System File Checker

Last updated
sfc
Developer(s) Microsoft
Initial releaseJune 25, 1998;26 years ago (1998-06-25)
Operating system Microsoft Windows
Type System utility
License Proprietary commercial software
Website docs.microsoft.com/en-us/windows-server/administration/windows-commands/sfc

System File Checker (SFC [1] ) is a utility in Microsoft Windows that allows users to scan for and restore corrupted Windows system files. [2]

Contents

Overview

Microsoft ships this utility with Windows 98, Windows 2000 and all subsequent versions of the Windows NT family of operating systems. In Windows Vista, Windows 7 and Windows 10, System File Checker is integrated with Windows Resource Protection (WRP), which protects registry keys and folders as well as critical system files. Under Windows Vista, sfc.exe can be used to check specific folder paths, including the Windows folder and the boot folder.

Windows File Protection (WFP) works by registering for notification of file changes in Winlogon. If any changes are detected to a protected system file, the modified file is restored from a cached copy located in a compressed folder at %WinDir%\System32\dllcache.

Windows Resource Protection (WRP) works by setting discretionary access-control lists (DACLs) and access control lists (ACLs) defined for protected resources. If any changes are detected to a protected system file, the modified file is restored from a cached copy located in a folder at %WinDir%\WinSxS\Backup. [3] Permission for full access to modify WRP-protected resources is restricted to the processes using the Windows Modules Installer service (TrustedInstaller.exe). Administrators no longer have full rights to system files.

History

Due to problems with Windows applications being able to overwrite system files in Windows 95, Microsoft has since implemented a number of security measures to protect system files from malicious attacks, corruptions, or problems such as DLL Hell.

System File Checker was first introduced on Windows 98 as a GUI utility. It offered scanning and restoration of corrupted system files by matching the version number against a database containing the original version number of the files in a fresh Windows 98 installation. This method of file protection was basic. It determined system files by file extension and file path. It was able to restore files from the installation media or a source specified by the user. Windows 98 did not offer real-time system file protection beyond file attributes; therefore, no preventive or reactive measure was available.

All Windows NT-based operating systems since Windows 2000 introduced real-time file protection, called Windows File Protection (WFP). [4]

In addition, the System File Checker utility (sfc.exe) was reimplemented as a more robust command-line utility that integrated with WFP. Unlike the Windows 98 SFC utility, the new utility forces a scan of protected system files using Windows File Protection and allows the immediate silent restoration of system files from the DLLCache folder or installation media.

SFC did not appear on Windows Me, [5] as it was replaced with System File Protection (SFP). [6] Similar to WFP, SFP offered real-time protection.

Issues

The System File Checker component included with versions of Windows 2000 earlier than Service Pack 4 overrode patches distributed by Microsoft; [7] this was rectified in Windows 2000 Service Pack 4.

Usage

In Windows NT-based operating systems, System File Checker can be invoked via Windows Command Prompt (with Admin privilege [8] ), with the following command:

If it finds a problem, it will attempt to replace the problematic files from the DLL Cache (%WinDir%\System32\dllcache). If the file is not in the DLL Cache or the DLL Cache is corrupted, the user will be prompted to insert the Windows installation media or provide the network installation path. System File Checker determines the Windows installation source path from the registry values SourcePath and ServicePackSourcePath. [9] It may keep prompting for the installation media even if the user supplies it if these values are not correctly set. [10]

In Windows Vista and onwards, files are protected using access control lists (ACLs), and if it finds a problem, it will attempt to replace the problematic files from the Windows Side-by-side Backup (%WinDir%\WinSxS\Backup). [3] However, the above command has not changed.

System File Checker in Windows Vista and later Windows operating systems can scan specified files. Also, scans can be performed against an offline Windows installation folder to replace corrupt files, in case the Windows installation is not bootable. For performing offline scans, System File Checker must be run from another working installation of Windows Vista or a later operating system or from the Windows setup DVD [11] or a recovery drive which gives access to the Windows Recovery Environment.

In cases where the component store is corrupted, the "System Update Readiness tool" (CheckSUR) can be installed on Windows 7, Windows Vista, Windows Server 2008 R2 or Windows Server 2008, replaced by "Deployment Image Service and Management Tool" (DISM) for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2 or Windows Server 2012. This tool checks the store against its own payload and repairs the corruptions that it detects by downloading required files through Windows update. [12]

Related Research Articles

<span class="mw-page-title-main">Windows 2000</span> Fifth major release of Windows NT

Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It is the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, officially released to retail on February 17, 2000 for all versions, and on September 26, 2000 for Windows 2000 Datacenter Server. It was Microsoft's primary business-oriented operating system until the introduction of Windows XP Professional in 2001.

