utilize windows xp
DESCRIPTION
Read about common administration tasks in Windows XP. Among other things you will learn about user and group management, hardware management, network settings configuration, file system management, security including NTFS permissions, printer configuration, optimization tools, recovery options, and a few things considering the process of installation.TRANSCRIPT
This e-book is a collection of articles that were originally published on
www.utilizewindows.com. As we update articles on our site, we will also
update this e-book. Check our site for the latest version of this e-book on
www.utilizewindows.com/e-books
This e-book is published under Creative Commons Attribution-
NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this
license, visit http://creativecommons.org/licenses/by-nc-sa/3.0
We offer free quizzes which you can use to test your knowledge about
Windows operating systems. You can find them here:
www.utilizewindows.com/quizzes
If you have a comment or if you would like to report some error, please use
our contact form:
www.utilizewindows.com/contact-us
If you would like to support us, you can take action
(www.utilizewindows.com/support-us) or you can donate
(https://flattr.com/thing/710994)
CONTENTS
BASICS ...................................................................................................................................................................... 1
INTRODUCTION TO WINDOWS XP ............................................................................................................................... 1
USER INTERFACE IN XP ............................................................................................................................................. 3
MICROSOFT MANAGEMENT CONSOLE (MMC) IN WINDOWS XP ..................................................................................... 8
GROUP POLICY IN WINDOWS XP .............................................................................................................................. 12
REGIONAL AND LANGUAGE OPTIONS IN XP ................................................................................................................. 16
USERS AND GROUPS ..............................................................................................................................................18
MANAGE USERS IN XP............................................................................................................................................ 18
GROUP MANAGEMENT IN XP .................................................................................................................................. 26
MANAGE USER PROFILES IN XP ................................................................................................................................ 34
USER RIGHTS AND GROUP POLICY IN XP .................................................................................................................... 41
HARDWARE ............................................................................................................................................................44
DEVICES IN XP ...................................................................................................................................................... 44
QUALITY OF DRIVERS IN XP ..................................................................................................................................... 48
POWER OPTIONS IN XP .......................................................................................................................................... 52
HARDWARE PROFILES IN XP..................................................................................................................................... 57
NETWORKING ........................................................................................................................................................62
MANAGE NETWORK COMPONENTS IN XP .................................................................................................................. 62
TCP/IP SETTINGS IN XP ......................................................................................................................................... 67
CONFIGURE DNS IN XP .......................................................................................................................................... 76
CONFIGURE DIAL-UP AND DIRECT CONNECTION IN XP .................................................................................................. 82
CONFIGURE VPN IN XP .......................................................................................................................................... 90
CONFIGURE ICS IN XP ............................................................................................................................................ 94
REMOTE ASSISTANCE IN XP ................................................................................................................................... 106
REMOTE DESKTOP IN XP ....................................................................................................................................... 117
FILES AND FOLDERS .............................................................................................................................................133
FILE COMPRESSION IN XP ...................................................................................................................................... 133
ENCRYPTION IN XP ............................................................................................................................................... 138
DISK QUOTAS IN XP ............................................................................................................................................. 143
CONFIGURE NTFS PERMISSIONS IN XP .................................................................................................................... 151
SHARE FOLDERS IN XP .......................................................................................................................................... 180
OFFLINE FILES IN XP ............................................................................................................................................. 204
IIS IN XP ............................................................................................................................................................ 213
FILES SYSTEM .......................................................................................................................................................225
CONVERT FILE SYSTEM IN XP ................................................................................................................................. 225
MANAGE HARD DISKS IN XP .................................................................................................................................. 230
MOUNT A VOLUME IN XP ..................................................................................................................................... 245
MULTIPLE OPERATING SYSTEMS AND XP .................................................................................................................. 250
PRINTERS ..............................................................................................................................................................252
INSTALL PRINTER IN XP ......................................................................................................................................... 252
PRINT MANAGEMENT IN XP .................................................................................................................................. 263
ADVANCED PRINTER CONFIGURATION IN XP ............................................................................................................. 281
REPLACE PRINT DEVICE IN XP ................................................................................................................................ 290
ENABLE FAX SERVICES IN XP .................................................................................................................................. 293
SEND A FAX IN XP ................................................................................................................................................ 298
OPTIMIZATION .....................................................................................................................................................303
TASK MANAGER IN XP .......................................................................................................................................... 303
OPTIMIZE DISKS IN XP .......................................................................................................................................... 309
PAGING FILE IN XP ............................................................................................................................................... 314
BACKUP TOOL IN XP ............................................................................................................................................ 316
RECOVER WINDOWS XP ....................................................................................................................................... 324
SECURITY ..............................................................................................................................................................328
CONFIGURE AUDITING IN XP .................................................................................................................................. 328
SECURITY TEMPLATES IN XP ................................................................................................................................... 336
INTERNET EXPLORER SECURITY IN XP ....................................................................................................................... 341
INSTALLATION ......................................................................................................................................................348
PREPARATION FOR WINDOWS XP INSTALLATION ....................................................................................................... 348
HOW TO UPGRADE FROM OLDER SYSTEM TO WINDOWS XP ....................................................................................... 350
PREREQUISITES FOR NETWORK INSTALLATION OF WINDOWS XP ................................................................................... 354
CREATE AN ANSWER FILE IN SETUP MANAGER .......................................................................................................... 356
TYPICAL WINDOWS XP INSTALLATION PROBLEMS ...................................................................................................... 360
Utilize Windows XP Basics
1
Basics
Introduction to Windows XP Parent Category: XP
Category: Basics
XP is quite different from any OS that has come before. To understand why XP works so
differently we need to understand the state from which it emerged.
Before you start
Objectives: introduction to Windows operating systems. Learn about Windows versions
and technologies they were built on. Learn about new XP features, editions and system
requirements.
Prerequisites: no prerequisites.
Key terms: history of Windows, DOS and NT, XP editions, new features in XP, minimum system requirements.
History of Windows
Microsoft sold the first PC operating system to IBM in 1981. It was called DOS and it had no user interface
(working in command line). First version of Windows shipped in 1985, and it was called Windows 1.0. It was very
slow and unstable. Breathtaking Windows 2.0 shipped in late 1987. It let you overlap windows (place one
windows on top of another). Windows 2.1 (also known as Windows 286) shipped in 1988. It came on a single
diskette. Windows 3.0 arrived in 1990, and the computer industry changed forever. Windows 3.1 arrived in 1992,
and it rapidly became the most widely used operating system.
Windows 3.x was built on MS-DOS, and that caused all sorts of headaches. DOS simply wasn't stable enough to
make Windows solid operating system. They knew all that in Microsoft, so in 1988 they decided to build a new
version of Windows from scratch. In 1993 Windows NT (New Technology) 3.1 was shipped, but it was also
unstable. Because of bad reactions to NT edition Microsoft decided to further develop Windows based on
DOS/Windows 3.1, and on the other side to work on NT versions of Windows.
Versions of Windows based on DOS are:
95, shipped in 1995
98, shipped in 1998
ME, shipped in 2000
NT editions:
NT 3.5, shipped in 1994
NT 4.0, shipped in 1996
2000, shipped in 2000
Microsoft patiently waited while sales on the NT side gradually picked up. When that happened, Microsoft shipped
XP (XP stands for eXPerience). XP is 100% based on NT. Microsoft took a lot of effort to make XP look like
Windows ME, but beneath the facade, XP is based on Windows NT/2000.
About Windows XP
XP is an operating system developed by Microsoft and it was released in 2001. It is build on NT kernel, which is
known for its improved stability and efficiency over the 9x versions of Microsoft Windows.
Windows XP comes in 6 editions:
Utilize Windows XP Basics
2
Home (for home users)
Professional (for power and business users)
Media Center (additional multimedia features)
Tablet PC (designed to run stylus applications)
64-Bit (designed to run on Intel Itanium processors)
Professional x64 (supports the x86-64 extensions of Intel IA-32 architecture)
XP has a significantly redesigned graphical user interface which is now more user friendly. It is the first version of
Windows which uses product activation to fight illegal copying. XP is available in many languages, and in addition
to that, Language Interface Packs translating the user interface are also available in certain languages.
New Features
Among other things, Windows XP introduced:
Faster start-up and hibernation sequences, fast user switching
Enhanced device driver verification (driver signing), ability to discard newer device driver in favor of the previous
one (driver rollback)
Code enhancements (better protection for code, less likely-hood that somebody can come in and tamper with key
system files), and Windows File Protection which, together with file signings, discovers modified system files
Encrypted File System (EFS) which enables us to encrypt files on our hard drive
IP Security (IPSec) enables us to encrypt data sent over computer networks
Clear type font rendering mechanism (improved readability on LCD monitors)
Built in support for CD-RW
Hot docking support (great for Laptop users who use Docking stations)
Remote Desktop support which enables us to control other computer over network using RDP protocol
Remote Assistance support
Enhanced Wireless network communication software (in tune with wireless standards)
Windows Messaging services
Internet Connection Sharing (ICS) which enables us to share one Internet connection with multiple computers
Embedded firewall (Internet Connection Firewall - ICF) which enables us to protect our Local Area Network
Improved deployment tools for Windows XP itself, and also for software packages.
Sounds great, doesn't it? But the truth is that XP has been strongly criticized for its vulnerability to malware,
viruses, trojan horses, and worms. Windows, with its large market share, has always been a tempting target for
virus creators. Security holes are often invisible until they are exploited, making preemptive action difficult.
Microsoft recommends that all systems have automatic updates turned on to prevent a system from being
attacked by an unpatched bug.
System Requirements
Recommended system requirements for running Windows XP:
o Processor: 300MHz or higher
o Memory: 128MB RAM or higher
o Hard drive disk free space: 1.5 GB or higher (additional 1.8 GB for Service Pack 2 and additional 900MB for
Service Pack 3)
Remember
XP is based on NT. Two most important XP editions are Home and Professional. System requirements are: CPU
300MHz or higher, RAM 128MB RAM or higher.
Utilize Windows XP Basics
3
User Interface in XP Parent Category: XP
Category: Basics
Before we can manage and administer our operating system we should be familiar with
some basic Windows terms. For example, you all probably know how to create a new
user in Windows. But, what is a user account? Is it just a user name?
Before you start
Objectives: learn about user interface, common terms and expressions, appearance and functionality of certain
interface elements.
Prerequisites: installed Windows XP
Key terms: Welcome screen, Desktop, Taskbar, Notification Tray, Start button, Start menu and Control Panel.
Instruction on how to add Administrative Tools to the Start menu.
Common Terms
XP can store preferences for each person who uses a PC. Logging on to Windows is the process of telling
Windows who you are, so Windows knows which preferences to load. Having different users on one PC also
enables us to secure sensitive or personal data. When we turn on our computer, Windows XP will start up, and
the Welcome screen will appear, asking us to log on.
Welcome Screen
Default Welcome screen looks like this:
Image 70.1 - Welcome Screen
When the Welcome Screen appears we must select our user name. If we have a password protected account, we
must provide our password (to have a password is highly recommended). If everything is OK, our user
Utilize Windows XP Basics
4
preferences will load, and our personal Windows Desktop will appear. We can also set up automatic Log On with
any user name and password.
Desktop
The screen that Windows shows us every time we start our computer is called the desktop. It is the main
workspace in Windows XP, and everything we do in Windows starts from Desktop. With fresh Windows XP
Professional installation, Desktop looks like this:
Image 70.2 - Desktop
Taskbar
Windows taskbar shows us opened windows and computer programs which are currently running.
Image 70.3 - Taskbar
Notification Area (Tray)
Notification area (or tray) can show us status of some operation, or notify us about an event. For example, when
we are printing something we see a small icon which shows us that print job is under way. Small window may pop
up telling us that an update is available for Windows XP or some other installed application. Current time, volume
control and anti-virus programs also appear in this area. While working with laptops, we can see power options,
battery and wireless status icon in notification area.
Utilize Windows XP Basics
5
Image 70.4 - Notification Area
Start Button
Start button gives us access to everything our computer can do.
Image 70.5 - Start Button
Start Menu
When we click the Start button, Start menu, which contains all links to our folders and applications, shows up.
Image 70.6 - Start Menu
Control Panel
On the Start menu there is a shortcut to Control Panel. When we click it, this window shows up (switched to
Classic View):
Utilize Windows XP Basics
6
Image 70.7 - Control Panel
In Control Panel there are bunch of tools that we can use to manage our operating system.
Display Settings
To check display settings in XP, we can right-click on the desktop and select Properties. This will open the
Display Properties applet. We can also open Display Settings from the Control Panel.
Utilize Windows XP Basics
7
Image 70.8 - Themes Tab
In the Themes tab we can choose a theme that Windows will use. In the Desktop tab we can change the
background on the Desktop. Appearance tab enables us to change the style and color scheme and font size of
Windows. In the Settings tab we can configure settings related to our monitor.
Image 70.9 - Settings Tab
Notice that in our case we have single monitor attached. Here we can change the screen resolution and the color
quality.
Adding Administrative Tools to the Start Menu
Because we are administrators of Windows XP, we might want to add a shortcut for Administrative Tools to the
Start Menu or to the All Programs menu to make them more accessible. To do that simply right-click the Start
button and select Properties to open the Start Menu and Taskbar Properties window. Here click Customize to
open the Customize Start Menu window. Go to the Advanced tab, in the "Start menu items" scroll box, navigate to
the System Administrative Tools section. Choose the "Display on All Programs menu and Start menu" option and
click OK to exit the window.
Remember
Logging on to Windows is the process of telling Windows who you are. We log on to Windows using the Welcome
screen. The main workspace in Windows is called the Desktop. Taskbar shows us opened windows and
computer programs. Notification area (or tray) will show us status of some operation, or notify us about an event.
Start button gives us access to everything our computer can do. Start menu contains all links to our folders and
applications. Control Panel contains bunch of tools that we can use to manage our operating system.
Utilize Windows XP Basics
8
Microsoft Management Console (MMC) in Windows XP
Parent Category: XP
Category: Basics
Microsoft Management Console is available in Windows XP. First, let's take a look at
available pre-configured MMCs that ship with our Windows XP. Later we will configure
our custom Console.
Before you start
Objectives: learn about available pre-configured consoles, how to open and use pre-configured and also how to
create custom Microsoft Management Consoles.
Prerequisites: you have to know what is Microsoft Management Console.
Key terms: microsoft management console, mmc, pre-configured console, computer management console,
custom console
Pre-configured Console
Computer Management Console
Let's take a look at pre-configured MMC that ships with our Windows XP. Go to Administrative tools(in Control
Panel, or your Start Menu or All Programs menu if you have created shortcut), and click on the Computer
Management. The following window opens:
Image 118.1 - Computer Management MMC
Icons on the left group individual tasks. Each icon is a Snap-in that lets us work with related configuration values.
For example, Event Viewer is a snap-in that we can use to view system messages. Disk Management is
another snap-in that we can use to manage disks and volumes. When we select a snap-in from the left, panel on
the right changes to show us actions that we can perform with that snap-in.
Utilize Windows XP Basics
9
Image 118.2 - Event Viewer Snap-in
Pre-configured Consoles
Windows XP ships with a bunch of pre-configured consoles. We can launch them using Run menu (type in the
name of the console and click OK). Available pre-configured consoles are:
Certificates - certmgr.msc
Component Services - comexp.msc
Computer Management - compmgmt.msc
Device Manager - devmgmt.msc
Disk Defragmenter - dfrg.msc
Disk Management - diskmgmt.msc
Event Viewer - eventvwr.msc
Group Policy - gpedit.msc
Indexing Service - ciadv.msc
Local Security Settings - secpol.msc
Local Users and Groups - lusrmgr.msc
Performance - perfmon.msc
Removable Storage - ntmsmgr.msc
Removable Storage Operator Requests - ntmsoprq.msc
Resultant Set of Policy - rsop.msc
Services - services.msc
Shared Folders - fsmgmt.msc
Windows Management Infrastructure (WMI) - wmimgmt.msc
The majority of the pre-configured XP consoles are set to work on the local machine by default, but if we have the
appropriate permissions, consoles can be used to administer remote computers. We can right-click on Snap-in
and select Connect (not every Snap-in supports this), and enter the name of the remote computer we want to
manage (or select Browse if we don't know the name).
Custom Console
We can create our own consoles containing the snap-ins that we use the most. To do that, first we need to open
MMC shell. Go to Start Menu, and then click on Run. In Run dialog, type in mmc and click OK.
Image 118.3 - Run dialog
The following window will open:
Utilize Windows XP Basics
10
Image 118.4 - Empty MMC Console
Notice that this MMC is blank. It only contains Console Root object which we can rename as we like. Just right-
click it and click Rename. We can now add snap-ins. To do that, we must go to theFile menu and click
on Add/Remove Snap-in, and then click Add... New window opens and now we can select which Snap-ins we
want to see in our MMC (we can select multiple Snap-ins). After we are done selecting, we click on Close, and
OK.
Image 118.5 - Adding MMC Snap-in
In our example we have added Performance Logs and Alerts snap-in. Our console now looks like this:
Utilize Windows XP Basics
11
Image 118.6 - Custom MMC
To save this Snap-in, go to the File menu, and select Save. Notice the folder in which the new Snap-in will be
saved (it's Administrative Tools). Write the name of your console, and click Save. Microsoft Management
Consoles use the extension .msc which stands for Microsoft Common Console Document (MCCD). By default,
files which use the .msc extension open with the application Microsoft Management Console (MMC). If we go
back to Administrative tools in Control Panel, notice that we don't see our newly created console. But, if we create
shortcut to Administrative Tools in our All Programs menu, we will see our custom Snap-in in Administrative Tools
there.
Remember
Windows XP ships with a bunch of pre-configured consoles. We can launch them using Run menu (type in the
name of the console and click OK). We can create our own consoles containing the snap-ins that we use the
most. To do that, first we need to open MMC shell. Microsoft Management Consoles use the extension .msc
which stands for Microsoft Common Console Document (MCCD).
Utilize Windows XP Basics
12
Group Policy in Windows XP Parent Category: XP
Category: Basics
It can be of great importance to know how to work with Group Policy console, especially
if you often administer Windows systems. Lets take a look at local Group Policy in
Windows XP.
Before you start
Objectives: learn how to open and navigate trough pre-defined Group Policy console.
Prerequisites: you have to know what is Group Policy, and how to work in Microsoft Management Console.
Key terms: run Group Policy, Console organization, example settings, gpedit.msc, software settings, windows
settings, administrative templates, password policy, security options.
Local Group Policy Console
We will use the Start menu run command to open our Local Group Policy console. In Run menu, we can open
Microsoft Management Console by typing in mmc, and then add the Group Policy Snap-in to our console. We can
also open pre-defined Group Policy console by typing gpedit.mscin Run menu.
Image 138.1 - Run Group Policy
Utilize Windows XP Basics
13
Image 138.2 - Group Policy
Console Organization
There are two major sections - Computer Configuration section, and User Configuration section. Computer
Configuration section contains settings that are applied for the entire computer, and these settings are applied
when the computer boots. User Configuration node contains settings that are applied only to users. If user
settings are defined in AD, then they are independent of the computer on which the user logs on to. If settings are
configured locally, settings are valid only for local users. User settings get applied at user log on.
Under Computer Configuration, as well as under User Configuration, there are three categories of setting:
Software Settings are used to control the installation of software, and there are no local settings for this. This
section can only be configured through AD.
Windows Settings are used to set a wide range of system and startup values.
Administrative Templates contain Registry-based policies.
In each category there are additional objects that group related settings. If we look at Group Policy in AD, we will
see more options than in Local Group Policy.
Example Settings
Lets take a look at some Group Policy settings on a local Windows XP workstation.
Utilize Windows XP Basics
14
Image 138.3 - Password Policy
Image 138.4 - Security Options
Notice that when we make a selection on the left, the right part of the window shows us two columns. In the first
column we see a descriptive Policy name, and in the second column we see current settings for our Policies. If
our computer is on a domain, then the current settings are a combination of local settings and settings defined in
AD.
Utilize Windows XP Basics
15
To edit a setting, just click double on policy name and choose the appropriate setting.
Remember
We can open pre-defined Group Policy console by typing gpedit.msc in Run menu. There are two major sections
in Group Policy console: Computer Configuration section and User Configuration section. Computer Configuration
section contains settings that are applied for the entire computer. User Configuration node contains settings that
are applied only to users. Software Settings are used to control the installation of software, and there are no local
settings for this. Windows Settings are used to set a wide range of system and startup values. Administrative
Templates contain Registry-based policies.
Commands that are mentioned in this article
gpedit.msc - run pre-defined Group Policy console (enter in Start menu Run command).
Utilize Windows XP Basics
16
Regional and Language Options in XP Parent Category: XP
Category: Basics
Windows XP supports many languages and different regional settings. As we go to the
Control Panel, we will find an icon for our Regional and Language settings.
Before you start
Objectives: find out where can you configure regional and language options in XP.
Prerequisites: no prerequisites.
Key terms: language, regional, keyboard, format, display
Regional Options
In previous versions of Windows, in order to move between various languages, we had to install separate
packages. Windows XP now allows us to navigate quickly and easily and select which language options we would
like to use. As we go in to the Regional and Language options in Control Panel, we will notice that we have three
tabs of information. First, we have Regional options, then Language options, and then Advanced options.
Image 190.1 - Regional Options
In Regional Options we can define how we want to represent our numbers, currency, time and date. For example,
in United States a common format for representing the date is: mm/dd/yyyy. In Europe a common format for dates
is: dd/mm/yyyy. The same thing is for our currencies. In United States we use commas (1,000 = one thousand),
Utilize Windows XP Basics
17
and in Europe we use decimals to separate thousands (1.000 = one thousand). In addition to having the number
settings, we also have the ability of setting up our location. Our location is used by programs such as Internet
Explorer. This is handy for getting news, weather, etc.
Language Settings
In Language settings we have the ability of selecting a bunch of different languages, as well as Keyboard layouts.
This becomes very handy when we are using our Word processing applications. For example, if we need to
create a document in different languages, we can hot-key between various language inputs. This means that by
using our keyboard, we can quickly switch between letters that we will be typing in and in which format.
Image 190.2 - Language Options
We can also choose to have different keyboard layout. We can have the standard QWERTY keyboard or we can
use, for instance, Dvorak keyboard. Dvorak keyboard has different key layout and it is optimized for efficiency. We
have also additional language support for countries that use right-to-left writing, and we can also add support for
east Asiatic languages. Advanced language options are intended for non-Unicode programs.
Windows can ship in Localized version or in Multi-language version. In both versions we can change date, time,
measurement display, create, view, and edit documents in multiple languages (including East Asian and right-to-
left languages), but we can't display Windows menus and dialogs in multiple languages in Localized versions of
Windows.
Remember
In Regional Options we can define how we want to represent our numbers, currency, time and date. In Language
settings we have the ability of selecting different languages, as well as Keyboard layouts, which comes very
handy when we are using our Word processing applications.
Utilize Windows XP Users and Groups
18
Users and Groups
Manage Users in XP Parent Category: XP
Category: Users and Groups
There are two different ways to manage user accounts in Windows XP. We can use the
User Accounts applet for basic account management, or we can use Local Users and
Groups snap-in for advanced user management.
Before you start
Objectives: learn to create new users, change passwords and edit other properties for existing users. We will
work with local user accounts. For advanced user management go to Local Users and Groups Management.
Prerequisites: before you read about user management, you have to be aware of what a user account actually
is.
Key terms: account, user, password, new user, user management, local user
User Accounts Applet
If the computer is a standalone workstation or a member of a workgroup, we can use the User Accounts applet in
the Control Panel to easily create user accounts and modify user account properties. To open User Accounts
applet go to Start > Control Panel > User Accounts.
Image 167.1 - User Account Applet
The User Accounts applet lists common tasks at the top of the windows, such as Change an account, Create a
new account, and Change the way users log on or off. Accounts are listed at the bottom of the applet.
Creating New Account
Utilize Windows XP Users and Groups
19
To create a new user, we have to click on Create a new account, and we need to type a name for the new user
account.
Image 167.2 - Account Name
On the next window, we will have to choose an account type. We have two options:
Computer administrator - with the administrator account we have the ability to make system wide changes,
create, change and delete accounts, install programs and access all files.
Limited - with the limited account we can only make changes to our own account settings, view files that we have
created and files in Shared Documents folder. We will not always be able to install programs.
Image 167.3 - Account Type
Anders is a computer administrator, so we will choose that option and click on Create Account. Notice that now
we can see Anders Parker's account in the list of the user accounts.
Image 167.4 - Anders Parker Account
User Management
In User Accounts applet we can perform basic user account administration tasks, such as add or delete users,
change passwords and modify account capabilities. To modify properties for specific account, we can select it
Utilize Windows XP Users and Groups
20
from list, or we can click on the Change an account option, and then select an account that we want to change.
In this case we will change the properties for Kim's user account.
Image 167.5 - Kim Verson Account
Notice that Kim Verson's account is configured as Computer administrator, and that it doesn't have a password.
To create a password for this account, click on Create a password.
Image 167.6 - Password Options
We have to type in a new password, and then type it in again to confirm it. We also have to type in a hint for our
password in case we forget it. When we click on Create Password button, Kim Verson will have password
protected user account.
We can also change Kim's account type. We don't want her to be computer administrator anymore. To do that,
let's click on Change the account type option, select Limited option, and click onChange Account Type button.
Utilize Windows XP Users and Groups
21
Image 167.7 - Account Type
Guest Account
To enable Guest account, select Change an account option, and pick a Guest account. In this case, Guest
account is turned off. There aren't many configuration settings that we can change for the Guest account.
Basically, we can just turn it on or off.
Image 167.8 - Guest Account
Logon and Logoff Options
We can also use User Accounts applet to change the way users log on or off to the computer. Notice that
currently we are using the Welcome screen for users to log on to this computer. If we use the Welcome screen for
logging on we will see all user names for accounts that are currently active on our computer. This is not as secure
as traditional log on, because everyone can see all user accounts that are active on the computer. Because of
that, here we can select to use traditional log on method. But, if we do that we will not be able to use Fast User
Switching feature anymore.
Utilize Windows XP Users and Groups
22
Image 167.9 - Logon Options
Local Users and Groups Snap-in
For advanced user account management we will use the Local Users and Groups snap-in which is located in
Computer Management console. We can find the Computer Management console in Administrative Tools (in
Control Panel), or we can right-click on My Computer icon and select Manage option from the pop-up menu.
Either way, the following window appears:
Image 167.10 - Local Users and Groups Snap-in
We have to browse to Local Users and Groups. With this tool we can create users and groups, assign group
membership and manage user and group properties.
Creating New Account
To create a new user account, click on Users folder, then in Action menu select New User... option. We can also
right-click on Users folder, or we can right-click on the right side of the window, where all users are listed, to get
the same option.
Utilize Windows XP Users and Groups
23
Image 167.11 - New User 1
Image 167.12 - New User 2
Now we need to type in the user name. Ally Anderson will use this account, so we will type inaanderson as a
user name, and Ally Anderson as her full name. We need to type in Ally's password too, and then confirm it by
entering it again.
Image 167.13 - New User Menu
By default, user would have to change the password at the next logon, and this is the most secure choice. When
Ally logs on for the first time she will be forced to change her password to something different. In that way only
she will know the password. If we clear the 'User must change password at the next logon' checkbox, we can
select 'User cannot change password' or 'Password never expires' option. We would do that in case if we have
more users that are using the same user account. Here, we can also disable an account if we want to. We would
do that, for example, in a case when a user is not going to use that account right away, or he is not going to use it
for a long time. In this case we will select that a user must change password at the next logon, and we'll click
on Create button to create her account, and click Close to close the New User menu. When we look into the
Users folder, we can see the new account for Ally Anderson.
Utilize Windows XP Users and Groups
24
Image 167.14 - User aanderson
User Management
Using the Local Users and Groups snap-in we can easily edit user settings. For instance, if a user forgets his/her
password, we can easily set new password for him/her. To do that, we right-click the user account and select Set
Password... option.
Image 167.15 - Set New Password
When we select 'Set Password...' option we will get a warning that we should use this feature with caution. This is
because if a user has, for example, encrypted files, he/she won't be able to access them any more.
Image 167.16 - Password Warning
If a user know his password, he should log in, then press CTR+ALT+DEL and then click Change Password. In our
case we will click on Proceed button for now. We need to type in the new password and then confirm it by typing
it again.
Utilize Windows XP Users and Groups
25
Image 167.17 - Set New Password
If we have set up account lockout policy, to three log on attempts for example, then it might happen that the user
account is locked out, because the user entered wrong password too many times. To unlock a user account, we
need to right-click the user account, select Properties, and clear the 'Account is locked out' checkbox. Then, we
have to select 'User must change password at next logon' option. This will force the user to change his password
when he/she logs on again.
We can also easily rename an account. We simply right-click on the account and click Rename. We can also
change the full name by clicking on accounts Properties.
If we know that some user won't log on to the computer for a while, we can disable his account to prevent anyone
to log on using that account. To do that we have to right-click a user account, select Properties, select 'Account is
disabled' option and click on the OK button. You will notice the icon change on the user that we have disabled.
When the user returns we simply clear the 'Account is disabled' option to re-enable the account.
When we create a new account we should always set a password to protect the account. The password should
not be something easy to guess (for example, user name). We should always force the user to change the
password at the next logon. We should also disable accounts that won't be used for a while. If a user leaves and
is replaced by someone else with similar access needs, we should rename the existing account (rather then
deleting the account and creating a new one).
Remember
For user management in XP we can use User Accounts applet or Local Users and Groups snap-in. The User
Accounts applet can be used to change an account, create a new account and change the way users log on or
off. For advanced user account management we will use the Local Users and Groups snap-in.
Utilize Windows XP Users and Groups
26
Group Management in XP Parent Category: XP
Category: Users and Groups
When we start dealing with a lot of users, rather then using individual users to control
access to resources, it is useful to group users because usually many users have the
same requirements. Because of that we need to know how to manage groups. By
default, XP already has some built-in groups.
Before you start
Objectives: learn how create or delete groups and how to manage group membership.
Also you will familiarize yourself with built-in local groups in XP.
Prerequisites: you should know how to manage user accounts in XP.
Key terms: group, membership, user, local, account, member, rights, access.
Local Users and Groups Snap-in
We can manage groups with Local Users and Groups snap-in in Computer Management console. We can
create our own groups or modify existing groups. We can also modify some groups which the system has created
for our usage (we can't modify the SYSTEM, INTERACTIVE, Everyone, and the NETWORK group). Let's say
that we have a shared folder on a network. We want some people to be able to manage files in that shared folder
and other people to be able to only read files in shared folder. In this situation we can create different user groups
and put our users that need to have read rights in one group, and those that need to have read rights in another
group. Then we can assign resource permissions to that particular user groups.
Image 171.1 - Local Users and Groups Snap-in
From this particular screen we have the ability of adding new user groups, modify the membership of the existing
groups, and we also have the ability to delete or rename user groups. To manage group membership, we have to
edit the group properties. To edit group properties, simply right-click the desired group, and select Properties.
Utilize Windows XP Users and Groups
27
Image 171.2 - Right Click On Group
When we get into the group properties, we can use 'Add...' or Remove button to edit group membership. For
example, let's add a user to the Helpdesk group. We have to click on 'Add...' button and the following windows
appears:
Image 171.3 - User Selection
Here we will going to click on 'Advanced...' button to generate a list of users. This computer is not on a domain, so
we can only search for users on a local machine (in this case, on ADMIN-8268F4658). When we are ready, we
can click on Find Now button. The list of local users now appears, as shown below.
Utilize Windows XP Users and Groups
28
Image 171.4 - List of Users
In this case, we will select two users - Kim Verson and wdelmonte. When we are done selecting, we will click on
the OK button, and then on the next window click OK again. Now we can see our two users in the member list of
the Helpdesk group.
Utilize Windows XP Users and Groups
29
Image 171.5 - Helpdesk Group
We can also manage group membership for individual users. To do that, we can go to the user list, right-click on a
particular user, and select Properties. Then we have to go to the "Member Of "tab and add or remove groups that
the user belongs to.
Utilize Windows XP Users and Groups
30
Image 171.7 - Individual User Membership
Create New Group
To create a new group we have to right-click on the group list window and select 'New Group...' option. We have
to provide group name (Developers in our case), and optional, group description. We can also add members to
the group right away by clicking on 'Add...' button. In this case, we will add the anderson user account. When we
are done, we have to click on the Create button to create a group.
Utilize Windows XP Users and Groups
31
Image 171.6 - New Group
Delete Existing Group
To delete a group of users, we have to select a group we want to delete and then click on the Remove button.
When we delete a group from the computer, we don't delete the users that were members of the group. We only
delete the group, and the users stay on the local machine. Removing a user account from a group does not delete
the group or the user account. We can not remove the local Administrator user account from the Administrators
group and Guest user account from the Guests group.
Built-in Groups
Whenever possible, we should use built-in groups to assign rights and permissions. For example, to allow
someone to back up and restore the system, we should make the user account a member of the Backup
Operators group. We should use caution when modifying the default rights and permissions assigned to built-in
groups. When assigning security, we should make user accounts members of groups, then assign the rights or
permissions to the group rather than the user accounts. Built-in local groups are:
Administrators - Members have complete and unrestricted access to the computer, including every system
right. The Administrator user account and any account designated as a "computer administrator" is a member of
this group.
Backup Operators - Members can back up and restore files (regardless of permissions), log on locally, and shut
down the system. Members cannot change security settings.
Guests - Members have limited rights (similar to members of the Users group). Members can shut down the
system.
Users - Members can use the computer but cannot perform system administration tasks and might not be able to
run legacy applications. Members cannot share directories or install printers if the driver is not yet installed.
Members cannot view or modify system files. Any user created with Local Users and Groups is automatically a
member of this group. User accounts designated as "limited user" accounts are members of this group. A user
account created as a "computer administrator" is made a member of this group.
Utilize Windows XP Users and Groups
32
Power Users - Members can create and modify user accounts and local groups. They can remove users from
Power Users, Users and Guests groups. They can change the system date and time, and install applications.
They can not change the membership of the Administrators or Backup Operators groups, take ownership of files,
back up or restore files, load or unload device drivers, and manage security settings.
Windows XP also includes the following local groups:
Network Configuration Operators
Remote Desktop Users
Replicator
In order to participate in one of the groups, a user has to be added to a particular group and they automatically
inherit particular privileges.
