Best Practice Ezine #114 – SFC and SourcePath

Best Practice Ezine #114 – SFC and SourcePath

This week I have two separate but related tips:

1) Run the SFC (System File Checker) utility.  My goal is to ensure that your operating system’s .dll, .exe and .sys files are intact and have not been over-written with an inappropriate version.

2) Let us visit the registry and set the value for SourcePath.  Often the default value is not pointing to the most suitable drive for the installation CD, or the correct location, for the \i386 folder.

Bonus tip – Sign up with Connect.Microsoft for Longhorn and other Beta programs.

SFC (System File Checker)

If your Vista, XP or Windows Server 2003 computer is running slowly, then check the logs.  If they lead you to suspect a problem with corrupt, missing, or incorrect system files such as .dlls .exe or .sys, then run SFC (System File Checker).

The purpose of SFC is to scan, and then verify, the versions of all the system files under the Windows folder.  If SFC detects a file that has been overwritten by a 3rd party program, then it seeks out the correct version of the file.  First it tries the system\dllcache folder, then the Windows Updates folder, if all else fails SFC prompts for the Windows XP installation source files.  As a bonus, the SFC tool also verifies, and then re-populates the dllcache folder.

If you are suspicious, as I was, that SFC may destroy your system, then naturally backup before you start.  What I also did was to call for my favourite search engine and type ‘SFC problems’.  I repeated this and similar search strings at Microsoft’s site.  Reassuringly, there were no horror stories and no reports of SFC causing problems.  As an aside, this was how I learned that SFC also checks for newer files that Service Packs have applied.

Naturally, you must be logged on as an administrator to run the SFC tool.

1. Click Start (Button) and then click Run.
2. In the Open box, type cmd and click OK.
3. At the command prompt, type plain sfc, this just enables you to review the switches
4. If you have the source CD available try sfc /scannow and then press ENTER.

As with most commands, the syntax is: command space slash/switch.  I mention this as a beginners mistake is either to have no space, or put the space after the slash and before the switch.

Trap: SFC keeps asking for the source files – even with the XP disk in the cd caddy.
Solution: Investigate the SourcePath setting in the registry.  (See Below)

System File Checker Tool Syntax

SFC [/Scannow] [/Scanonce] [/Scanboot] [/Revert] [/Purgecache] [/Cachesize=x]

/Scannow:

Scans all protected system files immediately and replaces incorrect versions with correct Microsoft versions. This command will require the Windows installation source files, therefore have the CD ready.

/Scanonce:

Scans all protected system files one time when you restart your computer. This command may require access to the Windows installation source files when you restart the computer. The SfcScan DWORD value is set to 2 in the following registry key when you run this command:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

/Scanboot:

Scans all protected system files every time you start your computer. This command may require access to the Windows installation source files every time you start your computer. The SfcScan DWORD value is set to 1 in the following registry key when you run this command:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

/Revert:

Returns scan to the default setting (do not scan protected files when you start the computer). The default cache size is not reset when you run this command. This command is equivalent to the /Enable switch in Windows 2000.
/Purgecache: Purges the file cache and scans all protected system files immediately. This command may require access to the Windows installation source files.

/Cachesize=x:
Sets the file cache size to x megabytes (MB). The default size of the cache is 50 MB. This command requires you to restart the computer, and then run the /purgecache command to adjust the size of the on-disk cache. This command sets the SfcQuota DWORD value to x in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Guy Recommends SolarWinds’ Free Network MonitorSolarwinds Network Device Monitor

Thus utility makes it easy to check the health of a router or firewall.  Check the real-time performance, and availability statistics, for any device on your network.  Get started with an extensive collection of "out-of-the-box" monitors for popular network devices. Give Network Monitor a whirl – it’s free. Download your free Network Device Monitor

If you need more comprehensive network analysis software:
Download a free trial of NPM (Network Performance Monitor)

SFC Follow-up

To see what happened after running SFC /scannow you may, or you may not, see evidence of SFC at the little known ‘System Tools’ location.  I challenge you to try this:

Start (Menu), All Programs, Accessories
System Tools >
System Information. Then from the Toolbar select:
View> System History
           Hardware Resources or Software Environment.

This is a place that I hardly ever visit, but it is worthwhile checking the information so that you know what happens when your machine is running normally.  You can even print the information so that you have a reference point for future troubleshooting.

Guy Recommends: Tools4ever’s UMRAUMRA The User Management Resource Administrator

Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes.

It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA.

Controlling SourcePath

The idea of controlling SourcePath is to save grief when you go to the Control Panel and run: Add or Remove Windows Components.  What you discover is that the interface cannot find the CD or the folder where you store the source files.  With Add or Remove Programs at least you have a ‘Browse’ button, but with SFC (System File Checker) you are stuck in a loop if SourcePath points to an invalid location.

What the registry setting SourcePath does is control the path to the installation files, often a CD drive letter.  What happens is that during the operating system’s initial installation, the value for SourcePath is set in the registry, say to D:\.  However, in the intervening time you have copied the source files to c:\xp, or to a network share, \\ server \share.  The result is that Add or Remove Programs halts and won’t continue until you either place the CD in the original location, or else browse to the new path.  In the present context, SFC just halts without giving the option to change the path to the source files – irritating.

Solution: Launch Regedit and look for a string value called SourcePath at the following registry locations:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

Also check
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
and
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Windows File Protection
also
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePath

Viscous trap – Guy’s over-think.

I copied my installation cd to X: \i386.  Reasonably, I set the value for SourcePath to X: \i386.  Wrong.  This was over-think, the correct setting was plain X:\ (No, repeat no, \i386).

Beta Testing Longhorn

Thinking ahead to Longhorn, Windows Server 2003’s successor, I have a few words of advice concerning the beta program.  My main point is if you are interested in future beta products such as longhorn, then sign up with connect.microsoft.com.

If you undertake evaluating Beta software then you will be riding an emotional roller-coaster.  You will experience downs when the product is slow and features don’t work.  However, there is compensation with the highs when you first see a stunning new system like Aero Graphics. 

To ‘smart’ managers, who are efficiency driven, I would say avoid beta programs and wait until the product is actually released and you can see a stable, fully-featured version.  To techie’s, or the curious, I would say at least once in your career try a beta project such as ‘Longhorn’.  As far as test kit is concerned, in the past I have used virtual software such as VMware or Microsoft’s own Virtual PC.  However, my New Year’s resolution is to invest in a new test machine for such beta projects.

Stop Press

I have just had email from connect.microsoft giving the deadline to sign-up for Longhorn beta as Monday January 15th 2007.

Will and Guy Humour

This week’s latest offering from Will and Guy’s humor is: ‘Do dogs look like their owners?’


Lots of useful disk and file articles

Windows 8 Files  •Windows 8 ReFS   •Windows 8  •Free Event Log Viewer  • Ezines

E 147 Disk Problems  • E 141 Defrag  • E 114 SFC  • E 77 Disk Failures  •E 66 WinFS  • SNMP Enabler

E 38 Achilles’ heel  •E 27 Shadow Copy  •E 4 Backup  •E 3 Diskspace  •Log & Event Manager (LEM)