Files Used in the Windows Server 2003 Boot Process

File Location Boot Stage
Ntldr System partition root (CA) Preboot and boot
Boot.ini System partition root Boot
Bootsect.dos System partition root Boot (optional)
Ntdetect.com System partition root Boot
Ntbootdd.sys System partition root Boot (optional
Ntoskrnl.exe systemroot\System32 Kernel load
Hal.dll systemroot\System32 Kernel load
System systemroot\System32\Config Kernel initialization

Pre-boot sequence
Initialization of boot partition
Post – to determine amount of memory and hardware’s
Plug and play - enumeration and configuration of hardware devices
Bios -> locates boot device -> Loads and runs MBR

Boot sequence
Loads NTLDR -> Memory
gathers information about hardware and drivers
This haves four Phases
• Initial Boot Loader: Ntldr-> switches the microprocessor from real mode to
32-bit flat memory mode starts the appropriate
the minifile system drivers
(The minifile system drivers are inbuilt in Ntldr )
so that Ntldr can find and load Windows Server
2003 from partitions

• Operating System Selection: Ntldr reads the Boot.ini file and displays os
start menu. If no boot.ini presents Ntldr loads
Windows Server 2003 from the Windows
folder on the first partition of the first disk,
typically C:\Windows.

• Hardware Detection: Ntdetect.com and Ntoskrnl.exe perform hardware
detection.
Ntdetect.com collects a list of installed hardware
components and returns this list to Ntldr for later
inclusion in the registry under the
HKEY_LOCAL_MACHINE\HARDWARE key.

• Configuration Selection: the operating system loader process displays the
Hardware Profile/Configuration
Recovery Menu screen (if more that one hard
profile exists on the computer, the first
hardware profile is highlighted.)

Kernel Load

Ntoskrnl.exe -> Initialize and loads Windows 2003 kernel and device drivers ->
loads services.
• Loads Ntoskrnl.exe but does not initialize it.
• Loads the hardware abstraction layer file (Hal.dll).
• Loads the HKEY_LOCAL_MACHINE\SYSTEM registry key.
• Selects the control set required to initialize the computer.
• Loads device drivers with a value of 0x0 for the Start entry. These are typically
low-level hardware device drivers, such as those for a hard disk.

Kernel Initialization

the kernel initializes and takes control from Ntldr.
four tasks are performed:
• The Hardware key is created.
• The Clone control set is created.
• Device drivers are loaded and initialized.
• The Session Manager (smss.exe) is initialized.

The Session Manager
reads the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
registry key to find and initialize entries under Boot Execute. ( like chkdsk )
sets up the paging file (Pagefile.sys).
Loads winlogon.exe to start the authentication verification process.
winlogon.exe starts -> Local Security Authority Subsystem with their
. Print spooler.
supporting function libraries

Loads Screg.exe (Services Controller) which loads the rest of the devices and
services.
Boot .ini ARC Path conventions

Convention Description
multi(x) | scsi(x) -> Indicates hardware adapter or disk controller.
Scsi(x) -> indicate a SCSI controller on which SCSI BIOS is not enabled.
Multi(X) -> indicates All other hardware adapter or disk controllers
( (x) -> indicates the load order of the hardware adapter.
Disk(y) -> ID. For multi, this value is always (0).
Rdisk(z) -> A number that identifies the disk and starts with (0).
Partition(a) -> A number that identifies the partition. Partition numbers start with (1)


Boot.ini Switches

Switch Description
/basevideo Boots the computer using the standard VGA video driver.
/fastdetect Disables serial mouse detection. Without a port specification, this
Switch disables peripheral detection on all COM ports. By default,
this switch is included in every entry in the Boot.ini file.
/maxmem:n Specifies the amount of RAM that the operating system should use.
/noguiboot Boots the computer without displaying the graphical boot status
screen.
/sos Displays the device driver names as they are loading.

Advanced Boot Options

Safe Mode, loads only basic files and drivers that are required to support the
operating system

Safe Mode With Networking, -> safe mode + the drivers and services required to enable
network access

Safe Mode With Command Prompt -> after safe mode, it displays a command prompt.

• Enable Boot Logging -> logs the loading and initialization of drivers and services in
the ntbtlog.txt file, which is located in the windir folder and
can be used for troubleshooting boot problems.
• Enable VGA Mode -> starts Windows Server 2003 with a basic VGA driver.

• Last Known Good Configuration-> Starts Windows using the registry information that
windows saved after the last successful startup.

( After a logon, the system automatically copies the Clone control set to the
LastKnownGood control set making the current control set the Last Known
Good Configuration )

The Recovery Console
The Recovery Console is a command-line interface that can be used to perform a variety of troubleshooting and recovery tasks on the local computer. These tasks include:
• Starting and stopping services;
• Reading and writing data on a local drive; and
• Formatting hard disks.

Basic disk – can Four primary partition but only one extended partition
Dynamic disk -- five types simple volumes;
> default volume type on a dynamic disk.
> no fault tolerance.

spanned volumes;
> contain disk space from up to 32 physical disks.
> enables to group different disks of the same or different sizes
and access them as a single disk.
> provide 100 percent drive utilization
> No fault tolerance.

striped volumes;
mirrored volumes;
striped volumes with parity disk ( Raid 3 )
striped volumes with parity. ( Raid 5 )

Converting basic -> dynamic no data loss
Dynamic -> basic incurs data loss.