Special Built-in Groups
There are also other specific built-in user groups, like the Everyone group. The membership of the Everyone
group is everyone. It's created for simplified access to the resources. We can not modify the membership of the
Everyone group because everyone belongs to it. As we look into original permissions and security settings in
Windows XP, we will notice that the default is always is the Everyone group. The first thing that we will probably
want to do is remove the Everyone group from the list, and add our own groups of users to have access to
particular resources.
Two groups that we should also mention are INTERACTIVE group, and the NETWORKgroup. Let's say that we
have two computers that are linked over computer network. One user is logged on to the particular machine and
is actively using the keyboard, the mouse and looking at the monitor of that particular computer. In that case we
consider that that user is a member of INTERACTIVE group because he is interactive with that computer. It is
important to know where the user comes from. If that user access the resources on some machine on the network
(shared folder), he becomes a member of a NETWORK group.
Sometimes we refer to those groups as implicit groups or special identities. They act as variables to represent
either a set of users or a set of programs running on the computer. The identity and membership of these groups
is dynamically configured, so they are not listed in Local Users and Groups. In many cases, user accounts are
being dynamically made a member of these groups when users perform certain actions (such as logging on or
creating a file). Implicit local groups are:
ANONYMOUS LOGON - Membership is obtained by logging on without a user name and password (anonymous
logon is commonly permitted if the computer is acting as a web server)
AUTHENTICATED USERS - Membership is obtained by logging on with a user name and password
CREATOR GROUP - Membership is obtained by creating an object
CREATOR OWNER - Membership is obtained by creating an object (such as a file)
DIALUP - Membership is obtained by connecting to the computer through a dial-up connection
Everyone - Membership is obtained by gaining access to the computer except through anonymous logon
INTERACTIVE - Membership is obtained by logging on interactively (also called logging on locally) through the
computer console
NETWORK - Membership is obtained by logging on to the computer through a network connection
REMOTE INTERACTIVE LOGON - Membership is obtained by logging on to the computer through a remote
desktop connection
Except the Everyone group, we can recognize these groups because their names are all written in caps.
Remember
We can manage groups with Local Users and Groups snap-in. We can create our own groups or modify existing
groups. To manage group membership, we have to edit the group properties. To create a new group we have to
right-click on the group list window and select 'New Group...' option. To delete a group of users, we have to select
Utilize Windows XP Users and Groups
33
a group we want to delete and then click on the Remove button. Whenever possible, we should use built-in
groups to assign rights and permissions. Administrators have complete and unrestricted access to the computer.
Members of Users group can use the computer but cannot perform system administration tasks. ANONYMOUS
LOGON membership is obtained by logging on without a user name and password. NETWORK membership is
obtained by logging on to the computer through a network. INTERACTIVE membership is obtained by logging on
interactively.
Utilize Windows XP Users and Groups
34
Manage User Profiles in XP Parent Category: XP
Category: Users and Groups
User profiles help us to separate files and settings that belong to different users. Along
with local user profiles, we can also create roaming user profiles or mandatory user
profiles.
Before you start
Objectives: learn where to find user profile, how to create roaming or mandatory profile and how to change target
locations for specific folders.
Prerequisites: you should know what is user profile in general and how to manage user accountsin XP.
Key terms: profile, user, account, documents, ntuser, roaming, mandatory
Profile Location
User profile contains all of our custom settings that we have made to our computer. In Windows XP user profiles
are stored in C:\Documents and Settings\ folder. Inside this directory we will see a folder for each user which
has logged on to the computer.
Image 178.1 - Documents and Settings Folder
If we open a folder for some particular user we will see, among other things, an NTUSER.dat file, which contains
user settings. Specific user files are contained in folders like Desktop, My Documents etc. In the picture below we
can see Administrator profile. Note that hidden files have to be shown to see NTUSER.dat file.
Utilize Windows XP Users and Groups
35
Image 178.2 - Administrator Profile
Types of Profiles
Along with local profile we can also have a Roaming user profile. We would use Roaming profile if we often log
on to multiple computers on the network, and we want our settings to follow us around. Another type of profile that
we can create is the Mandatory user profile. Mandatory profile is a read only profile, so that any changes made
by a user will be lost when they log off.
Create Roaming Profile
To create a roaming profile we have to create a shared folder on some server. In this example, we have created
shared folder called Profiles on a computer named server. The UNC (Universal Naming Convention) path to this
folder is now \\server\profiles\. We will use this path when providing profile path for particular user
(\\server\profiles\%username% syntax).
The next step can be done in two ways. We can either copy existing profile to the network share or we can simply
define new profile path for particular user. If we copy existing user profile to the shared folder, we have to ensure
that the proper permissions are set on that folder, so that only particular user has access to it. In this case we
would set the user profile path to that particular directory. To do that we can go to the Computer Management,
then Local Users and Groups, Users folder, right-click on particular user and then select the Profile tab. In our
example we have copied existing user folder for anderson user account. On the picture below, notice that we
have changed the profile path for that particular user.
Utilize Windows XP Users and Groups
36
Image 178.3 - Profile Path
Another option is that we only set the profile path (without copying user profile to the shared folder). In this case
system will automatically create new user profile on a shared folder when a user logs on to the computer. That's
because no user profile for that user account will exit on that location.
Create Mandatory Profile
The first step in specifying the mandatory profile is to create a profile that will be shared by multiple users. In our
case we will create a user account named Students.
Utilize Windows XP Users and Groups
37
Image 178.4 - Students User Account
Next thing we need to do is to log on to the system using the Students user account and make the appropriate
changes. After we configure all the settings we want, we have to log off from the Students account and then log
on using some other account with administrative privileges (Administrator in our case). The next step in
configuring a mandatory profile is to save it to a central location. Let's go to the Start Menu, right-click My
Computer and select Properties to open system properties. Now, we will go to the Advanced tab, and under User
Profiles section we will click on the Settings button. In this window we can see all profiles that are currently saved
on the system.
Image 178.5 - List of User Profiles
We are currently logged on as Administrator so we can not copy or delete this particular user profile. This is why
we have created different user account that we will be using as a mandatory user account. Now, we want to copy
Students profile, so we will select that account, and then clickCopy To button. We have already created a folder
in which we will save this profile, so we will click on Browse button, navigate to the C:\MandatoryProfile folder,
and click on the OK button. Now , we have to change permissions for this user profile, so we have to click on the
Change button in 'Permitted to use' section. Normally, profile is used by a single user, but this profile is going to
be used by multiple users, so we will give the Everyone group permission to use this profile.
Utilize Windows XP Users and Groups
38
Image 178.6 - Copy Profile
The next step is to make that profile a read-only profile. To do that, we will browse to the C:\MandatoryProfile\
folder and rename the NTUSER.dat to NTUSER.man. This makes it a mandatory profile. If you don't see
NTUSER.dat file, it's because it's hidden by default. In that case, we have to select 'Show hidden files and
folders' in Folder Options menu.
Image 178.7 - Renaming NTUSER file
The final step is to configure local user account to use the mandatory profile (Students in our case). Let's go back
to Computer Management, and Users folder under Local Users and Groups. We right-click on the Students
user, select Properties option, go to the Profile tab, and enter the Profile path, which is in our case
C:\MandatoryProfile.
Utilize Windows XP Users and Groups
39
Image 178.8 - Students Profile Path
We can point any other user to use that same mandatory profile, at the same time. We don't have to create a
separate mandatory profile for different user accounts (but we can if we want to).
Create Custom Default Profile
The Default User profile is used to create a new profile for users who have never logged on to the machine
before. To create a custom default profile we have to begin by logging in with some random user account (in our
case we will use IMadruga account), and make changes that we want to be available for all new users. When we
make changes to user profile, we will copy that profile to the Default User location. Let's go to the Start Menu,
right-click My Computer, select Properties to open System Properties, go to the Advanced tab, and
under User Profiles click on the Settings button. Now we will copy the IMadruga user profile, so we will select it
and click the Copy To button. We have to select the new location for our user profile and in this case, we will
navigate to theC:\Documents and Settings\Default User\ folder, because we want this profile to be used as the
default user profile.
Image 178.9 - Copy to Default User Location
Utilize Windows XP Users and Groups
40
When we click the OK button, we have to change the permissions for default user profile. We want everyone to be
able to use this profile, so we will select the Everyone group. We have to keep in mind that the old default profile
is now overwritten. If we wanted to save old settings, we should have backed it up. Now, whenever a new user
logs on to this particular machine, he will get our newly defined default user settings.
Redirect Folders
XP creates My Documents folder for each user account. This folder is used to store files saved by the user. Let's
take a look to the properties of My Documents. We will right-click it and select the Properties option.
Image 178.9 - Target Location for My Documents Folder
Notice the target location. This My Documents folder is located on the C drive, in Administrator profile folder. If we
want to, we can change or move the location of My Documents folder, even to a network path. Moving My
Documents folder is useful for data protection or for easier backup.
End users can only redirect the following folders: My Documents, My Music, My Pictures, and My Videos. Group
Policy can only redirect the following folders: Application Data, Desktop, My Documents, My Music, My Pictures,
My Videos, and Start Menu. We can use the %username% variable to redirect folders to unique parent folders
based on user name. When we redirect folders, the default is to copy the existing folder contents to the new
location. Redirecting folders does not delete the existing folder or prevent data from being stored in the folder. It
only redirects the shortcut that points to the target folder. By default, users are given the necessary permissions to
manage their redirected folders.
Remember
NTUSER.dat file is hidden by default. Roaming profile is saved on a network share. To create a roaming profile
we can simply change the path of the profile to point to the network share, and the system will create new,
roaming profile for that particular user. To create a mandatory profile we have to rename the NTUSER.dat file to
NTUSER.man, which will make it a read-only profile. Everyone must have permisions to access the Default
profile. We can change target location for specific folders like My Documents, Desktop etc.
Paths that are mentioned in this article
C:\Documents and Settings\ - folder in which all user profiles are located by default
\\server\profiles\ - shared folder which was used to save roaming user profile
C:\MandatoryProfile - folder which we used to create mandatory profile
C:\Documents and Settings\Default User\ - path to the defualt user profile
Utilize Windows XP Users and Groups
41
User Rights and Group Policy in XP Parent Category: XP
Category: Users and Groups
User rights define special local system actions that are permitted for specific users and
groups. To add or remove rights for users and groups we can use Group Policy editor.
Before you start
Objectives: learn how can you confgure user rights trough Group Policy editor.
Prerequisites: you should know what is Group Policy.
Key terms: policy, user, group, rights, assignment, editor, security
User Rights Assignment
We can open GP editor through Run menu by typing in gpedit.msc and clicking on the OK button. This opens
Group Policy editor for local computer. Next, we have to navigate to the Computer Configuration, Windows
Settings, Security Settings, Local Policies, and then User Rights Assignment.
Image 183.1 - User Rights Assignment Section
Let's find and open the 'Change the system time' policy. Notice that Administrators and Power Users can currently
change time on the system.
Utilize Windows XP Users and Groups
42
Image 183.2 - Change the system time Policy
Let's remove the Power Users from this list, so that only administrators can change the system time. Let's add
Power Users the right to Debug programs. We will open 'Debug programs' policy, click 'Add User or Group...'
button, and look for the Power Users group. Before we can reach groups, we have to select Groups option in the
Object Types section.
Utilize Windows XP Users and Groups
43
Image 183.3 - Object Types
When we are finished, we can click on the OK button to exit this policy. Power Users will now be able to debug
programs.
As you can see, we have a lot of options for setting up user rights. Remember that we can do this for any user or
group that we create.
Utilize Windows XP Hardware
44
Hardware
Devices in XP Parent Category: XP
Category: Hardware
We can use Device Manager to view and configure computer hardware. The Device
Manager MMC is included as a part of a Computer Management console.
Before you start
Objectives: learn how to use Device Manager to check installed devices, and how to
add non-plug and play devices using Add New Hardware wizard.
Prerequisites: you should know about devices in Windows in general.
Key terms: device, hardware, manager, wizard, computer, resources
Device Manager
To open Device Manager, click Start, right-click My Computer, and select Manage to open up the Computer
Management. Then, browse to the Device Manager under System Tools. We can also open Device Manager as a
standalone console. Again, let's go to the Start menu, right-click My Computer, but this time select Properties to
open system properties. Then go to the Hardware tab, and click on the Device Manager button.
Image 199.1 - Device Manager
Notice that devices are organized in a tree view, by type. So, for example, if we look at Display adapters, we can
see the video card on this machine. We can also use the View menu to change the organization. Organization
can be 'Devices by type' or 'Devices by connection', or we can look 'Resources by type' or 'Resources by
connection'. We can also show hidden devices. If we select this option we will also see Non-Plug and Play drivers
as well as printers, in our tree view.
Utilize Windows XP Hardware
45
We can use the device icons to view and manage our devices. For example, let's look at the properties of the
COM port COM1. Right-click the device and open its properties.
Image 199.2 - COM1 Properties
Device properties typically have a General and a Driver tab. The General tab gives us the device status. For
example, COM1 port in our case is working properly. If we are having problems, we can run the Troubleshooter
by clicking on the 'Troubleshoot...' button to get more information on how to solve our problem. On the Driver tab,
we can see driver details or we can update, roll back, or un-install our drivers. Many devices also have
a Resources tab. Here we can configure resources such as IRQs and I/O ranges. Keep in mind that we don't
usually configure resources for Plug and Play devices. Also, depending on the hardware device, we may have
other tabs. For example, there is a Port Settings tab on COM1 device. These are typical settings that we can
configure for a COM port. Different type of device would have different tabs.
If a device is no longer used on our computer, begin by physically removing the device. In most cases, Windows
will detect that the hardware no longer exists, and it will remove the corresponding icon in the Device Manager. If
the icon remains after the hardware is removed, we can right-click the icon and select Uninstall option. This
uninstalls the device from the computer. If the device is no longer used, and it can not be physically removed, we
can use the Disable option instead. For example, suppose that we have a network card that's integrated on the
motherboard, but we have installed a new network adapter and we don't want to use the integrated NIC. In this
case, we can use the Disable option to prevent the integrated network adapter from being used by Windows.
Although the device still appears in the Device Manager, it can no longer be used.
Troubleshooting
Most hardware devices are Plug and Play devices, and they will be automatically installed and configured on
windows. If windows does not detect the device, or the device is not fully installed, we can use the Add Hardware
Wizard to manually install it. Let's go to the Start Menu > Control Panel > Add Hardware Wizard.
Utilize Windows XP Hardware
46
Image 199.3 - Add Hardware Wizard
Take a look at the warning message here. If we have an installation CD, we should use it rather than this wizard.
Let's click next. At this point wizard is doing the plug and play search, similar to Scan for new devices in Device
Manager. Now we need to answer a question. Have we already connected the hardware or not? If we select the
No option, the wizard finishes and prompts us to connect the device. Let's select the Yes option and click Next. At
this point we get a list of installed devices, and if we scroll down all the way, we can select the 'Add a new
hardware device' option. We will select that option and click Next.
Utilize Windows XP Hardware
47
Image 199.4 - New Device Option
Next, we can choose from two options. If we choose the first option, computer will search and install the hardware
automatically. This search is more extensive than the previous search. It will search for detectable legacy or
detectable non-plug and play devices. We can also select the device from the list. To do that, we have to select
the second option and click Next. First we have to select the device category and then click Next. Now we have to
select the manufacturer and the model. After we made all of the selections, and provided all of the resources
settings, our new device should be up and running, and also visible in Device Manager.
Remember
We can use Device Manager to check our devices. Many devices in Device Manager will have options for
resources utilization. Resources are things such as IRQs and I/O ranges. Keep in mind that we don't usually
configure resources for Plug and Play devices. If some device is no longer used, but we can't remove it physically,
we can disable it in Device Manager. If windows does not detect newly added device, or the device is not fully
installed, we can use the Add Hardware Wizard to manually install it.
Paths that are mentioned in this article
Start Menu > Control Panel > Add Hardware Wizard - path to the Add Hardware wizard
Utilize Windows XP Hardware
48
Quality of Drivers in XP Parent Category: XP
Category: Hardware
Since device drivers can cause system instability and contain malicious code, Microsoft
provided several ways to check the integrity of the drivers in XP.
Before you start
Objectives: learn how to check that drivers are compatible with XP, and how to use
available tools to check that drivers are signed (sigverif, driverquery, sfc).
Prerequisites: you have to know what drivers are.
Key terms: driver, system, signed, check, tool, verification, signature
Quality of Drivers
There is a lot of concern about the quality of the drivers because they can cause system instability or they can
contain viruses. Because of that Microsoft came up with a way to help us ensure the quality and compatibility of
the device drivers on our system. This feature is known as Driver Signing. Driver signing is intended to ensure
that the device software is compatible with Windows XP and to ensure that nobody has tampered with the drivers
(that nobody inserted malicious code).
Since not all hardware manufacturers are on board with the Driver Signing, it becomes important for us to be able
to allow or deny the unsigned driver to be installed on the system. In XP, Microsoft provided us with three levels of
control for installation of unsigned drivers. These levels are Block,Warn and Ignore. To manage this settings, go
to the Start Menu, right-click My Computer, select Properties, go to the Hardware tab and then click on Driver
Signing.
Image 207.1 - Driver Signing Options
Block level will block the installation of any unsigned driver to the system. This will ensure that drivers are always
compatible with the system, and that our drivers don't have any viruses. The negative side of this is that many
manufacturers are not on board with driver signing, so if we want to use the latest drivers, they may not be
available. The Warn level will give us a warning when we try to install an unsigned driver. The criteria here is do
Utilize Windows XP Hardware
49
we trust the source where we got our driver from. The Ignore level will simply install all the drivers without
prompting us for our approval. Of course, we would recommend that the Warn level is enabled at least.
We can make any of this level the default setting through out our system. To do that simply check the 'Make this
action the system default' option. Another way to enforce driver signing is through GPOs. We can do this either at
the local level, or at the domain level, which makes it easy to manage driver signing through out our organization.
Group membership can also have a little bit of control over driver signing as well. Remember, only members of
the Power User group (and up) have the ability of installing software. As a result of that, only Power Users and
Administrators can install drivers.
Driver Verification Tools
Microsoft also provided useful tools to check if the drivers are signed. The first one of these tools isSigverif.exe,
which is used to check if files are signed or not. Another utility that we can use isDriverquery.exe which enables
us to check existing drivers on the system (it is command line tool, so use '/si' switch to check driver signing).
Another utility that we can use is Msinfo32.exe, which can show us information for all our drivers (like dates,
manufacturers, and also if they are signed or not). Another command line utility that we can use is Sfc.exe.
Normally, Sfc.exe allows us to check the system files and verify their integrity. The thing is, sometimes drivers can
overwrite key system files. We can use Sfc.exe /scannow command to see if our system files have been
overwritten or become corrupted when we installed new drivers, especially when we installed unsigned drivers.
File Signature Verification Tool (sigverif)
The first tool is File Signature Verification tool. Let's go to the Run command, type in 'sigverif', and click the OK
button to run the File Signature Verification tool. By default, this tool checks all system files in the Windows
directory. To limit this search a little bit, click on Advanced , and browse toSystem32, and select 'drivers' folder.
This will limit the search to the drivers folder and its sub-folders (if we check the 'Include sub-folders' option). Click
'Start' to start the file signature verification process.
Image 207.2 - File Verification
In our case, all our files are verified as digitally signed. In other case, this tool would show us a list of unsigned
files.
Driver Query
Another way we can verify digital signatures for driver files is through the Driver Query program. To run this
program, we need to go to the Run command and open the Command Prompt. To do that, type in 'cmd' in Run
Utilize Windows XP Hardware
50
menu and click OK button. Next, we need to type in 'driverquery', and then provide the '/si' switch. The '/si' switch
reports back the signature status.
Image 207.3 - Driverquery Result
As you can see, we have a column named 'IsSigned'. If we look down, in our case all our drivers are signed.
Here we can see exactly which device does not have a signed driver.
MSINFO32
Another tool that we can use to find the same information is 'msinfo32'. Again, we will go to the Run command,
type in 'msinfo32', and click the OK button. Now, we need to browse to the Software Environment, and
then Signed Drivers section.
Image 207.4 - Signed Drivers in System Information
In this window we can sort drivers by the Signed column, so that we can see unsigned drivers first.
Remember
Driver signing is intended to ensure that the device software is compatible with Windows XP and to ensure that
nobody has tampered with the drivers. In XP, Microsoft provided us with three levels of control for installation of
Utilize Windows XP Hardware
51
unsigned drivers. These levels are Block, Warn and Ignore. To verify drivers we can use these tools: sigverif,
driverquery (in CLI), msinfo32 and sfc (CLI).
Utilize Windows XP Hardware
52
Power Options in XP Parent Category: XP
Category: Hardware
Windows XP supports two types of power management. Those are Advanced Power
Management (APM) and Advanced Configuration Power Interface (ACPI).
Before you start
Objectives: learn how to configure power options on XP machine
Prerequisites: no prerequisites.
Key terms: power, scheme, option, acpi, conserve, advanced, battery
APM vs ACPI
Advanced Power Management (APM) is Microsoft's first attempt to do power management. All power options
were set in the BIOS and the BIOS controlled the shutting down of devices. This was very simplistic and it really
did not help a lot. As a result of that, Microsoft developed the Advanced Configuration Power Interface
(ACPI). Some of the advantages that ACPI brought is that Windows is in charge of power management now. This
gives us more flexibility when controlling power options. ACPI enables us to control power options for each
individual device. We can use Device Manager to set power options for individual devices. Also, some devices
can send a signal that will wake up the rest of the system for us. ACPI enabled us functionalities like Hibernation
and Standby. ACPI comes with a specialized Hardware Abstraction Layer (HAL). We can install this HAL only if
the BIOS supports the ACPI management.
Power Schemes
Windows XP introduced Power schemes which we can use to quickly set the appropriate power options. For
example, one of the Power schemes can be for Home/Office Desk. In our Home/Office default settings is that
after 20 minutes of inactivity system automatically powers off our monitor. This makes us Green Star compliant
and it allows us to conserve power, which is very important. Presentation Power scheme is used when we don't
want our computer to power off at all. In Presentation scheme everything is always on. This allows the presenter
to continue to talk without worrying that the computer will hibernate or go into the Standby mode. Another
interesting power scheme is Portable/Laptop scheme.This scheme will shut down various devices based on
inactivity to preserve battery power. For example, system will shut down monitor after 15 minutes by default, hard
drive after 30 minutes and after some determined idle time, other additional devices as well. Of course, we can
edit these Power schemes to further conserve power.
Example Configuration
We can change the way that our computer uses power. This is useful if we want to conserve energy, prolong the
battery life of the portable computer or configure a UPS. To customize Power Options let's go to the Start Menu >
Control Panel > Power Options. We will start by looking at the Power Schemes tab.
Utilize Windows XP Hardware
53
Image 212.1 - Power Schemes
Here we can configure the computer to turn off the monitor or hard disks when the computer has been idle for a
while. Notice that for the Home/Office Desk scheme, monitor will be turned off after 20 minutes by default, but
hard disks will not be turned off. Let's say that this computer is a laptop, so we will want to select the scheme
which will conserve the battery. If we change the scheme to the Portable/Laptop, our monitor will be turned off
after 15 minutes and hard disks after 30 minutes, by default. We can edit the scheme to further conserve power.
To do that, just choose different option from 'Turn of monitor' drop-down menu or from 'Turn of hard disks' drop-
down menu. If we are doing a presentation, we should change to the Presentation power scheme, so that our
computer can always be on. The Presentation scheme is different from Always On scheme. In Always On
scheme, by default, monitor will turn off after 20 minutes, while in Presentation scheme everything is always
on. Let's go to the Advanced tab.
Utilize Windows XP Hardware
54
Image 212.2 - Advanced Tab
In Advanced tab we can set the 'Prompt for password when computer resumes from standby' option which is very
useful setting. Here, we can also set the power button options. We can configure what will happen when we press
the power button on our computer. We can configure it to shut down, do nothing or to ask us what to do. Let's
take a look at the Hibernate tab.
Utilize Windows XP Hardware
55
Image 212.3 - Hibernation Tab
Notice that hibernation is not enabled on this machine. When our computer hibernates, it stores all the memory
content to the hard disk and then shuts down the computer. Hibernation will use as much disk space as we have
RAM installed on our machine. Let's look at the UPS tab.
Utilize Windows XP Hardware
56
Image 212.4 - UPS Tab
If this computer was connected to a UPS, we would use the 'Select...' button to identify the UPS.
Remember
We can change the way that our computer uses power. This is useful if we want to conserve energy, prolong the
battery life of the portable computer or configure a UPS.
Utilize Windows XP Hardware
57
Hardware Profiles in XP Parent Category: XP
Category: Hardware
Windows XP enables us to create different hardware profiles so that we can
automatically run or disable various hardware devices, depending on the situation we are
in.
Before you start
Objectives: learn what is Hardware Profile and how to create and configure new Hardware Profiles.
Prerequisites: no prerequisites.
Key terms: hardware, device, profile, boot, menu, manager, system
Hardware Profile
A hardware profile is a set of instructions that tells Windows which devices to start when we power on our
computer. Most common usage is on laptop computers. Usually, portable computers are used in a variety of
locations and hardware profiles let us change which devices our computer uses when we move it from location to
location. When we first install Windows XP, a hardware profile named Profile 1 is created. By default, every
device that is installed on our computer is enabled in the Profile 1 hardware profile. For laptop computers, the
default profile is namedDocked Profile or Undocked Profile. Windows XP will automatically detect Docked and
Undocked states, and create two different profiles for us to be able to use.
If there is more than one hardware profile on our computer, we can designate a default profile that is used every
time we start our computer. Windows can also prompt us for which profile to use when we start our computer.
After we create a hardware profile, we can use Device Manager to disable and enable devices that are in that
particular profile. When we disable a device in a hardware profile, the device drivers for the device are not loaded
when we start our computer with that profile. For example, if we have a laptop computer, we can create one
profile for when the laptop is connected to the company network and another profile for when the laptop is at
another location. This allows us to control which devices we want to use in particular situations.
To create a custom hardware profile, we have to go to the Hardware Profile Manager. To create new hardware
profile, we have to copy an existing profile. Once we copy an existing profile, we have to reboot our computer so
we can select our new hardware profile during boot up. Once we boot up using new hardware profile, we will go to
the Device Manager where we have to disable or enable the devices for the current profile. From that point on,
every time we reboot we will have a choice of which Hardware Profile we want to utilize. This makes it very easy
to utilize many different types of devices without always using Device Manager to configure them.
We also have the ability to organize which profiles get listed first on the Hardware Profile menu. In our Hardware
Profile Manager we have little arrow buttons on the side of the screen that allow us to move profiles up and down
on the list. The first profile on the list becomes the default profile. In addition to that, we can also set the system
timer which is by default set to 30 seconds. If we don't make a selection during that time, Windows will boot up
using default hardware profile. This setting is editable, and many users like to adjust this system timer so that they
don't see hardware profile menu for such a long time during boot up process. Some users like to hide the boot
menu all together. To do that, we have to set the system timer to 0 (zero). In this case, if we need to have the
Hardware Profile menu brought up, all we need to do is press the space bar during the boot process which will
bring the Hardware Profile menu. Then we can make our selection.
We can also hide the Profile items out of the menu if we desire. This makes the menu a little easier to see. In
order to do that we have to choose to include particular profiles by checking the 'Always include this profile as an
option when Windows starts' check box. By checking that option that particular profile will always be available on
Utilize Windows XP Hardware
58
the hardware profile menu. If we remove the check, we can hide that particular profile. Once again, by pressing
the space bar we will be able to see all options, so we can make the proper choice.
Example Configuration
We must be logged on as an Administrator or a member of the Administrators group to complete this procedure. If
the computer is connected to a network, network policy settings may also prevent us from completing this
procedure. Let's go to the Start Menu, right-click My Computer and select Properties to open System properties
(we can also open System properties from the Control Panel). Now, go to the Hardware tab and click 'Hardware
Profiles' button. This following screen appears:
Image 213.1 - Hardware Profiles
To create a new hardware profile, we will simply copy an existing profile. Notice that 'Profile 1' is currently
selected so we will click the Copy button and give the copied profile a new name. In this case the name will be
'Work'. We will click OK and now we want to rename 'Profile 1' profile. To do that, we have to select 'Profile 1' and
click on the Rename button. In this case we will rename it to 'Home'.
Image 213.2 - New Profile
Utilize Windows XP Hardware
59
If the computer is a laptop computer, we can easily identify the 'docked' or 'undocked' state of the computer by
editing the profile properties. To do that, select some profile and then click on the Properties button. First, we
have to check the 'This is a portable computer' option. Now, we can select 'The computer is undocked' or 'The
computer is docked' option. In this case, for Work profile, we will select the 'The computer is undocked' because
at work, we don't use docking station.
Image 213.3 - Portable Computer Options
We can also use Device Manager to specifically modify the hardware configuration of particular profile. When we
open Device Manager, we are editing the current hardware profile. If we want to use Device Manager to edit
some other profile, we need to reboot our computer and select the profile we want to manage.
Image 213.4 - Hardware Profiles Selection
Utilize Windows XP Hardware
60
In this case, we have selected our new hardware profile, the Work profile. Now, let's open Device Manager to edit
our new profile. In this example we will disable the COM ports because we don't use serial devices at work. To do
that, right-click the Communication Port (there are two of them in our example), open its properties and then
under 'Device usage' select 'Do not use this device in the current hardware profile (disabled)' option.
Image 213.5 - COM Device Usage
Let's go back to Hardware Profiles to make boot configuration choices. Under 'Available hardware profiles' we can
move the profile to the top to make it the default profile selected during boot up. If the computer is at the office
more than it is at home, we should move the Work profile to the top to make it the default boot profile. Notice that
the Work profile is now at the top of the list which means that it is the default profile.
Utilize Windows XP Hardware
61
Image 213.6 - Default Hardware Profile
Under 'Hardware profiles selection' we can configure our system to wait until a hardware profile has been
selected automatically. The default value is 30 seconds which means that if we don't make a choice during that
time, the system will automatically boot after 30 seconds using the profile that is first on the list. If we want to skip
the choice screen, we can change the wait period to zero seconds.
Remember
A hardware profile is a set of instructions that tells Windows which devices to start when we power on our
computer. To create new hardware profile we have to copy an existing profile.
Utilize Windows XP Networking
62
Networking
Manage Network Components in XP Parent Category: XP
Category: Networking
To create a network connection we have to have a network device installed which will
then use different protocols to establish a connection on the computer network. In
Windows we can use different networking protocols, services and clients, which are
independent from the hardware itself because of the standardization.
Before you start
Objectives: learn where to find and how to manage various networking components in XP
Prerequisites: to read about network connections in general check out the article Required Parameters for
Network Connection
Key terms: component, network, connection, service, manage, properties, protocol, client
Networking Components
After we attach our network device, for example Network Interface Card (NIC), to our computer, and after we
install appropriate drivers, we need to create a network connection. In order for that network connection to work
we need to use network components, which are protocols, services and clients. Every networking device will have
some networking components bound to it. The concept of binding is to associate either a service or a protocol to a
connection or to a particular piece of hardware.To manage network components in XP, go to Control Panel, then
Network Connections, select particular connection, right-click it, and go to its properties.
Utilize Windows XP Networking
63
Image 214.1 - Network Components
Here we can customize how our computer communicates on the network by adding and removing various
network components. To add a component click 'Install' button, and select the type of a network component. In
our case we will select 'Protocol' and then select IPv6, so that our machine will be ready if we move to the IPv6
enabled network.
Image 214.2 - Component Type
Utilize Windows XP Networking
64
Image 214.3 - Protocol Selection
Now let's take a look at the items that were actually installed.
Image 214.4 - IPv6 Added
As you can see, the 'Microsoft TCP/IP version 6' was installed successfully. Now we'll install a service. Click
'Install', select 'Service' this time, and click 'Add'.
Image 214.5 - Service Component
Utilize Windows XP Networking
65
We want to install the 'Service Advertising Protocol' so we'll select it and click OK again.
Image 214.6 - Service Advertising Protocol
In most cases, when we install networking component, it is automatically enabled for use by all network
connections for which the component is valid. To remove networking components from the computer, open the
properties for connection, select the component, and click 'Uninstall' button. In this case, let's remove the 'QOS
Packet Scheduler'.
Image 214.7 - Component Uninstall
Utilize Windows XP Networking
66
Click Yes to confirm. Keep in mind that the component is removed for all connections, not just the connection
we're currently editing. To disable a component on a specific connection, we will go to its properties, and use the
check boxes.
Image 214.8 - Disable Component
We do not want to use the 'Uninstall' button in the situation where we want to disable particular component for
particular device, as this will remove the component from all adapters.
Remember
Networking components can be protocols, services and clients. We can customize how our computer
communicates on the network by adding and removing various network components. If we want to uninstall
component for all connections we can use the 'Uninstall' button. If we want to disable particular component for
particular connection we should use the appropriate check box.
Utilize Windows XP Networking
67
TCP/IP Settings in XP Parent Category: XP
Category: Networking
The most commonly used networking protocol in the Microsoft environment is a protocol
known as Transmission Control Protocol and Internet Protocol, which we commonly call
the TCP/IP. At bare minimum, TCP/IP requires that we configure an IP address and the
Subnet mask for our host.
Before you start
Objectives: learn how to enter static TCP/IP configuration on XP machine and which tools can be used to
troubleshoot connectivity.
Prerequisites: you should know what parameters should be entered for network connection. Also, you should
know what is IP address and what is MAC address.
Key terms: address, ip, default, server, gateway, network, tcp, apipa, configuration, ipconfig, alternate, dns, local,
protocol
Entering Information
Along with the IP address and the Subnet Mask, we can also enter information about Default Gateway and DNS
server. There are two ways of entering all this information. The first way is manual entry, and we call that Static
Configuration. The second way of entering this information is using Automatic Configuration. For automatic
configuration we use a service called Dynamic Host Configuration Protocol (DHCP). If the client is configured to
use DHCP for configuration, but is unable to contact one, it will configure itself. This means that it will use the
function called the Automatic Private IP Addressing, or APIPA. The APIPA network address is 169.254.0.0, so it
is easy to tell if the computer is using APIPA.
To configure basic TCP/IP settings, open the Control Panel, and open Network Connections.
