Utilize Windows XP

This e-book is a collection of articles that were originally published on www.utilizewindows.com.
As we update articles on our site, we will also update this e-book. Check our site for the latest version of this e-book on www.utilizewindows.com/e-books This e-book is published under Creative Commons AttributionNonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0 We offer free quizzes which you can use to test your knowledge about Windows operating systems. You can find them here: www.utilizewindows.com/quizzes If you have a comment or if you would like to report some error, please use our contact form: www.utilizewindows.com/contact-us If you would like to support us, you can take action (www.utilizewindows.com/support-us) or you can donate (https://flattr.com/thing/710994)
CONTENTS BASICS ......................................................................................................................................................................1 INTRODUCTION TO WINDOWS XP ............................................................................................................................... 1 USER INTERFACE IN XP ............................................................................................................................................. 3 MICROSOFT MANAGEMENT CONSOLE (MMC) IN WINDOWS XP ..................................................................................... 8 GROUP POLICY IN WINDOWS XP .............................................................................................................................. 12 REGIONAL AND LANGUAGE OPTIONS IN XP................................................................................................................. 16 USERS AND GROUPS ..............................................................................................................................................18 MANAGE USERS IN XP............................................................................................................................................ 18 GROUP MANAGEMENT IN XP .................................................................................................................................. 26 MANAGE USER PROFILES IN XP ................................................................................................................................ 34 USER RIGHTS AND GROUP POLICY IN XP .................................................................................................................... 41 HARDWARE ............................................................................................................................................................44 DEVICES IN XP ...................................................................................................................................................... 44 QUALITY OF DRIVERS IN XP ..................................................................................................................................... 48 POWER OPTIONS IN XP .......................................................................................................................................... 52 HARDWARE PROFILES IN XP..................................................................................................................................... 57 NETWORKING ........................................................................................................................................................62 MANAGE NETWORK COMPONENTS IN XP .................................................................................................................. 62 TCP/IP SETTINGS IN XP ......................................................................................................................................... 67 CONFIGURE DNS IN XP .......................................................................................................................................... 76 CONFIGURE DIAL-UP AND DIRECT CONNECTION IN XP .................................................................................................. 82 CONFIGURE VPN IN XP .......................................................................................................................................... 90 CONFIGURE ICS IN XP ............................................................................................................................................ 94 REMOTE ASSISTANCE IN XP ................................................................................................................................... 106 REMOTE DESKTOP IN XP ....................................................................................................................................... 117 FILES AND FOLDERS .............................................................................................................................................133 FILE COMPRESSION IN XP ...................................................................................................................................... 133 ENCRYPTION IN XP............................................................................................................................................... 138 DISK QUOTAS IN XP ............................................................................................................................................. 143 CONFIGURE NTFS PERMISSIONS IN XP .................................................................................................................... 151 SHARE FOLDERS IN XP .......................................................................................................................................... 180 OFFLINE FILES IN XP ............................................................................................................................................. 204 IIS IN XP ............................................................................................................................................................ 213 FILES SYSTEM .......................................................................................................................................................225 CONVERT FILE SYSTEM IN XP ................................................................................................................................. 225 MANAGE HARD DISKS IN XP .................................................................................................................................. 230 MOUNT A VOLUME IN XP ..................................................................................................................................... 245 MULTIPLE OPERATING SYSTEMS AND XP .................................................................................................................. 250 PRINTERS ..............................................................................................................................................................252 INSTALL PRINTER IN XP ......................................................................................................................................... 252 PRINT MANAGEMENT IN XP .................................................................................................................................. 263 ADVANCED PRINTER CONFIGURATION IN XP ............................................................................................................. 281 REPLACE PRINT DEVICE IN XP ................................................................................................................................ 290
ENABLE FAX SERVICES IN XP .................................................................................................................................. 293 SEND A FAX IN XP ................................................................................................................................................ 298 OPTIMIZATION .....................................................................................................................................................303 TASK MANAGER IN XP .......................................................................................................................................... 303 OPTIMIZE DISKS IN XP .......................................................................................................................................... 309 PAGING FILE IN XP ............................................................................................................................................... 314 BACKUP TOOL IN XP ............................................................................................................................................ 316 RECOVER WINDOWS XP ....................................................................................................................................... 324 SECURITY ..............................................................................................................................................................328 CONFIGURE AUDITING IN XP.................................................................................................................................. 328 SECURITY TEMPLATES IN XP................................................................................................................................... 336 INTERNET EXPLORER SECURITY IN XP ....................................................................................................................... 341 INSTALLATION ......................................................................................................................................................348 PREPARATION FOR WINDOWS XP INSTALLATION ....................................................................................................... 348 HOW TO UPGRADE FROM OLDER SYSTEM TO WINDOWS XP ....................................................................................... 350 PREREQUISITES FOR NETWORK INSTALLATION OF WINDOWS XP ................................................................................... 354 CREATE AN ANSWER FILE IN SETUP MANAGER .......................................................................................................... 356 TYPICAL WINDOWS XP INSTALLATION PROBLEMS ...................................................................................................... 360
Utilize Windows XP Basics
Basics Introduction to Windows XP