DLL hell is an umbrella term for the complications that arise when one works with dynamic-link libraries (DLLs) used with older Microsoft Windows operating systems, particularly legacy 16-bit editions, which all run in a single memory space. DLL hell can appear in many different ways, wherein affected programs may fail to run correctly, if at all. It is the Windows ecosystem-specific form of the general concept dependency hell.

NTLDR is the boot loader for all releases of Windows NT operating system from 1993 with the release of Windows NT 3.1 up until Windows XP and Windows Server 2003. From Windows Vista onwards it was replaced by the BOOTMGR bootloader. NTLDR is typically run from the primary storage device, but it can also run from portable storage devices such as a CD-ROM, USB flash drive, or floppy disk. NTLDR can also load a non NT-based operating system given the appropriate boot sector in a file.

<span class="mw-page-title-main">Windows Registry</span> Database for Microsoft Windows

The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance.

<span class="mw-page-title-main">Shadow Copy</span> Microsoft technology for storage snapshots

Shadow Copy is a technology included in Microsoft Windows that can create backup copies or snapshots of computer files or volumes, even when they are in use. It is implemented as a Windows service called the Volume Shadow Copy service. A software VSS provider service is also included as part of Windows to be used by Windows applications. Shadow Copy technology requires either the Windows NTFS or ReFS filesystems in order to create and store shadow copies. Shadow Copies can be created on local and external volumes by any Windows component that uses this technology, such as when creating a scheduled Windows Backup or automatic System Restore point.

The Global Assembly Cache (GAC) is a machine-wide CLI assembly cache for the Common Language Infrastructure (CLI) in Microsoft's .NET Framework. The approach of having a specially controlled central repository addresses the flaws in the shared library concept and helps to avoid pitfalls of other solutions that led to drawbacks like DLL hell.

<span class="mw-page-title-main">CHKDSK</span> System tool in DOS, OS/2 and Windows

In computing, CHKDSK is a system tool and command in DOS and Microsoft Windows, as well as Digital Research FlexOS, IBM/Toshiba 4690 OS, IBM OS/2. It verifies the integrity of the file system on a volume and attempts to fix logical file system errors. Logical errors are typically defined as software-level problems with a filesystem as a result of prior software malfunction or irregular use. Logical errors are contrasted with and usually less severe than hardware-level errors, which can not be fixed with CHKDSK and may instead require data recovery software or expert assistance. CHKDSK is similar to the fsck command in Unix and similar to Microsoft ScanDisk, which co-existed with CHKDSK in Windows 9x and MS-DOS 6.x.

<span class="mw-page-title-main">System Restore</span> System recovery feature in Microsoft Windows

System Restore is a feature in Microsoft Windows that allows the user to revert their computer's state to that of a previous point in time, which can be used to recover from system malfunctions or other problems. First included in Windows Me, it has been included in all following desktop versions of Windows released since, excluding Windows Server. In Windows 10, System Restore is turned off by default and must be enabled by users in order to function. This does not affect personal files such as documents, music, pictures, and videos.

<span class="mw-page-title-main">Windows Preinstallation Environment</span> Version used for deployment and recovery

Windows Preinstallation Environment is a lightweight version of Windows used for the deployment of PCs, workstations, and servers, or troubleshooting an operating system while it is offline. It is intended to replace MS-DOS boot disks and can be booted via USB flash drive, PXE, iPXE, CD, DVD, or hard drive. Traditionally used by large corporations and OEMs, it is now widely available free of charge via Windows Assessment and Deployment Kit (WADK).

Microsoft Plus! is a discontinued commercial operating system enhancement product by Microsoft. The last edition is the Plus! SuperPack, which includes an assortment of screensavers, themes, and games, as well as multimedia applications. The Microsoft Plus! product was first announced on January 31, 1994, under the internal codename "Frosting". The first edition was an enhancement for Windows 95, Windows 95 Plus!

As the next version of Windows NT after Windows 2000, as well as the successor to Windows Me, Windows XP introduced many new features but it also removed some others.

In computing, regsvr32 is a command-line utility in Microsoft Windows and ReactOS for registering and unregistering DLLs and ActiveX controls in the operating system Registry. Despite the suffix "32" in the name of the file, there are both 32-bit and 64-bit versions of this utility. regsvr32 requires elevated privileges.

NTFS links are the abstraction used in the NTFS file system—the default file system for all Microsoft Windows versions belonging to the Windows NT family—to associate pathnames and certain kinds of metadata, with entries in the NTFS Master File Table (MFT). NTFS broadly adopts a pattern akin to typical Unix file systems in the way it stores and references file data and metadata; the most significant difference is that in NTFS, the MFT "takes the place of" inodes, fulfilling most of the functions which inodes fulfill in a typical Unix filesystem.