Image 229.1 - Network Connections
By default, Windows XP will configure the connection to use TCP/IP. To edit TCP/IP settings, right-click the Local
Area Connection and open its properties. Select the Internet Protocol (TCP/IP), and then click the Properties
button.
Utilize Windows XP Networking
68
Image 229.2 - Internet Protocol Selected
Utilize Windows XP Networking
69
Image 229.3 - Internet Protocol Properties
By default, TCP/IP is configured to receive both the IP address and the DNS server address from a DHCP server.
Let's change that to static configuration. First, we must check the 'Use the following IP address' option. Then,
we will enter 192.168.1.70 as our IP address. The Subnet mask will be 255.255.255.0, and the Default gateway
will be 192.168.1.1. In order for the Default Gateway to be valid, it needs to be on the same subnet as the IP
address. In this example notice that the IP address and the Default Gateway are both on the network 192.168.1.0.
DNS server will be the same as our Default gateway.
Utilize Windows XP Networking
70
Image 229.4 - Static Configuration
We can manually enter DNS server, while the IP address can still be assigned automatically. Also notice that we
can't get a DNS server address automatically if we are using static IP address. DNS servers don't need to be on
the same subnet as the IP address, but they do need to be accessible through the Default Gateway.
Windows XP includes a new feature that lets us configure an alternate IP address for connection. This alternate
address is used when the computer cannot contact a DHCP server for its address. We can use the alternate IP
address for computers that connect to networks without a DHCP server, or to configure a backup IP address in
case the DHCP server goes down. To edit alternate settings for TCP/IP, click on the Alternate Configuration tab in
Internet Protocol Properties.
Utilize Windows XP Networking
71
Image 229.5 - Alternate Configuration Tab
By default, our computer is configured to use Automatic Private IP Addressing (APIPA). Let's imagine that our
computer will connect to two different networks, one with DHCP, and one without DHCP server. If the computer
can't find DHCP, it will self configure it self using an Automatic Private IP Addressing scheme (APIPA). The
default network address for APIPA is 169.254.0.0. Sometimes APIPA is not desirable, because we may be using
some services that require that we use static or predefined IP address. To avoid APIPA we can set Alternate
Configuration for TCP/IP.
First, we have to select 'User configured' option. In this case, for alternate configuration we will set 172.16.0.10
as IP address, 255.255.0.0 as Subnet Mask, 172.16.0.1 as our Default gateway. Preferred DNS server will be the
same as our Default Gateway.
Utilize Windows XP Networking
72
Image 229.6 - Alternate Configuration Configured
Now, when the computer boots and cannot contact a DHCP server, it will use the manually configured alternate
address.
Address Resolution Protocol (ARP)
IP address is used to transfer data between various networks and MAC address is used by network devices to
communicate on the local network. The bond between the IP address and the MAC address is made trough the
Address Resolution Protocol (ARP). The function of the ARP is to take the IP address and link it to the physical
address (MAC address) of our particular device. Every network interface card is assigned a hardware address. To
check ARP settings, go to the CMD, and type the arp /a command.
Image 229.7 - ARP Cache
Using that command we can see the content of our ARP cache. We can see the IP address and the Mac
addresses of every computer that we've talked to. The cache stores this information for total of two minutes. If we
Utilize Windows XP Networking
73
reuse that information inside of the two minutes, the information is kept for ten minutes. After ten minutes,
information is purged form cache.
Troubleshooting
There are several tools that we can use to troubleshoot connectivity problems in Windows XP. The first tool is
ipconfig utility.
IPCONFIG
To use ipconfig, first we have to open command prompt. Then we can type in ipconfig. We can also use switches
with that command, and the most common used switch with ipconfig is '/all'.
Image 229.8 - IPCONFIG /ALL
Using ipconfig tool we can verify our IP address, Subnet mask, Default Gateway, etc. If we use DHCP, and we
have some problems, we can try and use the 'ipconfig /renew' command to try and renew the IP address from
the DHCP server. If this does not help, we'll need to do additional troubleshooting to find out exactly what is
wrong. If we see an IP address of 169.254.0.0 network, then we know that the DHCP was not available, and that
our computer used APIPA for auto configuration.
PING
The other tool we can use is Packet Internet Groper or 'PING'. This tool allows us to send small packets to
particular machine to see if it will respond back to us. Microsoft recommends the following order for using the
PING. First we should test the Loopback Address which is 127.0.0.1. By pinging this address we are checking
that the TCP/IP protocol stack is properly installed. The next address to ping is the local IP address assigned to
the machine. This ensures that the communication to our NIC is possible. If we have done ipconfig, and if it was
successful, the ipconfig already did the same two steps that we mentioned. The next step is to check the
communication with local hosts. To do that, we can ping the Default Gateway since it is also on the local network.
By pinging Default Gateway we check that our local network is up and running. The next ting to do is to ping
remote hosts. In this case we are checking the connectivity between the Default Gateway and the remote host. If
this is was not successful, we know that we have problem with our Router.
Utilize Windows XP Networking
74
Image 229.9 - PING
TRACERT
Another tool we can use is tracert (trace route). By typing in tracert and then the destination IP address or host
name, we can see the route that our computer will take in order to communicate with the destination. We will see
all the Routers that we will use in order to get to destination, and also we will see the the responsiveness from all
those particular Routers.
Image 229.10 - TRACERT
PATHPING
To get more even more information we can use the 'pathping' tool. This tool is a combination of 'tracert' an 'ping',
and it enables us to see how fast particular Routers respond back to us. We will also be able to see the entire
route taken from our computer to the destination computer.
Utilize Windows XP Networking
75
Image 229.11 - PATHPING
Using these tools we can see which Router is causing problems. In the example above, we can see that our
Internet Service Provider is using firewall to prevent pathping requests being made. We know that because there
are '*' at the third hop (after our Default Gateway).
Remember
When configuring TCP/IP settings, we have to enter IP and Subnet Mask at minimum. For full connectivity we
should also enter Default Gateway Address and DNS server address. By default, XP will configure our connection
to use DHCP. If the DHCP server can't be contacted, it will use APIPA. We can also configure alternate IP
address, in which case APIPA will not be used. ARP is used to take the IP address and link it to the physical
address (MAC address) of our particular device. We can use IPCONFIG /ALL command to check our TCP/IP
settings. We can use PING tools to check connectivity with another host. We can use TRACERT command to
check the route that our computer will take.
Commands that are mentioned in this article
Commands are entered in CMD.
arp /a - display ARP cache
ipconfig /all - verify IP configuration
ipconfig /renew - renew the IP address from the DHCP server
ping - test a network connection
tracert - check the route to the destination
pathping - trace route and provide network latency and packet loss
Utilize Windows XP Networking
76
Configure DNS in XP Parent Category: XP
Category: Networking
Computers use IP addresses to communicate, but for humans it is easier to refer to
devices using their names. Solution to this problem is Domain Name Service or DNS.
DNS is used to resolve names to IP addresses.
Before you start
Objectives: learn where can you configure advanced DNS settings in XP.
Prerequisites: no prerequisites.
Key terms: dns, name, ip, server, wins, address, domain, netbios, resolution
DNS Usage
When we look at some IP address, we see four octets (grouping of eight bits). Every host on the network has its
own IP address. For example, every website resides on a server. If we want to visit some website, we have to
connect to the particular server which hosts the website that we want to visit. To do that, our computer has to
know the IP address of that server. Instead of using IP addresses, we refer to websites using their names (for
example www.google.com). For humans, names are a lot easier to use then to remember numbers like IP
addresses. Solution for that problem is Domain Name Service, or DNS. We are using DNS to resolve names to IP
addresses, because it's the IP address that computers use to talk to one another. We can easily check that by
pinging some host, for instance www.google.com. As a result, we will get back the IP address from the DNS
server. As we can see, DNS serves have a very simple function. DNS takes user-friendly names, like
www.google.com, and it converts it into a complex IP address, and vice-versa. This way we don't have to
remember IP addresses, and we can navigate the Web simply and easily.
FQDN
DNS name servers perform name resolution by resolving a Fully Qualified Domain Name (FQDN) into an IP
address. A client asks its local name server for the IP address associated with the Fully Qualified Domain Name.
For example, the client asks what is the IP address of www.google.com. The local name server checks its list,
and if it finds the entry for www.google.com, it passes the information back. If the local name server can't find the
entry, it sends a fully qualified domain name to one of the DNS root servers. The DNS root server returns its
referral to the local name server. The referral points to the name servers for the top-level of the DNS domain. The
local name server sends an iterative query to one of the top-level domain name servers (.com in www.google.com
case). The .com domain server responds with a referral to one of the Google name servers. The Google name
server responds with the IP address of www.google.com. Now the client can contact the host which hosts the
www.google.com website.
WINS
Microsoft first developed its own naming system. It was using NetBIOS names for hosts, and Windows Internet
Name Service (WINS) to resolve names to IP addresses. NetBIOS name is a 15 character name that is used for
identifying our computers on the network. All this is a part of Microsoft's networking services, which Microsoft
introduced with NT family of operating systems. It is continued on through the NT 4.0 family. With the Windows
2000 and Windows XP, Microsoft adopted the Domain Naming Service as its primary tool for resolving names to
IP addresses while the rest of the Internet was always been using DNS. The problem that Microsoft had originally
with DNS is that all of its entries had to be statically entered (DNS became a dynamic tool later). In WINS
environment, a client would first get its IP address from DHCP server. Then the client would contact the WINS
server, reporting its IP address. In this way, the WINS server has IP addresses of all clients on the local area
network. So, WINS was the solution that solved this particular problem. With Windows 2000 the DNS service
Utilize Windows XP Networking
77
became more of a dynamic service. It could dynamically register clients and use that information to register the IP
address. At that point Microsoft went back to using the DNS service as its primary name resolution service. Now,
when we use Windows XP, it will automatically register its name with the DNS server. This simplifies the number
of services that we have to run, because we don't need a WINS server for our local area network. We still use
WINS, but only for legacy machines that don't understand that the DNS can now accept dynamic updates from
clients. As we moved into the dynamic DNS, Microsoft had to adjust the names. Instead of being just a NetBIOS
name, now we also add the domain information to the name structure as well. In order to find out who's who on
our network, we can use DNS using a FQDN instead of just a simple NetBIOS name that we used for WINS
service.
Example Configuration
In order to configure Name Resolution Services on XP, we need to go to the connection properties and click the
'Advanced...' button on our TCP/IP configuration window. In advanced properties we can see current IP settings,
DNS, WINS and Options tab.
Image 239.1 - Advanced TCP/IP Properties
Although most computers have a single IP address, and a single default Gateway, notice that on the IP Settings
tab we can configure multiple addresses and gateways. Let's open the DNS tab. Here we can edit DNS settings
for our computer.
Utilize Windows XP Networking
78
Image 239.2 - DNS Tab
The first thing that we would do on the DNS tab is to add additional DNS servers. Of course, the primary DNS
server needs to be placed first on the list. If the first DNS server can't be contacted, our system will try to contact
the next DNS server on the list. Another thing that we can do here is to to append additional suffixes. Let's say
that we need to contact 'host-pc' using DNS. Let's say that 'host-pc' is on 'utilizewindows.com' domain. Let's say
that we want to access the 'host-pc' from the computer that is also on the 'utilizewindows.com' domain. If we type
only the name of the computer - 'host-pc', the DNS server will automatically look into the 'utilizewindows.com' and
try to locate the IP address for 'host-pc'. Now, let's say that we want to contact the 'host2' that is located on
'utilizeothersystem.com'. If we type in only the name 'host2', our DNS server will also try to locate the computer in
'utilizewindows.com'. The DNS server will be unsuccessful in locating the 'host2', because it is located on
'utilizeothersystem.com'. If 'utilizeothersystem.com' is a domain that we frequently use, and is in some relation
with our primary 'utilizewindows.com' domain, we can add 'utilizeothersystem.com' as an appended suffix. In this
case, if we look for 'host2', our DNS server would first check 'utilizewindows.com', and then, in case of failure, it
would check the 'utilizeothersystem.com'.
Let's open the WINS tab. Here we can also add, remove, and control the order of our WINS servers. Once again,
we have to put our primary WINS server at the top of the list. WINS servers are used for performing NetBIOS
name resolution.
Utilize Windows XP Networking
79
Image 239.3 - WINS Tab
Here we can also enable the LMHOSTS, and edit the NetBIOS settings. We have the ability to disable NetBIOS
over TCP/IP, and we would do that if we are in an environment where we are using DNS only.
Troubleshooting
Windows XP supports two different types of name resolution services, DNS and WINS. Remember, when we
mention DNS, we are talking about Fully Qualified Domain Names, ie. DNS is using FQDN to identify particular
computer. An example of this might be 'host1.utilizewindos.com'. On the other hand, WINS uses only NetBIOS
names for name to IP resolution. NetBIOS names are simple names, and can contain only 15 characters. For
example, NetBIOS name could be 'host1'.
When troubleshooting name resolution services, first we have to check that everything is OK with TCP/IP. For
example, if we ping some IP address, and everything goes fine, we know that IP connectivity is OK. If we ping the
name of the computer, and get an error, we know that we have problem with our name service.
Utilize Windows XP Networking
80
Image 239.4 - PING
The next utility that we should run is 'ipconfig /all'. With this tool we can verify that the IP addresses for DNS or
WINS are properly configured.
Image 239.5 - IPCONFIG
The next thing we can do is run the 'nslookup' and see if we get an IP address from our DNS server.
Utilize Windows XP Networking
81
Image 239.6 - NSLOOKUP
If all our settings are configured correctly, we should check the services related to name resolution (like 'DNS
Client'), and make sure that they are up and running. Another thing we can do is to try and re-register with our
DNS server. To do that we have to enter 'ipconfig /registerdns' in command prompt. For NetBIOS names we
can use the 'nbtstat -rr' to see name resolution status, and 'nbtstat -RR' to re-register with the WINS server.
Image 239.7 - REGISTERDNS
We can also use the 'ipconfig /flushdns' command to delete DNS cache, because sometimes we can have
wrong information contained in it. For NetBIOS names we would use 'nbtstat -R' command to do the same thing.
In the end, as a temporary solution we can use HOSTS file to configure DNS names, or LMHOSTS file for
NetBIOS names.
Remember
We can have multiple DNS servers defined. The primary DNS server needs to be placed first on the list. WINS
servers are used for performing NetBIOS name resolution.
Utilize Windows XP Networking
82
Configure Dial-up and Direct Connection in XP Parent Category: XP
Category: Networking
With Dial-up and direct connections we can join other networks. With Dial-up we can also
connect to the Internet trough our Internet Service Provider. Using VPN we can connect
to our workplace securely.
Before you start
Objectives: learn where and how to configure Dial-up and direct connections in XP.
Prerequisites: no prerequisites
Key terms: connection, dial-up, connect, authentication, server, multilink, direct, user, callback, modem, protocol
Dial-up
With Dial-up networks we are actually dialing into a host computer and joining other network. In corporate
environments typically we are dialing into the services of a Remote Access Server (RAS). This allows us to join
and participate as a member, or a node of that particular network. We can also use Dial-up to connect to the
Internet. In this case, we will dial-up and join as a node on the Internet, but this time through our Internet service
provider (ISP).
Types of Modems
There are two types of modems that we will normally use for Dial-up. The first one is our standard modem which
gives us a connection speed of 56K. The second type is ISDN modem. This type of modem has three channels of
operations. We have two channels that are called 'B channels', and the speed on those channels is 64K each.
They can be used independent of each other, and they are associated with separate phone numbers. We can use
one channel for voice communication and other for data transfer. The third channel, called D channel, is a 16K
channel. It is used to control the B channels. We can also consolidate both of those B channels to increase the
bandwidth of our connection.
Authentication
When we dial in, we need to authenticate ourselves. Authentication process requires that we enter our username
and password. In Windows XP, there are a lot of ways to protect authentication information. Windows utilizes
several different protocols, like Extensible Authentication Protocol (EAP), Microsoft version of Challenge
Handshake Authentication Protocol (MS-CHAP, version 1 and 2), Shiva Password Authentication Protocol
(SPAP), and Password Authentication Protocol (PAP). The PAP is unencrypted, so it is not normally used.
Callback
When the user is authenticated, we have other options that we can use. If we are using Windows 2000 or 2003
server, we can use the Callback feature. If we enable this option, the client will make an initial connection, then
the server will disconnect the connection, and then it will immediately call back the client to re-establish the
connection. Callback can work in two modes. We can use a preset number for callback, which is a security
feature. If somebody calls in and authenticates as a particular user, the server will look at that user's account, and
use a preset number for Callback. If somebody is trying to act as an imposter, the connection will be lost to them,
because the server will call the preset number for the original user. The second option that we can use for
callback is set by the user itself. When the user authenticates, the server will ask for a phone number to use for
Callback. This is more an issue of who pays the bill for the telephone charges, not necessarily a security issue.
MultiLink
Utilize Windows XP Networking
83
Another feature that we can use with Dial-up connections is a MultiLink. MultiLink is the ability to connect multiple
connections into one logical connection. The idea behind MultiLink is to increase the overall bandwidth. 56K is
really slow connection, or when talking about ISDN, the 64K is also not really fast. With MultiLink we can use two
56K modems, or use two ISDN channels to create one logical connection, and double the overall capacity. In
order to do that, both the client and the server have to be configured to allow a MultiLink connection. We can not
use Callback with MultiLink.
Example Dial-up Configuration
Let's configure a Dial-up connection to connect to the Internet. We will go to the Control Panel, and open Network
Connections.
Image 240.1 - Network Connections
On the left menu, in Network Tasks section, let's click on the 'Create a new connection' option. The following
wizard appears.
Image 240.2 - New Connection Wizard
We will click 'Next >', and choose the 'Connect to the Internet' option.
Utilize Windows XP Networking
84
Image 240.3 - Connect to the Internet Option
We will click 'Next >', and choose 'Set up my connection manually' option.
Image 240.4 - Set up my connection manually Option
We will click 'Next >', and choose 'Connect using a dial-up modem' option.
Image 240.5 - Dial-up modem Option
We will click 'Next >', and enter a name for our connection.
Image 240.6 - Connection Name
We will click 'Next >', and enter a phone number that our ISP gave us.
Utilize Windows XP Networking
85
Image 240.7 - Phone Number
We will click 'Next >', and enter a username, password, and again password to confirm it. We will leave the
default options checked.
Image 240.8 - Credentials
On the next windows we can click 'Finish' to create our connection.
Multilink and Direct Connections
Using MultiLink, two or more physical modems are used simultaneously to establish a single logical connection.
We can configure a single connection to use MultiLink with the bandwidth allocation protocol to dynamically dial
and drop connections. To create a MultiLink, first we have to install two or more modems. Next, we have to create
a dial-up connection that uses both modems. By default, our connection will use both modems, but we could dial
only the first available device, if we want to. We can dial devices only as needed. For example, we can configure
it to dial a separate line when the traffic on the first line reaches 80% of the bandwidth and lasts for 20 seconds,
and to drop the second line when the traffic falls below 40% and lasts longer then one minute.
We can also communicate with other computers using a Direct Connection. A Direct Connection uses a direct link
between the two devices, such as a cable attached to the serial or parallel port, or communication through
infrared device. We can connect directly to another computer using, for example, a direct parallel link, or we can
configure an incoming connection so other users can connect to our computer.
To connect directly to another computer, go to the Control Panel > Network Connections > and start the New
Connection Wizard. Select the 'Set up an advanced connection' option, and click 'Next'.
Utilize Windows XP Networking
86
Image 240.10 - Advanced Connection
Select 'Connect directly to another computer' option, and click 'Next'.
Image 240.11 - Connect Directly
In this example, our computer will access information on the Host computer, so we will select the 'Guest' option.
On the next window we have to enter the name of the connection.
Image 240.12 - Guest Option
Image 240.13 - Connection Name
In this example we will use a parallel port for communication.
Image 240.14 - Device Selection
Utilize Windows XP Networking
87
Click 'Next', and select 'Finish'. To connect to another computer using a direct connection, we have to provide a
user name and a password.
Image 240.15 - Credentials
On the other hand, if we want to allow others to access data on our computer, we can create an Incoming
Connection. To configure an Incoming Connection, we can simply use our computer as a 'Host'.
Image 240.16 - Host Option
If we configure our computer as a Host, we have to select which users can connect to our computer.
Utilize Windows XP Networking
88
Image 240.17 - Allowed Users
Notice that this way we can use only one device that will accept incoming connections. To add more devices, go
to the New Connection Wizard, select the 'Set up an advanced connection' option. Next, select the 'Accept
incoming connections' option. This way we can select multiple devices that will accept incoming connections.
Image 240.18 - Multiple Devices
We can also enable Virtual Private Network connections (VPN) this way. We will not do that now.
Image 240.19 - VPN Options
Again, we have to select user which will be able to connect to our computer. Next, we need to select the LAN
protocols and services that are used for the connection. We have to verify that the protocols we need are in the
list.
Image 240.20 - Protocols
On the next window we can click 'Finish' to create an Incoming Connection.
Utilize Windows XP Networking
89
More About Remote Authentication Protocols
Password Authentication Protocol (PAP) - authentication is done by comparing a user name and password to a
table with paired user names and passwords on the network. PAP does not support secure passwords.
Challenge Handshake Authentication Protocol (CHAP) - server sends a challenge message to a peer. Based on
the challenge message, the peer calculates a value using a hash, a number generated algorithmically from a
string of text, and returns the value to the server. The server checks the value against its own calculation. If the
values match, the peer is authenticated. Microsoft has two versions of CHAP: MS-CHAP and MS-CHAP v2.
CHAP, MS-CHAP, and MS-CHAP v2 require secure passwords, but only MS-CHAP and MS-CHAP v2 support
data encryption.
Extensible Authentication Protocol (EAP) - EAP supports several authentication methods, including smart cards,
certificates, one-time passwords, and public key authentication. EAP supports secure passwords and data
encryption.
Remember
When configuring Dial-up connection, we have to have a dial-up modem installed. We also have to have valid
user credentials in order to dial in to remote server. Using Dial-up connection we can also connect to the Internet
trough ISP. When using MultiLink, two or more physical modems are used simultaneously to establish a single
logical connection. We can create direct connections which can be used to access other computers or to allow
access to our own computer using, for example, Serial, Parallel or Infrared port.
Paths that are mentioned in this article
Control Panel > Network Connections - location which displays all network connections which are currently
configured
Utilize Windows XP Networking
90
Configure VPN in XP Parent Category: XP
Category: Networking
When we surf the Internet there are ways for others to capture our data, since Internet is
a public network. To get rid of this problem we can create Virtual Private Network (VPN),
which is a tunnel between two computers that can be encrypted so that no one else can
eavesdrop on our communication.
Before you start
Objectives: learn how to create a VPN connection in XP.
Prerequisites: we have to have a VPN server which we will connect to.
Key terms: vpn, connection, connect, protocol, internet, network, communication, dial-up, username
VPN Usage
Let's say that we have a client computer which needs to talk to the server. Before VPN, we could just dial-in direct
to that particular server with dial-up networking protocols.The problem is that a long-distance charges quickly add
up this way. Now when the Internet is widely present, we have the ability to go trough our Internet Service
Providers (ISP) and enable communication between the computers of our interests. We can create a
communication tunnel between two computers, and we can also encrypt it so that nobody else can eavesdrop on
that particular data transmission. That's essentially what a VPN can do for us.
Protocols
The tunnel can be created with one of two protocols. Both of these protocols are based on the PPP (Point to Point
Protocol) that is commonly used by Microsoft. The first protocol is PPTP (Point to Point Tunneling Protocol) and
the second is L2TP (Layer 2 Tunneling Protocol). The PPTP is the most commonly used protocol because it has
built-in encryption. The problem is that it misses some of the more advanced features. Features like header and
data compression comes with L2TP, which enables more efficient usage of that particular protocol. The downside
of the L2TP is that it does not have built-in encryption. In order to get its encryption we have to use an additional
protocol called IP security (IPSec). IPSec uses something known as certificates, which enables us to use 'key
pair'. The 'key pair' is used by the client to communicate with the server, and it has two keys. We have a private
key and a public key. We do the encryption using the public key, and we decrypt using the private key.
The whole idea behind creating a VPN is to ensure a secure communication over a public network.
Example VPN Configuration
VPN connection establishes a secure communication channel through unsecured network. A VPN connection is a
logical connection that uses an existing hardware connection. If we were using, for example, a dial-up connection
to connect to the Internet, first we would have to connect to the Internet with our dial-up connection, and than use
a VPN connection. We will create a VPN connection to securely send data between our home computer and our
work network through the Internet. To create a VPN connection, go to the Control Panel > Network
Connections and then click on 'Create a new connection' to open a 'New Connection Wizard'.
Utilize Windows XP Networking
91
Image 241.1 - New Connection Wizard
Click 'Next', and choose 'Connect to the network at my workplace'.
Image 241.2 - Connect to the Workplace
Click 'Next', and choose 'Virtual Private Network connection'.
Image 241.3 - VPN Connection Option
Utilize Windows XP Networking
92
Click 'Next', and enter a company name. In our example we will enter 'utilizewindows'. This is the name of the
connection.
Image 241.4 - Company Name
Click 'Next'. In our example, we will automatically dial initial connection, which is called 'Internet', to connect to the
Internet before we use a VPN connection.
Image 241.5 - Dial Initial Connection
Click 'Next' and enter a host name or IP address. In our example we will enter 'vpn.utilizewindows.com'.
Image 241.6 - Host Name
Click 'Next', and click 'Finish' to create a VPN connection. To use a VPN connection, we need to have a
username and password which we will use to connect to the VPN server.
Utilize Windows XP Networking
93
Image 241.7 - VPN Credentials
We can edit properties for our VPN connection. To do that, we have to right-click our VPN connection and select
'Properties'. If we are using dial-up, or a broadband connection (which requires username and password), we
should use that connection to connect automatically before the VPN connection. In our case, we have selected to
dial 'Internet' connection automatically before the VPN connection.
Remember
Before we can use VPN to connect to another network, we already have to be connected to the Internet in some
way. To access another network using VPN, there has to be a VPN server configured on that other network.
Utilize Windows XP Networking
94
Configure ICS in XP Parent Category: XP
Category: Networking
The idea behind Internet Connection Sharing (ICS) is that the computer which has got a
connection to the Internet shares it with other computers that are connected to our Local
Area Network (LAN).
Before you start
Objectives: learn how to configure Internet Connection Sharing on local network using XP machine.
Prerequisites: you should have a Switch which will be used to connect all clients on the local network. Also,
some kind of Internet connection is required on the XP computer which will be used to configure ICS.
Key terms: internet, connection, network, server, ip, address, private, tcp, firewall, dhcp, access, protocol, udp
ICS Server
Let's say that we have one computer which has ICS enabled. This will be our ICS server, so this computer needs
to have two connections. The first connection has to be connected to the Internet and the second connection,
typically Network Adapter Card, is going to be connected to the Local Area Network so that it can communicate
with other computers. When configuring ICS we have to share an external connection, so everybody has access
to the Internet. All other computers on the LAN will go to the Internet using the IP address of the external
connection. On the internal side, we have to configure our network card with an IP address of 192.168.0.1. This is
a protocol that's been established for use with ICS. With ICS we also install a mini DHCP, which means that all of
the clients will get their IP address from the ICS server. It also becomes a mini DNS server, so it will do all of the
name resolution for other computers so that they can connect to their resources on the Internet. ICS computer
also becomes a Router. It is going to route between the LAN and the Internet connection. For clients to be able to
use ICS, they have to be DHCP enabled, so they can get an IP address that is going to be compatible with the
192.168.0.0 network. If we have another DHCP server on the network, we should disable it. If we want our clients
to use new DHCP server on ICS machine, we have to go to each client and type ipconfig /renew. This way they
will get a new IP address from the new DHCP server. We can configure our ICS to connect to the Internet on
demand. For example, if an ICS is currently not connected to the Internet, and if a client computer needs to
access some resources on the Internet, it will send a message to ICS saying that it needs to go to the Internet. At
that particular moment, the ICS server will connect to the Internet and establish the connection, so that any of
those clients can have full access to the Internet.
In summary, the ICS system is configured as a NAT router, a limited DHCP server, and a DNS proxy (name
resolution requests from the private network are forwarded to DNS servers on the Internet). The IP address for
the private interface is automatically changed to 192.168.0.1 with a mask of 255.255.255.0. The default gateway
of the ICS system is set to point to the Internet connection. Hosts on the private network should use DHCP for
address and DNS server information. The ICS system uses DHCP to deliver the following information to hosts on
the private network: IP address in the range from 192.168.0.2 to 192.168.0.254, with a Subnet Mask of
255.255.255.0, DNS server address of 192.168.0.1 (the private interface of the ICS system), and the Default
Gateway address of 192.168.0.1. We should not use other DHCP servers, DNS servers, or Active Directory on
our private network when we have ICS enabled. We should enable Internet Connection Firewall on the Internet
connection, not on the private connection. Enabling ICF on a private connection can disable communication with
hosts on the private network. By default, the Firewall allows all outgoing Web traffic and responses but blocks all
incoming traffic. To allow incoming Web traffic, we have to open ports in the firewall based on the services we
want to allow in. If the incoming service is hosted by a computer on the private network, we have to redirect the
incoming port to the private host.
Firewall
Utilize Windows XP Networking
95
Firewall is a device that can filter or forward packets that are coming inbound or outbound from our computer.
Firewall is a device or a piece of software that comes between the Internet and our computer. Firewall will make
decisions on every packet that arrives, and that decisions can be to forward it, or to filter it (drop it). When a
packet from the Internet comes to our computer, the Firewall will make a decision, based on its settings, whether
to allow that packet to come through or to discard the packet. The same thing is true when we send packets out to
the Internet. Every packet coming from the Internet is considered to be an Inbound packet. Packet sent from our
computer to the Internet is considered to be Outbound packet. We can have different sets of rules concerning
inbound and outbound packets. We can configure our Firewall on all connections, but we should always enable it
on a connection that connect us to the Internet. We can configure which ports (services) can be used, and which
can not. This way we can protect our computer by having smaller 'attack surface'. Windows built-in firewall is
designed for home users, or the small office users that needs to be directly connected to the Internet.
Enabling ICS
Internet Connection Sharing lets us share Internet connection with other computers on a home or small office
network. In this example we have two network connections on the computer which we will use as ICS server. One
is a broadband connection to the Internet and the other is a LAN connection to the home network. In our case,
broadband connection is connected to the Internet trough DSL modem, and LAN connection is connected to the
Switch. All other clients are also connected to the Switch.
Image 242.1 - Network Connections
The first step in configuring ICS is to make sure that both connections are configured. Let's examine the
configuration of the Local Area Connection. Let's open its properties, and then open the Internet Protocol
properties. Notice that the IP address on this network adapter is now 192.168.1.70.
Utilize Windows XP Networking
96
Image 242.2 - LAN IP Address
To configure connection sharing, we have to edit the properties of the connection that is used to connect to the
Internet. In this case, we are using broadband connection called 'Internet'. Let's open its properties and go to the
Advanced tab.
Utilize Windows XP Networking
97
Image 242.3 - Internet Connection Properties - Advanced
To enable Internet Connection Sharing we have to check the 'Allow other network users to connect trough
this computer's Internet connection' option.
Image 242.4 - Credentials Warning
Notice the warning. Right now the username and password for this Internet connection were not saved for use by
all users. This means that this connection can only be initiated if we are currently logged on to the computer. We
are going to fix this later. Let's click OK, and take a look at other options that we can configure. Typically we do
want to enable demand dialing. Demand dialing establishes an Internet connection whenever a computer on a
network tries to connect to the Internet. Also, we can allow other users to be able to control the Internet
connection sharing. In this example we will leave the default settings. Let's click OK to save our changes. Take a
look at the warning message.
Utilize Windows XP Networking
98
Image 242.5 - ICS Warning
When we enable Internet Connection Sharing, the IP address on a network adapter will be changed to
192.168.0.1. Click Yes to confirm the change. Next, we need to save the username and password of the Internet
connection for all users. Notice that right now the username and password are only available for us.
Image 242.6 - Credentials
That means that we have to be logged on for anyone else to be able to use this connection. We need to change
this so that anyone who uses this computer is able to use the Internet connection. When we select the 'Anyone
who uses this computer' option, we have to reenter our password and click 'Connect', so that our credentials get
saved. Finally, let's take another look at the Local Area Connection properties and the TCP/IP properties. Notice
that the IP address for this network adapter has been changed to 192.168.0.1.
Utilize Windows XP Networking
99
Image 242.7 - LAN IP After ICS
Remember, all clients in our private network needs to be configured to use DHCP to automatically obtain IP
addresses.
Firewall Settings
By default, when we configure an Internet connection on our workstation, a connection is configured only as a
client connection. Internet Connection Firewall is enabled to prevent hosts on the Internet from contacting hosts
on the private network directly. If our computer or computer on our private network provides services on the
Internet (such as Web or FTP server), we need to allow access to those services. To edit those settings, we have
to open the properties for the Internet connection, and go to the Advanced tab.
Utilize Windows XP Networking
100
Image 242.8 - Advanced Tab
Here, under the 'Windows Firewall' section, we have to click the 'Settings' button. Again, we have to go to the
Advanced tab.
Utilize Windows XP Networking
101
Image 242.9 - Advanced Firewall Tab
Here, under the 'Network Connection Settings', we have to select the connection which we use to connect to the
Internet, and click the 'Settings' button.
Utilize Windows XP Networking
102
Image 242.10 - List of Services
The Services tab identifies the services provided by hosts on the private network. These are the services that can
be contacted by clients from the Internet. For example, we are going to enable FTP server on this computer. Let's
check the 'FTP Server' service. The following window appears:
Image 242.11 - FTP Server
Utilize Windows XP Networking
103
Let's click OK. Now, we are also going to enable Web server access. However, in the example, the Web server is
actually running on a different computer on our private network, so we need to type in its IP address (or name),
and click OK. In this example the machine which will act as a web server is named 'webserver'.
Image 242.12 - Web Server
We can use the 'Add' button to add additional services and ports. Now, let's open the ICMP tab. Here we can
control the system's response to ICMP packets. The default is to not respond to any ICMP messages. For
example, with Internet Connection Firewall (ICF) enabled, our computer will not respond to 'ping' or 'traceroute'.
Let's enable 'Allow incoming echo request', which essentially means people can 'ping' this computer.
