Protect you computer and your data


Windows Xp Professional - a Complete Summary Pt 1

This article talks about Windows XP andmultiple terminals the profile from
all the new features it brings alongwhich he logs on last will the last
with it. Microsoft has reallyprofile updated. This can also be made
introduced a powerful new operatingad a mandatory profile for e.g. in kiosk
system which brings lots of flexibilityenvironment where you want the user to
and ease of use to the user. It also athave the exact same profile whenever he
the same time is an extremely reliableshe logs on. You can do this by going
and sturdy operating system for both theinto the user profile and renaming a
average and the excessive user. In thisfile ntuser.dat to ntuser.man and no
article we start by talking about thechanges will be saved when the user logs
requirements XP needs for optimumoff so he/she will get the same default
operation and how we can meet thoseprofile when he/she logs back on.
requirements. We also talk about theLocal Security Policy:
bits and pieces of installing, upgradingLocal security policies give the
and migrating user settings. We alsoadministrator several measures to
highlight the new powerful features inmaintain security in the workgroup.
Windows XP installation like unattendedThere are three different types of
installations and remote installations.policies like auditing, user rights and
Microsoft also aims to target the homesecurity settings. There are also
market with this new operating systemaccount policies which include password
and has included several new featurespolicies and account lockout policies.
such as user account management andPassword policies enable us to enforce
group's management at a much easier GUIpassword laws where the administrator
level. Yet it remains the same reliablecan set password length, history, age
operating system if not even better forand even complexity for secure
setting security, group security andenvironments. Account lockout policies
domain security policies. Microsoftprevent hackers from constantly trying
also includes several new features into log on to the system using brute
terms of auditing and generating a lotforce like all combinations of
of reports in logs for thepasswords. Local policies give us a
administrative user. We also talk aboutvariety of features. One section is user
the Windows installer included in thisrights assignments where the
new operating system which helps removeadministrator can assign specific
code clutter and in turn provides uspolicies to specific users and groups
with a more stable operating system thanwhich allow different users to have
earlier releases. We also see adifferent powers and rights on the
significant improvement in usernetwork and the machine. Auditing
interface and options with a greaterproperties enable us to generate reports
ease-of-use for the average day user andon how the system is performing to be
options like multilingual support whichclear who is trying to do what on the
target the corporate environment.machine or the network. Microsoft does
Windows XP also takes hardware supportmake our work easier by giving us
and installation to a new level with itspreconfigured security templates. These
new plug-and-play features an extremelyare groups of settings for various
good compatibility with mobile hardware.scenarios. These can be accessed through
We then discuss the Revolutionary newa bunch of .inf files provided by
NTFS file system on which Windows XPMicrosoft and you can implement these by
runs and all its new advantages over theeither importing the .inf file into the
old FAT and FAT32 file systems. Windowsgroup or by using the Microsoft security
XP also gives us a good Networking setconfiguration and analysis snap-in.
up and troubleshooting environment withThese can be applied to a local machine
new features like off-line folderor a group and are easy to create
sharing and resource management. Remotethrough the MMC. The preconditions are
connectivity has become a muchto first create a snap-in and add the
achievable target with the launch ofsecurity policies and security
Windows XP giving the telecommuter theconfiguration and templates modules in
flexibility to work from home. Weit and then create a database and then
finally talk about how this newimport a security template into it. Then
operating system stands up to its olderyou can compare and analyze or even set
legacy brothers in terms of performance,your computer to these configurations.
optimization, recovery, back up andYou can also save these security
other services. All in all Microsofttemplates as shortcuts for access to
has definitely released a powerful beasteach machines security settings.
of an operating system onto theGroup Policies:
consumers and it is up to us to realizeThe main function of group policies is
and utilize Windows XP at its fullto implement restrictions on their
potential.computer to prevent unintentional mess
Meeting Minimum XP Requirements:up of the OS on the computer. In a
Microsoft Win XP minimum requirementsworkgroup background you can implement
can be classified into variouslocal group policies which are specific
categories. The most importantto that local machine only and to the
requirement is the minimum processorusers on that machine, so in order to
power needed, which is set to 233 MHz byimplement this on the entire workgroup
Microsoft. I personally do not agreeyou will have to implement this locally
with such low standards since the coston each machine which can become a
of processors is dropping fast and it isheadache. However, you can have remote
the biggest driver for a machinesshortcuts to each desktop's MMC (focus
performance factor. A minimum of 300 MHzMMC on remote machines) on your computer
is what I would recommend on the lowestand then can implement those policies
level. The control terminal investigatedthrough this procedure. In a domain
in this report is up to the benchmark orsetting you need to implement these
just above average requirements for thepolicies through the organizational
user. The processor is a 2.5 GHz Pentiumunits in active directory on the active
4 and is performing at an optimal rate.directory server. By default group
Win XP pro does support multi processorpolices have a refresh period after
support, but is not necessary in thiswhich group policies will be downloaded
scenario. The next requirement broughtbut you can run a GPUPDATE to refresh
to my attention is the amount of RAMand implement new group policies
Microsoft recommends for minimumimmediately. Group policies are accessed
requirements for Win XP Pro to operatethrough the same way as local policies
is 64MB, which is clearly too lowby adding the snap-in of group policies.
according to current standards. However,You can create group policies on that
Microsoft does state a serious lack oflocal machine or connect to remote
Win XP pro function availability whilemachine by clicking the browse icon, but
using 64MB of RAM. An example of thisyou need to have administrative rights
would be disabled Fast user switchingon each machine and also on that
during this mode. I personally recommendmachine. As ever domain policies
a minimum of 256MB for any machine withoverride local computer policies.