In Microsoft Windows, cacls, and its replacement icacls, are native command-line utilities that can display and modify the security descriptors on files and folders. An access-control list is a list of permissions for securable object, such as a file or folder, that controls who can access it. The cacls command is also available on ReactOS.

NTBackup is the first built-in backup utility of the Windows NT family. It was introduced with Windows NT 3.51. NTBackup comprises a GUI (wizard-style) and a command-line utility to create, customize, and manage backups. It takes advantage of Shadow Copy and Task Scheduler. NTBackup stores backups in the BKF file format on external sources, e.g., floppy disks, hard drives, tape drives, and Zip drives. When used with tape drives, NTBackup uses the Microsoft Tape Format (MTF), which is also used by BackupAssist, Backup Exec, and Veeam Backup & Replication and is compatible with BKF.

Windows Vista contains a range of new technologies and features that are intended to help network administrators and power users better manage their systems. Notable changes include a complete replacement of both the Windows Setup and the Windows startup processes, completely rewritten deployment mechanisms, new diagnostic and health monitoring tools such as random access memory diagnostic program, support for per-application Remote Desktop sessions, a completely new Task Scheduler, and a range of new Group Policy settings covering many of the features new to Windows Vista. Subsystem for UNIX Applications, which provides a POSIX-compatible environment is also introduced.

Windows File Protection (WFP), a sub-system included in Microsoft Windows operating systems of the Windows 2000 and Windows XP era, aims to prevent programs from replacing critical Windows system files. Protecting core system files mitigates problems such as DLL hell with programs and the operating system. Windows 2000, Windows XP and Windows Server 2003 include WFP under the name of Windows File Protection; Windows Me includes it as System File Protection (SFP).

Windows Resource Protection is a feature first introduced in Windows Vista and Windows Server 2008. It is available in all subsequent Windows operating systems, and replaces Windows File Protection. Windows Resource Protection prevents the replacement of critical system files, registry keys and folders. Protecting these resources prevents system crashes. The way it protects resources differs entirely from the method used by Windows File Protection.

Side-by-side assembly technology is a standard for executable files in Windows 98 Second Edition, Windows 2000, and later versions of Windows that attempts to alleviate problems that arise from the use of dynamic-link libraries (DLLs) in Microsoft Windows. Such problems include version conflicts, missing DLLs, duplicate DLLs, and incorrect or missing registration. In side-by-side, Windows stores multiple versions of a DLL in the %systemroot%\WinSxS directory, and loads them on demand. This reduces dependency problems for applications that include a side-by-side manifest.

References

  1. Boswell, William (2003). "Using the System File Checker, SFC". Inside Windows Server 2003. Inside Series. p. 860. ISBN   9780735711587 . Retrieved 2017-07-23. You do not need to hack the Registry to change the WFP settings. A command-line utility comes with Windows Server 2003 to set these values. Called the System File Checker, or SFC, the utility can also rebuild the D11Cache directory files if files are accidentally deleted.
  2. "MS-DOS and Windows command line SFC command".
  3. 1 2 stevewhims (2021-01-07). "Protected Resource List - Win32 apps". learn.microsoft.com. Retrieved 2024-03-15.
  4. "Description of the Windows File Protection Feature". Support. Microsoft. December 15, 2003. Archived from the original on October 20, 2004. Retrieved August 28, 2006.
  5. Spector, Lincoln (February 14, 2001). "Answer Line: Windows 98 Utilities Missing in Windows Me?". PC World . IDG. Archived from the original on June 5, 2011. Retrieved December 26, 2011.
  6. "System File Protection and Windows Me". Microsoft. December 4, 2011. Archived from the original on June 22, 2004. Retrieved August 28, 2006.
  7. "The SFC /SCANNOW Command May Overwrite Hotfix Files". Support. Microsoft. October 30, 2006. Archived from the original on November 16, 2006. Retrieved February 1, 2010.
  8. "SFC - System File CheckerWindows CMD". SS64.com. Retrieved 2023-09-12.
  9. "System File Checker does not accept a network location that contains the installer CD when you use the scannow switch in Windows XP SP2 or in Windows Server 2003". Support. Microsoft. January 13, 2005. Archived from the original on January 16, 2007.
  10. "You are prompted to insert a Windows XP SP2 CD when you try to run the System File Checker tool on a Windows XP SP2-based computer". Support. Microsoft. July 5, 2005. Archived from the original on February 7, 2007.
  11. kumar, Rohit (26 July 2016). "Run System File Checker Tool to Repair Windows 10/8/7 files". Craxworld. Self Published. Archived from the original on September 11, 2016.
  12. "Fix Windows Update errors by using the DISM or System Update Readiness tool". Support. Microsoft. January 22, 2017. Retrieved February 11, 2017.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.