Utilize Windows XP Networking
104
Image 242.13 - Allow Ping
Other options allow us to customize which ICMP messages are supported. Click OK to save the changes, and
click OK again to finish.
Common Port Numbers
Domain Name Service (DNS) - 53 (TCP and UDP)
Dynamic Host Control Protocol (DHCP) - UDP port 67 for sending data to the server, and UDP port 68 for data to
the client
File Transfer Protocol (FTP) - TCP port 20 (data) and TCP port 21 (control)
Internet Message Access Protocol (IMAP) - TCP port 143
L2TP VPN - 1701 (UDP) and 1707 (TCP)
PPTP VPN - 1723 (TCP and UDP)
Internet Mail Access Protocol version 3 (IMAP3) - 220 (TCP and UDP)
Internet Mail Access Protocol version 4 (IMAP4 or just IMAP) - TCP port 143
IP Security (ISAKMP) - UDP port 500
Lightweight Directory Access Protocol (LDAP) - 389 (TCP and UDP)
Post Office Protocol (POP3) - TCP port 110
Remote Desktop - 3389 (TCP and UDP)
Secure Web (HTTPS, SSL) - TCP port 443
Send Mail Transfer Protocol (SMTP) - TCP port 25
Telnet - TCP port 23
Web Server (HTTP) - 80 (TCP and UDP)
Remember
Utilize Windows XP Networking
105
In order for ICS to function we have to have two connections on ICS server. One connection will connect us to the
Internet, and another to the LAN. Other computers (clients) on the LAN will access the Internet trough ICS server.
We also have to manage Firewall settings on ICS server. Note that ICS configuration may deffer depending on
the network design and devices used. Default IP address of ICS server is 192.168.0.1 and Subnet Mask is
255.255.255.0. All other devices on local LAN should be DHCP enabled so that they automatically get IP
addresses in the proper subnet from the ICS server.
Utilize Windows XP Networking
106
Remote Assistance in XP Parent Category: XP
Category: Networking
Remote Assistance enables other users to connect to our machine, take remote control,
and help us solve any problems that we may be having.
Before you start
Objectives: learn various methods of sending invitations for remote assistance in XP.
Prerequisites: no prerequisites.
Key terms: invitation, remote, help, assistance, helpdesk, session, e-mail, messenger, invite
Protocol
Remote Assistance Protocol uses the Remote Desktop Protocol as its core protocol for making a connection.
Using Remote Assistance, the help desk can establish a chat session with the user, so they can let the user know
exactly what they are doing. If we encounter a problem and we don't know how to solve it, the first thing we have
to do is send an invitation to the help desk. Help desk is not always connected to our machine, so we have to let
them know that we have a problem. We do that by sending an invitation. We can send an invitation by email, or
we can use the Windows Messenger to contact the help desk. Once the help desk gets the invitation, they will
send back a response to us. The response will come in the format of a dialog box, and in the dialog box it will say
'OK, I'm ready now to help and assist you', and we will click OK. That way we let the help desk know that we're
ready to establish a Remote Assistance session. In the next dialog box we have to input our user password so
that they can login as us. Once that's done, the Remote Assistance session is opened. At this point the help desk
can take remote control of our computer and do any of the troubleshooting that is necessary. Once the session is
connected, the user has the ability to terminate the session at any moment.
If our Remote Assistance session is going over the Internet, we have few things to remember. Of course, we have
to be connected to the Internet the whole time the Remote Assistance session lasts. If we get disconnected from
the Internet during Remote Assistance session, it is possible that we will get a new IP address when we connect
back to the internet. In this case, we have to send a new Invitation to the help desk, because the help desk will
connect to our computer using the IP address that we got from our Internet Service Provider. If our computer goes
to 'Stand by' or 'Hibernate' mode, the session will, of course, end. Also, we have to make sure that the port
3389 is opened in our Firewall. If that port is not enabled, the Firewall will prevent the Remote Assistance
communication.
Configuration
Remote Assistance is enabled by default with Windows XP Professional. To disable or configure Remote
Assistance properties, right-click 'My Computer' and select 'Properties' to open system properties, and then click
the 'Remote' tab. Notice that the Remote Assistance is enabled.
Utilize Windows XP Networking
107
Image 243.1 - Remote Tab
If we want to disable it, we can simply clear that check box and click on the 'Apply' button. Let's click 'Advanced'
button to set additional properties.
Image 243.2 - Advances Settings
Right now the computer is configured to allow remote control. If we don't want to allow remote control of our
computer, we can simply clear that check box and click the OK button. Also, we can set the maximum time
Utilize Windows XP Networking
108
invitation can remain open. This setting sets the time in which we can get an answer from the help desk. There
are several ways to send a Remote Assistance invitation. We can use Windows Messenger for sending invitations
to our friends or coworkers. When we sign in to Windows Messenger, we can right-click on a particular contact
and select 'Ask for Remote Assistance'.
Image 243.3 - Messenger and Remote Assistance
Image 243.4 - Invitation Sent
Utilize Windows XP Networking
109
Windows Messenger comes with Windows XP installation, but we can also use a newer version which is called
'Windows Live Messenger'. In Live Messenger, all we have to do is to start a conversation with our contact, go to
the 'Activities', and then select 'Request Remote Assistance'.
Image 243.5 - Live Messenger
Let's cancel this request and minimize Windows Messenger. We can also use the 'Help and Support' center to
send invitations using several different methods. Go to the Start Menu and select 'Help and Support'. Under 'Ask
for assistance' section we can invite a friend to connect to our computer with Remote Assistance.
Utilize Windows XP Networking
110
Image 243.6 - Help and Support
Let's select that and invite someone to help us.
Image 243.7 - Remote Assistance
Let's click on 'Invite someone to help you'.
Utilize Windows XP Networking
111
Image 243.8 - Choosing a Method
Notice that we can use Windows messenger to send the invitation to our friends in the contact list. We can click
on a person from a list, and click on 'Invite this person'.
Image 243.9 - Sending Invitation to Contact From Messenger
Let's cancel this. Notice that we can also use e-mail to send the invitation. Let's type an e-mail address
Image 243.10 - Invitation Trough E-mail Address
Click 'Invite this person'. On the next screen we can enter a message to explain our problem.
Utilize Windows XP Networking
112
Image 243.11 - Invitation With Message
Click 'Continue >'. On the next screen we can set the invitation time to expire. In our example we will leave the
default setting. We can also require the recipient to use a password to connect to our computer. It is strongly
recommended to use this feature. Of course, we do need to contact the person that will help us and tell what the
password is.
Image 243.12 - Invitation Settings
Utilize Windows XP Networking
113
Let's click on 'Send Invitation'. Our default e-mail application will open up and ask us to confirm that we want to
send the invitation. We will click 'Send'.
Image 243.13 - Sending Invitation Using Mail
Let's go back to 'Help and Support' and let's choose 'Invite someone to help you' again. Now, notice that we have
a third option when working with invitations. We can save our invitation as a file. Let's click 'Save invitation as a
file (Advanced)'. We can set the name and the time for an invitation to expire.
Image 243.14 - Save Invitation
Let's click 'Continue >'. On this screen we can set a password for the recipient to use. Of course, we do need to
contact the person that will help us, and tell that person what the password is.
Utilize Windows XP Networking
114
Image 243.15 - Setting Password
Let's click 'Save Invitation'. A new window will open. We can choose where to save our invitation. In this case we
will save it to 'My Documents' folder.
Image 243.16 - Saving to My Documents
Our invitation has been successfully saved.
Utilize Windows XP Networking
115
Image 243.17 - Result
Now, all we have to do is open our default e-mail application and send the invitation as an attachment.
We can also review the status of our invitations. To do that let's open 'Help and Support' again, and select 'Ask a
friend to help'. Here, let's click on 'View invitation status'.
Image 243.18 - Invitation Status
Here we can see the status and details of our invitations. We can also delete or manually set the status of an
invitation to 'expired'. To do that, first we have to select an invitation, and then click on any of the buttons bellow. If
our invitation expired, we can resend an invitation to make it active again.
Utilize Windows XP Networking
116
Image 243.18 - Invitation Details
Remember
Remote Assistance is enabled by default with Windows XP Professional. We can send an invitation by e-mail, or
we can use the Windows Messenger to contact the help desk. Port 3389 has to be enabled on our Firewall.
Utilize Windows XP Networking
117
Remote Desktop in XP Parent Category: XP
Category: Networking
Remote Desktop allows us to connect to and manage remote computers. It is used for
remote administration or to run remote applications.
Before you start
Objectives: learn how to configure XP machine to accept Remote Desktop connections, how to initiate a Remote
Desktop connection, and how to configure Firewall settings to enable Remote Desktop.
Prerequisites: no prerequisites.
Key terms: remote, desktop, connection, user, connect, firewall, xp, internet, local, network
About Remote Desktop
Remote Desktop was introduced with Windows XP, however clients for the Remote Desktop can range down to
Windows 95. All we have to do is install Terminal Services Client on older Windows operating systems. We can
also run applications trough Remote Desktop from older Windows versions. For example, we can run applications
that were designed for Windows XP, remotely on a Windows 95 machine. Remote Desktop uses protocol that is
known as Remote Desktop Protocol (RDP). RDP was originally implemented with Microsoft Windows
Terminal Services. RDP allows us to send screenshots from one computer to another (from the host to the
client). Of course, video compression is used, so that we don't send the entire screen every time. Besides video,
RDP has a very narrow bandwidth requirement. All it sends to the host is keystrokes and mouse inputs. Windows
XP automatically installs the Remote Desktop capability, but before we can use it we have to enable it. If we are
going to use the client on operating system older then Windows XP, we have to install the Terminal Services
Client so that we can make the connection to the Windows XP host. To use Remote Desktop, we have to create
user accounts that are going to be enabled for Remote Desktop. The user has to use a password (can not have
blank password). Not every user can make a Remote Desktop connection. We have to authorize particular user
or groups of users to use Remote Desktop. Remote Desktop works great on Local Area Network. However, we
can also install and configure RDP to run over Internet as well. To enable web access, we have to install Remote
Desktop Web Connection. In order for the web connection to work, we have to install the Internet Information
Services (IIS). Once IIS is installed, we can enable our clients to connect using Internet Explorer. When
connecting over Web, the client will use HTTP protocol. Of course, it will connect to the computer that is hosting
Remote Desktop Protocol (using the right port), and it will use the web service that will enable us to connect to the
host. This service is called 'tsweb'. The full address in our Internet Explorer will look like this:
http://hostname/tsweb. This will allow us to connect Remote Desktop client to the Remote Desktop Host.
Configuration
Let's configure our Windows XP system to accept Remote Desktop connections. This will allow us to connect to
our computer remotely. Let's go to the Start Menu, right-click 'My Computer', and select 'Properties'. This will open
system properties. Now, go to the 'Remote' tab.
Utilize Windows XP Networking
118
Image 244.1 - Remote Tab
Let's check 'Allow users to connect remotely to this computer' and click 'Apply'.
Utilize Windows XP Networking
119
Image 244.2 - Remote Desktop Enabled
Remember, if we are using Remote Desktop, all our users should have password enabled accounts. Let's click
the 'Select Remote Users...' button.
Image 244.3 - Remote Desktop Users
Utilize Windows XP Networking
120
This is a list of users who are allowed to make a remote connection to our computer. Notice that members of the
administrators group can connect even if they're not listed. To add a user, we have to click on the 'Add...' button.
Image 244.4 - Select Users
We can enter a user name, click 'Check Names', and then click OK button. In this example, we have entered 'Kim
Verson'.
Image 244.5 - User Kim Verson
We can also select 'Advanced...', and then click 'Find Now' to generate the list of users on our computer.
Utilize Windows XP Networking
121
Image 244.6 - List of Users
In this example we will select anderson. Let's click OK. These users can now connect to our computer using
Remote Desktop.
Utilize Windows XP Networking
122
Image 244.7 - Remote Users
When we select remote users here, we are actually making them members of the Remote Desktop Users group.
Image 244.8 - Remote Desktop Users Group
Configuring Firewall
Utilize Windows XP Networking
123
Another thing that we have to keep in mind are Firewall settings. When we enable Remote Desktop on our
machine, Windows will automatically open necessary ports in Windows Firewall. To check our settings, we will go
to the Control Panel, Network Connections, right-click Local Area Connection, select its Properties, and go to the
'Advanced' tab.
Image 244.9 - Advanced Local Area Connection Properties
Here, click on the 'Settings' button, and go to the 'Exceptions' tab.
Utilize Windows XP Networking
124
Image 244.10 - Remote Desktop Exception
As we can see, Remote Desktop is enabled, and it will go trough our Firewall. Let's select Remote Desktop, and
click on the 'Edit...' button.
Image 244.11 - Edit Service
Utilize Windows XP Networking
125
Here we can change the scope of our settings. Let's click on the 'Change Scope...' button.
Image 244.12 - Change Scope
As we can see, Remote Desktop is enabled for any computer, including those on the Internet. We can change
that to our network only, or only to particular computers (IP addresses). Let's click OK, and then OK again. These
settings are applied on all connections on our computer. If we want to edit settings for individual connections, we
can click on 'Advanced' tab, select a connection that we want to edit (Internet in this example), and click on the
'Settings...' button.
Utilize Windows XP Networking
126
Image 244.13 - Firewall Individual Connection
In our example, we can see that Remote Desktop is not enabled on the 'Internet' connection. However, Remote
Desktop will still work. It will work because we have put and exception in our Windows Firewall. If we want to
enable ports only for individual connections, we should remove an exception from Windows Firewall. Then we
should edit Firewall settings for individual connection. This option is Important when we are sharing an Internet
Connection on our computer. When we are using Internet Connection Sharing (ICS), our computer is acting as a
Firewall for the whole network. Because of that we have to add an exception in Firewall for Internet connection.
The default port for Remote Desktop is 3389.
Creating a Connection
Now we are ready to establish a Remote Desktop Connection. In this example we will connect to another
computer on our Local Area Network. Let's go to the Start Menu > All Programs > Accessories > Remote
Desktop Connection.
Image 244.14 - Remote Desktop Connection
To make a connection simply enter the computer name or IP address, and then click Connect. However, we can
optimize connection properties before we create the connection. To do that, let's click on 'Options >>'.
Utilize Windows XP Networking
127
Image 244.15 - More Options
On the 'General' tab, we should enter a name of the remote computer. In our example the computer name will be
'verson'. Username is Kim Verson. We will also check 'Allow me to save credentials'.
Utilize Windows XP Networking
128
Image 244.16 - General Tab
Let's go to the Display tab. Here we can choose the size of our remote desktop. We can also set the color quality.
This way we can minimize the amount of data sent over that connection. Because we will use this connection on
LAN, we will leave the default settings.
Utilize Windows XP Networking
129
Image 244.17 - Display Tab
Let's go to the 'Local Resources' tab. If we are on a slower connection we can disable sounds. Here, we can also
configure the remote system to access resources on our local system. For example, right now, if we want to print
something when working on remote computer, it will actually print on the local computer instead of the remote
computer. We will leave the default settings.
Utilize Windows XP Networking
130
Image 244.18 - Local Resources
Let's go to the 'Programs' tab. The Programs tab allows us to launch programs.
Utilize Windows XP Networking
131
Image 244.19 - Programs Tab
Let's go to the 'Experience' tab. Here we can optimize data for various connection speeds. Notice that right now
the connection will be optimized for Dial-up speed.
Utilize Windows XP Networking
132
Image 244.20 - Experience Tab
From the drop-down menu we will select 'LAN', because our remote computer is on local network. We are ready
now to connect to the remote computer. Before we do that, we can save this connection by going to the 'General'
tab, and clicking on a 'Save as' button.
If our remote computer is, for example, at our office (on different network), we can connect to it over Internet using
Virtual Private Network. First we have to connect to the Internet. Then we have to initialize a VPN connection to
our work network. Then, we can create a Remote Desktop Connection to the remote computer. We can also use
Terminal Services Gateway (TS Gateway) to connect to remote computer without having to initialize a VPN
connection.
Remember
Windows XP automatically installs the Remote Desktop capability, but before we can use it we have to enable it.
All our users should have password enabled accounts on the machine which has Remote Desktop enabled. Also,
we have to add specific users to the Remote Desktop Users group, which will then be able to connect to our
machine remotely. Windows Firewall has to be configured to allow port 3389. When connecting to another
computer, we can optimize connection settings such as display, color quality, sounds, etc.
Paths that are mentioned in this article
Start Menu > All Programs > Accessories > Remote Desktop Connection - connect to another computer
using Remote Desktop
Utilize Windows XP Files and Folders
133
Files and Folders
File Compression in XP Parent Category: XP
Category: Files and Folders
File compression enables us to save hard drive space on our computer. Windows XP
supports ZIP function as well, so we should know the difference between the File
Compression in XP and ZIP function.
Before you start
Objectives: learn how to manage File Compression in XP.
Prerequisites: no prerequisites.
Key terms: folder, compression, attribute, ntfs, file, partition
ZIP vs File Compression
ZIP allows us to create compressed set of files. We can take a bunch of files and compress them into single
entity. With File Compression we can compress a file or a folder in Windows directly. When we work with
compressed files or folders, Windows will automatically decompress them. When we are finished, Windows will
automatically compress them back.
Compressed Attribute
Every file and folder on NTFS partition has a 'Compressed' attribute. This attribute can be 'true' or 'false'. Because
of that attribute Windows knows which files should be compressed to save disk space. To set this attribute, we
can right-click any file or folder, select 'Properties', and select 'Advanced' on the 'General' tab. Here we can check
'Compress contents to save disk space' option.
Image 245.1 - Advanced Attributes
If we set a 'compression' attribute to a folder, we have an option to compress all the sub folders and all of the files
inside of that particular folder. If we add a new file to that folder, it will also be compressed since it will inherit the
Utilize Windows XP Files and Folders
134
compression attribute of that particular folder. If we decide to move that file to another folder on the same
partition, the compression attribute will remain set. If we decide to copy that file to another location, the new copy
will inherit the compression attribute from the new folder. If we move or copy that file to a different partition, it will
always inherit the attributes of the new target folder. In this case, when we move a file, Windows will first create a
copy, and once the copy has been verified, Windows will delete the original. Because of that, Windows will see
that file as a new file, so it will use the attributes from the new folder to set compression status.
NTFS File System
We can use compression on NTFS file system. If we move a compressed file to the non-NTFS partition, the file
will be uncompressed. We can not use compression and encryption together. We cannot save or copy a
compressed folder or file to a disk containing less free space than the real size of the folder or file when they are
uncompressed. NTFS compression on volumes with cluster sizes larger than 4 KB is not supported. If we copy or
move a zipped folder, it always remains zipped (regardless of the destination file system).
CMD Tools
We can use a 'Compact.exe' for compression, which is a Command Prompt tool. We can use the following
switches with 'compact': /C to compress the specified files (folders are marked as compressed), /S to compress
all sub folders of the specified folder, /U to uncompress the specified files (folders are marked as uncompressed).
The following example command will compress all files in the 'Great citations' folder (including subfolders).
compact /C C:\Documents and Settings\Administrator\My Documents\Great citations\*.* /S
Example Configuration
To compress a file or folder, we have to navigate to the file or folder that we want to compress. In our example,
we will navigate to the 'My Documents' folder, and then select 'Great citations' folder.
Image 245.2 - Great citations Folder
Let's right-click that folder, select 'Properties, click on the 'Advanced' button, and then select 'Compress content to
save disk space'.
Utilize Windows XP Files and Folders
135
Image 245.3 - General Tab
Image 245.4 - Commpress Attribute Checked
Click OK. The system will ask us do we want to apply changes to this folder only, or to the folder and all of its
subfolders.
Utilize Windows XP Files and Folders
136
Image 245.5 - Confirm Attribute Changes
We will apply this changes to this folder, subfolders and files. Let's click OK. We can also see our compressed
files in blue color if we want. To do that, go to the Tools menu, select 'Folder Options', go to the 'View' tab, and
scroll down. Check the 'Show encrypted or compressed NTFS files in color', and click 'OK'.
Image 245.6 - Tools Menu
Utilize Windows XP Files and Folders
137
Image 245.7 - View Tab
Let's uncompress a file. To do that, let's open the 'Great citations' folder, right click on the 'Seneca - On
Providence' file, select 'Properties, and click on the 'Advanced' button. To uncompress a file we need to clear the
check box for 'Compress contents to save disk space', and click OK. Notice the color change.
Image 245.8 - Uncompressed File
We would do the same thing for our compressed folders.
Remember
ZIP compression and NTFS File Compression are two different things. Every file and folder on NTFS file system
has a Compression attribute which we use to set compression on or off. In XP we set compression attribute by
checking the 'Compress contents to save disk space' option.
Utilize Windows XP Files and Folders
138
Encryption in XP Parent Category: XP
Category: Files and Folders
Encryption helps us to protect data on our computer. For Windows, Microsoft came up
with the Encrypting File System to protect the data on our hard drives.
Before you start
Objectives: learn how to manage encryption of files in XP system.
Prerequisites: no prerequisites
Key terms: enyrypted, file, folder, key, ntfs, recovery, agent, attribute, certificate, fek, user, access
Encrypting File System
Encrypting File System (EFS) uses certificates to manage access to files. These can be trusted third-party
certificates, or they can be self signed certificates. Encryption is represented as an attribute of a file or a folder,
just like a 'compression' attribute. We can either encrypt or compress a file. We can not use both of those
attributes together (we can not encrypt a compressed file or folder). When we set the 'Encrypt' attribute on a
single file, the file will be encrypted. To do that we have to go to the advanced properties of a file. When we
encrypt a folder, we can also choose to encrypt all the files and sub folders that are in that particular folder. We
can also use command prompt to encrypt files. To do that we can use the 'cypher' command. When talking about
encryption, one of the concerns is what will happen if we move an encrypted file. To be able to use the
encryption, we have to have NTFS formatted partition. If we move our encrypted file somewhere else on the same
partition, it will remain encrypted. If we move our encrypted file to another partition that is also NTFS formatted, it
will still remain encrypted. If we move our file to the FAT32 partition, our file will be decrypted. Only the original
user can move encrypted file to the FAT or FAT32 partition, because it first needs to be decrypted. This will
happen if we move our file to the Floppy disk or a USB stick. If we copy an unencrypted file to an encrypted
folder, the file is encrypted. If we move an unencrypted file into an encrypted folder, the file remains unencrypted.
Recovery
By default, only original user can read encrypted files. There's also the recovery agent. The recovery agent is the
default Administrator for the local computer. In Windows XP, user has the ability of designating additional users
that can read and access files that have been encrypted. In a domain, the domain Administrator account is the
default recovery agent. We must have Write permission to a folder or file to encrypt it. We cannot encrypt System
or Read-only files. To recover encrypted files, the files and recovery key need to be on the same computer.
Without the private key or recovery key, we cannot copy or move an encrypted file. We can however, back up the
files and restore them to the computer where a recovery key is located. We can also export the recovery key and
import it onto the computer storing the files we want to recover. Normally, encrypted files are meant to be stored
and read on the local computer only. We can only encrypt files stored on remote computers if the computer is
trusted for delegation in Active Directory. When moving files encrypted on our local system to another computer
(for use on that computer), we have to make sure that our certificate and private key are available on the other
computer. Otherwise, we might be unable to open those files. When moving encrypted files to another computer
over the network, files are not encrypted while they are in transit. Files might be intercepted as they are
transferred. We should use IPSec to secure network communications in this case. When we do a backup of our
encrypted files, the encryption will be preserved, and we will be able to restore it to an NTFS partition.
Encryption Process
EFS encrypts file content with a randomly generated secret key called the File Encryption Key or FEK. This key
is specific to each file. The FEK is then encrypted by the user's public key and stored with the file as an attribute
called the Data Decryption Field or DDF. The recovery agent's public key also encrypts the FEK, so that the
Utilize Windows XP Files and Folders
139
recovery agent can open the file if necessary. The Recovery Agent version of the FEK is stored in the file as an
attribute called the Data Recovery Field or DRF. When the file is accessed by the user who encrypted it,
Windows uses that user's private key to decrypt the FEK found in the DDF. It then uses the FEK to decipher the
file's contents. When the recovery agent access the encrypted file, Windows uses the recovery agent private key
to decrypt the file encryption key found in the DRF. It then uses the FEK to decrypt the file. This process keeps
the user's private key safe because no one else has access to it, not even the recovery agent. When someone
without the appropriate private key tries to open and encrypted file, they will be denied access because they are
unable to decrypt the FEK.
Encrypting a File or Folder
Encryption protects the contents of the file saved on an NTFS partition. Let's encrypt a folder. To do that we have
to right click a particular folder, go to it's properties, and then click on the 'Advanced' button in the 'General' tab. In
our case we will encrypt the 'Confidential' folder on our E partition.
Image 246.1 - Advanced Attributes
Here we can select to 'Encrypt contents to secure data' option. Click OK to confirm, and then click OK again.
Now we are given a choice to apply changes to this folder only, or we can encrypt this folder, all subfolders, and
all files in the subfolders. In our example we will select the default option and click OK.
Utilize Windows XP Files and Folders
140
Image 246.2 - Confirmation
We can configure Windows to show encrypted files and compressed files in a different color. To do that go to the
Tools menu, select 'Folder Options', go to the 'View' tab, scroll down, select 'Show encrypted or compressed
NTFS files in color' and click OK. Notice that our encrypted files are now shown in different color.
Image 246.3 - Encrypted Folder
Normally, encrypted files can only be opened by the user who encrypted the files, or by the designated recovery
agent. In Windows XP we have the ability to identify additional users who can open the encrypted file. To allow
additional users to open an encrypted file, open the properties of the file, click 'Advanced', and then click 'Details'.
In our example, we will select the 'Reckoning.doc' file which is located in the 'Confidential' folder.
Image 246.4 - Details
The box at the top shows the list of users who can access the file. Notice that only the Administrator has the
access to the file. Data Recovery Agents are not defined in our case. To add additional users, we will click the
Utilize Windows XP Files and Folders
141
'Add' button, and select them from the list. This list only shows users with valid certificates. If the user is not listed,
that means the user simply doesn't have a valid certificate. Let's add Kim Verson.
Image 246.5 - Adding Kim Verson
Image 246.6 - Final List
Click OK, and click OK again to finish.
Remember
Utilize Windows XP Files and Folders
142
In XP we can encrypt files and folders by checking the 'Encrypt contents to secure data' option, in file/folder
properties. We can configure Windows to show encrypted files and compressed files in a different color. Normally,
encrypted files can only be opened by the user who encrypted the files, or by the designated recovery agent. We
can also identify additional users who can open the encrypted file.
Utilize Windows XP Files and Folders
143
Disk Quotas in XP Parent Category: XP
Category: Files and Folders
Disk Quotas enables us to limit a user size of files that they can place on a particular
partition. With Disk Quotas we can make it appear to that user that they have only a
limited amount of space on particular hard drive and we can select to disallow them to
exceed those particular quotas. Every file and folder that users create, copy, save, or
take ownership of on a volume or partition, counts toward their disk quota.
Before you start
Objectives: learn how to manage Disk Quotas in XP.
Prerequisites: no prerequisites.
Key terms: user, limit, file, space, partition, entry, set, drive, ownership, enable
Considerations
The first requirement for setting up Disk Quotas is that we have to be using an NTFS partition. We set the quotas
on the partition, not on the individual folders or files. Each NTFS volume or partition on a hard disk has its own set
of Disk Quotas, even if they are on the same Hard Disk. The quotas are based on the file ownership. As user
starts creating new files, that counts towards their disk quotas. If we are just using somebody else's files, that
doesn't have an impact as far as file ownership is concerned. Disk Quota can be set to 'Disabled', 'Tracked', or to
'Enforced'. When we enable quotas, we have to set the limits on space usage on particular partition or Hard
Drive. This only applies to new users. If the user already has files on that partition, the Disk Quota doesn't apply to
that user. We also have the ability of setting up warning limits. This will let our users know that they are
approaching their limits. When working with quotas, we have an option to enforce the disk quotas. By failing to set
up enforcement, the users will be allowed to exceed the limits that we have set up previously. So, to really limit
disk usage, we need to set up enforcement.
Remember, the quotas will not apply to existing users. To limit disk usage for existing users, we have to edit their
quota entries. When we go to quota entries, we will see that there's already a default generic quota entry for all
new users. Here we can add additional users or groups of users, and then apply specific quotas to those
users. This applies to all users except the 'Administrators' group. The quota is never applied to the administrators.
System and application files count toward Disk Quotas, so the user account which installs software needs a
higher limit. If a user exceeds the quota limit, we can delete files owned by the user, change ownership of files
(quota limits are enforced based on owned files), move files to other volumes (quota limits are enforced on a
volume or partition basis), or increase the quota limit. We cannot reduce the amount of space used by files by
compressing them. Quotas count the uncompressed size of a file toward the quota limit.
If we need to remove the quotas, we will have to take the ownership away from those particular users, and then
reset their limits. We cannot delete a user's account quota until we remove or take ownership of all users files on
the volume. We can also use the Fsutil.exe command line tool to manage quotas from the command prompt.
Configuring Quotas
We can use Disk Quotas on NTFS partitions to keep track or restrict the amount of disk space used by specific
users. We can enable quotas by editing the properties of an NTFS drive. Let's right-click E drive, open its
properties, and go to the 'Quota' tab.
Utilize Windows XP Files and Folders
144
Image 247.1 - Quota Tab
To enable quotas, select 'Enable quota management', and then click 'Apply'. The warning message will appear.
Image 247.2 - Warning
We will click OK to enable quota management. When we enable quotas, the system scans the drive and creates
the quota entry for all users who currently own files on that partition. Let's click 'Quota Entries' to take a look at the
entries that have just been created.
Utilize Windows XP Files and Folders
145
Image 247.3 - Quota Entries
Notice that we have entries for administrators group, Administrator, Ally Anderson, and Kim Verson. At this point,
quotas are doing nothing more than reporting the used disk space on the drive. Let's close the 'Quota Entries'
window, and let's select the default quota limit for new users on this volume. To do that, check the 'Limit disk
space to' option.
Image 247.4 - Limit Disk Space To
In this case we will accept the default limit of 1K with the default warning level of 1K, and then click 'Apply'. Keep
in mind that this limit only applies to users who currently have no files on the drive. The limit value for the existing
users have not changed. Let's take a look a the 'Quota Entries'.
Utilize Windows XP Files and Folders
146
Image 247.5 - Quota Entries 2
Notice that Ally Anderson and Kim Verson still have no quota limit. Let's close that window. Currently we are
logged on with an Administrator account. Let's log on with another account to see how will our quotas behave.
Let's log on as 'wdelmonte', which is a new user who has never loged on to our computer before.
Image 247.6 - wdelmonte Log On
Let's try to copy a file to the E partition. Let's create a new folder named 'wdelmonte'. We will copy an mp3 file to
that folder.
Image 247.7 - File Copied
Notice that our mp3 file is much larger than the 1 KB (which is our quota limit). We could go over our limit
because we did not enforce disk quotas. Let's take a look at our Quota Entries again.
Utilize Windows XP Files and Folders
147
Image 247.8 - Exceeded Limit
Notice that Willie has exceeded his quota limit. To deny disk space usage for those who exceed quota limit, we
have to check 'Deny disk space to users exceeding quota limit' option. This way we will enforce Disk Quotas.
Image 247.9 - Deny Disk Space Option Checked
We can also edit individual quota entry for users. To do that, open 'Quota Entries', right-click on a user, and select
'Properties'. Let's limit disk space for Willie Delmonte to 100 MB, and set warning level to 90 MB. Click 'Apply' to
confirm.
Utilize Windows XP Files and Folders
148
Image 247.10 - Modified Quota Entry
If the quota is not needed for particular users, we can delete Quota Entry for that particular users. In our case we
will delete Ally Anderson quota entry. Let's right-click Ally Anderson, select 'Delete', and click 'Yes' to confirm. The
following window will appear.
Utilize Windows XP Files and Folders
149
Image 247.11 - Files That Ally Owns
The thing is, we have to do something with the files that Ally currently owns. We can delete, take ownership of
those files, or move them somewhere else. In our case, we will select all files, and click the 'Delete' button.
Utilize Windows XP Files and Folders
150
Image 247.12 - Delete Files
Notice that the quota entry for Ally Anderson is now gone.
Image 247.13 - Quota Entry for Ally is Removed
Remember
We can use Disk Quotas on NTFS partitions. We can enable quotas by editing the properties of an NTFS drive.
Utilize Windows XP Files and Folders
151
Configure NTFS Permissions in XP Parent Category: XP
Category: Files and Folders
NTFS permissions allows us to control access to folders and files for both local and
network users. There are several broad categories of NTFS permissions.
Before you start
Objectives: learn how to configure NTFS permissions for files and folders in XP
Prerequisites: no prerequisites
Key terms: permission, group, folder, user, modify, file, ntfs, acl, control, check, read
Permission Categories
The first category is 'Full control', which allows users to do whatever they need to do to a file or a folder. It allows
them to add or delete content, take ownership or to change the permissions for other users. The second
permission is called 'Modify'. It allows us to add or delete content and execute files. It does not allow us to take
ownership or to modify the permissions. The next permission is 'Read and execute'. It allows us to read the
content of the file, and if it is an executable, it allows us to execute the content of the file. The next permission is
'List content', which is applied to folders. It allows us to see the content of the folders, but it does not allow us to
open or modify the content of those folders. The next permission is 'Read'. It allows us to read the content. The
next permission is 'Write'. It allows us to modify the content.
To modify the permissions of the file or folder, we need to go to its properties, and then the 'Security' tab. Here we
can see the 'Access Control List' (ACL). ACL shows us what our users can or can not do on particular file or
folder. In ACL there are two columns of permissions. One column is the 'Allow' column, and the other is the
'Deny' column. The 'Allow' column shows us what is allowed for a particular user. The 'Deny' column allows us to
deny access for particular user. This column becomes important when we have the same users assigned to
different groups, and we want to deny some actions for that users on particular file or folder. The 'Deny' setting
always takes precedence and overrides the 'Allow' setting. If users or groups of users are not listed in ACL, they
don't have access to that particular file or folder.
Default Permissions
To edit NTFS permissions, we have to open the properties for the drive, folder or file, and then use the 'Security'
tab. In our example, we will go to the E drive, and then open the properties of the 'Paulaner' folder.