average performance requirements runningAuditing Windows XP:
Win XP Pro. The control machineAs a network administrator one of the
undertaken in this report has excellentmain tasks is to make sure that the
RAM support with 1GB of available RAM.resources are being used the way they
The RAM level in this machine takes aare used or not being used they should
load of the processor as well and at thenot be. Auditing in Windows XP is just
same time provides excellent performancethe feature which helps us track these
for heavy multi usage of variouskey events. This can be used to track
software's in the market. The hard drivesuccessful or failed system events. It
requirements for Microsoft have beenhelps the administrator choose between
ever increasing with new releases ofeither tracking things being done
operating systems and Win XP procorrectly or things not being done
requires a minimum of 1.5GB of hardcorrectly. The most important factor is
drive space. This higher increase can befile access and account logon. One
accounted for bigger operating systemsdrawback of auditing is that it should
with more included in them, for e.g. Winbe turned on locally on each machine,
XP pro includes a several features likesince it cannot be enabled on a domain
media support for writing to CD mediabasis. Auditing should not be turned on
and also a built in firewall. Thein the entire domain since it does take
control machine does a pretty good joba performance hit on the system. An
of satisfying these hard driveexample would be the Audit object
requirements with a 120GB primaryfailures which tracks failures or
(Master) hard drive and another 120GBsuccesses of files and printers.
secondary (Slave) hard drive. HoweverEnabling this would not turn on auditing
there are some flaws in thison the file, in order to that you need
implementation which are highlighted into go to the properties of the folder or
the backup section of the report. Onefiles you want to audit. Head to the
advantage of having two hard drives issecurity tab, if you cannot see the
clear that the paging file can be placedsecurity tab this either means that
on a separate hard drive for better andsimple file sharing is turned on or that
faster performance. The control machineyour drive is based on FAT32
also exceeds the display requirements ofpartitioning style. You need to have a
Win XP. Microsoft has stepped up the barNTFS partition style and simple file
with this release and has made 800 x 600sharing tuned off for this security tab
a minimum display requirement for thisto show up. However, in a domain
operating system and a lot of videoenvironment simple file sharing is
drives will not let you shift below thisturned of by default. Once you can see
resolution. The control machine hadthe security tab hit the advanced tab
capabilities above this with displayand select the auditing tab and add the
potential up to 1600 x 1200. Win XP Prouser or the group you would like to
also recommends setup floppies oraudit. Auditing reports can be seen
bootable CD standards for repair andthrough the event viewer which can be
reinstall, which is also met by thelocated through control panel and then
control machine. However I personallyin administrative tools. Finally the key
recommend bootable CD's to setupthing to remember about auditing is that
floppies which are more prone to failureit has to be turned on at two separate
of a long period of time. A better wayplaces, once in the local security
would also be image backups and imagepolicies and second at the resource you
installs which are discussed later inwant to audit like a file or a printer.
this report. The BIOS is ACPI (AdvancedWindows Installer:
Configuration and Power Interface)If you install an application on Windows
capable, which enables power managementXP you are most probably using the
features and shut down through HALWindows Installer. Microsoft started
(Hardware abstraction Layer)this through Windows 200o to prevent
installation. Win XP pro has a lot ofother applications from just installing
graphical user features which can onlythemselves and breaking and clobbering
be utilized through a good graphicsother DLL's. There are also problems
card. The control unit in this audit hasduring uninstall where the program would
a good graphics card with 128 MB oftake away a critical Windows component
dedicated graphics memory for exploitingand then your system might not boot.
these features.This new service is integrated into the
Installing Windows XP:operating system to make the programs
I would like to bring to notice somewell behaved. Windows Installer
installation features available fromintroduces package files (.msi) which
Microsoft during a windows install. Theare installation files on the CD itself.
text mode option is enabled during aThere are a lot of advantages to using
clean install and gives us the abilitythe Windows Installer, for e.g. the
to press the F5 key to choose a HALability to self-heal in a case where the
enable BIOS from the menu. This isprogram detects that a DLL is corrupt or
critical for an individual or anmissing and then can heal itself by
organization which wants to enable thepulling that file back from the source
feature of auto power off. The BIOS hasCD or network. There is also a rollback
to HAL capable in order to use thiscapability where something terrible
feature. It is always recommended tohappens during the installation, Windows
update the BIOS to HAL capability beforeInstaller makes sure to take snapshots
installing Win XP. Changing BIOS afterof the system before and after the
installing Win XP has some serious risksinstallation. In case of failure it
of resulting in an unbootable OS androllback's the system to the state how
should not be attempted without properit was before. There is also on-demand
back up of data. Microsoft advertisesinstallation where you can install
the F6 option during this to install anyfeatures as needed and required later on
SCSI/RAID adapters. You can also turn ofby the system. These can be obtained
ACPI by pressing F7 to get a HAL that isfrom the source on either a media format
not ACPI capable. ACPI can interferelike a CD or on the network. Source
with some features on the machine, forresiliency also enables us to define
e.g. if the machine is a server typeseveral source targets where you can
auto shut down would not be really aconnect and download the files you need
good feature to implement. The rest ofincase one source is corrupted. You can
the process is old style mode where youpublish application in a domain setting
can create and delete partitions on yourand then can assign a group or users who
hard drive. There is also the option ofcan connect to download and install this
choosing between NTFS and FAT32. Howeverapplication. Also, you can assign
I would recommend NTFS, if your hardapplications to users or groups where
drive is over 32GB NTFS is the onlythe application doesn't really install
choice for you. Windows XP does all theitself but it places a link or a
hard work and jumps into the GUI modeshortcut of that application on that
installation and then asks the user forterminal for that user to access it and
information like the windows key, namewhen the user tries to access it the
and regional settings. The mostfirst time it goes ahead and installs
important thing is setting the windowsitself using the Windows Installation
administrator password and writing itservices. This also enables us to have
down and keeping it somewhere safe. Ittwo different versions of the same
also asks for computer names and networkprogram using two different DLL's which
configuration and also asks for whethercan coexist on the same terminal in the
you are in a domain environment or asame hard drive. MSIEXEC is the command
workgroup environment and our IPprompt installer which is the core of
settings. NetBEUI has been disabled inthe Windows Installer. There are several
this version of Microsoft operatingflags to this command and you can run
system. You can also enter the hardthis from the command line to install
drive for file access during thisthose problematic applications. One of
installation by pressing Shift+F10. Thisthe most important flags is the /f which
enables you to move files across thecan be used to repair bad installations
hard drives, access files you need andand even find corrupt DLL files.
