Windows 8 Startup Hints
Windows 8 Startup Hints
Windows 8 users are running into a variety of start-up issues. Okay, let me attempt to restate this. Windows 8 can start so swiftly or specifically that users are running into an inability to interpret or properly interrupt the start process for debug or diagnostic purposes even though Windows 8 offers a greater variety of recovery, repair, and servicing options as OS boot alternatives.
Despite enhanced security settings, a few particularly malicious viruses are hitting Windows 8 systems. Department of Justice (DoJ) variants [http://www.spywarehelpcenter.com/department-of-justice-virus-removal-instructions/]. The solution requires entering Safe Mode, or perhaps refreshing your PC. The challenge is attempting to enter Safe Mode or the Recovery environment in order to resolve malware or driver related issues in Windows 8. Constantly tapping the F8 key might work on some systems, though I have been unable to get this alternative to work on newer UEFI enabled motherboards. The published alternative is holding the shift key while tapping F8, though this intermittently works. Windows 8 systems start too quickly.
How-To Geek offers a quick Windows 8 Safe Mode tutorial with screen shots.How To Boot Into Safe Mode On Windows 8 (The Easy Way) . Alternative three in the tutorial suggests using MSConfig to configure your system, and reboot directly into Safe Mode. MSConfig works well, though suggests that you need to be able to complete at least one successful system boot to access this tool. Systems with DoJ infection are unlikely to do so. There are other advanced boot methods 3 Ways to Fire Up Windows 8 Advanced Boot Options that work if you are successfully within the Win 8 operating system (Charms bar>Change PC settings >General> Advanced Startup > Restart now; Charms bar > Shift-click the Power button > Restart; Run “shutdown /r /o” using the new /o switch).
Booting into BIOS/UEFI offers the ability to select the boot partition or a recovery mode on several Windows 8 systems I have encountered, and might be worth a try. Even if the F8 doesn’t work, you should be able to hold down the BIOS/system configuration key during a cold boot to get into BIOS/UEFI configuration.
I need to digress slightly for a paragraph or two. A client acquired a brand new PC with UEFI enabled, ready for Windows 8, though deployed with Windows 7. The system booted directly and swiftly into Windows 7 as provided by the vendor. The system was added to the networked environment, applications installed, and data restored from the cloud. Then the client added a 2TB external USB storage drive containing archived data. Upon the next system reboot, the Recovery environment auto-launched and indicated that System Image Recovery was required. Happy for an automated repair, being the only option offered, our client selected to recover the system. Thereby reformatting the system and requiring a subsequent reinstallation of applications and restoration of user profiles and data. After a week working with the vendor, we discovered that the bootrom would always recognize ANY UEFI visible device before a legacy component. Since the Windows 7 OS was on a legacy SATA drive, and a bootrom hosted the boot manager, any externally connected USB storage would disrupt the boot process. We tested and confirmed the scenario using an unformatted 4 GB USB memory stick. A USB enabled printer had no effect. The UEFI enabled BIOS options enabled us to recover the system without external PE media, using a system specific .wim file. Discussions with the vendor confirmed that the only means to ignore UEFI visible storage devices and boot to a legacy drive would be to disable all UEFI enabled services and reinstall the OS while bypassing the bootrom. The recovery alternatives were impressive, and disabling UEFI could be crippling on a new system. We settled for relocating the USB storage device.
I still like creating and using my own Windows PE environment Simplify your Windows 8 Evaluation install. Even my Windows 7 PE media works for some maintenance of a Windows 8 environment, though a Windows 8 PE media created for and with the Windows 8 ADK (Assessment and Deployment Kit) is better. Best yet, use the Backup tools in the Windows 8 Control Panel to create both a recovery and a system image for the specific system and you will be able to both boot and recover the system without a mandatory generic and fully automated re-imaging process (that subsequently requires manual system configuration).
But what do you do once you arrive in Safe mode or the Windows 8 Recovery environment? The option names are strikingly similar.
More OEMs are shipping systems with a pre-built recovery partition. In fact, the Windows 8 Recovery environment has been enhanced with a graphical interface that was designed to make recovery and repair alternatives easier for the standard user. The default command prompt of the Windows 7 PE environment is layers deep within the Windows 8 process. Unfortunately, the terminology confuses the alternatives. Do you want to Recover, Refresh, Reset, Repair, System Restore, System Image, use the Command prompt, or alter the Windows Startup settings?
The Recovery environment on Windows 7 was a separate partition on the primary hard drive that contained the BootMgr.exe file. The solution is similar in Windows 8, though the Recovery partition might also be on a bootrom or within a vendor based repair partition. This will decidedly affect how you might recover your system. Take a few moments to read the documentation or check the recovery components on your system(s) before you need them. This will save you considerable time when you do eventually need the tools.
Helping with some of the Windows 8 Recovery environment terminology:
- Refresh – the behavior is quite similar to running the System File Checker with the /scannow option in Windows 7. Operating system elements are compared to the content in the Windows image (.wim) file and replaced if they do not match the signed component in the .wim. This option may recover your system to an operational state, though does not assure a fully functional mode or that the root cause has been identified and eliminated. It is a good, and typically non-destructive alternative.
- Reset – format your OS Drive and reinstall from the original .wim file provided with the system. A fast reimage, though all user profiles, applications, and data components will be gone and not recoverable.
- System Restore – this option is only usable if you have system recovery options set for your OS partition (under System Properties > System Protection). Although this option is on by default for the OS partition in Windows 7, I have frequently found it to be off by default on Windows 8 systems. In Windows 8, System Restore points ONLY capture the system settings. They no longer save prior versions of files. Given the ability to reimage the system from the recovery environment, system restore may become obsolete in Windows 8.
- System Image Recovery – rather than using the default .wim file, you identify the location of a .wim file to be used to rebuild the OS. The same effect as a Reset, though you have the ability to identify a specific .wim file. This option is closest to using the recovery media created on a specific Windows 8 system.
- Automatic Repair – Tried this on a system once we identified that the boot control database was damaged. We quickly decided that use of the Command Prompt and bcdedit was a better option. Automatic Repair is a troubleshooter scripted to fix a specific problem set, though it is unclear what it will best repair. If you are prepared to perform a reset or system image recovery, then you might try Automatic Repair. It might work saving you a complete system re-image. Minimally it will confirm that the boot manager and boot control database need to be repaired or replaced.
- Windows Startup Options – when entered through the recovery environment, they mimic the settings achievable through MSConfig. Familiar Advanced Boot Options associated with the Safe boot environment. Once you select an option, the system requires a reboot (and no additional key tapping).
Now that I am wrapping this blog, I am not certain that I provided more than hints. The options are broad and powerful. Take some time to test your boot and recovery processes before you need them.
You May Also Like
In this video, Cisco CCNA and CompTIA Network + Instructor Mark Jacob demonstrates how to do port redirections in IPv6. If you have any questions or comments, please feel free to post them. Until next time. Mark Jacob Cisco and CompTIA Network + Instructor – Interface Technical Training Phoenix, AZ
In this recorded Windows 10 webinar from December 1,2015, Windows Instructor Steve Fullmer presents the navigation and some of the new features associated with Windows 10 including Sysinternals Tools for Windows Client, Windows core concepts, exploring Process Explorer as well as some of the features that are not yet ready for prime time but will … Continue reading Windows 10 Features and Navigation – December 1, 2015
How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015