Utilize Windows XP Files and Folders
152
Image 248.1 - Paulaner Properties
In our case we can see the 'Security' tab. If you don't see a 'Security' tab, check that your drive is formatted with
NTFS file system, and check that you don't have 'Simple sharing' enabled. To disable 'Simple sharing' and enable
'Advanced sharing', go to the 'Tools' menu, 'Folder options', and then the 'View' tab. Scroll down and clear 'Use
simple file sharing' and click OK. Let's now open the 'Security' tab, and take a look at NTFS permissions.
Utilize Windows XP Files and Folders
153
Image 248.2 - Security Tab
The top box shows the users or groups with existing permissions for the folder. When we select a user, the
bottom box shows the permissions of that user or group. Let's select the 'Administrators' group.
Utilize Windows XP Files and Folders
154
Image 248.3 - Administrators Group
Notice that the 'Allow' permissions are grayed out, and we can't modify them. We could use the 'Deny' option to
modify permissions, but that is not recommended in this case. In addition, we can't remove a user or a group from
the list. Let's check that out by trying to remove the 'Users' group.
Image 248.4 - Removing a Users Group
We get a warning message that we can't remove users because this object is inheriting permissions from parent.
In this case the parent is the E drive. The 'Paulaner' folder is inheriting its NTFS permissions from the E drive.
Let's click OK. To see more information about NTFS permissions, let's click on the 'Advanced' button.
Utilize Windows XP Files and Folders
155
Image 248.5 - Advanced Security
On the 'Permissions' tab, we can see the list of permission entries. Each entry shows whether the permission is
denied or allowed, the user or group, the actual permission, where the permission is inheriting from, and what it's
applied to. In our case, the parent object is the E drive. Administrators have full control because they need to
manage the drive and its contents. The 'Creator Owner' group also has full control so that users can manage their
own files (they need to manage the files that they create). The 'System' group also has full control so that the
operating system can access files as necessary. The 'Users' group has 'Read and Execute' permission. Users
with 'Special' permission have advanced permissions that don't show up on a regular list. By default all files and
folders are configured to inherit permissions from the parent object. If we want to change the inherited
permissions we need to clear the 'Inherit from parent the permission entries that apply to child objects'
option. When we do that, we are given a choice.
Image 248.6 - Editing Inheritance
Utilize Windows XP Files and Folders
156
We can either copy the existing permissions or we can completely remove them. If we want to make minor
changes to the inherited permissions, 'Copy' is the best solution. 'Copy' copies the existing permissions, but it
removes inheritance. After the copy is finished, we can change the existing permissions. If the existing
permissions are completely wrong, we could just remove them and build our own permissions from scratch. In our
case, we want to make some minor changes, so we will select the 'Copy' option, and click OK.
Image 248.7 - Users Group Selected
Notice that we have the same permissions list as we had before. But this time we can edit the permissions. Now
we can delete the 'Users' group from the list.
Example Configuration
Remember, if we want to edit permissions for particular file or folder, we have to clear the 'Inherit from parent the
permission entries that apply to child objects' in 'Advanced Security Settings'. Otherwise the permissions will be
inherited from the parent. When we add new user or group to the ACL, we can assign the permissions for that
user or group of users as we desire. For example, if we check the 'Modify' permission, the system will
automatically check 'Read & Execute', 'List Folder Options', 'Read', and 'Write' permission. If we check 'Read &
Execute' the system will automatically check 'List Folder Options', and 'Read' permission. On every permission we
have an 'Allow' column and a 'Deny' column. We use the 'Deny' column to explicitly deny access to a particular
user. Our users can belong to more than one group, so this option comes in handy in that case. Let's say that we
have one user that belongs to several groups. Let's say that this user is a member of 'Accounting' group, and also
member of the 'Development' group. Let's say that the 'Accounting' group has the 'Read & Execute' permission,
and Development' group has the 'Write' permission on particular folder. In this case we will add the privileges up.
Utilize Windows XP Files and Folders
157
The effective permissions for this user will consist of the 'Read & Execute' from one group, and 'Write' from
another group.
Now, let's say that the 'Accounting' has the 'Modify' permission, and the 'Development' has the denied 'Write'
permission. The 'Modify' will give users the ability to read and execute files, but the denied 'Write' permission from
'Development' will deny writing from the 'Modify' permission set for the 'Accounting' group. If the user belongs to
both groups, the effective permission is 'Read & Execute' in this case.
We can see the effective permissions if we go to the 'Advanced', and then to the 'Effective Permissions' tab. We
have to select the user or a group. The effective permissions will appear for that user or a group of users. Let's
see an example. We have a folder named 'Databases' on our E drive. We want members of the 'Accounting' local
group to be able to add and remove files in the folder. To work with NTFS permissions we have to be sure that
the 'Use simple file sharing' setting is unchecked. Go to 'Tools', 'Folder Options', 'View' tab, and scroll down. Then
clear 'Use simple file sharing' and click OK.
Image 248.8 - Simple File Sharing
Now, we'll modify the Access Control List for the 'Databases' folder. In other words, we are going to modify the
NTFS permissions. Open the properties of the 'Databases' folder, and go to the 'Security' tab.
Utilize Windows XP Files and Folders
158
Image 248.9 - Database Folder Properties
Notice that each of the entries have inherited the permissions from the parent drive. We want to have more
restricted permissions, so we need to modify the inherited permissions. Let's click 'Advanced', clear the
'Inheritance' check box, and select 'Copy' to copy existing permissions.
Utilize Windows XP Files and Folders
159
Image 248.10 - Advanced Settings
Image 248.11 - Inheritance Unchecked
Utilize Windows XP Files and Folders
160
Image 248.12 - Permissions Copied
Click OK to close the advanced dialog box. Now we can modify our existing permissions. We are going to keep
the 'Administrators' group with full control so that they can continue to manage the folder.
Utilize Windows XP Files and Folders
161
Image 248.13 - Administrators Group
We will keep the 'CREATOR OWNER' group, because this allows users full control over their own files. This
group has 'Special Permissions'.
Utilize Windows XP Files and Folders
162
Image 248.14 - Creator Owner Group
We will remove the 'Users' group. We don't want any individual user to have access to this folder, so we will also
remove the 'Administrator' account from the list too. Finally, we will add the 'Accounting' group to the ACL. We will
click 'Add', type in 'Accounting', and click 'Check Names'. Click 'OK' to add the group to the ACL.
Image 248.15 - Adding a Group
Utilize Windows XP Files and Folders
163
Image 248.16 - Accounting Group Added
The 'Accounting' group was added with default permissions of 'Read & Execute', and 'List Folder Contents'. We
will also check 'Modify' permission, so that our users from the 'Accounting' group can modify the content of the
folder.
Utilize Windows XP Files and Folders
164
Image 248.17 - Modify Permission Added
However, we don't want them to have full control. Giving them 'Full Control' permission would allow them to
modify the ACL. In other words, they could change permissions on this folder. We only want the 'Administrators'
group, and the 'Creator Owner' group to have full control. Let's click 'OK' to finish our permissions
assignment. Every folder and file has several permissions that we can set to control access. Let's take a look at
the permissions on the 'Manuals' folder.
Utilize Windows XP Files and Folders
165
Image 248.18 - Kim Verson Permissions
Notice that Kim Verson has three permissions allowed. These are 'Read & Execute', 'List Folder Content', and
'Read'. However, many of the standard permissions are really a combination of more advanced permissions. To
see advanced permissions click the 'Advanced' button.
Utilize Windows XP Files and Folders
166
Image 248.19 - Advanced Permissions
Here we can see all permission entries. Let's select Kim Verson and click on the 'Edit' button.
Utilize Windows XP Files and Folders
167
Image 248.20 - Advanced Permissions for Kim
Notice that Kim Verson now has five permissions instead of three. We will modify the permissions for this user by
granting her the 'Take Ownership' permission. Click 'OK' twice.
Utilize Windows XP Files and Folders
168
Image 248.21 - Kim Verson Special Permission
Notice that now Kim Verson has 'Special Permission' checked. That's because the 'Take Ownership' permission
is not one of the normal permissions. In addition to granting special permissions, we can configure how those
permissions apply to the folder and its files. Let's go back to 'Advanced', select Kim Verson, and click 'Edit' again.
Notice the 'Apply onto' list.
Utilize Windows XP Files and Folders
169
Image 248.22 - Apply Onto
As we can see, we have a number of different choices. In this example, let's apply our changes to the files only,
give 'Full Control' permission, and click OK.
Utilize Windows XP Files and Folders
170
Image 248.23 - Files Only
Utilize Windows XP Files and Folders
171
Image 248.24 - Special Permissions
Notice that Kim Verson has only 'Special Permission' selected. Even though we granted the 'Full Control'
permission, in the 'Security' tab only 'Special Permissions' is checked. Other permissions are not shown, but are
indicated by a check mark in the 'Special Permissions' box. Let's go back to 'Advanced', select Kim Verson again,
click 'Edit', and this time select 'Apply onto: This folder, subfolders, and files'.
Utilize Windows XP Files and Folders
172
Image 248.25 - This folder subfolders and files
Click OK twice to confirm. Let's look at the 'Security' tab. Notice that, for Kim Verson, the 'Full Control' permission
has been granted and 'Special Permission' is no longer selected.
Utilize Windows XP Files and Folders
173
Image 248.26 - Full Control
Let's add the 'Accounting' group to the ACL for the 'Manuals' folder, with default permissions. Note that Kim
Verson is the member of the 'Accounting' group. When we have several groups of users in ACL it is good to
check the 'Effective Permissions' for individual users. While we could calculate this ourself, we can let Windows
show us the effective permissions. To do that, go to the 'Advanced', and go to the 'Effective Permissions' tab. We
need to select some user account. We will click on the 'Select' button, type in 'Kim Verson', click 'Check Names',
and then click 'OK'.
Utilize Windows XP Files and Folders
174
Image 248.27 - Kim Verson Effective Permissions
Notice that Kim Verson has all possible permissions, while other users that belong to the 'Accounting' group only
have default permissions. This is because we have added Kim Verson individually to the ACL and edited her's
permissions. In addition to NTFS permissions, files and folders on an NTFS partition identify the file owner.
Ownership is important because some actions can only be performed by the owner. In other cases, we can take
ownership of the file to modify the permissions on a file when we would otherwise not be able to. In our example,
we have a file in the 'Manuals' folder called 'Keeway Cruiser 250'. Kim Verson created this file and she removed
all other users and groups from the ACL.
Utilize Windows XP Files and Folders
175
Image 248.28 - Keeway Security Properties
Now, let's log on with an Administrator account and try to change the NTFS permissions for the 'Keeway Cruiser
250' file. Notice the Warning.
Image 248.29 - Security Warning
Utilize Windows XP Files and Folders
176
Image 248.30 - Security Tab
We can not view, let alone modify the access control list. However, we can take ownership of the file. To take
ownership, we have to be logged on as user who is a member of the 'Administrators' group. We are currently
logged on as an Administrator, who is a member of the 'Administrators' group. We'll click 'Advanced', and then
click the 'Owner' tab.
Utilize Windows XP Files and Folders
177
Image 248.31 - Owner Tab
Now, we want to select a user who is going to take ownership of this file. We will select Administrator, and click
'Apply'.
Utilize Windows XP Files and Folders
178
Image 248.32 - Owner Changed
Notice that the owner is changed to the 'Administrator' account. Let's click OK to save our changes, and click OK
again. Now, as the file owner, if we open the file properties and go to the 'Security' tab, we can view and modify
the NTFS permissions for the file.
Utilize Windows XP Files and Folders
179
Image 248.33 - File Properties
Remember
If we want to edit current permissions for particular file or folder, we have to clear the 'Inherit from parent the
permission entries that apply to child objects' option in 'Advanced Security Settings'. When we add new user or
group to the ACL, we can assign the permissions for that users as we desire. We use the 'Deny' column to
explicitly deny access to a particular user since users can belong to more than one group. We can see the
effective permissions if we go to the 'Advanced', and then to the 'Effective Permissions' tab. Giving users 'Full
Control' permission allows them to modify the ACL. In addition to NTFS permissions, files and folders on an NTFS
partition identify the file owner. Ownership is important because some actions can only be performed by the
owner. We can take ownership of the file to modify the permissions on a file when we would otherwise not be able
to.
Utilize Windows XP Files and Folders
180
Share Folders in XP Parent Category: XP
Category: Files and Folders
In Windows XP we can allows network access to our files and folders. Users can then
modify existing files, or create new files over network.
Before you start
Objectives: learn how to enable file sharing, how to make shared folder, how to connect
to a share and how to manage share permissions in XP.
Prerequisites: no prerequisites.
Key terms: share, folder, network, permissions, user, drive, name, control, file, map, unc, read, enable
Tools
To share our folders we can use two tools. The first tool is Windows Explorer. By going in to the properties of any
folder, we can go to the 'Sharing' tab, where we can enable sharing of that folder. When we create a share, we
have to name it. That is how our users will find the share. We also have to put permissions of the share, and we
can also control the limits of the share. We can limit how many users can connect simultaneously to our share. By
default, the limit is 10 users and that is the maximum number of users as well. If we need more then 10 people
accessing a share, we have to use Windows Server edition. Another tool that we can use to manage shares is
'Shared Folders', which is located in 'Computer Management'. In 'Shared Folders' we can create new shares, or
we can manage existing shares.
Access
To access a share we can go to 'My Network Places', where we can see other computers on the network. When
we open target computer, we can access shared folders or printers on that computer. Additionally, to access
network share, we can use Universal Naming Convention (UNC) path. To access a share with UNC, first we have
to type in '\\', then the computer name, then '\', and then the share name. So, if we have a share named 'Factis',
on a computer named 'SilverCrest', the UNC path to that share would be '\\silvercrest\factis'.
Administrative Shares
When we install our system, the 'Administrative shares' get created. The 'Administrative shares' are accessible
only by the Administrators group. These shares are hidden by default. We can hide the share by putting the '$'
sign after the name of the share. These shares are not visible in network neighborhood. In order to access hidden
share, we have to use UNC path. Of course, at the end of the UNC path will be the '$' sign.
Enabling Sharing
If our computer is a new computer and is a member of a workgroup, file and printer sharing is disabled. We will
not be able to share folders and printers until we first enable sharing. For computers on a domain, sharing is
automatically enabled. The recommended method to enable sharing is to run the 'Network Setup Wizard'. Go to
the 'Control Panel', click on the 'Network Setup Wizard', and click 'Next'.
Utilize Windows XP Files and Folders
181
Image 249.1 - Checklist
We have to ensure that we have installed network card, turn on all computers, printers, and that we have
connected to the Internet. Click 'Next'.
Image 249.2 - Connection
In our example we are connected to the Internet trough Local Area Connection. We will use the existing
connection (first option). Click 'Next'.
Utilize Windows XP Files and Folders
182
Image 249.3 - Computer Name
Here we can enter computer description and change computer name. Click 'Next'.
Image 249.4 - Workgroup
Here we can enter the Workgroup name. We will enter 'Workgroup'. Click 'Next.
Image 249.5 - Turn On File And Printer Sharing
Here we will select 'Turn on file and printer sharing'. Click 'Next'.
Utilize Windows XP Files and Folders
183
Image 249.6 - Finish
Here we will select to just finish the wizard, and click 'Next'. Click 'Finish' to close the wizard. This way we have
enabled sharing on our computer.
Sharing a Folder
We can use Windows Explorer to quickly share a folder. Simply right-click some folder, open its properties, and
then select 'Sharing' tab. In our case we will share the 'Manuals' folder, which is located on our E drive.
Image 249.7 - Sharing Options for Manuals Folder
To share a folder, we have to check 'Share this folder on the network' option.
Utilize Windows XP Files and Folders
184
Image 249.8 - Sharing is Enabled
By default, users are not allowed to change our files. This way users can only read our files. We want to allow all
users to change our files so we will check 'Allow network users to change my files' option, and click 'Apply'.
Image 249.9 - Modify is Enabled
Let's click OK. Notice the the icon of the folder is changed. It now indicates that the folder is shared.
Image 249.10 - Shared Folder
In this example the computer is configured to use Simple File Sharing. If we want more control over file shares
we need to enable advanced sharing. To do this, go to the Tools menu and selectFolder Options. Then go to
the View tab, scroll down, clear the 'Use simple file sharing' check box, and click OK.
Utilize Windows XP Files and Folders
185
Image 249.11 - Simple File Sharing Disabled
Let's open sharing options for Manuals folder again.
Utilize Windows XP Files and Folders
186
Image 249.12 - Advanced Sharing Options
Now we can share the folder multiple times. Let's add an additional share by clicking on the New Share button.
Image 249.13 - New Share
We can share this folder again with a different name. In this example we will name it Motorcycle manuals, and
click OK.
Utilize Windows XP Files and Folders
187
Image 249.14 - Motorcycle Manuals Share
When using advanced sharing, we can set user limits. For example, we can set the maximum number of users to
2 users, instead of 10.
Image 249.15 - Users Limit
Notice that the maximum number of users for the original share name remains at maximum.
Utilize Windows XP Files and Folders
188
Image 249.16 - Original Share Name
We can also set different permissions for different share names. First we have to chose a share name from the
drop down list, and then click on the Permissions button.
Utilize Windows XP Files and Folders
189
Image 239.17 - Share Permissions
In our case, everyone can read data in Manuals folder.
Shared Folders Tool
We can use Shared Folders plugin in Computer Management to manage our shares. This plugin lets us view and
manage all of our shared folders from a central location. To take full advantage of Shared Folders our computer
needs to have advanced sharing enabled.
Image 249.18 - Shared Folders Console
Utilize Windows XP Files and Folders
190
Let's select Shares to see all shared folders on our system.
Image 249.19 - Shares
Here we can view and edit shared folder properties, such as user limits and permissions. For example, if we open
the properties for Manuals, on the General tab we can edit the number of users allowed to connect.
Image 249.20 - General Tab
On the Share Permissions tab we can edit the share permissions.
Utilize Windows XP Files and Folders
191
Image 249.21 - Share Permissions
On the Security tab we can edit the NTFS permissions.
Utilize Windows XP Files and Folders
192
Image 249.22 - NTFS Permissions
Let's click OK. Now, let's create a new share using Shared Folders tool.
Creating New Share
To create new share, right click Shares, select New File Share, and click Next. The wizard will appear.
Image 249.23 - New File Share
Utilize Windows XP Files and Folders
193
Image 249.24 - Share Wizard
Now, we need to specify a folder to share. We can browse to find the folder that we want to share.
Image 249.25 - Shared Folder Set Up
In our case we will select Paulaner folder, which is located on E drive. We also need to provide a share name. In
our case, we will enter Paulaner.
Image 249.26 - Paulaner Share
Utilize Windows XP Files and Folders
194
We can click Next. Now, we need to decide what type of share permissions to use. In this case we will use the
default setting, in which all users have read access.
Image 249.27 - Share Permissions
Click Next, and click Finish to share the folder. Notice that the folder has been successfully shared.
Image 249.28 - Paulaner is Shared
Sessions and Open Files
The Sessions folder shows us who is connected to our computer right now.
Image 249.29 - Sessions
Notice that the user Admin is currently connected to our computer. In Open Files we can see which files are
accessed by which user.
Utilize Windows XP Files and Folders
195
Image 249.30 - Open Files
Deleting a Share
Let's say that we want to stop sharing Manuals folder. Before we delete the share, we should inform all connected
users that we are going to delete the share. To do that, right click Shared Folders, select All Tasks, and then
select Send Console Message.
Image 249.31 - Send Console Message
Image 249.32 - Message
Click Send to send message. That will give them a chance to disconnect gracefully. Now, we can right click
Manuals folder, select Stop Sharing, and click Yes to confirm.
Utilize Windows XP Files and Folders
196
Image 249.33 - Stop Sharing
Image 249.34 - Confirmation
Connecting to a Share
There are many ways to connect to a shared folder on another computer. For example, we can go to the start
menu and use the Run command. From here we can type in the syntax to the share. This approach uses the
UNC syntax or Universal Naming Convention syntax. We want to connect to the share named Public on a
computer named Verson. The UNC path to that share is \\verson\public.
Image 249.35 - UNC Path
When we open shared folder, we can go to the Tools menu, and map a network drive.
Utilize Windows XP Files and Folders
197
Image 249.36 - Share in Explorer
We have to select the drive letter that we want to use, and we have to enter the UNC path to the share. In our
case we will select the Z drive, and enter the \\verson\public as our UNC path.
Image 249.37 - Map Network Drive
Notice that our share is now Z drive.
Image 249.38 - Share is Mapped
We can find shares by browsing the network neighborhood. Let's go to the Control Panel > Network
Connections > My Network Places.
Utilize Windows XP Files and Folders
198
Image 249.39 - My Network Places
Here we can see all shared folder in a Workgroup. We can also see workgroup computers by clicking on the 'View
workgroup computers' form the menu on the left.
Image 249.40 - Workgroup Computers
Let's open Verson computer. Let's map a drive with different user name this time. Right click Public, and
select Map Network Drive.
Utilize Windows XP Files and Folders
199
Image 249.41 - Map Network Drive
This time the UNC path is already entered. The drive letter will be Y this time. Let's select 'Connect using a
different user name'. The user name will be Kim Verson this time.
Image 249.42 - Kim Verson
Click OK, and click Finish. Notice the warning.
Image 249.43 - Error
We will get an error. We can not map the same share with different drive letter and with different user credentials.
If we want to map the same share with different credentials, we have to disconnect existing network drive. To do
that, go to the My Computer, right click network drive, and select Disconnect.
Utilize Windows XP Files and Folders
200
Image 249.44 - Disconnect Option
We can also map a network drive by right clicking My Computer, and selecting Map Network Drive.
Image 249.45 - Map Network Drive Option
Share Permissions
Trough Share Permissions we can control who will have access to our shares. These apply specifically to the
network users. The Share Permissions can be on both NTFS and FAT partitions. There are three levels of Share
Permissions. Those are Full Control, Change and Read. Full Control gives us full control over all of the
attributes of that particular share. It allows us to modify files, to take ownership, and to change permissions of that
particular share. The Change permission allows users to do anything with the files inside the share. The Read
permission allows users to read and execute the contents of the files that are in the shared folder.
With Share Permission we also have an Allow and Deny attribute. The Deny attribute explicitly denies particular
permission. Deny will always over ride the Allow permission. This is useful when, for example, some user is a
member of multiple groups, and we want to deny particular permission only for that particular user. For local
users, only NTFS permissions are applied. When a user access our shares over network, both Share Permissions
and NTFS permissions are applied to him. Let's take a look at Share Permissions on Manuals folder.
Utilize Windows XP Files and Folders
201
Image 249.46 - Share Permissions
At this point, Everyone can read data in Manuals folder. We will add Accounting group to the ACL, and give it Full
Control permission. To do that, click Add, type in 'Accounting', click Check Names, and click OK.
Utilize Windows XP Files and Folders
202
Image 249.47 - Accounting Group Added
The default permission is the Read permission, so we had to check Full Control permission manually. Click OK to
finish. Share Permissions only restrict network access, while NTFS permissions restrict both local and network
access. By setting NTFS permissions on a shared folder we have greater control over data access. When we
enable sharing on some folder, by default, everyone will have the Read permission. Trough NTFS permissions we
can set permissions more precisely.
The most restrictive permission will always be used to control network access. For example, if a user belongs to
one group which has Change permission in Share Permissions, and to another group which has only Read
permission in NTFS permissions, that user will only have Read permission on that particular folder. This is true for
both Share and NTFS permissions.
Remember
We will not be able to share folders and printers until we first enable sharing. The recommended method to
enable sharing is to run the 'Network Setup Wizard'. We can use Windows Explorer to quickly share a folder.
Simply right-click the folder, open its properties, and then click 'Sharing' tab. When we share a folder users are
not allowed to change our files by default. If we want more control over file shares we need to enable advanced
sharing. When using advanced sharing, we can set user limits and set different permissions for different share
names. We can also use Shared Folders console plugin in Computer Management to manage our shares. We
can use UNC syntax to connect to a network share. We can also map a network drive. We can not map the same
share with different drive letter, and with different user credentials. We can also find shares by browsing the
network neighborhood. Trough Share Permissions we can control who will have access to our shares. These
apply specifically to the network users.
Paths that are mentioned in this article
Utilize Windows XP Files and Folders
203
Control Panel > Network Connections > My Network Places - find available shares on the network
Utilize Windows XP Files and Folders
204
Offline Files in XP Parent Category: XP
Category: Files and Folders
Offline Files allow us to create a local cache of the files from a shared folder. These files
are copies of files which are on some computer on our network. The advantage of using
Offline Files is the sync ability. Whenever we connect to the network, our offline file will
be synchronized with files on the network. This is very useful for laptop users.
Before you start
Objectives: learn how to configure Offline Files on XP machine.
Prerequisites: no prerequisites.
Key terms: file, offline, folder, cache, shared, available, select, sync
Conditions
To set up Offline Files, we have to meet some conditions. First of all, we need to setup the off-line files capability
on the 'server' computer. When we create a shared folder, Offline Files are enabled by default. However, if it has
been turned off, we need to turn that back on. On the client computer, we have to select which files or folders we
want to be available offline. Once we set all this up, we can use the Offline Files feature. We can select to
automatically sync Offline Files, or to manual sync. If we want to control space of cached files, we should select
manual caching. That way, the user can select when and what to cache. Otherwise, we can select automatic
caching. For instance, we can set automatic synchronization whenever user reconnects. This way we ensure that
the user has latest files downloaded from the server. We can also encrypt Offline Files (the offline files cache).
That way our sensitive data is protected while we are away from the company, for example. We can also choose
to preserve NTFS permissions. This can be done if the client computer is formatted with NTFS. When using
Offline Files, we have to disable Fast User Switching. We can't use Offline Files if Fast User Switching is enabled.
Another problem that often occurs is that the client doesn't have enough disk space to cache all files.
Example Configuration
There are two actions that we must take to enable Offline Files. Offline File access must be enabled on the
shared folder, and Offline Files must be enabled on each workstation that needs to use offline access for the
shared folder. Let's take a look at default settings that are applied when we share a folder. In our example, we will
go to the E drive, open properties for the Manuals folder, go to the Sharing tab, and click the Caching button.
Utilize Windows XP Files and Folders
205
Image 250.1 - Caching Settings
The default option is 'Manual caching of documents'. That means that only files specified by users are made
available offline. We can change this to automatic caching, which means that the file is cached when user opens
it. We can also disable off-line caching for the share, and to do that we have to remove check on 'Allow caching of
files in this shared folder'. When we enable caching on the shared folder, that simply allows the folder's contents
to be cached. We also need to enable Offline Files on the client computer. On the client computer let's open
Tools, then Folder Options, and go to the Offline Files tab. We need to enable Offline Files so that they are
available on this machine. Click Apply and OK.
Utilize Windows XP Files and Folders
206
Image 250.2 - Offline Files Enabled
We have enabled Offline Files, but that does not mean that any files are copied to our computer. We need to
select files that we want to have available offline. Let's see some shared folders on the 'verson' computer.
Image 250.3 - Shared Folders on Verson
In our case we want the Public folder available offline. To do that, we have to manually make the files available
offline. To make Public folder available offline, right click the folder and select 'Make Available Offline'. When we
do our first sync, the wizard will appear.
Utilize Windows XP Files and Folders
207
Image 250.4 - Offline Files Wizard
Click Next on the wizard. Here we will select to automatically sync files when we log on and log off our computer.
Image 250.5 - Automatic Sync
Click Next. We will also enable reminders and put a shortcut to the Offline Files folder on our desktop.
Utilize Windows XP Files and Folders
208
Image 250.6 - Reminders and Shortcut
Click Finish to sync files. Notice that the icon for the Public shared folder has been changed.
Image 250.7 - Public Folder Synced
If the shared folder has automatic caching enabled, the files that we open on a share will be automatically copied
to the cache on a local computer.
Local Cache
With the Offline Files, the copy of a network file or folder is placed on a local system. File copies are stored in the
workstation's offline file cache. To view the cache we can go to the Control Panel, then Folder Options, and then
open the Offline Files tab. Let's click the View Files button.
Utilize Windows XP Files and Folders
209
Image 250.8 - View Files
When we click on the View Files button, the Offline Files Folder opens up. Here we can see all files that are
synced with shared folder. As we can see, in our case we have one file in the cache. Files that are synced
manually are marked as 'Always available offline'. Shared folder can also be configured with automatic caching.
Let's see an example. We created new shared folder named 'Instructions' on Verson computer, which is
configured with automatic caching. There is one file in that folder.
Image 250.9 - Content of Instructions Folder
In our case we have simply opened that file and then close it. Because of Automatic sync feature, it was
automatically synced with our offline files.
Utilize Windows XP Files and Folders
210
Image 250.10 - File is Synced
Notice that the Availability status for files that are automatically shared is 'Temporary available offline'. Now we
can work with that files even if we are not connected to the network. If we make changes while we are not
connected to the network, files will be synced when we connect back. We can also manually sync files that we
want. To do that, go to the Tools menu, and select 'Synchronize'.
Utilize Windows XP Files and Folders
211
Image 250.11 - Items to Sync
Here we can select which items we want to sync. Click Synchronize to sync files. We can also delete files from
our cache to free up disk space. To do that, just right click a file in the Offline Files Folder and select Delete.
Image 250.12 - Confirm File Delete
When we delete a file from our cache, the file on the network remains intact. We can also delete files using Folder
Options. Go to Offline Files tab, and click Delete Files.
Image 250.13 - Delete Offline Files
Here we can choose from which shared folders we want to delete our cached files. We can choose to delete only
temporary offline versions, or to delete both temporary and always available cached files. In our case we will
select second option and click OK.
Utilize Windows XP Files and Folders
212
Image 250.14 - Files Deleted
Remember
Offline File access must be enabled on the shared folder, and Offline Files must be enabled on each workstation
that needs to use offline access for the shared folder. When we share some folder, the default option is 'Manual
caching of documents'. We need to select files that we want to have available offline. If the shared folder has
automatic caching enabled, the files that we open on a share will be automatically copied to the cache on a local
computer. File copies are stored in the workstation's offline file cache. Files that are synced manually are marked
as 'Always available offline'. Files that are automatically shared have 'Temporary available offline' status. We can
delete files from our cache to free up disk space. When we delete a file from our cache, the file on the network
remains intact.
Utilize Windows XP Files and Folders
213
IIS in XP Parent Category: XP
Category: Files and Folders
Internet Information Services (IIS) allows us to use services such as Remote Desktop,
Internet Printing, Active Desktop, and Web Server.
Before you start
Objectives: learn how to install IIS and how to create sites inside of IIS.
Prerequisites: no prerequisites.
Key terms: folder, iis, web, default, directory, service, file, website, wwwroot, install, manage, content, interpub
About IIS
We can share our folders using the IIS so that others can access our folders via Internet Explorer. As we go to the
folder properties, we'll notice that there is a Web Sharing tab (IIS has to be installed). When we install IIS, it is
going to create several directories for us. On the C drive we will have the directory named 'inetpub\wwwroot'. This
is going to be our default directory for all of our shares. If we want to create a web share, all we have to do is
create a sub-directory in 'wwwroot'. Let's say that we want to create 'Public' share. The path to our share would
look like this: 'c:\inetpub\wwwroot\public'. All we have to do now is add some data to the 'Public' folder. To access
those, we have to type in 'http://', and then the name of our computer. Users will be redirected to our 'wwwroot'
folder. This way we will see all web shares on that particular computer. To access a share directly, we have to
type in the share name. For example, to access a Public share on a 'Verson' computer, we have to type in
'http://verson/public' in Internet Explorer or some other browser. We can also create shortcuts to directories on our
computer, so that we don't have to put all our data in '\inetpub\wwwroot\'. If we go to the properties of some folder
and create a web share on the Web Share tab, the system will create a shortcut to that folder in the 'wwwroot'
directory. That way, users can access those files without copying them to the 'wwwroot' folder.
Installing IIS
We can use Add/Remove Programs to install IIS on Windows XP Professional computer. Let's go to the Control
Panel, open Add or Remove Programs, and select Add/Remove Windows Components from the left menu. Scroll
down a bit, and select Internet Information Services (IIS).
Utilize Windows XP Files and Folders
214
Image 251.1 - Windows Components Wizard
Let's click on the Details button. Notice that when we install IIS, the World Wide Web service is installed. This is
the web or http service. Also notice that the FTP service is not installed by default. We will select it because we do
want to install FTP on this machine.
Image 251.2 - FTP Service Selected
Let's take a look at the details of the World Wide Web service. We will select it, and click Details.
Utilize Windows XP Files and Folders
215
Image 251.3 - WWW Details
'Printer virtual directory' and 'World Wide Web Service' are installed. We will also select Remote Desktop Web
Connection. Click OK. Notice that the Internet Information Services Snap-in is installed by default. Now that we
have selected items that we want to install, we will click OK, and then click Next to start installation.
Image 251.4 - Windows Installation Disk is Required
It will ask us to put the Windows CD in our CD drive. After that the installation continues. After the installation click
Finish. Now, let's open the IIS Management tool which is located in Administrative Tools. In IIS Management we
will open local computer, then Web Sites, and then select Default Web Site.
Utilize Windows XP Files and Folders
216
Image 251.5 - IIS Management Console
Let's take a look at that Default Web Site. Let's open Internet Explorer. We can either type in the IP address of
this computer, or we can use a localhost as the URL to take a look at the website hosted on this machine.
Image 251.6 - Default Web Site Opened
Web Site Content
When we install IIS, default website is configured and started. Default website contains several directories and
files that are used to represent that site. Let's check the contents of the Default Web Site.
Utilize Windows XP Files and Folders
217
Image 251.7 - Site Content
As we can see there are number of folders and files used to setup that site. The default website files are located
on the system partition in the \inetpub\wwwroot\ folder. We can right-click the website and select Open to open
in Windows Explorer.
Image 251.8 - Folder Content
One way to manage website content is to add folders and files to the wwwroot directory. Let's create new folder
called 'Manuals' and folder called 'Databases'.
Utilize Windows XP Files and Folders
218
Image 251.9 - New Folders
We will also add some simple html file to the Manuals folder.
Image 251.10 - Manuals Folder
Now let's go back to the IIS snap in, and refresh the website.
Utilize Windows XP Files and Folders
219
Image 251.11 - IIS Console
Now we can see our two new folders that we have created with Windows Explorer. We can also see our
'index.htm' file in Manuals folder.