even install drivers for new hardwareUser Interface:
during installation. For people who wantWindows XP gives the average user a lot
the old style installation you can pressof power with the ease to configure his
Shift+F11 for the old style wizardher user interface. Configuring the
settings. Microsoft has also implementeddesktop is something you can do almost
dynamic update which means that as longto an extreme in Windows XP. Standard
as you have an internet connection itdesktop settings remain the same as the
will try to connect and try to downloadability to change wallpapers, colors and
all the updates needed before yoursounds. There are also themes and skins
machine is up and running. It will alsowhich can change the entire look the
try to install new device drivers, asWindows XP and work as API's which run
long as the manufacturer has his driverson the machine and not any third party
windows logo certified. However dynamictools you need to get. Simple day to day
update is only available for updatedtasks have been made a lot easier with a
installs and is not available on cleanfolder and file options available on the
installs. Microsoft also enables youleft hand side of the windows explorer.
implement your own dynamic update sitesThe start menu has become more powerful
to prevent clogging of bandwidth in athan it was before. It also incorporates
corporate environment for machinesthe ability to customize itself as per
searching for updates through theyour program usability. However for you
Microsoft's website. The admin can linkold school people Windows XP does give
to windows update corporate site andyou the option of switching to the old
download all the updates and packagestyle desktop or the classic desktop.
them together and put it up on a webAll you have to do is right-click and go
server for the staff to install. Ato properties and change the theme to
switch can be installed inside theWindows classic to obtain the old style
setting of the answer file forWindows look. The appearance tab helps
downloading from these installs. Anotherthe user pick a color scheme they like
feature is windows product activationbest or you could also enter advanced
which does not exist for the volumemode and pick colors for each part
license user where the same media kit isyourself. The effects tab is the most
going to be used for multiple installs.underused tab which gives the user the
However retail and OEM licenses requireability to get cleaner fonts and even
windows product activation by creating aremove and set animations on your
hash of your computer depending uponwindows. Most appearances are
several features like hardware. Windowscustomizable in Windows XP and
product activation can also be done inMicrosoft's is trying real hard towards
the answer file and the information senta goal to please every user type.
through HTTP or HTTPS and Microsoft'sInterface Options:
minimal requirement is that reactivationMicrosoft has added a lot interface
is required after changing 3-4 pieces ofoptions for users who otherwise have
hardware on your computer.problems using the computer. One is
Upgrading Windows XP:accessibility services where Microsoft
Most administrators do not have thehas included several options like the
luxury to make a clean install becausesticky keys, filter keys or toggle keys
there are a lot of software and dataand even sounds and onscreen keyboard.
installed on the current operatingThere is also a narrator which gives us
system. The biggest drawback to this istext to speech for the visually
that all the legacy code and baggage inchallenged. There is also the magnifier
the old operating system will be carriedwhich is also a great asset. An easy way
over to the new operating system. Anto access the narrator, magnifier and
upgrade is possible from Windows 98/98SEthe onscreen keyboard is pressing the
ME/2000 and Windows NT 4.0 with SP6.Windows key + U. Multilingual support
However the server class cannot behas also been included in Windows XP
upgraded from windows 2000 professional.just like as in Windows 2000. However,
You cannot upgrade from Windows 95 ornot all applications support this but
Windows 3.x. A compatibility checkyou can almost enable this all API's.
should always be made before upgradingAll that is required is to head to the
to the new OS. Check using the switchregional settings in the control panel
(-checkupgradeonly) for hardware reportand install the language you want to
on compatible hardware on the machine towork with the remap the keyboard
install windows XP. If you're runningaccordingly and you're done. One
Windows NT 4.0 with fault tolerance anddrawback is that for other users to use
volume sets the drives are going to bea document created in this language they
inaccessible once you install XP sincemust have the same language settings
it does not support fault tolerance orinstalled on their computer. You can
volume sets. Microsoft does give you aneven change entire interface of the
easy way to use the key FTONLINE tocomputer into another language by
bring the fault tolerant set online toinstalling support for that language.
backup the information or recreate aThis servers as a strategic advantage
volume set or striped volumes and getfor global organizations which operate
that information back. However youin different regions in terms of saving
cannot create fault tolerant drives withspace in terms of storing a file in
Win XP. In a case of serious error youdifferent languages since multi language
can always roll back the upgrade. Thissupport enables us to store only one
feature can be accessed from the "Addcopy of the file and have it available
Remove Programs" in the Control Panel.in different languages.
However the biggest drawback is thatHardware Installation:
once you change from FAT32 to NTFS youWindows XP supports plug and play
cannot go back to uninstall the upgradefeature where you can just plug in
and get your old operating systemdevices and it will detect them
running. The install procedure is prettyautomatically without any installations.
much the same as the once we encounteredOne of the most important advantages of
on a clean install without the headachethis feature is that signed drivers are
of drive partitioning. It even tries toinstalled automatically without
download updates (Dynamic Update) if anprompting. However, non plug and play
internet connection is detected. Thedevices require manual installation.
software and regional settings and otherThis saves a lot of headache to the
user settings are preserved on theadministrator when it comes to
computer. The upgrade does come withinstalling different pieces of hardware.