Parent Category: XP Category: Basics
XP is quite different from any OS that has come before. To understand why XP works so differently we need to understand the state from which it emerged.
Before you start

Objectives: introduction to Windows operating systems. Learn about Windows versions and technologies they were built on. Learn about new XP features, editions and system requirements. Prerequisites: no prerequisites. Key terms: history of Windows, DOS and NT, XP editions, new features in XP, minimum system requirements.
History of Windows
Microsoft sold the first PC operating system to IBM in 1981. It was called DOS and it had no user interface (working in command line). First version of Windows shipped in 1985, and it was called Windows 1.0. It was very slow and unstable. Breathtaking Windows 2.0 shipped in late 1987. It let you overlap windows (place one windows on top of another). Windows 2.1 (also known as Windows 286) shipped in 1988. It came on a single diskette. Windows 3.0 arrived in 1990, and the computer industry changed forever. Windows 3.1 arrived in 1992, and it rapidly became the most widely used operating system. Windows 3.x was built on MS-DOS, and that caused all sorts of headaches. DOS simply wasn't stable enough to make Windows solid operating system. They knew all that in Microsoft, so in 1988 they decided to build a new version of Windows from scratch. In 1993 Windows NT (New Technology) 3.1 was shipped, but it was also unstable. Because of bad reactions to NT edition Microsoft decided to further develop Windows based on DOS/Windows 3.1, and on the other side to work on NT versions of Windows. Versions of Windows based on DOS are:
95, shipped in 1995 98, shipped in 1998 ME, shipped in 2000 NT editions:
NT 3.5, shipped in 1994 NT 4.0, shipped in 1996 2000, shipped in 2000 Microsoft patiently waited while sales on the NT side gradually picked up. When that happened, Microsoft shipped XP (XP stands for eXPerience). XP is 100% based on NT. Microsoft took a lot of effort to make XP look like Windows ME, but beneath the facade, XP is based on Windows NT/2000.
About Windows XP
XP is an operating system developed by Microsoft and it was released in 2001. It is build on NT kernel, which is known for its improved stability and efficiency over the 9x versions of Microsoft Windows. Windows XP comes in 6 editions:

Home (for home users) Professional (for power and business users) Media Center (additional multimedia features) Tablet PC (designed to run stylus applications) 64-Bit (designed to run on Intel Itanium processors) Professional x64 (supports the x86-64 extensions of Intel IA-32 architecture) XP has a significantly redesigned graphical user interface which is now more user friendly. It is the first version of Windows which uses product activation to fight illegal copying. XP is available in many languages, and in addition to that, Language Interface Packs translating the user interface are also available in certain languages.
New Features
Among other things, Windows XP introduced:
Faster start-up and hibernation sequences, fast user switching Enhanced device driver verification (driver signing), ability to discard newer device driver in favor of the previous one (driver rollback) Code enhancements (better protection for code, less likely-hood that somebody can come in and tamper with key system files), and Windows File Protection which, together with file signings, discovers modified system files Encrypted File System (EFS) which enables us to encrypt files on our hard drive IP Security (IPSec) enables us to encrypt data sent over computer networks Clear type font rendering mechanism (improved readability on LCD monitors) Built in support for CD-RW Hot docking support (great for Laptop users who use Docking stations) Remote Desktop support which enables us to control other computer over network using RDP protocol Remote Assistance support Enhanced Wireless network communication software (in tune with wireless standards) Windows Messaging services Internet Connection Sharing (ICS) which enables us to share one Internet connection with multiple computers Embedded firewall (Internet Connection Firewall - ICF) which enables us to protect our Local Area Network Improved deployment tools for Windows XP itself, and also for software packages. Sounds great, doesn't it? But the truth is that XP has been strongly criticized for its vulnerability to malware, viruses, trojan horses, and worms. Windows, with its large market share, has always been a tempting target for virus creators. Security holes are often invisible until they are exploited, making preemptive action difficult. Microsoft recommends that all systems have automatic updates turned on to prevent a system from being attacked by an unpatched bug.
System Requirements
Recommended system requirements for running Windows XP:
o o o
Processor: 300MHz or higher Memory: 128MB RAM or higher Hard drive disk free space: 1.5 GB or higher (additional 1.8 GB for Service Pack 2 and additional 900MB for Service Pack 3)
Remember
XP is based on NT. Two most important XP editions are Home and Professional. System requirements are: CPU 300MHz or higher, RAM 128MB RAM or higher.
User Interface in XP
Before we can manage and administer our operating system we should be familiar with some basic Windows terms. For example, you all probably know how to create a new user in Windows. But, what is a user account? Is it just a user name?
Before you start