Image 251.12 - Manuals Folder Content
We can also make directories outside of this directory structure by creating Virtual Directories. Virtual directories
are like shortcuts in IIS that point to directories in other locations. To create a Virtual Directory in IIS, right-click a
website, point to New, and then select Virtual Directory.
Utilize Windows XP Files and Folders
220
Image 251.13 - New Virtual Directory
Click Next to continue. We need to type in the Alias for our Virtual Directory. Let's call it Manuals.
Image 251.14 - Wizard
Click Next to continue. We need to type in the Alias for our Virtual Directory. Let's call it Manuals.
Utilize Windows XP Files and Folders
221
Image 251.15 - Alias
Click Next. Now we need to enter the path to our directory. In our example the path will be 'E:\Paulaner'.
Image 251.16 - Path
Click Next. Now we need to select permissions. We will accept the default permissions.
Utilize Windows XP Files and Folders
222
Image 251.17 - Permissions
Click Finish. We can see Paulaner in IIS.
Image 251.18 - Paulaner in IIS
We can also use Windows Explorer to make Web Shares. Let's go to E drive, open properties for Databases
folder, and go to the Web Sharing tab.
Utilize Windows XP Files and Folders
223
Image 251.19 - Web Sharing Tab
Here we will select 'Share this folder'. When we do that, the following window appears.
Image 251.20 - Edit Web Share
Utilize Windows XP Files and Folders
224
We will accept default settings and click OK. Click OK again. Now let's go back to the IIS console and refresh the
content of the default website.
Image 251.21 - Databases Folder
Databases folder is now visible. Now we can access it by typing http://localhost/databases in Internet Explorer.
Remember
When we install IIS, the World Wide Web service is installed. FTP service is not installed by default. IIS
Management tool which is located in Administrative Tools. When we install IIS, default website is configured and
started. Virtual directories are shortcuts in IIS that point to directories in other locations.
Paths that are mentioned in this article
c:\inetpub\wwwroot\ - default location for IIS sites
E:\Paulaner - folder on E partition which we used to create Virtual Directory
http://localhost/databases - URL to the local site
Utilize Windows XP Optimization
225
Files System
Convert File System in XP Parent Category: XP
Category: File System
On Windows XP we can use FAT (FAT16), FAT32 and NTFS as our File System. In this
article we will talk about their differences, advantages and how to move between various
File Systems.
Before you start
Objectives: learn how to convert from FAT to NTFS and from NTFS to FAT in Windows XP.
Prerequisites: you should know about different types of files systems that can be utilized in Windows.
Key terms: convert, fat, ntfs, file, partition, drive, command, conversion, format
Example Configuration
In this demonstration we will see how to change from one file system to another. In first example we have an
NTFS partition that we want to convert back to FAT32. The only way to do that is to format the partition. To format
a partition we have to right-click it, and then select 'Format'.
Image 252.1 - Format Volume
In our example, we have a partition that is 4.9 GB in size. We will convert it to FAT32, leave the default allocation
size and enable 'Quick Format'. When we are ready, we will click on the 'Start' button. Remember, we have to
backup all our files because formatting will destroy them. When we click 'Start', the warning message appears.
We will click OK.
Utilize Windows XP Optimization
226
Image 252.2 - Warning
If everything went fine, the 'Formating Complete' message appears.
Image 252.3 - Format Complete
To check the File System of our partition, right-click it and select its Properties.
Image 252.4 - Partition Properties
Utilize Windows XP Optimization
227
In our second example we want to convert from FAT32 to NTFS. We can do this by using the 'format' utility,
however, we can also make the conversion without erasing any data from our partition. To do that we can use the
'convert' utility. To open 'convert', we have to go to the Command Prompt. Let's go to the Start Menu, Run, enter
CMD, and click OK.
Image 252.5 - Run Menu
Image 252.6 - CMD
Here we have to enter the command 'convert', then the drive that we want to convert (E in our example), then
'/fs:', and then file system that we want to convert to. In our example the command will look like this: convert e:
/fs:ntfs.
Image 252.7 - Convert Utility
When we hit 'Enter', it will ask us to enter volume label for drive E:. In our example we will enter 'Volume' as our
volume label.
Image 252.8 - Volume Label
When we hit 'Enter' again, the conversion process will start. In our example everything went fine.
Utilize Windows XP Optimization
228
Image 252.9 - Conversion Complete
Let's go to 'My Computer' and check the file system on E partition. As we can see, the file system is now NTFS.
Image 252.10 - NTFS File System
Utilize Windows XP Optimization
229
Remember
To convert from NTFS to FAT we have to format our partition. Formating will erase all data on the partition. To
convert from FAT to NTFS we can use the 'convert' command line utility. When using 'convert' utility, no data is
being erased.
Commands that are mentioned in this article
convert e: /fs:ntfs - CMD command which will convert E partition to the NTFS file system
Utilize Windows XP Optimization
230
Manage Hard Disks in XP Parent Category: XP
Category: File System
We have two different types of disks that we can work with in Windows XP. We have
Basic disks and Dynamic disks. By default, our disks will be Basic disks. Basic disks use
partitions, extended partitions, and logical drives for storage. Dynamic disks uses
Volumes.
Before you start
Objectives: learn how to create new partitions, extend partitions, create logical drives, convert from Basic to
Dynamic disks, and create new and extend existing Volumes in Windows XP.
Prerequisites: you have to know what is file system.
Key terms: partition, volume, create, disk, extend, space, dynamic, basic, logical, drive, hard, free, primary,
spanned, upgrade
Configure Partitions
Storage on Basic disks is organized into partitions and logical drives. We can use Disk Management which is
located in Control Panel > Performance and Maintenance > Administrative Tools > Computer Management,
to manage partitions and logical drives. Notice that Disk 2 (E:) is Basic disk.
Image 253.1 - Basic Disk
To create new partition, we have to right-click the unallocated space and select 'New partition' to open 'New
Partition Wizard'.
Utilize Windows XP Optimization
231
Image 253.2 - New Partition
Image 253.3 - New Partition Wizard
Click 'Next'. We can create a Primary partition or an Extended partition. A Primary partition is a partition from
which an operating system can start (it must be marked as Active, and is usually represented with drive letter C:).
Only one partition can be marked as 'Active'. We can create up to four primary partitions on a single disk, or we
can create three primary partitions and one Extended partition. An Extended partition allows us to create more
than four partitions on a Basic disk. Extended partitions actually contain Logical drives. If we create an Extended
partition, then we will have to add Logical drives to that Extended partition. To recap, we can only create one
Utilize Windows XP Optimization
232
Extended partition on single disk, but we can create multiple Logical drives on that partition. Those drives will
have their own drive letters in Windows. Let's select 'Primary partition'.
Image 253.4 - Select Partition Type
Click 'Next'. We need to enter the partition size. In this example we will use 1 GB of space.
Image 253.5 - Specify Partition Size
Let's click 'Next'. We will use the E drive.
Image 254.6 - Specify Drive Letter
Click 'Next'. We will use NTFS and perform a quick format.
Image 253.7 - Format Options
Click 'Next'. Click 'Finish' to create partition. As you can see we now have a new partition.
Utilize Windows XP Optimization
233
Image 253.8 - New Partition
Now, let's create an Extended partition. Right-click the unallocated space, select 'New partition', and click 'Next'.
Image 253.9 - Right-click Unallocated Space
This time we want to create an Extended partition, so we will select 'Extended partition' option.
Utilize Windows XP Optimization
234
Image 253.10 - Extended Partition
Click 'Next'. Let's use the rest of the space on the disk.
Image 253.11 - Partition Size
Click 'Next' and click 'Finish'. Notice that the Extended partition exists, but there aren't any drives in it.
Image 253.12 - Extended Disk
At this point we need to create Logical drives. Let's right-click 'free space' on our extended partition and select
'New logical drive'. Click 'Next' on the Wizard. We have only one option - to create a Logical drive.
Utilize Windows XP Optimization
235
Image 253.13 - Logical Drive Option
Click 'Next'. We need to specify the size of the Logical drive. In our example we will enter 1 GB again.
Image 253.14 - Size Options
Click 'Next'. We will accept the F drive.
Image 253.15 - Drive Letter
Click 'Next'. We will perform a quick format on an NTFS volume.
Image 253.16 - Formatting Options
Click 'Next' again and then click 'Finish'. At this point we have one Primary partition and one Extended partition
which contains a single Logical drive. We still have some free space left, so we can use that free space to create
additional Logical drives.
Utilize Windows XP Optimization
236
Image 253.17 - Logical Drive Created
Configure Disk Types
Before we can create Volumes to take advantage of the new volume features in Windows XP, we must upgrade
our Hard Disk to a Dynamic disk. To do that, go to the Disk Management utility. Let's take a look at Disk 2.
Image 253.18 - Disk 2
Notice the Disc 2 is currently configured as Basic disk. It contains a Primary partition and Extended partition with
one Logical drive. We also have some free space on our extended partition. We can upgrade new, clean disks or
we can upgrade a disk that already contains data. To upgrade the disk to Dynamic, in our case we will right-click
Disk 2 and select 'Convert to Dynamic Disk'.
Utilize Windows XP Optimization
237
Image 253.19 - Right-click Disk 2
Notice that we can select multiple disks for conversion. In our example we will only check Disk 2. Click OK.
Image 253.20 - Disk Selection
On the next screen we can see all the disks that are going to be converted. Click 'Convert'.
Image 253.21 - Disks to Convert
We will get a warning. If we convert this disk to Dynamic disk, we will not be able to start other installed operating
systems. Let's click 'Yes' to continue.
Utilize Windows XP Optimization
238
Image 253.22 - First Warning
Again we have a warning. The disks being converted will be dismounted. Click 'Yes' to continue.
Image 253.23 - Second Warning
That's it. Notice that the Primary partition, Extended partition, and Logical drive have been converted to Simple
volumes. Notice that the free space, that was located on the Extended partition, is now unallocated.
Image 253.24 - Resulting Volumes
Let's say that we have a Dynamic disk and we want to convert it to a Basic disk. To do that first we have to delete
all the volumes on the disk. Let's right click on every volume and select 'Delete Volume'. All data on the Volume
will be lost. Of course, we have to backup our data before we delete Volumes. Click 'Yes' on the warning
message.
Utilize Windows XP Optimization
239
Image 253.25 - Warning Message
Now we can convert Disk 2 to Basic disk. Let's right-click Disk 2 and select 'Convert to Basic Disk'.
Image 253.26 - Right-click Disk 2
Notice that the Disk 2 is now a Basic disk.
Image 253.27 - Basic Disk
Create Volumes
Storage on Dynamic disks is organized by Volumes. We can use Disk Management to create new Volumes. In
our example we have one Basic disk, and two Dynamic disks.
Utilize Windows XP Optimization
240
Image 253.28 - Disks
Let's create a new Volume. To do that, in our case we will right-click Disk 2, start the 'New Volume Wizard', and
click 'Next'. The following window appears.
Image 253.29 - Volume Type
First we need to specify the type of Volume that we want to create. Options that are available depend on the disks
that we have in our system. For example, if we have only one disk with free space, we'll be able to create a
Simple volume. Simple volume uses one disk. In our example, we have two disks with free space, so we can
create a Spanned or a Striped volume. Spanned and Striped volumes require two disks with free space. Let's
select 'Spanned'.
Image 253.30 - Spanned Volume Selected
Click 'Next'. Now we need to select disks.
Image 253.31 - Disk Selection
Utilize Windows XP Optimization
241
On the left we see a list of available disks and on the right we see a list of disks that will be used in our Spanned
volume. Notice that Disk 2 is already selected. That's because we have selected Disk 2 when we started the
wizard. Let's select Disk 0 and click on the 'Add' button. We can also change the amount of space for our Volume.
We can do that on both disks. In our example we will use all available space for our Volume. Let's click 'Next'.
Image 253.32 - Drive Letter
We will use the drive letter 'E'. Let's click 'Next'.
Image 253.33 - Formatting Options
Because we are using Dynamic disks we can only use NTFS. We can also change the allocation unit size.
Allocation unit is the smallest amount of space that can be allocated to store a file. The smaller the Allocation unit
size, the more efficiently we store information. Let's click 'Next', and 'Finish'. Now we have a Spanned volume on
Disk 0 and Disk 2.
Utilize Windows XP Optimization
242
Image 253.34 - New Volume
Extend Volumes
Let's say that we have a following situation. We have three disks. Disk 1 is Basic disk, Disk 0 is Dynamic disk and
we have created a Volume on it. Disk 2 is also a Dynamic disk, but it is now unallocated.
Image 253.35 - Disks
Let's say that we have run out of space on Disk 0. We can extend Disk 0 with free space on Disk 2. To do that,
right-click the Disk 0 and select 'Extend Volume'. The Wizard will appear, so click 'Next'.
Utilize Windows XP Optimization
243
Image 253.36 - Right-click
Now, we have to select the disks to extend to. Let's select Disk 2 and click 'Add' button. We will use the maximum
available space.
Image 253.37 - Selected Disk
Let's click 'Next', and click 'Finish'. Notice that we have extended our volume E to the Disk 2.
Utilize Windows XP Optimization
244
Image 253.38 - Extended Volume
Remember
Storage on Basic disks is organized into partitions and logical drives. A Primary partition is a partition from which
an operating system can start (it must be marked as Active). Only one partition can be marked as 'Active'. We can
create up to four primary partitions on a single disk, or we can create three primary partitions and one Extended
partition. An Extended partition allows us to create more than four partitions on a Basic disk. Extended partitions
actually contain Logical drives. If we create an Extended partition, then we will have to add Logical drives to that
Extended partition. We can only create one Extended partition on single disk, but we can create multiple Logical
drives on that partition. Storage on Dynamic disks is organized by Volumes. Before we can create Volumes we
must upgrade our Hard Disk to a Dynamic disk. We can upgrade new, clean disks or we can upgrade a disk that
already contains data, to Dynamic disk. To convert Dynamic disk back to Basic disk, first we have to delete all
Volumes on the disk. Simple volume uses one disk. Spanned and Striped volumes require two disks with free
space. With Dynamic disks we can only use NTFS as our File System. We cannot extend Basic disks, or Volume
from which the operating system boots from.
Paths that are mentioned in this article
Control Panel > Performance and Maintenance > Administrative Tools > Computer Management > Disk
Management - utility which we can use to manage Hard Disks in XP
Utilize Windows XP Optimization
245
Mount a Volume in XP Parent Category: XP
Category: File System
A volume mount point allows us to use another partition and represent it as a folder on
existing partition. This way we can easily expand the apparent size of an existing
partition without having to re-create or resize existing partition.
Before you start
Objectives: learn how to mount a Volume to a folder on existing partition in XP.
Prerequisites: no prerequisites.
Key terms: disk, folder, volume, mount, partition, ntfs, space, system, dynamic, point
Example Configuration
To mount a volume, we have to create a folder on existing partition. Next, we have to point it to the new partition.
When we do that, the new partition is represented as a folder on our computer. Data is stored on the new storage
space on our new volume, but it's accessible by browsing the folder on the original drive. Both partitions have to
be formatted with NTFS. The folder we're mounting to needs to be empty, and it needs to be created on an NTFS
partition. Let's see an example. We will open Disk Management and have a look at our disks. In our case, we
have three disks. Disk 0 is a Dynamic disk and we have created a volume on it. Disk 1 is Basic disk and it is our
System disk. Disk 2 is Dynamic disk and is currently unallocated.
Image 254.1 - Disks
We have created new folder on the E partition, which is called 'Mount Point' in this case.
Utilize Windows XP Optimization
246
Image 254.2 - New Folder
Let's point our new folder to the Disk 2. To do that, in Disk Management right-click the unallocated space on Disk
2, select 'New Volume', and then click 'Next'.
Image 254.3 - Simple Volume
We want to create 'Simple' volume, so let's select it and click 'Next.
Image 254.4 - Disk Selection
Utilize Windows XP Optimization
247
Now we need to specify the amount of space that we want to use. In this case we will use all the space on the
disk. Let's click Next. Now, we need to select 'Mount in the following NTFS folder:'.
Image 254.5 - Second Option Selected
Click 'Browse'. We need to browse to the E partition, and then 'Mounting Point' folder.
Image 254.6 - Folder Selected
Click 'OK'. The path is now entered.
Image 254.7 - Path Entered
Click 'Next. We will select NTFS, and also quick formating.
Utilize Windows XP Optimization
248
Image 254.8 - Format With NTFS
Click 'Next', and click 'Finish'. Now we have a new Volume. Notice that it does not have a drive letter. Notice that
the default icon for our 'Mounting Point' folder has changed.
Image 254.9 - Disk Status
Utilize Windows XP Optimization
249
Image 254.10 - Mount Point Folder
Remember
For mounting we can use Basic disks and Volumes on Dynamic disks. All partitions must be formatted with NTFS.
Multiple folders can reference the same target partition.
Utilize Windows XP Optimization
250
Multiple Operating Systems and XP Parent Category: XP
Category: File System
Windows XP allows us to have multiple operating systems on our computer at the same time. If we use multiple
operating systems, every time we start our computer we will see a menu in which we can choose which operating
system we want to start. This menu is generated from a file called 'boot.ini'.
Before you start
Objectives: learn what is boot.ini and what sould we consider before installing multiple operating systems on a
single computer.
Prerequisites: no prerequisites.
Key terms: partition, system, controller, parameter, fat, boot, number, drive, ini, scsi, multi
Boot.ini
The boot.ini file is actually a pointer. It contains information about the location of our system files. The pointer file
contains data about which controller, which hard drive attached to that controller, and which partition on that hard
drive contains system files. This is an example of boot.ini file located on a Windows XP machine:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/fastdetect
The controller can be identified with two parameters. The first parameter is called 'multi', and the second is called
'scsi'. This looks pretty simple, but it's not really. The 'multi' parameter tells us that the controller has the ability of
telling the system what devices are attached to the controller. After the 'multi' parameter there is a number in
parentheses. This number represents the ID of the controller. When a SCSI controller is identified we can also
see a number in parentheses. The 'scsi' parameter tells us that the controller can't tell the system what devices
are attached to the controller. The boot process uses this piece of information to determine if it needs to run an
additional utility. The additional utility for the SCSI is called the 'ntbootdd.sys'. Remember, if we see a 'multi'
parameter, the controller can still be a SCSI controller, but it is an enhanced SCSI controller.
The next piece of boot.ini file will depend on whether we've got 'multi' or 'scsi' detected. If we have the 'multi'
controller, the next parameter that we will see is the 'disk' parameter. It is also followed by a number. This
parameter is followed by an 'rdisk' parameter, which is also followed by a number. The 'disk' parameter is
associated with the SCSI devices. The 'rdisk' is associated with 'multi' devices. If a controller is a SCSI, the 'disk'
parameter will be used (the number will be read). Numbers in parentheses start from zero. '0' means the first
device, and '1' means the second device.
The next thing that needs to be identified is the partition. To identify the partition we have a parameter called
'partition', and it is also followed by a number in parentheses. The thing to remember here is that the numbers of
partitions start from 1. So, if we see number one after the 'partition' parameter, it means that it is the first
partition. This whole path is called the ARC (Advanced Risc Computing) Path. After the ARC Path comes the
name of the directory where the system files are located. In Windows XP the file ntoskrnl.exe will actually load
up the Windows XP operating system.
Multiple Boot
If we are using multiple operating systems on single computer, we need to know how to divide our Hard Drive.
Let's say that we want to have Windows 98 and Windows XP on the same machine, but we have only one Hard
Utilize Windows XP Optimization
251
Drive. In this scenario we have to create a minimum of two partitions, one for every operating system. However,
the better solution is to create three partition, one of which is going to be shared partition.
We can set the size of the partition as we like, but we have to be careful about which File System to use on
Windows 98 partition. Remember, with Windows 98 we can use FAT or FAT32 as our File System. If we want to
have more space than 2 GB on our Windows 98 partition, FAT is not an option. Remember, FAT can support up
to 2 GB of partition size, so we will have to use FAT32. We should always use FAT32 instead of FAT if
possible. On our Windows XP partition we can use FAT, FAT32, or NTFS file system. With Windows XP we
should use NTFS because of all the advantages that it brings. On a shared partition we will have to use the
FAT32 file system, because we will be accessing it from Windows XP and Windows 98. Remember, Windows 98
does not recognize NTFS.
Now, we also have to think about the drive letters that we are going to use for our partitions. Let's say that our
Windows 98 partition is the first partition. Because of that we will use the C drive letter for the Windows 98
partition. Let's say that the Windows XP partition is the second partition, so we will assign the D letter to that
partition, and E drive letter for our shared partition.
Remember, only Windows 2000/XP supports Dynamic disks and Volumes. We have to use Basic disks and
partitions for operating systems older than Windows 2000/XP. When installing Windows 2000/XP together with
some older operating system on the same computer, we should install the older operating system first, and then
install Windows 2000/XP last. Microsoft recommends the following installation order:
1. MS-DOS
2. Windows 95/98/Me
3. Windows NT
4. Windows 2000/XP
5. Newer OS
Remember
The boot.ini file contains information about the location of our system files. Boot.ini in XP uses ARC path to
determine the Controller, Disk and Partition on which the particular system is located. The ntoskrnl.exe will
actually load up the operating system. Every operating system has to have it's own partition. Windows 98 does
not recognize NTFS, so we can't use Dynamic disks with it. XP can use FAT, FAT32 and NTFS. Older operating
system should be installed first and then the newer operating system.
Utilize Windows XP Optimization
252
Printers
Install Printer in XP Parent Category: XP
Category: Printers
There are three different situations when it comes to printer installation. We can install
printer which is connected directly to our computer, printer which is connected on
another computer on LAN, and we can install network printer directly.
Before you start
Objectives: learn how to install local and network printers. In this article we will also see how to install non plug-
and-play printers, but note that this is something you won't often do today.
Prerequisites: you have to understand the difference between the logical printer and the print device.
Key terms: port, network, print, local, install, server, device, connect, attached, ip
Local Printer Installation
Let's see how to install a local printer for a print device attached directly to a local port on the workstation. Let's go
to the Printers folder. Go to Control Panel, and select Printers and Faxes.
Image 256.1 - Printers Folder
In our case we only have one printer installed. It is the virtual printer used to export documents to XPS format.
Let's add another printer. Click 'Add a printer' from the left menu. The Add Printer Wizard will appear.
Utilize Windows XP Optimization
253
Image 256.2 - Add Printer Wizard
Click Next. We want to add a local printer attached to this computer. In general we will always want to
automatically detect and install plug-and-play printers, so we will select it.
Image 256.3 - Local Printer
Click Next. Most printers we encounter today are plug-and-play. They will be detected and the drivers will be
installed automatically. However, In this example, Windows was unable to detect a plug-and-play printer.
Image 256.4 - No Plug-and-Play
We will add it manually, so let's click Next. We will use the LPT1 Port.
Utilize Windows XP Optimization
254
Image 256.5 - LPT Port
Click Next. Now we need to select the printer model. Let's select Alps MD-1000 (MS).
Image 256.6 - Apls Printer Selected
Click Next. We will use the default name and use that printer as our default printer.
Utilize Windows XP Optimization
255
Image 256.7 - Printer Name
Click Next. We will not share this printer at the moment.
Image 256.8 - Sharing Options
Click Next. Generally we should print a test page to make sure that everything works.
Image 256.9 - Test Page Options
Click Next and click Finish. Click OK if the Test Page prints OK or click Troubleshoot if it doesn't.
Image 256.10 - New Printer Added
Installing Printer Located on LAN
Printer that is located on Local Area Network is often referred to as Network Interface Printer. The first step in
configuring a Network Interface Printer is to create a special port that identifies the printer network card. To do this
we need to edit the properties of the Print Server. In the Printer and Faxes window, go to the File menu, select
Server Properties, and go to the Ports tab.
Utilize Windows XP Optimization
256
Image 256.11 - Ports Tab
We need to add a port so let's click on Add Port. We will select standard TCP/IP Port.
Image 256.12 - Printer Ports
Click New Port button. The Wizard will appear.
Utilize Windows XP Optimization
257
Image 256.13 - Add Port Wizard
Click Next. Here we have to enter the printer name or IP address. We will enter 192.168.1.30 as the IP address of
the printer, and accept the default Port Name. The port name is the name that Windows will use to identify the
logical port that we are creating.
Image 256.14 - Port Information
Click Next. In some cases, the printer will be auto detected. In our case it wasn't, so we need to select the
interface from the list. In our case we will select Kyocera Mita Print Server. If our device is not in the list, we could
select Custom and enter all the information manually. Now, let's click Next and Finish to create the port. Close the
Printer Ports menu. Now we can see our new port on our Print Server.
Utilize Windows XP Optimization
258
Image 256.15 - Device Type
Image 256.16 - New Port Added
Let's close that window. The next step is to create a printer object that uses the port that we have just created.
Let's click 'Add a printer' again and click Next.
Utilize Windows XP Optimization
259
Image 256.17 - Add Printer
Even though the printer is attached to the network, we have to configure the printer as a local printer. Clear the
automatic detection of a printer.
Image 256.18 - Local Printer
Click Next. In the port list we will select the port that we have created.
Image 256.19 - Port
Click Next. Now we need to select the printer model from the list or click on the Have Disk button if we have the
appropriate drivers. In our case we will select HP OfficeJet V45.
Utilize Windows XP Optimization
260
Image 256.20 - Printer Model
Click Next. We will enter HPV45 as our Printer Name.
Image 256.21 - Printer Name
Click Next. We will also share this printer with the default name.
Image 256.22 - Sharing Options
Click Next. On this screen we can enter information about the printer location.
Utilize Windows XP Optimization
261
Image 256.23 - Printer Information
Click Next. We can print a test page to see if everything is OK. Click Next and click Finish. Our printer is now
installed.
Image 256.24 - New Printer Added
Installing a Network Printer
Let's add a printer that is attached to a different computer on the network and that is shared. Let's click 'Add a
printer' to open Add Printer Wizard, and click Next. We have to select 'A network printer, or a printer attached to
another computer'.
Image 256.25 - Add Printer Wizard
Click Next. We can browse for a printer, but in this case we will enter a UNC path to the shared printer.
Utilize Windows XP Optimization
262
Image 256.26 - UNC Path to the Printer
Click Next. We will get a warning about a security threat.
Image 256.27 - Warning
Click Yes to continue. On the next screen we will select this to be our default printer.
Image 256.28 - Default Printer
Click Next, and click Finish. Notice that the icon for our new network printer is different from our local printers.
Image 256.29 - New Printer Added
Remember
Most printers we encounter today are plug-and-play. They will be detected and the drivers will be installed
automatically. Before we can install a network interface printer, we have to create a Standard TCP/IP port. If we
want to use the printer which is attached to another computer, we can use the UNC path to connect to that printer.
Utilize Windows XP Optimization
263
Print Management in XP Parent Category: XP
Category: Printers
In Windows XP we can manage printing from several locations. We will go to the
different location depending on what we want to do with our printers.
Before you start
Objectives: learn where can you configure different options when it comes to Printer
management in XP.
Prerequisites: no prerequisites.
Key terms: printer, document, server, driver, manage, properties, sharing, options, user, security, control
Printer Properties
The first thing that we will talk about is Printer Object Management. To manage Printer Object we will open printer
Properties.
Image 257.1 - Printer Object Properties
On the General tab we can go to the 'Printing Preferences' where we have different settings that we can control.
These settings include paper type options, color options, layout, duplexing, etc. Those are the basic settings for
the print device.
Utilize Windows XP Optimization
264
Image 257.2 - Paper and Color
On the Sharing tab we can control the sharing of our printer on the network.
Utilize Windows XP Optimization
265
Image 257.3 - Sharing Options
If our computer is in Active Directory environment, we will be able to choose to list our printer in the directory. We
can also prepare various drivers for different operating systems. On the Security tab we can control print
permissions.
Utilize Windows XP Optimization
266
Image 257.4 - Security Options
The Print permission gives the user or group of users the ability to print. Users with this permission can manage
only their own documents on the printer. Users who have the 'Manage Documents' permission can manage all
documents that are sent to the printer. The 'Manage Printer' permission enables users to control printer device
settings. On the Advanced tab we can control the availability of the printer, priority, spool options, etc.
Utilize Windows XP Optimization
267
Image 257.5 - Advanced Options
On the Ports tab we can control the ports that we are using for our printer.
Utilize Windows XP Optimization
268
Image 257.6 - Ports
We can also configure options for Print Server. To manage Print Server, go to the File > Server Properties.
Utilize Windows XP Optimization
269
Image 257.7 - Server Properties
On the Drivers tab we can see all the devices installed on our Print Server.
Utilize Windows XP Optimization
270
Image 257.8 - Drivers Tab
On the Advanced tab we can set the Spool folder and printer notification.
Utilize Windows XP Optimization
271
Image 257.9 - Advanced Tab
If our printer has bidirectional support our computer can can receive a messages from the printer - like a paper
jam, low on toner, out of paper messages, etc. Printer will send those messages to the Print Server. If we want
those messages go toward users we have to turn on print notification. To see the print queue we can simply
double click on the printer that we see in our Printers and Faxes folder.
Image 257.10 - Print Queue
Here we can see all documents that are printing. We can also pause printing, or delete a printing job. We can also
reorder the jobs (the job at the top of the list will print first).
Printer Sharing
By sharing our printer we are making it available for other users on the network. Let's go to the Control Panel and
open Printers and Faxes.
Utilize Windows XP Optimization
272
Image 257.11 - Printers and Faxes
In this example we will share Alps 'MD' 1000 printer. Let's right click it, and then select Sharing. This takes us
straight to the Sharing tab.
Image 257.12 - Sharing Tab
Let's select 'Share this printer' option. All we need to do now is to click the Apply button and our printer will be
available on the network. Of course, we can alter the share name of the printer if we want. If we are using old
clients that will have to connect to the printer, we should use short share name for our printer, because very old
clients are not able to use the longer share names supported by more recent operating systems. If our computer
was a member of a domain, here we would also have an option to list our printer in a directory. This allows users
to search Active Directory for a list of available network printers. Our workstation is not a member of a domain so
we don't have that option. If necessary, we can also install additional drivers. To do that we have to click on the
Additional Drivers button. This allows clients running different operating systems to automatically download the
appropriate driver when they first connect to the shared printer. Let's try to install driver for Windows 95. We have
to check the 'Intel - Windows 95, 98 and Me' option and click OK.
Utilize Windows XP Optimization
273
Image 257.13 - Additional Drivers
Image 257.14 - Driver Location
As we can see we need to locate the appropriate driver files. If we don't have a CD with drivers, we can always go
to the manufacturers website and try to find the drivers for our printer. We will not do that now so we will click
Cancel. Notice that the icon of our printer is changed.
Utilize Windows XP Optimization
274
Image 257.15 - Printer is Shared
Printer Permissions
Permissions identify the users and groups that can use a printer and the types of operations they can perform.
Let's see permissions on a printer that is already shared. Let's right click 'Alps MD-1000', select Properties, and
go to the Security tab.
Image 257.16 - Security Tab
If you don't see the Security tab, your computer has Simple Sharing enabled. To disable Simple Sharing, go to the
Tools menu, open Folder Options, View tab, scroll down and clear the 'Use simple file sharing' check box. Now
let's go back to the printers properties. As we can see, we now have a security tab for configuring printer
permissions. Printer permissions control both local and network access to the printer. Notice that by default
administrators can print, manage printers, and manage documents.
Utilize Windows XP Optimization
275
Image 257.17 - Everyone Group
Everyone group is only able to print to the printer. In other words, they can not manage all the documents on the
printer and they can not manage the printer itself.
Utilize Windows XP Optimization
276
Image 257.18 - Creator Owner Group
A Creator Owner is someone who has created a print job and sent it to the printer. Notice that the Creator Owner
has Manage Documents permission. That means that the person who created a document (who sent it to the
printer) is able to manage their own documents. That's why we are able to delete our own documents but not the
document someone else sent to the printer.
Printer and Document Management
Default printer is indicated by a check-mark. To change the default printer, right-click the printer you want to be
the default and select 'Set as Default Printer' option. We can pause printing for the entire printer. To pause a
printer, right-click the printer and select 'Pause Printing'. This pauses entire printer. That means no documents will
be printed until we resume the printer again. To resume, right-click and select Resume Printing. We can also
cancel all documents currently on a printer. To do that, right-click the printer and select Cancel All Documents.
This removes all documents from the current print queue. To view documents waiting to be printed, double click a
printer to open its print queue. From that list we can see details about the print jobs such as the number of pages
in the document and the document owner. Here we can manage individual documents. We can pause, resume,
restart or change the priority of individual documents. Higher priority makes that document print first. Although the
document order in the queue might not change, the documents will print in order according to document priority.
Print Server Management
The Print Server is the software process that manages the flow of print jobs from the print queues to the print
devices. Each Windows system with an attached print device is a Print Server. Editing server properties affects all
of the printers on the computer as opposed to editing the properties of a single printer, which only affects that
printer. Let's go to the File menu and select Server Properties.
Utilize Windows XP Optimization
277
Image 257.19 - Print Server Properties
We can use the Ports tab to add, delete or configure ports. For example, if we select the Standard TCP/IP Port
and click Configure Port, we will find port settings for this specific port.
Utilize Windows XP Optimization
278
Image 257.20 - Port Settings
Let's click Cancel and take a look at the Divers tab.
Utilize Windows XP Optimization
279
Image 257.21 - Drivers Tab
The Drivers tab lists all of the drivers installed on the system. Here we can remove existing drivers, replace
existing drivers, or take a look at the driver properties. We could also add additional drivers for the specific print
device. If we click Add, it opens the Add Printer Driver Wizard, which helps us install printer drivers for various
platforms on the print server. In other words, we could install a print driver for selected device that works on
Windows 98 platform or Windows NT platform. Let's take a look at the Advanced tab.
Utilize Windows XP Optimization
280
Image 257.22 - Advanced Tab
The Advanced tab allows us to configure the location of the Spool folder. Let's suppose that the C drive is running
out of space. We could move the print spool folder to the D drive and place it in a folder called Printers. We can
also enable printer notification. We could notify clients when documents are printed, or we could notify the
computer, not the user, when a remote document is printed.
Remember
Managing printers means taking care of printing preferences, printer sharing, printer security, and general
availability. Every Windows computer which has printer installed is also a Print Server. On Print Server properties
we can change advanced options like Spool settings, and we can also manage all printer drivers and ports.