different view screens after theThe user needs to have the
install. Views change with the kind ofadministrative privileges to install
environment you are running in for e.g.these hardware's and drivers. These can
a domain environment the user gets tobe maintained to the device manager
see the Ctrl+Alt+Del screen whereas thewhich can be accessed from right
user gets to see the welcome screen in aclicking my computers icon. Microsoft is
workgroup environment.pushing to wears a new setting known as
Migrating User Settings:driver signing. This enables Microsoft
User settings are an extremely importantto see what drivers are installed on the
feature needed in a corporatesystem. In a case of an unsigned driver
environment to preserve the same lookthe user is warned about this before
for a user. The file and transferinstalling it but he/she can still
settings wizard comes to our rescue downchoose to go ahead or not go ahead with
to the last solitaire icon on the usersit. Vendors have to actively pursue to
computer. File and transfer settingsget their drivers signed by Microsoft to
transfer transfers files in fourachieve a signed driver rating. In a
categories. The first category iscase of an unsigned driver Microsoft
appearance which includes color schemes,raises a flag which warns the user about
sounds and others. Second, it also keepsthe unsigned driver. This can raises
internet settings like your favoritesseveral issues in a network for the
and your internet security settings.administrator to handle where people
Third, it also backs up all your accountbring in their own USB devices to plug
settings like all your e-mail accountsin to their systems and then can raise
and all the internet addresses stored inseveral flags and incompatibilities in
your machine through outlook. Finally itthe environment. The administrator can
even transfer the settings for installedhandle this situation by disabling and
software's like Microsoft office andblocking the installation of unsigned
even third party software's like adobe.drivers. One of the drawbacks in windows
However the drawback is that the2000 was the ability for a user to
required software's should be installedmodify the registry keys and install an
before their settings can be reappliedunsigned driver and then change back the
to the new operating system. The Filekeys after the installation. This loop
and Transfer settings wizard can behole has been fixed by Microsoft and the
reached through the windows CD byuser is not given the ability to change
accessing the icon "Perform Additionalregistry keys and hence he cannot
Task". The process is simple andinstall unsigned drivers without
visually guided. It gives you the optionadministrative permission. One of the
to choose just files or both files andother features that will is the facility
settings and transfer all the requiredof the drivers or to even roll back
files through a direct cable, floppiesdrivers incase of a mishap. Updating
media or network. This can also be useddevice drivers still requires the user
from XP to XP machines, in a case ofto have administrative privileges.
customizing a brand new machine toHowever updating device drivers is one
industry standards. However this isof the most frequent causes of system
should be used for only for smallcrash. This is where the ability of
offices or a very small office. A betterrollback kicks in where Windows XP
version of this for large offices ismaintains copies of older versions of
user state migration tool for scriptingyour driver which you can kick back to
mass XP migration of files. The userincase of an update failure. There is
state migration tool is made up ofalso something known as the last good
several tools once of which isoption which should be a last resort in
scanstate.exe which includes files likecase of a safe boot. Driver signing
migapp.inf, migsys.inf, miguser.inf andgives us the options to free install,
sysfiles.inf and you can change thesewarn or block drivers that are unsigned.
files as you please. A simpleA normal user can always go to a much
illustration would be to access thestricter option like if the
migapp.inf file, put in the settings youadministrator has selected warn the
need and put in the files you need tonormal user can choose block, however he
transfer and run scanstate.exe on everyshe cannot choose to ignore it.
computer. The new machine would run aHardware Support:
different program loadstate.exe whichWindows XP supports most kinds of
will unpack the file and load thosehardware these days. You can pretty much
settings. However like in file transfertake anything in the market and it will
settings this cannot transferbe supported by Windows XP. Windows XP
application and only settings toeven supports smartcard operations fresh
applications for e.g. it will notout of the box. One of the coolest
install adobe acrobat on your computerfeatures is the ability to hook up to
and then transfer its settings. If antwelve display devices on to one
application is not detected on themachine. As a matter of fact you can
computer the settings for it will not belink up to ten display devices onto one
used. This application can be accessedsingle terminal. There's also dual head
in the following directorytechnology incorporated into Windows XP
"CD:VALUEADDMSFTUSMT". This ability iswhich gives the user power to connect
completely scriptable so anmultiple monitors with a single video
administrator can send these as e-mailcard adapter, for e.g. in case of a
messages to all the users and does notlaptop you can connect it to monitor and
have to present at all the machines tohave it perform different from the
run this.screen on your laptop or as an extension
Unattended Installation:to the screen on your laptop. Windows XP
Microsoft also supplies us with toolssupports Directx and OpenGL which are
for unattended installation which is agraphics technologies or graphics API's.
great feature for network administratorsMicrosoft is offering this towards the
working in large corporate environment.gaming market where they have finally
This feature saves the tedious task ofbeen able to run Directx on the NT core
sitting down at each computer andfor the games to perform an optimum
installing Windows XP on each one oflevel. Another Windows XP service
them. Unattended installation is madeincluded out of the box is faxed support
possible through a tool called the Setup.This practically will meet most users
Manager which links to the fileaverage day to day tasks of receiving
unattend.txt which makes it possibleand sending faxes. Fax support of course
answer all the questions which Win XP isis not installed by default and the user
going to ask us during the process ofhas to install it through and remove
installation. A simple way to implementwindows components. As soon as you
this is to drop all the requiredinstall facts aboard Windows XP creates
information for setup in thea virtual printer through which it will
unattend.txt and drop this file in asend it to your faxes.
floppy disk during the installationYou can even have your terminal receive
process or script this file inside iffaxes through a virtual printer. Setting
you are setting up through an image.up fax services is pretty easy for the
There is one drawback to this since theaverage user to configure. It does
each computer requires some uniquerequire a telephone number and other
information like computer name and IPinformation. You can even set it up to
addresses. This can be handled through aauto print faxes or choose how you would
UDF file which is the unique databaselike to be alerted. One of the
file. IP addresses on the other hand candirections most new hardware is trying
be handled through DHCP and otherto move this towards using USB and
processes. If you are booting off anfirewire (IEEE 1394) ports. These are
image, this can be achieved by scriptingplug and play hot swappable devices
the winnt32 file. The command linewhich you can connect and disconnect
should read like this winnt32 /s: sourcewithout having to install any drivers.
path /u: unattend.txt /udf: udf path.One of the features of USB is that you
However, if booting of a CD then thiscan target USB root hub through device
file should be placed inside the floppymanager to allocate power to each hub.
disk with the name winnt.sif. ThisAnother way to get out of this power
feature is again hidden inside the Windrain is to use a self powered external
XP and can be accessed through thehub which draws its power externally to
SUPPORT/TOOLS/ path and then byfunction. You can even take a look at
extracting the deploy.cab file. Thisthe universal host controller in device
file had to be extracted and will thenmanager under the USB drop down menu to
reveal all the tools you require tosee the amount of bandwidth taken by
deploy and unattended installation ofeach controller.