Objectives: learn about user interface, common terms and expressions, appearance and functionality of certain interface elements. Prerequisites: installed Windows XP Key terms: Welcome screen, Desktop, Taskbar, Notification Tray, Start button, Start menu and Control Panel. Instruction on how to add Administrative Tools to the Start menu.
Common Terms
XP can store preferences for each person who uses a PC. Logging on to Windows is the process of telling Windows who you are, so Windows knows which preferences to load. Having different users on one PC also enables us to secure sensitive or personal data. When we turn on our computer, Windows XP will start up, and the Welcome screen will appear, asking us to log on.
Welcome Screen
Default Welcome screen looks like this:
Image 70.1 - Welcome Screen
When the Welcome Screen appears we must select our user name. If we have a password protected account, we must provide our password (to have a password is highly recommended). If everything is OK, our user

preferences will load, and our personal Windows Desktop will appear. We can also set up automatic Log On with any user name and password.
Desktop
The screen that Windows shows us every time we start our computer is called the desktop. It is the main workspace in Windows XP, and everything we do in Windows starts from Desktop. With fresh Windows XP Professional installation, Desktop looks like this:
Image 70.2 - Desktop
Taskbar
Windows taskbar shows us opened windows and computer programs which are currently running.
Image 70.3 - Taskbar
Notification Area (Tray)

Notification area (or tray) can show us status of some operation, or notify us about an event. For example, when we are printing something we see a small icon which shows us that print job is under way. Small window may pop up telling us that an update is available for Windows XP or some other installed application. Current time, volume control and anti-virus programs also appear in this area. While working with laptops, we can see power options, battery and wireless status icon in notification area.

Image 70.4 - Notification Area
Start Button
Start button gives us access to everything our computer can do.
Image 70.5 - Start Button
Start Menu
When we click the Start button, Start menu, which contains all links to our folders and applications, shows up.
Image 70.6 - Start Menu
Control Panel
On the Start menu there is a shortcut to Control Panel. When we click it, this window shows up (switched to Classic View):
Image 70.7 - Control Panel
In Control Panel there are bunch of tools that we can use to manage our operating system.
Display Settings
To check display settings in XP, we can right-click on the desktop and select Properties. This will open the Display Properties applet. We can also open Display Settings from the Control Panel.

Image 70.8 - Themes Tab
In the Themes tab we can choose a theme that Windows will use. In the Desktop tab we can change the background on the Desktop. Appearance tab enables us to change the style and color scheme and font size of Windows. In the Settings tab we can configure settings related to our monitor.
Image 70.9 - Settings Tab
Notice that in our case we have single monitor attached. Here we can change the screen resolution and the color quality.
Adding Administrative Tools to the Start Menu

Because we are administrators of Windows XP, we might want to add a shortcut for Administrative Tools to the Start Menu or to the All Programs menu to make them more accessible. To do that simply right-click the Start button and select Properties to open the Start Menu and Taskbar Properties window. Here click Customize to open the Customize Start Menu window. Go to the Advanced tab, in the "Start menu items" scroll box, navigate to the System Administrative Tools section. Choose the "Display on All Programs menu and Start menu" option and click OK to exit the window.
Remember
Logging on to Windows is the process of telling Windows who you are. We log on to Windows using the Welcome screen. The main workspace in Windows is called the Desktop. Taskbar shows us opened windows and computer programs. Notification area (or tray) will show us status of some operation, or notify us about an event. Start button gives us access to everything our computer can do. Start menu contains all links to our folders and applications. Control Panel contains bunch of tools that we can use to manage our operating system.
Microsoft Management Console (MMC) in Windows XP

Microsoft Management Console is available in Windows XP. First, let's take a look at available pre-configured MMCs that ship with our Windows XP. Later we will configure our custom Console.
Before you start

Objectives: learn about available pre-configured consoles, how to open and use pre-configured and also how to create custom Microsoft Management Consoles. Prerequisites: you have to know what is Microsoft Management Console. Key terms: microsoft management console, mmc, pre-configured console, computer management console, custom console
Pre-configured Console
Computer Management Console
Let's take a look at pre-configured MMC that ships with our Windows XP. Go to Administrative tools(in Control Panel, or your Start Menu or All Programs menu if you have created shortcut), and click on the Computer Management. The following window opens:
Image 118.1 - Computer Management MMC
Icons on the left group individual tasks. Each icon is a Snap-in that lets us work with related configuration values. For example, Event Viewer is a snap-in that we can use to view system messages. Disk Management is another snap-in that we can use to manage disks and volumes. When we select a snap-in from the left, panel on the right changes to show us actions that we can perform with that snap-in.