Utilize Windows XP Optimization
281
Advanced Printer Configuration in XP Parent Category: XP
Category: Printers
In this article we will take a look at how to use multiple printers to control our Print
Device. We will also see how to use one printer to control multiple Print Devices.
Before you start
Objectives: learn how to use multiple printer objects which point to the same print
device in order to provide different level of access to the same physical printer.
Prerequisites: no prerequisites.
Key terms: printer, user, object, priority, advanced, device, different, physical, security,
Available Options
In the Advanced tab of our printer properties we have a lot of options that we can configure. We can control when
the printer is available, priorities and other settings. In priorities, 1 is the lowest and 99 is the highest setting. Each
printer that we create can have a different set of permissions established on. That means that different users or
group of users can use different printers. That way we can control how and when they are allowed to print. For
example, we can create one printer (printer object) which will have the priority of 1, another which will have the
priority of 50, and another which will have the priority of 99. All that printers will point to the same print device, but
we will give rights for our important users to print trough the printer which has the highest priority, and our less
important users to print trough a printer which has lower priority. That way our important users will always print
first. Another option we have is to create one printer object which is controlling multiple print devices. In this case,
as jobs come into that printer object it will check our print devices to see which one is available to do the actual
print job. If the first printer is busy, the print job will be redirected to the the second print device. There is no
notification of which print device is actually used, so it is a good idea to keep those print devices together so that
users can easily find their documents.
Multiple Printer Objects
We can use multiple logical printer objects to represent a single physical printer. We can use this approach to
provide different levels of access to the same physical printer. In our case we have several printers attached to
our computers.
Image 258.1 - Attached Printers
Let's say that we have to enable that managers can always print first on our shared printer in our company. Let's
take a look at the properties of our Alps MD-1000 (MS) printer object. We have already shared it along with
default security settings.
Utilize Windows XP Optimization
282
Image 258.2 - Alps Printer Shared
Utilize Windows XP Optimization
283
Image 258.3 - Alps Permissions
The first step in configuring the solution is to create a second printer object. Let's click on "Add a printer" option
from the menu on the left, in the Printers and Faxes windows. The Add Printer Wizard will appear. Let's click Next.
Utilize Windows XP Optimization
284
Image 258.4 - Add Printer Wizard
We will install local printer. Click Next.
Image 258.5 - Local Printer Option
We will use the parallel port. This is the port on which our physical printer is attached to. Click Next.
Image 258.6 - Parallel Port
We have to select the appropriate drivers. Click Next.
Utilize Windows XP Optimization
285
Image 258.7 - Drivers
We have already installed printer object with these drivers before. We will keep existing drivers. Click Next.
Image 258.8 - Existing Drivers
We will rename our printer to "Alps MD-1000 (MS) - Managers". Click Next.
Image 258.9 - Printer Name
We will rename our share name to "AlpsMD-Managers". This name is to long for MS-DOS workstations, so they
will not be able to access this printer over the network. This is OK since we don't have MS-DOS workstations on
our network. Click Next (then Yes in our case).
Utilize Windows XP Optimization
286
Image 258.10 - Share Name
Image 258.11 - Warning
Here we can enter location information and comments. Click Next.
Image 258.12 - Location and Comments
We will not print a test page in our case. Click Next and then Finish.
Image 258.13 - Test Page
As we can see, our new printer object is now installed.
Utilize Windows XP Optimization
287
Image 258.14 - Printer Added
At this point printer interface is pointing to the same physical print device. Now we need to edit the permissions for
the managers printer. Let's right-click "Alps MD-1000 (MS) - Managers", go to Properties, and select the Security
tab.
Image 258.15 - Default Security
Let's remove the Power Users and Everyone group and add the Managers group. Click Apply.
Utilize Windows XP Optimization
288
Image 258.16 - Managers Group
Managers are now able to print to this printer, and general users are not. Now, let's go to the Advanced tab. By
default, this printer will be configured with the priority of 1. Let's increase the priority of this printer object to 99 so
that our managers can print before other users. Click OK.
Utilize Windows XP Optimization
289
Image 258.17 - Priority Changed
Now we have two printers with different priorities. As you probably noticed, only administrators and managers can
connect to the "Alps MD-1000 (MS) - Managers", because we have set strict security settings. All other users can
connect to other printer object named "Alps MD-1000 (MS)".
Remember
We can use multiple logical printer objects to represent a single physical printer. We can use this approach to
provide different levels of access to the same physical printer. Both printer objects mentioned in this article point
to the same physical device but the managers print jobs will print first because of higher priority.
Utilize Windows XP Optimization
290
Replace Print Device in XP Parent Category: XP
Category: Printers
If we have problems with printing, the first thing we should do is pause that particular
printer so that it does not accept any new print jobs. This will also disable any
communication to the actual print device.
Before you start
Objectives: learn how to replace printing device without removing the printer object from your system, and in that
way preserving all the configured printer settings.
Prerequisites: no prerequisites.
Key terms: printer, device, object, replace, driver, model, port, settings, configure, redirect, malfunctioned
Print Device Model
If our printer has malfunctioned, the easiest way to fix our problem is to replace the print device with the new
printer device which is the same model as our old one. Of course, we are not always able to buy the same make
and model, but it is good to know that we can just plug the same printer to our computer and it will work with the
drivers which are already installed. This is good because we preserve any configured settings on our printer
object. If we have to replace our old print device with the new model, but we want to keep the same settings for
our printer objects, we need to change the drivers that our printer object will use to communicate with the print
device. Of course, first we have to install the drivers for our new printer. When we have done that, we can go to
the properties of the printer object, and in the Advanced tab select the new driver from the drop-down list.
Utilize Windows XP Optimization
291
Image 259.1 - Advanced Tab
After that, printing should work with our new print device, but with the same security and other settings that were
configured on our printer object.
Redirect Printing
We can also redirect printing to, let's say, another shared printer on the network. We can easily do that by
creating a new virtual port that will point to other printer. To create a new port, go to the properties of the printer,
open the Ports tab and click on the Add Port button.
Image 259.2 - Port Tab
Image 259.3 - Port Type
Utilize Windows XP Optimization
292
From the list we will select Standard TCP/IP Port, and click the New Port button. In the wizard we will have to
enter an IP address of the shared printer.
Image 259.4 - IP Address
Of course, if our print server does not have the appropriate drivers for new print device, we have to install
them. Keeping the used printer object will eliminate the need of checking or changing settings on every particular
computer that is accessing our shared printer object. Our users will simply continue to print trough the same
printer object after we have selected to resume printing (or restart printing if required).
Remember
If our printer device has malfunctioned, we can simply replace it with the same model and it will work immediately.
If we have to replace our printer device with different model, we can install new drivers and set our printer object
to use that new drivers. We can also redirect printing to another print device on the network by creating a port
which will point to that other printer.
Utilize Windows XP Optimization
293
Enable Fax Services in XP Parent Category: XP
Category: Printers
Windows XP has built-in capability to handle faxes. Faxing works similar to printing. As
we will see, when we will want to fax some document, we will click on the print button
and select a fax device from the menu.
Before you start
Objectives: learn how to install fax services in XP.
Prerequisites: no prerequisites.
Key terms: faxing, enable, install, service, configuration, hardware, add
Preparation
There are several things that we have to have and do before we can use faxing in XP. The first thing is to install
the fax hardware. When we have successfully installed our fax modem, we can install fax services. Fax services
are not installed by default, so we have to manually install them. After faxing services have been installed we can
open fax console where we will be able to set initial settings. In fax console we will be setting up a Transmitting
Subscriber ID which is our phone number and name. This is used to present ourselves when we call to send a
fax. We can also set a Called Subscriber Identification. This is how we identify ourselves to other fax machines
when they call us. If we want to receive faxes we have to make sure that we have enabled both sending and
receiving faxes. By default only sending is enabled. We can also set permissions for faxing. As in printing
permissions, in faxing we have permission to fax, to manage fax documents and to manage fax configuration.
Example Configuration
By default, faxing support is not added during initial setup of Windows XP. First, we need to install our faxing
hardware and then add the fax service. To add fax service go to the Control Panel > Add or Remove Programs
> Add/Remove Windows Components. Windows Components Wizard will appear. Here we will select Fax
Services from the list and click Next to continue.
Utilize Windows XP Optimization
294
Image 260.1 - Fax Services
At this point Windows can ask you for the Windows XP installation CD, so be prepared for that. When the
installation is done we can click on the Finish button and close the Add or Remove Programs window. After the
service is installed we can open the fax manager to configure initial parameters for the computer. Let's go to the
Printers and Faxes section in the Control Panel, and open our Fax object.
Because we have just installed the fax service, the Fax Configuration Wizard runs automatically. Click Next to
continue.
Utilize Windows XP Optimization
295
Image 260.2 - Fax Configuration Wizard
We will use the Sender Information page to enter information about ourselves and our company. This information
is used to automatically build parts of the fax cover sheet. We have entered our full name, fax number, e-mail
address and a company name. Click Next to continue.
Image 260.3 - Sender Information
Next we have to select the fax device from the list. In our case it is the Standard 56000 bps Modem. We will
also check the Enable Receive option with the automatic answer after 2 rings. Click Next to continue.
Utilize Windows XP Optimization
296
Image 260.4 - Fax Device
The TSID is an identification code that is sent when the computer sends a fax to another system. We will enter
the same info for CSID which is located on the next screen. The CSID is an information code that is sent from the
computer when it receives a fax. Click Next to Continue.
Image 260.5 - TSID
Image 260.6 - CSID
Now we need to decide what to do when a fax is received. We can send it to the printer or we can store it locally
on our computer as a document. In our case we will automatically print our fax on our Alps printer. Click Next and
click the Finish button to finish.
Image 260.7 - Automatic Printing
Fax console will automatically open. This console is used for fax management.
Utilize Windows XP Optimization
297
Image 260.8 - Fax Console
We have a separate article which describes how to send a fax in XP.
Remember
We need to install our faxing hardware and then add the fax service. Receiving is not enabled by default, so we
have to enable it during set up. The TSID is an identification code that is sent when the computer sends a fax to
another system. The CSID is an information code that is sent from the computer when it receives a fax. When we
receive a fax, we can print it on a printer or we can store it locally on our computer as a document.
Utilize Windows XP Optimization
298
Send a Fax in XP Parent Category: XP
Category: Printers
Sending a fax is similar to printing. Because fax support is integrated with Windows, we
can send a fax from almost any application which supports printing.
Before you start
Objectives: learn how to send a fax in XP.
Prerequisites: you have to have a fax device installed on your computer. Also, you have to have fax services
enabled.
Key terms: send, print, console, cover, create, page, device, document, wizard, file, manage
Example
In our example we will fax a simple text document.
Image 261.1 - Sample Text
To send a fax simply click on the the print button or go to the File menu and select Print. The print menu will
appear. Instead of printing to the ordinary printer, we will send our text to the Fax.
Utilize Windows XP Optimization
299
Image 261.2 - Fax Selected
When we click the Print button a Send Fax Wizard will open. Click Next to continue.
Image 261.3 - Fax Wizard
Utilize Windows XP Optimization
300
We need to enter recipient info. In our case, we will send fax to Kim Verson. We will also check the "Use dialing
rules" option because Kim lives in a different area code. Click Next to continue.
Image 261.4 - Recipient Info
Now we can create a cover page. We will check the "Select a cover page template..." option. From the drop-down
list we will select Generic template. We can also create our own templates. We will also add a subject line.
Image 261.5 - Cover Page
We can choose when to send our fax. It can be right away, or when discount rates apply or at specific time in the
next 24 hours. We will send our fax now. Click Next to continue.
Utilize Windows XP Optimization
301
Image 261.6 - Choose When to Send
We can preview our fax before we send it. Click Finish to send fax.
Image 261.7 - Completing the Wizard
To check the status of our sent fax, go to the Start > All Programs > Accessories > Communications > Fax >
Fax Console. As we can see in our example, we have a pending fax in our Outbox.
Image 261.8 - Outbox
Remember
Utilize Windows XP Optimization
302
To send a fax we have to select to print our document, but then instead of choosing printer, we have to choose a
fax device. We can manage fax documents using the Fax Console.
Paths that are mentioned in this article
Start > All Programs > Accessories > Communications > Fax > Fax Console - path to the Fax Console which
is used to manage faxing in XP
Utilize Windows XP Optimization
303
Optimization
Task Manager in XP Parent Category: XP
Category: Optimization
We can use Task Manager to manage running processes and view current system
statistics about CPU, memory and network usage.
Before you start
Objectives: learn how to open and how to use Task Manager in XP.
Prerequisites: you should know what Task Manager is.
Key terms: process, priority, usage, application, cpu, running, real time, view
Open Task Manager
To open Task Manager we can right-click Taskbar and select Task Manager from the menu. Another way is to
press CTRL+ALT+ DEL, and then select Task Manager from the menu.
Image 263.1 - Application Tab
Usage
Utilize Windows XP Optimization
304
The Applications tab gives us the list of running applications. As we can see we have Calculator opened and its
status is 'Running'. If the status of an application is 'Not Responding', we can end it by right-clicking on it and then
selecting 'End Task' option.
Image 263.2 - Right-click on Application
If the program is not responding it will ask us for confirmation to end it. It will also ask us to send a bug report to
Microsoft. The Processes tab lets us view processes. We can also view CPU and memory usage for particular
process.
Utilize Windows XP Optimization
305
Image 263.3 - Processes Tab
To change the priority for process, right-click the process and go to 'Set Priority' option. Real-time is the highest
priority. Priority is determined in relationship to the other tasks running on the machine. In our case we will set the
priority to the Real-time. Click Yes on the warning.
Utilize Windows XP Optimization
306
Image 263.4 - Priority Options
Image 263.5 - Priority Warning
We can also end a process. To do that, simply select the process and click the 'End Process' button. Notice the
warning message. Terminating a process can cause undesired results including loss of data and system
instability.
Image 263.6 - End Process Warning
Utilize Windows XP Optimization
307
This is because when we end a process, it stopped immediately. The process is not given a chance to save any
data. Let's look at the Performance tab. Here we can see computer statistics such as CPU and Page File usage.
Image 263.7 - End Process Tab
The Networking tab displays networking statistics.
Utilize Windows XP Optimization
308
Image 263.8 - Networking Tab
Remember
Using Task Manager we can end applications that are not responding. We can also see running processes and
their memory and CPU usage. We can adjust priority for particular process. Real-time is the highest priority. We
can also end a process. Terminating a process can cause undesired results including loss of data and system
instability.
Utilize Windows XP Optimization
309
Optimize Disks in XP Parent Category: XP
Category: Optimization
There are several common issues that cause our system to stop operating as well as it
could. The first issue is disk fragmentation and others include disk errors and lack of free
space.
Before you start
Objectives: learn how to optimize disks in XP by using Disk Cleanup, Check Disk and Disk Defragmenter.
Prerequisites: you should know how to optimize hard disks in general
Key terms: drive, files, hard, defragmenter, cleanup, errors, fragmentation, temporary, case, report, space
Disk Cleanup
The main drive that we're going to want to clean up is usually the C Drive. This is where web pages are cached,
where downloaded files are saved, where temporary files are created, etc. We can run a disk cleanup on other
hard drives in our system, but the effect won't be so big. We will go to My Computer, select the C Drive, right-click
it and then select Properties. Notice that in this tab we can click on Disk Cleanup button.
265.1 - General Tab
When we click it first it will calculate how much disk space can be saved.
Utilize Windows XP Optimization
310
265.2 - Disk Cleanup Calculation
Then it gives us several different options for cleaning up the disk. We can delete the downloaded program files
from the Internet, temporary Internet files which are the web pages and graphics that are cached on our hard
drive, delete files in recycle bin, clean out our temporary files, compress old files, etc. Notice that it tells us how
much disk space is currently being consumed by each one of those items.
265.3 - Files to Delete
We select the options we want and click OK. As we said earlier, we can do this on other drives besides our main
system hard disk drive, but because it's not a system drive we won't have any temporary files, we won't have a
web cache for our web browser, etc.
Disk Errors
In Windows we have a utility that will check our hard disk drive for errors. To use this utility, we need to go to My
Computer, right-click on the drive that you want to clean up, select Properties, and then go to the Tools tab. In the
Error-checking section we will click on the Check Now button. We will see several different options.
265.4 - Check Disk
If we want the error checking utility to automatically fix any file systems errors it finds, we have to mark the first
option. Well, actually we should always select this option. If we want to check the surface of the hard disk drive for
problems we can also mark 'Scan for and attempt recovery of bad sectors'. If we try to use the Error Checking
Utility on a hard disk drive that has Windows system files on it, we will get a warning. We can't check for errors
because some system files are in use. In that case we need to run a disk check when the computer restarts.
Utilize Windows XP Optimization
311
265.5 - Check Disk Warning
The system will reboot and the error checking routine will run before the whole system is loaded. Disk checking
will be fast if we don't have many files on it. If we have a lot of files on the drive, error checking will take quite
some time.
Disk Defragmenter
Since fragmentation can become a big issue, Windows XP comes with a defragmentation tool called Disk
Defragmenter. Defragmentation will reorganize all our files. The system will temporary copy our files on free
space on our partition and then rewrite those files so that the clusters are contiguous. When this is the case,
reading data on our system becomes optimized. To determine the amount of fragmentation our hard drive
click Start > All Programs > Accessories > System Tools > Disk Defragmenter.
265.6 - Disk Defragmenter
Now we need to select the drive we want to analyse. In our case we only have the C drive, so we will select it and
click Analyze.
Utilize Windows XP Optimization
312
265.7 - Analysis Complete
After a few moments a dialog box appears that tells us whether Windows recommends that we defragment our
hard drive. In our case we should defragment our drive. Let's click View Report.
265.8 - Analysis Report
Here we can see various information considering fragmentation. To defragment our drive we can click on the
Defragment button.
265.9 - View Report or Close
When the defragmentation is done we can click on Close to finish.
Remember
We should often clean our drive where the system is installed. To check disks for errors we can use Check Disk
utility. We should check disk fragmentation on regular intervals. We use Disk Defragmenter to check if we need to
defragment our disks.
Utilize Windows XP Optimization
313
Paths that are mentioned in this article
Start > All Programs > Accessories > System Tools > Disk Defragmenter - location of Disk Defragmenter
Utilize Windows XP Optimization
314
Paging File in XP Parent Category: XP
Category: Optimization
If we are low on memory, our system can use our Hard Disks to store temporary files.
This is known as virtual memory management.
Before you start
Objectives: learn where to manage virtual memory in XP
Prerequisites: no prerequisites.
Key terms: page, system, memory, partition, size, virtual, change, manage, optimization, advanced, dump, drive
Overview
The Paging File is used by Windows for virtual memory management. When the system is low on physical
memory it uses the Page File to swap data from memory to disk and back. We can improve system performance
by creating additional page files. To optimize a Page File we have to know a little about the volumes and
partitions that we use. The original partition that we create is called the boot and system partition. It is where all
our system files reside. If we put the Page File on our system partition it will compete with the read and writes that
are necessary for the system files. To optimize that we should move the Page File to another volume or
partition. Another thing that we can do is change the size of the page file. By default page file will be created at
one and a half times the size of our main memory. Maximum size of the page file is three times our installed
memory.
Page File Management
To manage the Page File, go to Start, right-click My Computer, select Properties, go to Advanced tab, under
Performance click Settings, go to Advanced tab and under 'Virtual memory' click the Change button.
Utilize Windows XP Optimization
315
Image 266.1 - Virtual Memory Management
Here we can set the space that will be available for page file. We can also let our system to manage the size
automatically. In our case we only have one partition so we can only create Page File on our system partition,
which is not very optimized. If we had another drive we could create another Page File on that drive. We need to
be careful if we plan to delete the Page File from the system partition. Windows uses this page file to create the
memory dump file if there's a stop error. If we delete the page file on our system partition, Windows will not be
able to create the memory dump file.
Remember
Page File is virtual memory on our Hard Disks. We can change the available space for Page File.
Utilize Windows XP Optimization
316
Backup Tool in XP Parent Category: XP
Category: Optimization
Windows XP includes simple utility that we can use to backup our data and system files.
Backing up user data is really important because trying to recreate those can be virtually
impossible. In ideal situation we should always have a copy of user data on another
media.
Before you start
Objectives: learn where to find and how to use Backup tool to back up and restore files in XP.
Prerequisites: no prerequisites.
Key terms: file, restore, incremental, differential, archive, system, bit, mode, reset
Backup Overview
System State
The system state data includes the operating system configuration information for the system. It includes the
Registry, COM+ Class Registration database, system files, boot files, files under Windows File Protection, and the
Certificate Services database. System state should be backed up in regular intervals and also anytime we make a
configuration change. During a system data backup, all system data is backed up (system data cannot be backed
up selectively in portions). System state data can only be restored locally. It cannot be restored to a remote
system.
Archive Bit
All files on our system have an attribute called the Archive attribute that plays the key role when doing backup.
Archive attribute or bit is set every time a file gets changed or modified. That means that the system automatically
flags the file as needing to be archived. When the file is backed up, the backup method may reset (clear) the
archive bit to indicate it has been backed up.
Full Backup
When we do a normal or full backup, we actually back up every file regardless of the archive bit. In full backup
archive bit is reset so the next time the file is changed, it will be marked as needing to be backed up. To restore,
we only restore the last backup.
Incremental Backup
When doing incremental backup we only backup files that have the archive bit set. When those files are backed
up, the archive bit is reset.
Differential Backup
When doing differential backup we backup files which have the archive bit set, but after the backup the archive bit
is not reset.
Copy Backup
When doing 'copy' backup, we backup all file regardless of the archive bit, but the archive bit is not reset after the
backup is finished.
Choose the Right Backup Strategy
Knowing when the archive bit gets set and when it gets reset is important if we are planing some kind of backup
strategy. For example, doing incremental backup takes less time because every time the archive bit gets reset so
Utilize Windows XP Optimization
317
we know that the files have been backed up. But doing a restore from an incremental back up takes more time,
because we have to restore every single instance of incremental backup that occurred after the full backup.
For example, let's imagine that we take the full backup on Sunday, then incremental backup on Monday (files
that have been modified since the last full backup), incremental backup on Tuesday (files that have been modified
since the last incremental backup), incremental backup on Wednesday (files that have been modified since the
last incremental backup), incremental backup on Thursday (files that have been modified since the last
incremental backup), incremental backup on Friday (files that have been modified since the last incremental
backup) and incremental backup on Saturday (files that have been modified since the last incremental
backup). Remember, when doing incremental backup we only backup files that have been modified. Because of
that, backup is fast. Let's say that we want to restore lost data from this kind of backup. First we have to restore
the full backup, then the one made on Monday, then on Tuesday, then on Wednesday, then Thursday and so on.
As we see, doing restore from incremental backup is slow and complex.
Remember, when doing differential backup we only backup files that have the archive bit set (files that have
been modified). In contrast to incremental backup, differential backup does not reset the archive bit. Let's say that
we take a full backup on Sunday, then differential backup on Monday (files that have been modified since the last
full backup), differential backup on Tuesday (all files that have been modified since the last full backup),
differential backup on Wednesday (all files that have been modified since the last full backup), differential backup
on Thursday (all files that have been modified since the last full backup), differential backup on Friday (all files
that have been modified since the last full backup) and differential backup on Saturday (all files that have been
modified since the last full backup). Remember, differential backup does not reset the archive bit. That means that
all differential backups will contain all data that was modified since the last full backup. For example, differential
backup done on Wednesday will also contain files modified on Monday and Tuesday. Differential backup done on
Saturday will also contain files modified on Monday, Tuesday, Wednesday, Thursday and Friday. Because of that
doing a differential backup takes more time and space as wee move trough the week. Doing a restore from a
differential backup is easier then doing a restore from an incremental backup. To restore data from differential
backup we have to restore data from the last full backup and then restore data from the last differential backup
that we took.
Considerations
Remember that we should not combine incremental and differential backups. Also, if we need to restore data on a
system which can not support data compression, we should turn of compression before we do our backup. Also,
we could run into problems if we plan to restore our data to a different operating system. To get around that
problem we should first restore our data on the same Windows and then copy or migrate our data to the different
system. We must be a member of the Administrators or Backup Operators group to perform backups and
restores. Backup Operators cannot view, edit, or delete files. Users with the appropriate backup permissions can
back up and restore encrypted files. However, they will not be able to open and read those files.
Backup Example
Windows XP includes simple utility that we can use to backup our data and system files. To open Backup tool, go
to Start > All Programs > Accessories > System Tools > Backup. The tool will open in wizard mode, but we
can choose not to always start in wizard mode.
Utilize Windows XP Optimization
318
Image 268.1 - Backup or Restore Wizard
On the next screen we can choose to backup data or to restore data. In our case we will choose to backup data.
Image 268.2 - Back up or Restore
On the next screen we can choose what to backup. We can backup our documents and settings, everyone's
documents and settings, and all information on our computer. Also we can choose particular files and folders.
Image 268.3 - What to Back Up
Utilize Windows XP Optimization
319
In our case we will select the last option which will let us choose exactly which files to backup.
Image 268.4 - Selection
Notice that we can select particular files, folders or even the whole drives. Also notice that under My Computer,
we can choose to backup System State. In our case we will only back up system state. On the next screen we
can choose where to save our data.
Image 268.5 - Destination
In our case we will save our data to the C:\Backups folder and change the name of the file toSystemState.bkf.
On the next screen we can choose to finish or take a look at some advanced options. Let's click the Advanced
button.
Image 268.6 - Advanced Options
On the first screen we can specify the type of backup that we want to perform, like Normal, Copy, Incremental,
Differential or Daily backup. In our case we will select Normal backup and click Next. On the next screen we can
select options like data verification, hardware compression or using volume shadow copy, if they are available.
Utilize Windows XP Optimization
320
Image 268.7 - Backup Options
On the next screen we can choose to append our backup to the existing backups or to replace them.
Image 268.8 - Append or Replace
On the next screen we can choose when to run our backup. Here we can create a schedule entry. In our case we
will do our backup now. And that's it, all options are set and our backup is ready to be performed.
Advanced Mode
To start Backup tool in advanced mode click on the Advanced Mode link on the first screen of the Backup Wizard.
Utilize Windows XP Optimization
321
Image 268.9 - Advanced Mode
To start a new backup we can go to the Backup tab, select what to back up, select our destination and then we
can click on the Start backup button.
Image 268.10 - Backup Tab
Utilize Windows XP Optimization
322
Image 268.11 - Job Information
On the Job Information screen we can click on the Advanced button to set additional options.
Image 268.12 - Advanced Backup Options
These are the same options that we saw when we were in wizard mode. We can also schedule our backup to
occur later or on regular intervals. Before we can do that we have to save our backup task. After that we have to
provide credentials under which this task is going to run. We need to do this because backup might run when we
are not logged on the computer. We also have to provide the Job name and set the dates on which we want our
backup to occur. Setting this up is pretty straight forward process. This backup is going to be saved as a task
which we can see in Control Panel under Scheduled Tasks.
Restore Data
To restore data, open the Backup tool and go to the Restore tab in advanced mode. Here we will see all backups
that we performed before.
Utilize Windows XP Optimization
323
Image 268.13 - Restore Tab
Notice that we can choose specific data that we want to restore. We can choose to restore files to original location
or we can choose some other location. When we click the Start Restore button, another window will appear on
which we can go to advanced settings.
Image 268.14 - Advanced Restore Options
Remember
We can use the Backup tool to back up and to restore our data. We can start it in Wizard mode and in Advanced
mode.
Paths that are mentioned in this article
Start > All Programs > Accessories > System Tools > Backup - location of Backup tool
Utilize Windows XP Optimization
324
Recover Windows XP Parent Category: XP
Category: Optimization
What can we do if our system crashes and we can't log on to Windows anymore. We
have several ways to recover our system.
Before you start
Objectives: learn which options are available to recover our installation when our
Windows system has crashed.
Prerequisites: no prerequisites.
Key terms: restore, asr, configuration, console, driver, installation, diskette, mode, try, boot, good, rollback, state,
automated
Automated System Recovery
The first one we will talk about is Automated System Recovery or ASR. ASR allows us recover our system using
the ASR diskette and a copy of our backup media. These two combined will allow us to restore our entire
system. ASR floppy contains only the necessary files in order to start our machine and contains key configuration
information about our system. The rest of the information needed to restore our system will be contained on the
backup media. We use Windows Backup utility to create ASR backup (including ASR diskette). We can do that by
clicking the Automated System Recovery Wizard button on the Welcome tab (start the utility in advanced mode).
Image 269.1 - Welcome Tab
Utilize Windows XP Optimization
325
Image 269.2 - ASR Wizard
ASR backup only backs up the system state data and does not back up user data. During the backup, we actually
create a floppy disk that is used along with the backup files during the restore procedure.
ASR Diskette
The ASR diskette contains the Asr.sif and Asrpnp.sif files. Copies of these files are placed on the backup media
so we can copy them manually to the diskette if necessary. The files must exist on the root of the floppy diskette.
The system must have a floppy drive in order to perform the ASR recovery. To restore a system, press the F2
key when prompted and insert the ASR floppy disk. ASR will restore disk configuration (including disk signatures
of basic and dynamic volumes), install the operating system, and restore the backed up system settings.
Remember, ASR does not restore user data. Also, the ASR diskette must match the backup set created by the
ASR feature. We cannot use an ASR diskette that was created at a different time than the backup set.
Other System Recovery Options
What can we do if our system crashes and we can't log on to Windows anymore. This can happen, for example,
when we install some drivers and after that our system crashes. In this case the first thing that we should try and
do is Driver Rollback feature in Windows XP.
Driver Rollback
When we install some driver the rollback point is automatically created. If the driver corrupts the system we can
remove that driver and restore it back to the previous configuration. This is done in Device Manager by going to
the particular device properties, and then Driver tab.
Utilize Windows XP Optimization
326
Image 269.3 - Driver Properties
If this doesn't work or we can't get to Device Manager, another option is to use Last Known Good Configuration
feature.
Last Known Good Configuration
During every boot process a clone of the system is created. Once the system is logged on, the last known good
configuration gets re-created. If we make a configuration change, such as install a driver that now corrupts the
entire system, and we haven't logged in again, we may try to reverse bad driver installation effects by using last
known good configuration. Sometimes this will not work because we just can't get that far in to the system. So,
another option to do a system restore is by going into Safe Mode.
Safe Mode
We can get into Safe Mode by pressing the F8 button during the boot process. Sometimes the system will give us
the Safe Mode option automatically if we failed to log in or if the system has crashed. In Safe Mode we can get
into a basic configuration of the system. Once we are there we can go to Device Manager and try to rollback the
device driver that is causing problems. We can also disable particular device so that it doesn't come up, or
uninstall a device so that we remove corrupted device drivers. Also, if we have newer drivers we can try and
reinstall particular device. If Safe Mode doesn't work for us we can go to the Recovery Console.
Recovery Console
In order to use Recovery Console we first have to install it or run it from the Windows installation CD. We can run
Recovery Console by booting from the installation CD-ROM and choosing theRepair option. To install the
Recovery Console we can use the 'win32.exe /cmdcons' command from the installation CD-ROM. The Recovery
Console is then available during boot, without the CD. It will be available as an option when we press F8 during
boot. Recovery Console is a command line interface. Many key tasks can be accomplished using various
Utilize Windows XP Optimization
327
commands available. We can fix boot sector (fixboot) or fix master boot record errors (fixmbr). We can also
remove or update key system files. We also have disk partitioning utility so we can work with our hard drives as
well. We have limited access to user files, but we can work with system files. From the Recovery Console we can
also do a System Restore.
System Restore
Using a System Restore is similar to using the Undo feature in a word processing program. With system restore,
the system takes periodic snapshots, called restore points, of the system configuration. We can also manually
make restore points prior to modifying the system configuration. We can do a System Restore form Recovery
Console, or from Windows if we are able to log on to the system. When we want to restore our system to a
previous state from Windows, we can run the System Restore program and select the desired restore point.
Windows Backup
We can use the Windows Backup utility to restore the system state data manually, or to restore user data from a
backup. Ntbackup does not create partitions. We must manually create partitions and format them before
restoring data.
Parallel Installation
If none of these options work we can try parallel installation. What that means is that we can reinstall Windows
operating system without reformatting our partition. If we format our partition we lose all our data. The idea of
parallel installation is to keep all our data intact.
Remember
Automated System Recovery allows us recover our system using the ASR diskette and a copy of our backup
media. ASR backup only backs up the system state, not user data. If some driver is causing problems we should
try Driver Rollback feature. We may also try to reverse bad driver installation effects by using Last Known Good
Configuration, if we haven't logged in again. We can get into Safe Mode by pressing the F8 button during the boot
process. In order to use Recovery Console we first have to install it or run it from the Windows installation CD.
Recovery Console is a command line interface. System Restore takes periodic snapshots, called restore points,
of the system configuration. We can use the Windows Backup utility to restore the system state data manually, or
to restore user data. If none of these options work we can try parallel installation, which means that we reinstall
Windows operating system without reformatting our partition.
Commands that are mentioned in this article
win32.exe /cmdcons - install Recovery Console from the installation CR-ROM.
Utilize Windows XP Security
328
Security
Configure Auditing in XP Parent Category: XP
Category: Security
We can use Auditing feature in XP to see exactly what is going on inside of our computer
system.
Before you start
Objectives: learn how to configure local auditing on XP machine.
Prerequisites: no prerequisites.
Key terms: account, event, logon, local, configure, access, user, file, policy, enable, server, monitor, record,
object, fail
Considerations
When we use Audit feature we can configure both successful events as well as failed events. When we do
auditing, log files for auditing tend to fill up fairly quickly so we should be careful what we select for auditing. We
shouldn't audit everything because the log file will fill up to quickly. Auditing can generate a large amount of data.
We have to be sure that we configure the Security log with sufficient size to record all events.
Different Scenarios
Account Logon
Let's say that we share some files on our server and we want to see who is accessing our files. In this case we
would turn on successes for Account Logon events. Using those events we can see who is accessing or
remotely using our files. Also, maybe someone will try to hack our server. In that case we would look at
the failed Account Logon events and see who doesn't have the right privileges to access our server. Account
Logon audits logon through a user account. It is recorded by the local computer for the local account, and
recorded by domain controller for the AD account. Account logon events are recorded when user account
credentials are validated and on the computer where the user account lives. For example, when a user
authenticates to a domain, an account logon event is recorded on the domain controller but not on the local
computer. If a user logs on using a local computer account, an account logon event is recorded on the local
computer.