Win XP. There are also three veryMobile Computer Hardware:
helpful reference files inside thisWindows XP has a pretty good mobile
folder which give you a lot ofhardware support. As more and more users
information of using these tools. Theswitch from desktops to laptops
setup manager tool a GUI tool whichMicrosoft has increased its support and
guides you through setting up thecapabilities towards mobile hardware.
process of creating the uanttend.txt andOne of the most important features is
the unique database file. It follows theincluded support for ACPI which saves a
simple procedure of asking questionslot of battery power on laptop machines.
starting from the organization and userApplications can also request no power
name, Win XP key (This is the mostsaving incase of server machine where
important feature and has to enteredapplications need to keep running
correctly otherwise the installationconstantly. Dynamic docking and
would not take place), workspace orundocking creates separate profiles for
domain settings, regional and internetdocked and undocked mode. ACPI gives the
settings, language and time zonecapabilities of power management through
settings, computer names and evenpower options available in control
external commands to start up otherpanel. Power management facilities give
installations for e.g. installingus the flexibility to maintain different
Microsoft office after Win XP install.power settings incase of desktops and
This setup manager also gives us thelaptops. Also it even creates different
options of several types of install likesettings when the laptop is in docked
GUI installation, read only installationmode and running on AC power and when in
(user can see everything but cannotundocked mode and using battery juice.
change anything) and others. You do notOne of the power saving modes is the
have to create this unattned.txt filehibernation mode where the computer
from scratch for each terminal and candumps its memory on the hard drive and
modify this file as per your needs forshuts itself off and when you start it
every other user. However this doesagain it reloads its RAM from the hard
become extremely cumbersome for largedrive. An easier way for an average user
environments and the headache ofare built in power schemes given by
creating a unattned.txt file for eachMicrosoft that help you mange your power
user in a larger corporate working area.settings better to get the maximum time
Microsoft does have its answer to thatout of your laptop. Windows XP also
which is called the sysprep tool or thegives you the flexibility to set up UPS
system preparation tool which gives usand adjust hibernation. In order to
the ability to roll out clones ofbring your computer to hibernate mode
operating systems on each machine. Thisinitiate a shit down sequence and then
does give the network administrator thewhen the window pops up hold down the
ability to somewhat use a cookie cuttershift key to change the standby option
style to roll out machines withto hibernate. Hibernate is much bigger
preinstalled applications and operatingpower saver then standby, since standby
systems customized before the massstill consumes a lot of power. You do
installation procedure. The problemneed to log back on to the system after
however can arise in the securityhibernation. Windows also has wireless
identifiers (SID) that Microsoft uses tosupport for Windows XP through Bluetooth
identify each machine and unique to that(802.11b) and Infrared technology built
machine. You can use cloning tools toin to the operating system. Windows XP
roll out these clones but you still havecan detect and connect automatically to
to use sysprep to authenticate support.wireless networks using either an access
Microsoft's strips those SID's out andpoint or an ad hoc ability (ad hoc
repacks them so when the user sits downability connects multiple computers to
on the brand new machine he has to entereach other without having to connect to
some information for the machine to getan access point).
going. The applications are installed inStorage Devices:
the background though, but itsWindows XP hard disk support comes in
Microsoft's way of making sure that eachtwo different flavors. The first one is
machine has a unique SID afterthe old style know as basic disks which
installation. Administrators are advisedinclude four primary partitions or three
to run the latest third party cloningextended partitions and one extended
facilities to achieve the optimumpartition. Microsoft has now implemented
results and then use sysprep to repacka new strategy know as volumes disks.
the machine as a brand new one for theYou can have up to 200 volumes per
SID's to work safely and in accordancedriver, however Microsoft does recommend
to Microsoft. However you have to beyou to not go this high and has set a
extremely careful before rolling outlimit of at most 32 volumes per drive.
clones since they are very hardwareIf you plan to multiboot using this
specific, so your terminals should havedrive dynamic disks and dynamic volumes
identical HAL's, mass storage deviceare only usable by Windows XP and Widows
controllers and ACPI support. VAR's2000. Applications don't really have an
(Value added resellers) should use theissue with dynamic disks. One drawback
-factory mode switch to install andis that laptop computer and removable
reconfigure the machine as per accordingstorage cannot have dynamic disks since
to their requirements. This is alsothis is really used when there are
known as the audit mode and the machinemultiple drives. You cannot mix dynamic
can resealed after this by runningand basic disks on one drive. On basic
sysprep again with a -reseal switch.disk you can primary and extended
This can also be done automaticallypartitions only and you cannot create
using the file WINBOM.INI.fault-tolerance volumes or even span
Remote Installation Services:drives. Dynamic disks have this ability.
A remote Installation service gives usThe first step is a simple volume which
the power to install Win XP over thecan be NTFS, FAT or FAT32. The next step
network. Microsoft uses a PXE (Prebootabove this is a spanned volume used in a
Execution environment) to achieve thiscase of multiple hard drives where you
and the setback is that you're networkcan add more space to hard drive without
card should be PXE certified. However,adding another drive letter. Simple
Microsoft also gives some hope to somevolumes can be extended to create
left behind by giving us the option ofspanned volumes but the kicker is that
using boot disks for people who do notyou cannot extend a system or boot
have PXE certified network cards but,volumes. The third case is a striped
there always is setback and this timevolume which is written on both drives
it's that this feature is supported bywhich doubles your throughput on both
only very specific network cards.drives. This in turn increases
Unfortunately, if you're network cardperformance and also doubles your
does not belong to any one of thesethroughput on reading and writing. You
classes you are out of luck and cannotcan access these management tools by
use this feature. The basic way to setupright clicking on My Computers and then
is to connect to a RIS sever (Remoteselecting manage and choosing Disk
Installation server). Once you aremanagement in the computer management
connected to the RIS server there arewindow. It is very simple to convert a
three ways to connect and install Windisk to a dynamic disk, the process
XP. The first one is a simpleinvolves right clicking on the disk icon
installation where you download and runitself on the left most side and
an image of Win XP CD. The secondchoosing convert to dynamic disk. This
process is a scripted installation byrenders it unusable by other operating
creating an answer file and achieving ansystems since the partition table is
unattended installation. The final andrewritten. You can extend a simple
the most powerful is the System imagevolume by just right clicking and
which uses a tool RIPrep (Remotechoosing extend volume and choose the
Installation Preparation tool). Thisdesired size you would like to extend
allows us to create an image with allthe volume to. Converting an existing
the customized applications installed onbasic setup to dynamic setup requires at
them and then transfer that image to allleast 1MB of unpartitioned space but
the required machines. RIS requires anvice versa is only possible through
active directory environment withreformat. For users updating their
integrated DNS built it. The RIS serversystem from other legacy system you need
must be setup in the active directory.to use FTONLINE to bring your data
Most administrators would dedicate aonline mount it and then wipe out your
separate sever for this process.drives and bring your data back to the
Microsoft also states that the RISdrives. It is not a long term solution
partition should a separate one andfor storage. There are also other
should not a boot or system partition,removable storage media like CD's
so you would have to throw in a sparefloppies and USB hard drives. Windows XP
hard drive and drop this image on it.has full support for burning CD's
Also, the partition must be an NTFS. RISincluded into the operating system.
