other objects in your network. This database can be crucial to your organization, so knowing how to restore it if it becomes damaged is a very useful skill.
Debugging Mode
If you’re a hard-core system administrator and you want to get your feet wet using a kernel debugger, this option is for you!
The kernel is a program that is one of the first to run when your server boots (the kernel loads right after the bootloader); it has total control over everything on your system.
Debugging Mode turns on kernel debugging, which allows you to work with the kernel debugger to examine states and processes that are running at the kernel level. This can be very useful for troubleshooting issues with device drivers that cause the infamous blue screen of death and issues with the central processing unit (CPU). You can look at the kernel memory dump on the system that is having the issue, or you can view the kernel memory dump remotely on another system via a serial connection. The information from the Debugging Mode is typically made available over the COM1 port (assuming you have a serial port and it’s assigned to COM1). On newer systems that don’t have a serial port, you can also access this information over USB.
Serial connection: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/setting-up-a-null-modem-cable-connection
USB connection: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/setting-up-a-usb-3-0-debug-cable-connection
Disable Automatic Restart on System Failure
Eventually, every system administrator has a system that will continuously try to start, fail, reboot, and then try to start, fail, reboot, and so on. This situation is known as a boot loop. If you’re experiencing a boot loop on one of your systems, you can get the system to stop automatically restarting by choosing Disable Automatic Restart on System Failure from the Advanced Boot Options menu.
Disabling automatic restart can be very helpful if the system is getting the blue screen of death and you need to get the information being displayed. When the system halts on its next blue screen, you’ll have all the time you need to copy down the information.
Disable Driver Signature Enforcement
By choosing the Disable Driver Signature Enforcement option, you’re basically telling the system that it’s okay to load drivers that aren’t digitally signed. Microsoft requires drivers to be digitally signed by default, and it will prevent unsigned drivers from running. Microsoft does this because, when a driver is digitally signed, it’s seen as being authentic because you can verify from the digital signature that it came from the vendor it claims to be from. Digital signatures also guarantee that the driver hasn’t been altered in any way since it was released by the vendor.
Digital signatures use a code-signing certificate to encrypt the hash of a file. (Hashes are unique thumbprints — any change to the file will change the hash.) That encrypted hash is then bundled with the certificate and the executable for the driver. When the end user installs the driver, the hash of the file is decrypted with the public key in the certificate. The file gets hashed again on the end user’s system, and the new hash is compared to the decrypted hash. If they match, the driver hasn’t been tampered with.
Disable Early Launch Anti-Malware Driver
Malware that installs after Windows has booted will most likely be seen by the antivirus software that is installed on the system. But the problem is, virus writers began writing malware called rootkits. These rootkits can be very difficult to get rid of because they install and execute before the operating system has booted. Many of the more sophisticated rootkits began installing drivers that start really early in the boot process of the system. This can make them extremely difficult to find and remove.
Microsoft does its best to evolve and respond to threats and prevent them whenever possible. In this case, it came up with the early launch anti-malware (ELAM) driver. Certified antivirus vendors whose products support early launch can get their products’ drivers to launch before the Windows boot drivers, which allows them to scan for malicious processes on boot. Pretty cool, right?
But what happens if a legitimate boot driver for Windows gets flagged as malicious? Your server won’t boot. So, Microsoft gives you the ability to turn off this feature, by choosing Disable Early Launch Anti-Malware Driver, to allow the boot driver to launch like normal.
Performing a Memory Test
What happens if your server is crashing unexpectedly or throwing blue screens when you least expect it? That can be a difficult question to answer. These symptoms could occur because of corrupted software or because of hardware failure. Memory is a great place to start with your troubleshooting efforts, and Windows Server 2022 includes a built-in memory diagnostic utility called the Windows Memory Diagnostics Tool.
You can run the Windows Memory Diagnostics Tool by pressing the Windows Key+R, typing mdsched.exe, and clicking OK. If you do nothing, the Windows Memory Diagnostics Tool will run in Standard mode. You can interrupt it at any time by pressing F1 to enter the Options screen and change the settings. Your options are as follows (see Figure 2-5):
Test Mix: The test mix is the set of tests you want the tool to run:Basic: Runs three tests on your memory and is the fastest option.Standard: Runs the same tests on your memory as Basic, and adds five additional tests. It takes longer to complete than Basic.Extended: Runs the same tests as Standard and adds nine additional tests. This test is the most detailed and takes the longest to complete. If you don’t know what each of these tests is looking for, Standard is a good starting point for your tests. Extended takes longer, so if you don’t need the extra tests, you may not get any worthwhile information from running them. That said, it won’t hurt your server to run any of the three tests.
Cache: Cache sets the cache setting (cache is used to improve the speed of memory access for things that are