Logon Events
Logon events pertain to the local computer. Let's say that we have a Remote Access Server and we want to see
who is trying to access the server. We are really interested in who's trying to hack the Remote Access Server so
we will audit failed logon events. So, network connections to the local computer are monitored. Logon events are
generated on the computer where logon occurs, regardless of whether the account used was a domain account
or a local account. For example, when a user logs on to a computer using a domain account, a logon event is
recorded on the local workstation, while an account logon event is recorded on the domain controller.
Object Access
Another common area for auditing is Object Access. This way we can see who is accessing certain files, folders
or printers. Thing to remember here is when we enable Object Access Auditing, files and folders are not
monitored automatically. We have to go to the actual file or folder, go to the Security tab, go to the Auditing
section and configure auditing. That way we are not auditing everything that happens on our computer. For file
auditing to occur, the files must be on NTFS partition.
Utilize Windows XP Security
329
Policy Change
As administrators we want to know who is changing policies and when. Also, we want to know about attempts to
change policies that failed.
Privileged Use
We may want to see when users are utilizing their user rights. Failures could be interesting here. We can also
audit when an administrator takes ownership of an object.
Account Management
We want to know who is adding or modifying user accounts. This is interesting because we can delegate the
control of the creation of user accounts to others. In that case we want to make sure that they are following our
policies. We can monitor things like adding, renaming, disabling/enabling, deleting, or changing the password for
a user account.
System Events
System Events can include events such as shut down, boot, etc. This way we can record when the system or
services got started, etc.
Process Tracking
We can audit when an application performs an action. This is used mainly for program debugging and tracking.
Results
Al auditing events can be viewed in the Event Viewer in the Security log. We should check that log frequently
because events can add up quickly. Because auditing consumes system resources and might result in a lot of
generated data, we should enable auditing only on the events we are interested in.
Default Settings
By default, event logs are configured to overwrite existing entries when the log is full. To preserve all auditing
entries, we can configure the 'Do not overwrite events' setting. With auditing configured, clearing the log
generates an event identifying when the log was cleared and by whose authority. Another thing to consider is that
in the registry we have a setting called 'CrashOnAuditFail'. If our audit log gets full, this setting will not allow
anyone to logon to the computer. By enabling this particular setting, we have the ability of effectively shutting
down the system if we can't do any more auditing. If this setting is not enabled, users will be able to logon even if
we can not audit events. This prevents hackers from filling the audit log in order to gain access to the system
once the log is full. We should save audit logs to keep them for future reference or analysis.
Example Configuration
We will use Local Group Policy to configure auditing. Let's go to Administrative Tools and open Local Security
Policy. Under Security Settings we will browse to the Local Policies and then Audit Policy.
Utilize Windows XP Security
330
Image 270.1 - Local Security Policy
The first step in configuring auditing is to select the event category that we want to track. In our example we will
configure Audit account logon events policy. This security setting determines whether to audit each instance of
a user logging on to or logging off from another computer in which this computer is used to validate the account.
Because it is important to enable minimum auditing, we will only audit logon failures.
Image 270.2 - Account Logon Events
Utilize Windows XP Security
331
To see generated events we will go to the Event Viewer, Security log. In our case, notice that we have a Failure
Audit event in the list. Category of this event is Account Logon (as we set in Policy Editor). Type can be Failure or
Success. If we double-click on that event we can see the details.
Image 270.3 - Event Details
Someone with the logon account named 'Monika' tried to log on to our computer.
File and Printer Auditing Configuration
To configure auditing for resource access we first must enable auditing in Group Policy, then define the resource,
users and actions that we want to audit. Let's enable Object Access auditing. We will enable both Success and
Failure attempts.
Utilize Windows XP Security
332
Image 270.4 - Object Access Policy
At this point no audit events will be created until we define specific objects we want to keep track of, and identify
the users we want to monitor. In our case we want to monitor when the user 'Kim Verson' prints on our printer. We
right-click our printer, select Properties, go to the Security tab, click the Advanced button and then select the
Auditing tab.
Utilize Windows XP Security
333
Image 270.5 - Auditing Tab
Here we need to add our user, Kim Verson. We want to monitor successful prints.
Utilize Windows XP Security
334
Image 270.6 - Print Auditing Entry
Next, we have a folder that contains sensitive files. We already control access to that folder with NTFS
permissions, and we want to know when someone tries to modify permissions for the folder or its files. In our case
we will configure the Great Citations folder. We will right-click it, select Properties, select Security tab, click
Advanced button, select Auditing tab, and click on the Add button.
Utilize Windows XP Security
335
Image 270.7 - File Auditing Entry
This time we will add the Everyone group, because we want to monitor when someone tries to modify
permissions. Notice that we can audit many different actions. Here we could also select to monitor the Take
Ownership event. When we are finished, system will monitor only those events. Events with other users and files
will be ignored.
Remember
We can use Local Group Policy editor to configure auditing on local machine. The first step in configuring auditing
is to select the event category that we want to track. To see generated events we use Event Viewer, Security log
section. To configure auditing for resource access we first must enable auditing in Group Policy, then define the
resource, users and actions that we want to audit.
Utilize Windows XP Security
336
Security Templates in XP Parent Category: XP
Category: Security
Security template is a way of preserving our settings. We can apply the same template to
all our computers so that they all match the same level of security. Microsoft has already
published a lot of templates that we can use.
Before you start
Objectives: learn how to use security templates to apply security settings in XP.
Prerequisites: no prerequisites.
Key terms: setting, group, password, policy, local, analysis, database, import, compare, member
Naming Convention
When we open the 'templates' folder, we will see several files with .inf extension. Before the '.inf' extension we
can see 'ws' or 'dc' added to the name of the template. 'ws' indicate that that template is intended for a
workstation. 'dc' indicate settings for the domain controller. Settings for servers will have 'srv' at the end of the
template name.
Templates
We start off with a basic set of templates. Those are basic security settings that are applied by default during the
installation of the system. In addition to that we also have, the Secure Templates. We also have High Security
Settings in which we start to manipulate with user rights. We also have a temple called Compatibility
Templates. The common one we will see here is Compatible Workstation or comptws.inf which allows us to
apply a security template that is consistent with the previous versions of Windows. Since previous versions are
not able to use all of the security settings that we have in Windows XP, we can set those back so that we can still
maintain compatibility.
Tools
The first tool that we can use is the Security Analysis and Configuration in Microsoft Management Console
or MMC. This tool gives us two components which allows us to analyze our security based on our templates. We
can select a template, open up a database using that template and then analyse our computer. After the analysis
it will show us everything that meets and exceeds the requirements of the template. Anything that doesn't meet
the requirements of the template will be illustrated with the red X. If we want to apply that template we can go to
the configuration portion of the Security Analysis and Configuration tool which will allow us to apply all that
settings to the computer. When applying settings, if existing setting meets or exceeds particular setting, then it
does not make any changes.
Another tool that we can use is 'secedit' command line tool which basically allows us to do same thing as with
Security Analysis and Configuration tool. We can use secedit command with the/analyse switch to analyse our
settings or we can use the /configure switch when we want to make changes to our settings. We can
use secedit /export to export database settings to a template.
Issues
When applying high security templates, the Administrators group is reset. Administrators and Power Users group
are reset to default members, so if we have a lot of members in that groups it can be an issue. After applying the
template we should check those groups and add members back as necessary. Another issue comes up when we
move between various templates. If we have applied a high security setting, and after that we want to go back to
the basic settings, we have to clear the existing template first. Remember, when we apply our templates, if
particular setting meets or exceeds template setting, it will not make any changes.
Utilize Windows XP Security
337
Compare Settings
We will compare the security settings in Local Group Policy on our computer to the settings in a predefined
template. In that way we can see what custom settings are modified on the local computer. To do that we need to
perform three general tasks. First we need to configure MMC to work with security settings, second we have to
import the template database, and third we need to compare the template with the local settings and view the
results. Let's start by creating the MMC. We'll go to the Start Menu, in the Run command type in 'mcc' and hit
enter. On the File menu, select Add/Remove Snap-in, select and add the Security Configuration and Analysis
Snap-in.
Image 271.1 - Security Configuration and Analysis
Now that we have our snap-in set, we can compare the security settings on the local system with those in the
template. Now we need to create a new database and import the template settings. Let's right-click Security
Configuration and Analysis and select Open Database. We will name it CompareSettings and click Open.
Utilize Windows XP Security
338
Image 271.2 - Database
Next, we have to import our template, that is, we need to select the template that we are going to compare to the
local computer.
Image 271.3 - Templates
All those files are actually stored in 'c:\windows\security\templates' folder. In our case we will select
'securews.inf' and click Open. At this point we need to compare the settings in the template with the settings on
the local computer. To do that we will right-click 'Security Configuration and Analysis' and select Analyze
Computer Now. Click OK to accept the path to the error log file. The following window will appear.
Image 271.4 - Analysis
If we browse the the Account Policies and then Password Policy, we can see the settings from our database and
the current computer settings. Notice the red X and the green check mark. A red X tells us that the setting on the
local computer does not match the setting in the template, while the green check mark tells us that the settings do
match. Notice that we have two columns for details. Those columns are the Database Setting (template setting)
and Computer Setting (current setting applied on the computer). For example in our case, notice that the
minimum password length in the template is 8 characters while current setting is 0 characters, which basically
means 'no restriction'.
Edit Settings
To apply all those settings we can right-click 'Security Configuration and Analysis' and select 'Configure Computer
Now' option. All settings will then be applied. To check our new settings we can go to our Group Policy Editor and
navigate to the, for example, Password Policy.
Utilize Windows XP Security
339
Image 271.5 - Password Policy
Notice that our settings now include minimum password length of 8 characters. While we can manually edit group
policy settings to achieve the desired configuration, we can simplify the process by importing a predefined
template. Windows XP ships with several predefined templates. We can also import our template while we are in
Group Policy Editor. Let's say that we want to revert our changes to the original settings set during installation. To
import a policy, we will right-click Security Settings and then select Import Policy in Group Policy Editor.
Image 271.6 - Import Policy
Compatws.inf provides Windows NT 4 compatible settings. Templates starting with 'secure'
likesecuredc.inf and securews.inf are used to increase the security for workstation or domain
Utilize Windows XP Security
340
controller. Securedc.inf is used for domain controllers and securews.inf is used for
workstations.Hisecdc.inf and hisecws.inf increase security even further. The 'setup security.inf' is the default
security that was created when we installed Windows XP. Let's import 'setup security' to revert to the defaults. We
will select it and click Open.
Image 271.7 - Setup Settings
Notice how our password policy has changed. Now they've reverted to the default security settings. Our password
history is zero and our maximum password age is 42 days instead of 30. Also our minimum password length is
zero characters instead of eight. To edit existing templates we can use the Security Templates MMC snap-in.
Remember
'Setup security.inf' configures the system with the original settings applied during installation. 'Securews.inf'
enhances security settings that typically do not affect application compatibility. It defines strong password,
lockout, and auditing settings. It also restricts rights granted to anonymous users. 'Hisecws.inf' secures a
workstation as much as possible. It forces NTLM v2 between server and client, and removes all members of the
Power Users group. It also removes all members of the local Administrators group except for the Domain
Administrators group and the local Administrator account. 'Compatws.inf' relaxes the security privileges of the
Users group to allow them to run non-user certified applications (applications that are common in previous
Windows versions). It also Removes all members of the Power Users group.
Paths that are mentioned in this article
c:\windows\security\templates - folder where we can find some predefined security templates
Utilize Windows XP Security
341
Internet Explorer Security in XP Parent Category: XP
Category: Security
Internet Explorer allows us to make a lot of different security settings.
Before you start
Objectives: learn how to configure Internet Options in XP.
Prerequisites: no prerequisites.
Key terms: zone, site, cookie, activex, local, control, restrict, manage, privacy
Security Zones
Security in Internet Explorer is managed trough Security Zones. Security Zones allow us to control different types
of access depending on sites, which we can group into general categories. We can control whether or not will we
allow ActiveX controls or scripts for particular website. We can also control whether or not will we allow
downloads to occur from a particular site. All those settings get associated with different types of zones. The first
zone is Local Intranet. Local Intranet is everything that's on our Local Area Network. By default, this is anything
that has a UNC path associated with it. As we type in the UNC path in the address line, it knows that the source is
on the Local Intranet. For example, we can make different security settings for the servers that are on our Local
Intranet as opposed to what's available on the Internet. Another security zone is Trusted Sites. In this zone we
add sites that are trusted so we may loosen up our security settings for that zone. For example we may allow
ActiveX programs to run, allow scripts, downloads, etc. In order to maintain security with our trusted zone we may
want to require the use of HTTPS (HTTP Secure) protocol. Another zone that we can use is Restricted Sites.
Sites in that zone are restricted and users will not be able to access them. Another important zone is Internet.
This zone contains sites that are not included in any of the three previous zones. Issue that comes up with the
Internet zone are our privacy settings.
Cookies
We control privacy settings trough Cookies. A Cookie is a file that contains information and those files can be
accessed from websites on the Internet. Cookies can have things like our username or password or other
information that some website will use while we browse particular site. Cookies allow websites to use existing
information for future sessions. In Internet Explorer we can control the use of cookies. We can turn off Cookies
which means that we will not accept any cookies from any site. This can also prevent us to from being able to
access different websites. Another issue that comes up with Cookies is that we can get cookies which are known
as first party cookies(those come from the site we're visiting) and third party cookies (from the site we are not
visiting, for example banner ad).
Example Zone Configuration
We can use Internet Options in Control Panel to manage security of Internet Explorer. Let's open Internet
Options and then go to the Security tab. We want to allow ActiveX installations only from Local Intranet or from
Trusted Sites. ActiveX file should not be installed from any other location in our case. Other settings for each zone
should remain unchanged. First, we will restrict ActiveX installation on the Intranet zone. Notice that our current
default level is Medium-high.
Utilize Windows XP Security
342
Image 272.1 - Zones
This setting is appropriate for most websites. Notice that unsigned ActiveX controls will not be downloaded, but
signed ones will. We want to disable any ActiveX controls. While we could move the slider to High setting to
disable ActiveX controls, this would impact other settings as well. We only want to disable ActiveX controls. To do
that we will click on the Custom Level button.
Utilize Windows XP Security
343
Image 272.2 - ActiveX Disabled
We have to make sure that all ActiveX options are set to 'Disable'. In this window we could also set various
security options like Downloads, .NET Framework, Scripting and other settings. We will confirm those changes
and also make them in the Restricted Sites zone. If we check default settings for Restricted Sites zone we will
notice that ActiveX controls are disabled by default. The next thing we need to to is allow ActiveX controls on
Trusted Sites and Local Intranet zone. Simply select the zone, click on the Custom Level button, and check
appropriate options in the ActiveX section of settings. One last thing we need to do is to add sites to the Trusted
Sites zone so that ActiveX controls can run on those particular sites. To do that we have to select Trusted Sites
zone and click on the Sites button. Notice that by default this zone requires server verification (https:) for all sites
in this zone. We are going to keep that option. We will add https://home.live.com/. Notice that we are using https
protocol.
Utilize Windows XP Security
344
Image 272.3 - Trusted Sites
We don't have to add sites to the Local Intranet zone because zone membership is managed automatically. All
LAN and UNC locations are members of the Local Intranet zone.
Image 272.4 - Local Intranet
We could actually add sites by clicking on the Advanced button, but in our situation it is not necessary.
Membership of the Internet zone is also managed automatically. All sites that are not in the Local Intranet,
Trusted Sites or Restricted Sites zone are members of the Internet zone.
Example Cookie Configuration
Cookies are files that our browser places on our computer. Websites create cookies to keep track of personal
information, often to simplify filling out forms or to customize content based on our preferences. We can use
Internet Options to customize how our system handles cookies. We will go to Privacy tab.
Utilize Windows XP Security
345
Image 272.5 - Privacy Settings
Notice that settings configured here only apply to the Internet zone. The slider has predefined levels for cookie
handling. If we move it to the highest level, all cookies will be blocked. In our case we want to manually configure
our settings so we will click on the Advanced button and then select 'Override automatic cookie handling'
option. In our case we will block third-party cookies, check the 'Prompt' option for first-party cookies and check the
'Always allow session cookies'.
Utilize Windows XP Security
346
Image 272.6 - Cookies Set
We can also configure cookie handling on a site basis. To set per-site settings we can go back to the Privacy tab
and click on the Sites button. In our case we have entered thewww.utilizewindows.com and clicked
the Allow button. This will allow all cookies on utilizewindows.com site and will override any general cookie
settings.
Image 272.7 - Allowed Cookies
Utilize Windows XP Security
347
Remember
We can use Internet Options in Control Panel to manage security of Internet Explorer. Security in Internet
Explorer is managed trough Security Zones. Security Zones allow us to control different types of access
depending on sites, which we can group into general categories. Local Intranet and Internet zone membership is
managed automatically. All sites that are not in the Local Intranet, Trusted Sites or Restricted Sites zone are
members of the Internet zone. Cookies are files that our browser places on our computer to keep track of
personal information. We can configure cookie handling on a site basis.
Utilize Windows XP Installation
348
Installation
Preparation for Windows XP Installation Parent Category: XP
Category: Installation
Today in the world of bootable CDs and DVDs we don't really have to worry about making bootable floppy drives.
But if we need to start the installation of Windows XP manually, we have to know which executable file we must
run and in which environment.
Before you start
Objectives: prepare for the installation and learn about general installation commands and their switches.
Prerequisites: you should know about typicall Windows installation sources.
Key terms: installation, start, exe, files, switch, winnt, process, run, bootable, cd, hard, hardware
Before the Installation
Before starting the installation we should check the Hardware Compatibility List (HCL) to verify that our hardware
is compatible with Windows XP. Also, we should disable virus checking in the BIOS. Also, we should know the
facts about the environment in which our computer will be used. This includes things such as a domain name, etc.
Installation Commands
If we run the installation from the bootable CD or if we run the setup from the CD while we are in some 32-bit
operating system, the setup.exe will run all necessary commands to start the installation automatically. However,
if we have to start the installation manually using CMD line, we have to know which executable files we need to
run in order to start the installation.
To start the installation process we can use two installation commands, Winnt.exe and Winnt32.exe. The
Winnt.exe command is used when we don't have a 32-bit operating system running. For example, we can boot
our system using DOS and then use the Winnt.exe command to start the installation process. If we want to start
the installation from within a current 32-bit Windows installation, then we can use the Winnt32.exe command.
Command Switches
With mentioned installation commands we can use certain switches to customize the installation process. The first
switch we should mention is /makelocalsource. This switch is used when we have a CD that is not supported in
Windows XP. In this case with that switch we copy the installation files onto a local hard drive and point our
installation to that, rather than the CD.
Another switch is /dudisable. This switch will disables the dynamic updates during installation. We can always
connect to the Internet later and get all updates after the installation.
Another switch is the /makeboot. We use this switch to make a bootup floppies. We can use them if we don't
have a CD-ROM that is bootable.
Other switches that can be used are /duprepare (download update files and save them locally),/dushare (start
the installation with downloaded update files), /u (indicates use of an unattended answer file), /udf (indicates the
use of a uniqueness database file), /s (specifies a path to source files), /checkupgradeonly (verifies upgrade
compatibility with XP).
Installation Phases
Once we run the commands and the installation begins, we start the phase 1 of the installation process. In this
pahse we will see the welcome screen and then we have to determine the source files for the installation. After
Utilize Windows XP Installation
349
that, some of the core XP files are copied to the computer memory and will be used to perform are installation.
After that, we can install additional drivers, and to do that we need to press F6 to install them. For example, if we
need to install additional SCSI or SATA controller adapter drivers, we would use this option. If we want to install a
custom Hardware Abstraction Layer (HAL), we can press F5 during the installation.
After all this, we will have to configure our hard drives. This allows us to create or delete partitions, and to format
the partitions. After we configure our hard disks, the process of file copying will begin. Once all the files are copied
to the hard drive and when the system reboots when reboots, we will get to the GUI phase. In this phase we will
have to set some options like regional options, date and time settings, serial number which is 25 character code,
etc.
When it comes to licencing, there are several different options. We can have the volume licence or a single user
license. Note that we can use the volume license only with the volume license media. So, the licence code must
match to the installation type (volume or single user). When we answer all the questions our computer will reboot
itself into the Windows XP environment.
At this point we will be prompted to register our Windows XP copy with Microsoft. This is an optional step but it's
recommended. Another thing we have to do, and which is not optional, is to activate Windows XP. This is an
attempt from Microsoft to reduce the amount of software piracy. We have 30 days to use Windows XP and in that
time we have to activate our copy. Activation can be done online or over the telephone. Activation will require
some information about our computer so that it is known where that licence is applied, but Microsoft will not
collect any private information.
Remember
We have to ensure that our hardware is compatible with XP. To start the installation process we can use two
installation commands, Winnt.exe and Winnt32.exe. Common switches to use are /makelocalsource, /dudisable
and /makeboot.
Utilize Windows XP Installation
350
How to Upgrade From Older System to Windows XP
Parent Category: XP
Category: Installation
When considering upgrade to Windows XP we have to be aware of some
limitations. Not all operating systems are able to upgrade to Windows XP.
Also, if we have to install Windows XP on new machine, we can perform files
and settings migration from the old computer to the new one, and in that way
save ourselves a lot of time.
Before you start
Objectives: Learn how to prepare for upgrading, which operating systems can be upgraded to Windows XP, and
which tools and commands can be used to migrate files and settings from the old installation to the new one.
Prerequisites: you should know the specifics about each type of Windows installation.
Key terms: settings, files, transfer, computer, upgrade, installation, tool. folder, wizard. network
Types of Installation
As we already know, when installing Windows XP we can do a clean installation, an upgrade of existing operating
system to XP, we can do a migration to Windows XP, or we can install Windows XP alongside an existing
installation.
Upgrade to Windows XP
Before we do an upgrade to Windows XP, we should check to see if our system can support the upgrade. To
check the compatibility we can run a special command which will do just that. This is done in command line when
we boot our computer in DOS environment. The command to check for compatibility is "winnt32.exe
/checkupgradeonly". The results of the check are saved in the%systemroot%\upgrade.txt file.
One of the advantage of doing an upgrade is that it will preserve all user settings and files. This is great because
we don't have to configure our users again, we don't have to install our applications again, etc. If we have to do a
clean installation, there is a way to transfer all users settings and files from older (or simply another) installation.
To do that we can use the tool "Files and Settings Transfer Wizard". This is a GUI tool which we can use to select
which files and which settings we want to transfer from the old system. Once we select them, we will be able to
export them to some location. The location can even be a network share. Once we are done with the clean
installation on our new system, we can import that data, and it will be as if we have done an upgrade to the new
OS.
We can do the same thing by using the "scanstate" and "loadstate" commands. We use scanstate to save user
settings from the original system, and we use the loadstate to restore user settings on the new system. By using
scanstate we can export data to the network share.
Files and Settings Transfer Wizard
We can use this tool to migrate settings and data from 9x versions of Windows to Windows XP. To open this tool
we can go to Start > All Programs > Accessories > System Tools > Files and Settings Transfer Wizard. The
first thing that this tool will ask us is on which computer are we currently working on. We have two options: "New
computer" and "Old computer". New computer is the computer we want to transfer files and settings to, and the
old computer is the source of that files and settings. In our case this is the old computer.
Utilize Windows XP Installation
351
Source or Destination Computer
When we click next, in our case we got a Firewall prompt. That's because this tool tried to access network
resources. We will select the "Unblock" option to allow this tool to access our network.
Firewall Prompt
After that we need to specify where do we want to save our settings and files and what will be the transfer
method. Notice that some options are available and some are not. This depends on the current settings of our
computer and the environment in which our computer resides. In our case we will simply save all data to the
C:\Transfer folder. Later you will notice that the Wizard will create additional folder called USMT2.UNC inside of
our Transfer folder.
Transfer Method
Utilize Windows XP Installation
352
On the next sceen we need to select what do we want to transfer. We can choose to transfer only settings, only
files, or both. Based on our selection, we can see what will be transferred on the right side of the window. Notice
that we can also select a custom list of files and settings. In our case we will select the "Both files and settings"
option.
Files and Settings Option
When this step is complete we can copy our folder where we have saved all our data (in our case C:\Transfer) to
the new Windows XP installation. There we will run FaSTW and this time choose the "New computer" option.
New Computer
After that we need to specify the location of our files and settings. In our case we have already collected files and
settings so we can choose the last option.
Source
Utilize Windows XP Installation
353
Next, we need to specify the location of the files and settings. In our case we have copied our Transfer folder to
the C: drive, so the path is again C:\Transfer. This is the folder where our files and settings are located.
Location
When we click next, the Wizard will start the transfer. When the whole process is complete we will have to log off
for changes to take effect.
Supported Operating Systems
Not all operating systems are supported for the upgrade. Some operating systems may be supported but they
require certain service pack to be installed. Operating systems which can be upgraded to Windows XP
Professional are: Windows 98 (including SE), Windows ME, Windows NT 4.0 Workstation (with latest SP),
Windows 2000 Professional and Windows XP Home Edition.
Utilize Windows XP Installation
354
Prerequisites for Network Installation of Windows XP
Parent Category: XP
Category: Installation
We have two different ways in which we can do a network installation. One method includes a configuration of
special server which is used to deploy installations to multiple computers. In other method we simply create a
network share which includes all source files required for the installation.
Before you start
Objectives: Learn what is RIS server and which commands can be used to start the installation from the network
share.
Prerequisites: no prerequisites.
Key terms: network, installation, boot, ris, server, share, files, create, updates, clients, command
Network Installation
Installations performed from the installation source which is located on the network is great if we have a lot of
computers which we have to install simultaneously. We can do network installation in several different ways.
The first method is to create a network share which contains all of the required installation files. From the
destination computer we would connect to that network share and run the "winnt" command from there. This will
start the remote installation.
The second method is to use Remote Installation Services (RIS) to automate network installations of Windows
XP. When we use RIS, we connect to the RIS server with our client to download the necessary files and perform
the installation. There are some requirements to successfully create RIS environment. We have to configure
DHCP services on our RIS server. The clients have to be able to requests IP addresses from the RIS server. The
RIS server also has to act as a DNS server. The clients will register themselves with the RIS server for the
purpose of the installation. One other component that our RIS server has to have is Active Directory. On the RIS
server we also have to create a remote installation image. This image will actually contain all the necessary files
for the installation. All files from the i386 directory are included in this image. If we plan to install service packs
automatically, we also have to have their folders available. To apply a service pack to the source installation files,
we can use the Update.exe –s:[network_share] command and switch. This applies the service pack to the
installation files in the network share. We can also take advantage of the dynamic update feature during the
setup. We can download the updates to a network share, so if we don't have access to Internet during the
installation process, we can use special command switches to include the appropriate location where the updates
are. For example, the /duprepare:[path to downloaded updates] switch will prepare the updates which are
located on the network share. After that we can use the /dushare:[path to downloaded updates]switch which
will force the setup process to install updates from a shared location instead of the Internet.
Network Boot
Clients have to be able to boot to our network in order to perform network installation. To do that, clients must
have a PXE enabled network card. These NICs have the ability of booting the system. Also, network boot option
must be enabled in BIOS. Normally we boot our computer using our hard drive, but in this case, we boot to the
network. If we don't have a NIC which supports PXE, we can create network boot floppies using the "Rbfg.exe"
command (Remote Boot Disk Generator). The boot disk will simulate the PXE boot process.
Remember
Utilize Windows XP Installation
355
We can do a network installation from the network share. Our computer must be able to boot to the network (PXE
enabled). We can use RBFG.exe command to create network boot floppies. We can use Remote Installation
Services to deploy prepared images to our clients.
Utilize Windows XP Installation
356
Create an Answer File in Setup Manager Parent Category: XP
Category: Installation
By using Setup Manager we can create an unattended setup answer
file. We can create different types of answer file, depending on the type
of the installation that we will be performing.
Before you start
Objectives: Learn how to create an answer file for unattended setup by
using Setup Manager in Windows XP.
Prerequisites: you have to know the basics of automated Windows installation.
Key terms: file, create, setup, windows, answer, option, user, choose, case, screen, manager, option
Setup Manager
We can find Setup Manager on the Windows XP installation CD. We have to unpack it from the "deploy.cab" file
which is located in the "SUPPORT\TOOLS" folder. In our case our CD-ROM is on the D: drive.
DEPLOY.CAB File
When we open the deploy.cab file, among other files we will see a "setupmgr.exe" file. This is our Setup Manager
application, and now we need to extract it to some folder on our computer. Simply right click it, and select the
Extract option. In our case we will extract it to our Desktop. Now we can run the Setup Manager by opening the
setupmgr.exe file. When we first run it, the wizard will automatically run. It will ask us if we want to create a new
answer file or modify an existing one. In our case we will create a new file.
Create New File
Utilize Windows XP Installation
357
On the next screen we have to choose the type of answer file that we want to create. We can create a
"Unattend.txt" file, "Sysprep.inf" file or a .sif file. If we want to create an unattended setup, we can create an
unattend.txt file or Winnt.sif file (Winnt.sif is used for CD-based installations). For Sysprep setup we will create
Sysprep.inf file, and we can create a .sif file if we will use Remote Installation Services. In our case we will choose
an Unattended setup option.
Type Of File
On the next screen we can choose the Windows version for which we will create an answer file. In our case we
will choose the Windows XP Professional.
Windows Version
Now we have to select the type of user interaction we want. "User controlled" option provides default options and
the end user can change them during the installation. "Fully automated" option requires no user interaction at all.
In this case we will specify all values in the answer file. With "Hidden pages" option we provide answers for
certain setup pages, and those pages are then hidden from the end user. "Read only" option makes all answers
visible, but the user can't change them. In "GUI attended" option the GUI portion of the setup runs normally, while
the text portion of the setup is automated.
In our case we will select the "Hidden pages" option. This way we will set only some options, while the user will
have to enter all the options that we didn't enter in our answer file.
Utilize Windows XP Installation
358
User Interaction Level
On the next screen we can choose to create a new distribution share, modify existing one or select to set up
Windows from a CD. The thing is, Setup Manager can create a distribution share on our network with the required
Windows source files. After that we can also add files to that share to further customize our installation. In our
case we will select the "Set up from a CD" option. That means that we will take Windows installation CD to each
workstation and start the installation with the CD-ROM.
Distribution Share Option
After this we will see a menu with many different options that we can customize. On the left we can choose
different configuration screens that we want to edit for Windows setup. On the right we have to provide the
information for the particular screen. For example, for the first screen we will enter the organization "Utilize
Windows". We will leave the Name box empty, which means that the name will have to be entered during the
installation by the end user.
Name And Organization
Utilize Windows XP Installation
359
When we click Next, we will move to the next screen on which we can enter configuration for our answer file. The
next interesting screen is "Computer Names". If we will install many computers which will reside on the same
network, they have to have unique names. On this screen we can choose a text file which contains computer
names, or we can choose to automatically generate computer names based on organization name.
Computer Names
We should also configure default administrator password, so that administrators can always log on to all
computers that will be installed. Notice that we can encrypt that password in an answer file. We can also choose
to join all computers to the domain. When we join a domain, we can also create a computer account in that
particular domain, and for that we will need a user account that has permissions to add a computer to the
domain.
Other options that we can configure are dialing options, regional settings, languages, browser and shell settings,
installation folder, network printers, etc. In the end, when we click Finish, we will have to save our unattend.txt
file.
Save File
Remember that if we plan to use our answer file with a CD-base installations, we have to name it "Winnt.sif".
Winnt.sif than has to be copied to a Floppy disk, so that it can be used with a CD-ROM when we install Windows
XP.
Utilize Windows XP Installation
360
Typical Windows XP Installation Problems Parent Category: XP
Category: Installation
When installing Windows XP, there are some issues that may arise during installation. If everything is OK with our
hardware, we should be able to install Windows XP successfully.
Before you start
Objectives: familiarize yourself with typical Windows XP installation problems and how to deal with them.
Prerequisites: no prerequisites.
Key terms: installation, windows, switch, xp, system, bios, command, debug, default, file, information
BIOS
Sometimes the issues will be caused by the settings in the BIOS. Well, we may find that the BIOS sees Windows
XP as a virus. In order to correct this we can simply go into the BIOS and disable the virus protection before we
continue with the installation. When we experience a problem during installation of Windows XP, the installation
process will try to continue with the installation from where it stopped when we restart the computer. This
automatic feature is built in into the system. In addition to that we can also try using the Recovery Console to
recover the installation process.
When troubleshooting installation, it is great to see what is actually going on during installation. In order to see
additional information about the installation we can use the "/debug" switch with the "winnt32" command. The full
command would be: winnt32 /debuglevel:logfile. This will create a log of installation actions. The default log file is
C:\%systemroot%\Winnt32.log. We can use five different levels (from 0 to 4) with the /debug switch. Level 0 will
display the least amount of information, while with level 4 we will get the most detailed information. The default
debug level is 2.
If our installation is unstable we can use the System File Checker (Sfc.exe) to verify the integrity of protected
system files. With the Sfc command we can use several switches. The /Scannow switch will perform a scan
immediately. The /Scanboot switch will perform a scan every time the operating system boots. The /Revert switch
will reset the scan behavior to the default. With the "/Cachesize = size " switch we can determine how much disk
space can be used to store cached versions of protected system files.
Dual-boot Problems
If we want to utilize dual-boot environment on our machine, we have to ensure that we have the most current
version of our boot files (NTLOADER and NTDETECT.com). Also, we have to be carefull in which order we install
Windows versions. Remember that newer operating system should always be installed last. For example, if we
want to have Windows ME and Windows XP on one machine, we should install Windows ME first, and then
Windows XP.
Uninstalling Windows Components
If we have problems with the Service Packs that were installed on our Windows XP machine, we can run the
"spuninst.exe" command from the service pack or hot fix uninstall folder. With spuninst we can also use several
switches. The -u switch will use unattended mode. The -f switch will force other applications to close at shutdown.
With -z switch our computer will not reboot when complete. The -q switch enables quiet mode, meaning no user
interaction. To isolate a driver causing our installation to fail, we can add the /Sos switch to the Boot.ini file. This
loads the drivers individually, allowing us to isolate the bad driver.