installation utility and RIS preparationHowever, it's not as advanced as other
utility will allow you to put thethird party applications.
different images on the server. TheFile Systems:
process then requires the Win XP CD andAs a network administrator you need to
copies the I386 directory on the serverknow the kinds of file systems that are
and you can then choose to scriptedsupported by Windows XP. NTFS is the new
installs or simple installs after that.file system which has a lot more
The RIS uses single instance storagecapabilities incorporated into it. The
which means that it stores only one copyFAT file system is the universal file
of each file when you upload differentsystem, which has a lot of limitations
images on the server. This result's inwhich were overcome by FAT32. One of
saving a lot of space on the server asthe biggest drawbacks was the cluster
well but this makes another reason thesize in FAT, so for e.g. the bigger your
put this on a dedicated server and oncedrives got the bigger the cluster became
all this configured you can put accessso for a 1K file you would've used a 32K
levels on the images to allow userscluster and ended up wasting 31K space.
restricted access so that they cannotThis becomes a considerable waste when
install any image they like. End usersthinking in terms of gigabytes. FAT32
will boot from the network and boot fromovercame this problem by introducing a
the PXE network card or PXE floppy disk4K cluster, but still has a lot of
and it asks them to log on andlimitations. NTFS has a lot of new
authenticate themselves to the domainfeatures like compression, encryption
server and then give them choices ofand permissions. Users still using FAT
installation images. In a multi-domainor FAT32 systems on Windows XP can
environment the administrators will beconvert to NTFS by running a command
required to set up these RIS servers onfrom the prompt known as convert
each domain. Similar drawbacks exist on[driverletter]: /fs:ntfs. However, you
hardware compatibility. There arecannot convert back to FAT or FAT32. In
limited allowable differences ina case when you convert your boot drive
hardware on the machines but the HAL'sit will convert on reboot. A backup is
must be identical and as well the hardrecommended to prevent data loss before
drives should be equal or larger inrunning this command. In a case you have
size. PXE book disks will work only onalready started the process and haven't
limited NIC cards so laptop users withbacked up your data you can jump into
PCMCIA are out of luck. Also remoteregistry editor using the regedit
installation can only be done on Ccommand and look up inside
drives and segregations on drives don'tHKEY_LOCAL_MACHINE - system -
allow the service to work.CurrentControlSet - Control - Session
Installation Troubleshooting:Manager.
Troubleshooting is always an enemy anInside here you will see boot execute.
administrator has had to face during hisWhen you run this you will see the
work. Even though Win XP is a quiteconversion process listed there and you
sturdy operating system, there is acan delete it to stop the conversion
slight chance that you will run intoprocess. There are also other file
problems during installation. The firstsystems maintenance tasks which most
step would be to check the hardwareadministrators like to do whenever they
compatibility and hardware health. Mostfind time for e.g. disk defragmentation.
the time the problems I have encounteredThe new feature in Windows XP is that
on Win XP have been due to bad hardware.you can schedule this defragmentation
There is no guarantee that devices onvia the command line. Disk cleanup is
Windows 2000 will work on Windows XP. Aalso a pretty safe way that deletes
first step is to install Windows XP withcache files and other temp files stored
minimum hardware and then drop in extraon your computer. It even tells you of
hardware components after the install.files which you haven't used in a long
That will allow you to isolate the badtime.
or incompatible piece of hardware. YouNTFS:
can also access the Microsoft's websiteNTFS clearly has a lot of benefits
access the hardware compatibilitycompared to others like FAT and FAT32.
listing. You should also check if theNTFS is the default choice when you
BIOS is ACPI compatible as describedstart from scratch. However, one
earlier.difference is that formatting NTFS will
User Accounts:set file security during installation
Windows XP requires user accounts towhich you do not get when you convert
operate on it. It is based on thefrom FAT or FAT32. This can be securing
Windows NT kernel formula. Every user onaccess from critical system files which
Windows XP needs a user account. A bigwas not present in FAT and FAT32.
advantage of having user accounts is toMicrosoft has introduced the quick
be able to customize Win XP according toformat option during setup process. NTFS
your environment. Windows XP can operatealso introduces file and directory
in a workgroup environment or an activesecurity settings which are very helpful
directory domain. Windows XP alsoin corporate environments. IT also gives
provides us with built in user accounts.us the abilities of quotas, compression
The most powerful of all is theand encryption. By default if the user
administrator account and time and timeis not in a domain environment then the
again it has been said to not do day tosharing and NTFS permissions are
day tasks logged on as thecombined into one. Simple file sharing
administrator. The control machine inis turned on in the tools folder option
this case is at a serious threat sincewhich disables the security tab from the
the only user account present on thisproperties of a folder or a file. This
machine is the administrator account andcan be turned back on by just disabling
is not password protected. This issimple file sharing. Windows XP creates
serious threat since this user hasa My documents and Shared Documents
complete control for e.g. format a drivefolder. You can make you My Documents
even by accident. The other account isfolder private and even when you place a
the guest account which is open forpassword on your user account then
users to access the machine but notWindows asks you to privatize your
giving it the power to corrupt or messentire files and folders. Shared
with the installed programs. A workgroupDocuments enables multiple users to
environment is good for a smallshare documents with each other.
