the consequences.
To minimize the risk of identity theft, you have to make sure that all the ways in which an identity can be stolen (attack vectors) are taken care of.
I am on Private Disk v 2.09. I close my files and every time I try to disconnect a drive letter I get the message:
There are files currently opened on disk Z:\
I feel that my data is not closing correctly. My question is how do I find out what file(s) are still open and how do I close them?
Quite often a volume can be used by a service, or another process that is running in the background - which makes it difficult to detect. In such cases, the best approach is to use a tool that monitors all the file activity that goes on in the system, and examine the list of processes that interfere with files located on the specific volume.
One such tool is Process Monitor; among many things, it can show which programs are working with data on a specific volume.
All you have to do is close these programs, and try to dismount the volume again.
If you see an unknown program accessing the volume, and you don't know how to close it (or you are not sure whether "killing the process" will have any serious consequences or not), look up the name of the program in a search engine and that will give you enough details to make a correct decision.
Earlier I explained how blue screens of death can be countered, today I will describe an alternative approach, which achieves the same result using different means.
Normally, the blue screen of death contains a driver name, and some addresses; if you're lucky, removing that driver will do the trick. But what if there is no driver name on the BSoD? And what if you don't have all the skills to play with crashdumps and debuggers?
In this case, Autoruns comes to the rescue. This is a graphical tool that allows you to disable/enable drivers in a very easy way.
The steps above will be repeated until the system is able to boot correctly.
When that happens, remember what were the last changes you applied, and try to enable some drivers back - until you figure out which one of them was causing the issue.
The advantage of this method is that you can keep unchecking drivers without knowing what they do, because undoing any change is as easy as checking an item back (this is one of the coolest things about Autoruns).
What makes a driver suspicious?
When temporarily disabling a driver, you are not yet sure whether the driver in question is the culprit, so an educated guess is your best option. Start by unchecking:
In the example above, I highlighted Private Disk's drivers, you can see the description and the vendor name - this illustrates how one can easily spot the modules related to an application.
Note: if you have a driver from 'Micr0soft' or "MlCROSOFT" (i.e. something that mimics the name of a well-known vendor), it is most likely a piece of malware, so you should not only disable it, but also figure out how it got in your system in the first place.
How to find the blue screening driver faster?
Usually one's technical knowledge provides sufficient data for a good guesstimate, but what if you have no clue where to start, and there are a lot of suspect items? In this case, try the binary search:
The trick is in narrowing down the problem to as few items as possible. At each step the list of suspects is cut in two, so eventually you are left with one single item.
How to tune my Windows performance with Autoruns?
If you switch to the other tabs, you'll see a lot of other stuff that loads automatically when the system boots (drivers, services, applications in the registry, various shell extensions, etc). You can go ahead and uncheck the items that look suspicious - this will cut boot times, and make the system faster once it is loaded (since less stuff is loaded into RAM).
Beware of the fact that if you uncheck the wrong stuff, certain functionality will be lost, and the system may become partially unusable. Therefore be careful with the changes you apply:
Sometimes things go wrong, Windows crashes with a blue screen of death (also known as a BSoD), resetting the computer.
The blue screen contains some information about the cause of the error, often that information can help you solve the problem almost immediately. However, most systems are configured to restart automatically when a blue screen occurs, thus there is not enough time to actually read the text on the blue screen.
You're missing a great deal of data - the name of the faulty driver, the code of the error itself, and some addresses which might be useful later.
To prevent that from happening, Windows can be configured not to restart the system automatically when such a crash occurs. This gives you enough time to analyze the data on the blue screen and figure out whether something can be done about it.
To do that:
From now on, you'll have plenty of time to enjoy the view of the blue screen, it will be displayed until you press the reset button (laptop owners beware: if you don't have a reset button, you'll have to turn the system off, then turn it back on).
Basic troubleshooting steps
Minidump - what do I do with it?
By default Windows will create a minidump, and store it to %windir%\minidump. The minidump contains information about the state of the system before the crash; these data can be used to understand what caused the error, and how to fix it (once you find the offending driver, it's a good idea to contact the authors of that module and give them the minidump as well).
Note that interpreting a minidump is not easy if you are not an experienced developer. You are more likely to have a positive result if you try the tips described above. If nothing helps, get hold of the created minidump and send it to someone who knows what to do with it.
If you want to give it a try yourself, use Microsoft's Debugging tools for Windows. Once you run the debugger, go to File\Open crash dump, and then you're on your own.
How to enable minidumps
Some may choose to disable the creation of minidumps (to save space perhaps?), but they are very important when troubleshooting a problem. To enable the minidumps:
2g 3g administrator antivirus authentication beta biometry «blue screen» bsod business citrix data driver email encryption «file system» form-filling gsm howto «identity theft» internet keeper keylogger logon mobile password «password carrier» portability privacy «private disk» release sales security service seven sim «sim card» «sim manager» «sim reader» «smart card» software tips token troubleshooting usb usim vista windows wiping xp