This week, I discuss a little known but important Windows 2000 (Win2K) feature called Windows File Protection and a related utility known as the System File Checker (SFC). Windows File Protection prevents applications from overwriting or deleting important system files, and SFC ensures that your system files are up to date.
What Are System Files?
In previous versions of Windows, applications often overwrote shared .dll files and .exe system files. (If you’ve worked with any version of Windows, you're probably very familiar with the term "DLL hell.") When installation programs mess with.dll, .exe, .sys, .ocx, .fon, and .ttf system files, your system becomes unstable, and troubleshooting the problem can be a nightmare. And if you think that only third-party applications are guilty of overwriting your system files, think again: Many of Microsoft’s applications are notorious for overwriting system files—even files that other Microsoft software uses.
The problem is that many applications (and Microsoft's are no exception) don't check existing system-file versions before overwriting the files. Most vendors are interested in ensuring that their software runs without problems, and the software you installed most recently probably works flawlessly—but it might work at the expense of other applications. For example, if you install audio applications from competing vendors, the one you install last will have the best chance of working properly. Frankly, developers aren't solely to blame for these system-file problems—several other factors are involved, including OS limitations.
How Windows File Protection Works
The OS stability is more important than application stability, something Microsoft addresses in Win2K with Windows File System. Windows File System runs in the background and ensures that Win2K setup programs don't delete any important system files. By default, Win2K enables Windows File Protection.
When a program attempts to delete or move a protected system file, Windows File Protection checks the digital signature of the file to ensure that it's a correct version. If it is not the correct version, Windows File Protection copies the file from the Win2K CD-ROM or from the %systemrooot%\System32\Dllcache folder. Sometimes the system can't locate a file, so it prompts you for the location.
System File Checker
SFC is a command-line tool that lets you scan your system and verify that the versions of your protected system files are up to date. If a protected system file has moved or has disappeared, SFC automatically replaces the file with the correct version from the Dllcache folder. The tool also lets you set the Windows File Protection cache file size. You must log on as an administrator or be a member of the Administrators group to run SFC.
As Screen 1 shows, you can type
to see the options available to you with the SFC utility. What if the file cache in the Dllcache folder becomes corrupted? Sfc /scannow immediately scans the system files, sfc /scanonce scans the system files once, and sfc /scanboot scans protected system files every time you reboot your computer. If you've scheduled a scan and you change your mind, sfc /cancel cancels the scan. If you don’t want the SFC to prompt you about each file that it intends to replace, use sfc /quiet.
SFC gives you a couple of switches that let you manipulate the Windows File Protection cache. Sfc /purgecache purges the file cache and scans all system files immediately. Sfc /cachesize configures the size of the Windows File Protection cache. For example, to restrict a cache size to 2MB, type
Finally, to return to the default Windows File Protection operation, type
In this mode, SFC automatically prompts you to restore the correct system file version whenever it detects that an application has overwritten a file. Don’t forget to enable this option before you exit the command prompt window.
For more information about Windows File Protection and SFC, see the second of Mark Russinovich's three-part series about Win2K reliability enhancements.