corporate network but the biggestHowever, in a workgroup setting you can
drawback is the each terminal shouldonly make folder private in your user
have a user account for that user onaccount. In order to disable this option
that machine, since Windows XPyou as an administrator need to turn off
authenticates user accounts. However,simple file sharing. In a domain
domain environment has a central storageenvironment this is turned off by
of all accounts which reduces overheaddefault and security tab is available.
and makes it easy to add new accountsPermissions granted to a user always add
and terminals. In a domain environmentup as most permissible but deny always
if there is one user account, you canoverrides other permissions. There is
use that account to log on to anyalso inheritance which trickles down to
machine in the local domain. Userthe file level which means that file
accounts in a workgroup can bepermissions override the folder
maintained through user accounts in thepermissions. However, you can always
control panel. By default user accountsblock inheritance and override a lower
in Windows XP does not need a passwordlevel permission with the higher one.
but the administrator can change theseWindows XP has also added a feature to
default settings. Microsoft has alsoview effective permissions on a file.
installed a feature known as "preventThese can be accessed through the
forgotten password" where through theeffective permissions tab available in
administrator account you can create athe security tab of a file or folder and
floppy disk with your password stored onby clicking the advanced tab. You can
it for recovery. However, this floppyselect the user or the group you want to
disk should be safeguarded, since it canview permissions on. NTFS utilizes the
be a security loop hole to the entireconcept of ownership of file where the
network. In a domain environment youowner always has full control of the
must log on as a member of thefile they created; even after they are
administrator's group to create andlocked out they can take ownership of
delete user accounts. However, in athe file and give themselves access to
domain environment you have to addit. Administrator can take ownership of
domain users to the local group to grantany file available in the system, but so
them access to the machines in thatthat this cannot be abused they cannot
group using that user account. Thegive ownership to someone else, they
concept is a little different, sincesure can give them permissions to view
domain user accounts should be grantedand modify but not ownership. This is a
access to a local group and are thenkey concept of recovering files when a
able to log on to any machine in thatuser has left the company or has been
group using that domain account, whereaslocked out from his files. Taking
each computer in a domain environmentownership is very easy, head to the
can also have local user accountssecurity tab and click advanced tab and
specific to that machine and onlychoose the owner tab and then you can
accessible through it.add yourself back. Then you can go ahead
Group Accounts:and add yourself back into the file
Groups are a boon to an administrator inpermissions to give you back full
settings permissions. This allows us tocontrol. NTFS also gives us the ability
take users and combine them to manageto compress files on a case by case
resources. Local groups allow us to setbasis. Compression and decompression
permissions to a group and have ithappen automatically. Compressing
trickle down on to the members of thatfolders will also compress files and
group, local groups existing on eachadding new files to it will also keep
machine that give us this ability.the new files compressed. Windows XP
Windows XP also gives us some built indoes highlight them with different color
groups like the administrator's groupto mark them as compressed. Encryption
and the users group. Local groupsand compression do not mix well in
however have authority on that localWindows XP. You can access encryption
machine. Microsoft's management consoleand compression through the properties
allows us to create, delete and manageand advanced tab and choosing between
groups. A user can be a member ofcompression and encryption. Microsoft
multiple groups so that allows the useruses the EFS (Encrypting File Systems)
to have a combination of mostfor safeguarding files and folders.
permissible abilities. However, denyEncrypting a folder will encrypt all
always overrides an allow so if a userfiles inside the folder as well. The key
is denied a permission in one group thatis encryption is stronger than
overrides that permission in all hispermissions because the data gets
member groups. There are several builtscrambled using certificates. This means
in groups like administrator's, backupthat user who owns that certificates can
operators, guest, network configuration,only access that data. There is no
power users, remote desktop users andlonger the security hole where encrypted
help users group. The name pretty muchfile transfer was not possible and data
defines most of these groups. Most ofhad to be decrypted for the other user
the members belong to the power usersto read it. Now when you give access to
group which gives them the opportunitysomebody else for your encrypted files
to install applications and do day tohe/she gets a copy of the certificate to
day tasks. However there are somedecrypt those files. One drawback is
restrictions placed on this group forthat if you move files into an already
e.g. they cannot access other user'sencrypted folder it will not be
files and cannot format hard drives orencrypted, however the ones created will
change user group settings and otherbe. You can give access to another user
user's accounts. There are also someof your encrypted file by adding them
system groups which are used by Windowsthrough the details tab available
XP itself to perform certain tasks. Thethrough the properties and advanced
operating system handles these groupstabs. The catch is that the user
and you do not need to manage theseshould've have encrypted a file at least
groups. One such group is the "everyoneonce to have a certificate available on
group" which explains itself of how itthe computer. This is needed by Windows
includes everyone. If you want to giveXP since the first time you encrypt a
wide open access to computer you canfile it issues you an encryption
grant a user as a member of thecertificate. In a domain environment you
"everyone group". However, this doesmust trust the server for delegation in
include anonymous access so a userorder to encrypt files on the server.
cannot log on using anonymous access.You can also use WebDAV for providing
There are also other system groups likesecure transport and storage to avoid
authenticated users which have to provedtrust for delegation.
themselves worthy to log on to theEFS Recovery:
system and creator/owner groups. ThereRecovering encrypted data can be made
are also network and interactive groupspossible since Microsoft's introduction
which differentiate on the basis of yourof the DRA or the data recovery agent.
location. Network group classifies usersThis utilizes a special key which is
who log on using a network whereastagged on to every file encrypted. In a
interactive users are users who actuallydomain setting the administrator is
sit down at the machine to log on.defaulted as the being the data recovery
Creating and managing user groups can beagent so there is always a back door for
achieved through the Microsoftrecovering encrypted files. In a
management console. This saves a lot ofworkgroup environment there is no
headache at the domain level since thedefault data recovery agent, so you need
domain administrator can create a domainto create a data recovery agent. The key
level group in the domain environment.is to create a DRA before any files get
The local administrator can then addencrypted, since you won't be able to
that domain level group into the localrecover files which were encrypted
machine group he just created and thisbefore that. The first things you need
gives the members of that groupto do are access your security policies
immediate access to that machine.by heading into the local security
Logging onto Windows:policies and then into public key
Logging on Windows XP is different frompolicies which will show you encrypting
a workgroup to a domain environment.file systems. Making a DRA is a little
Microsoft has finally stepped away fromtricky to begin with. Start by running
the Ctrl+Alt+Del key combination to logthe command prompt and running the
onto to Windows. In a workgroupcipher command as follows cipher
environment the user is greeted with ar:[filename]. This command will create
welcome screen, however the old styleyour two recovery certificates, one is
log on can be made compulsory in apublic key (.cer) and the other is
workgroup environment by theprivate one (.pfx). It also asks you for
administrator. In a domain environmenta password to open your private keys.
the Ctrl+Alt+Del screen in the defaultOnce done you then right click on the
and you cannot get away without it. In aencrypting file systems in the local
workgroup setting you can disable thesecurity policy and add a new DRA and
welcome screen but this also switchesthen browse to the recover file you just
off the fast user switching option. Fastcreated and add that. Now, when any user
user switching is available only in aencrypts a file you will be listed as a
workgroup setting targeted towards adata recovery agent. You can also reset
home environment. This enables multiplepassword for another user if he or she
users to run their sessions on the sameforgets it but this trashes that user's
terminal without closing the othercertificate, so he/she will not be able
person's session or let a user log onto access files which were encrypted
without logging another user off. Thiswith the previous certificate before.
uses terminal services made available toThis is where the DRA comes as a savior.
us by Microsoft. There is at least aIn order to disable EFS you need to
128MB memory requirement needed forcompletely remove the encryption policy,
using this service. You can use fastit doesn't just go away by removing the
user switching by using the Windows keyDRA. Disabling EFS is through accessing
+ L, but you require the welcome screenthe encrypting file systems menu in the
switched on for this. You can also seelocal security policies and right
what accounts are currently logged on byclicking to go to all tasks and then
using the task manager and switching toselecting delete policy. However,
the users tab which will show you allturning off EFS is not quite that easy
the current users logged on and it showin a workgroup environment. You can find
which user is currently active and whichmore details about in recently published
are disconnected. Troubleshooting userMicrosoft's documents.
accounts can be a simple task. Be sureNetworking Setup and Troubleshooting:
to check if passwords are correct andWindows XP is very powerful operating
caps lock is not turned on and also ifsystem which includes a lot of features
your account has not been disabled. Youwhen it comes to networking. Windows XP
can also turn on the guest account as ais multi protocol ready and uses NWLink
last resort to have limited access. Thiswhich is easily configured for simple
can be a security loop hole so mostfile sharing. However, it also supports
administrators avoid it. In a domainthe universal TCP/IP protocol. The
environment XP caches user log onadvantages are numerous and even a
information so you as an administratorworking copy to new IPv6 protocol for
can turn on a feature which prevents aall you network wizards to play around
user from logging on if the domainwith. NetBEUI support is not longer
controller is down. You can prevent thisavailable as a standard but as a hidden
by accessing the security policies fromadd-on on the disk. Windows XP also
the administrative tools from thegives us the ability to bridge different
control panel. This gives you an optionmedia types. The network connection box
of changing the number of cached logon'sshows you one entry for each network
to zero which will prevent a user fromconnection available on your computer.
logging on if the domain controller isBridging them can be very easy by just
down. Changes such as this require theselecting them all and right-clicking to
user to be a member of theselect bridge connections. You can
administrative group and also theseinstall other protocols like NetBEUI by
security policies can be overridden byclicking install and then by choosing
policies set on the domain level."have disk" and browsing through the
User Profiles:disk to install it. Windows XP has
User profiles in Windows XP give theintroduced an alternate configuration on
user the power to maintain his/her ownTCP/IP settings where it kicks into the
settings for each user. This is just aalternate configuration if the primary
group of files personal to that user andone is not obtained. This can be used to
HKCU portion of the registry. All thestore two different connection settings
user profiles and the default profilesfor home and office for your laptop or
are found in the folder Documents andin another applied scenario. Networking
Settings. However this is only in a casewith Windows XP is not without its
of a clean install of Windows XP, butpitfalls. Networking troubleshooting in
when we upgrade from Windows NT the userWindows XP begins at a basic level where
profiles are found in the system rootthe first thing the administrator should
directory. Profiles are specific to eachdo is look if the cable is plugged in
machine, so if a user has an account onand the lights are blinking. You can
ten different machines his user profilethen go ahead and type the net config
on each machine will and local andredirector command which displays the
different. This exception in this caseentire current network configuration on
can be a roaming user profile where theyour computer. You can even repair a
user roams around from one terminal toconnection by right clicking on the
another. In this case the user can logconnection you want to fix and Windows
on to any machine and his user profileXP then runs a lot of commands behind
is downloaded at the terminal he sitsthe hood to fix that connection. If this
down on and he can make changes to hisstill doesn't work you can then use the
her profile and when he logs off thosecommand "nets hint ip reset [logfile]".
changes are saved on to the activeIn essence this tears the stack down all
directory. In order to set up this userthe way the base and rebuilds that TCP
profile the administrator must create aIP connection or in other words
user account and put a UNC (Universalreinstalling the connection. You can
naming convention for e.g.access the advanced settings by clicking
domainnamefoldername%username%) tab inadvanced tab and then choosing advanced
the profile tab of the user in thesettings which shows you the bindings on
active directory. However, the trick isthat computer. Another command used is
to give proper permissions to directoryIPCONFIG with flags like /all, /renew,
where the user profiles are saved influshdns and /registerdns. Other simple
order for the user to access his/hercommands used are PING command for
profile; otherwise the user will receivepinging IP addresses, TRACERT for
a default profile. This profile is alsotracing IP addresses, NBTSTAT -R to
cached locally incase the roamingempty and reload name cache, NETSTAT for
profile is not available or the profileshowing all the incoming and outgoing
server goes down the user can still logactive connections and NETSTAT - R which
on using the locally stored profile.shows you the routing table.
However, incase the user logs ontoREAD 'Pt 2' for more details.



1 A B C 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105