Image 118.2 - Event Viewer Snap-in
Pre-configured Consoles
Windows XP ships with a bunch of pre-configured consoles. We can launch them using Run menu (type in the name of the console and click OK). Available pre-configured consoles are:
Certificates - certmgr.msc Component Services - comexp.msc Computer Management - compmgmt.msc Device Manager - devmgmt.msc Disk Defragmenter - dfrg.msc Disk Management - diskmgmt.msc Event Viewer - eventvwr.msc Group Policy - gpedit.msc Indexing Service - ciadv.msc Local Security Settings - secpol.msc Local Users and Groups - lusrmgr.msc Performance - perfmon.msc Removable Storage - ntmsmgr.msc Removable Storage Operator Requests - ntmsoprq.msc Resultant Set of Policy - rsop.msc Services - services.msc Shared Folders - fsmgmt.msc Windows Management Infrastructure (WMI) - wmimgmt.msc The majority of the pre-configured XP consoles are set to work on the local machine by default, but if we have the appropriate permissions, consoles can be used to administer remote computers. We can right-click on Snap-in and select Connect (not every Snap-in supports this), and enter the name of the remote computer we want to manage (or select Browse if we don't know the name).
Custom Console
We can create our own consoles containing the snap-ins that we use the most. To do that, first we need to open MMC shell. Go to Start Menu, and then click on Run. In Run dialog, type in mmc and click OK.
Image 118.3 - Run dialog
The following window will open:
Image 118.4 - Empty MMC Console
Notice that this MMC is blank. It only contains Console Root object which we can rename as we like. Just rightclick it and click Rename. We can now add snap-ins. To do that, we must go to theFile menu and click on Add/Remove Snap-in, and then click Add... New window opens and now we can select which Snap-ins we want to see in our MMC (we can select multiple Snap-ins). After we are done selecting, we click on Close, and OK.
Image 118.5 - Adding MMC Snap-in
In our example we have added Performance Logs and Alerts snap-in. Our console now looks like this:
10
Image 118.6 - Custom MMC
To save this Snap-in, go to the File menu, and select Save. Notice the folder in which the new Snap-in will be saved (it's Administrative Tools). Write the name of your console, and click Save. Microsoft Management Consoles use the extension .msc which stands for Microsoft Common Console Document (MCCD). By default, files which use the .msc extension open with the application Microsoft Management Console (MMC). If we go back to Administrative tools in Control Panel, notice that we don't see our newly created console. But, if we create shortcut to Administrative Tools in our All Programs menu, we will see our custom Snap-in in Administrative Tools there.
Remember
Windows XP ships with a bunch of pre-configured consoles. We can launch them using Run menu (type in the name of the console and click OK). We can create our own consoles containing the snap-ins that we use the most. To do that, first we need to open MMC shell. Microsoft Management Consoles use the extension .msc which stands for Microsoft Common Console Document (MCCD).
11
Group Policy in Windows XP

It can be of great importance to know how to work with Group Policy console, especially if you often administer Windows systems. Lets take a look at local Group Policy in Windows XP.
Before you start

Objectives: learn how to open and navigate trough pre-defined Group Policy console. Prerequisites: you have to know what is Group Policy, and how to work in Microsoft Management Console. Key terms: run Group Policy, Console organization, example settings, gpedit.msc, software settings, windows settings, administrative templates, password policy, security options.
Local Group Policy Console

We will use the Start menu run command to open our Local Group Policy console. In Run menu, we can open Microsoft Management Console by typing in mmc, and then add the Group Policy Snap-in to our console. We can also open pre-defined Group Policy console by typing gpedit.mscin Run menu.
Image 138.1 - Run Group Policy
12
Image 138.2 - Group Policy
Console Organization
There are two major sections - Computer Configuration section, and User Configuration section. Computer Configuration section contains settings that are applied for the entire computer, and these settings are applied when the computer boots. User Configuration node contains settings that are applied only to users. If user settings are defined in AD, then they are independent of the computer on which the user logs on to. If settings are configured locally, settings are valid only for local users. User settings get applied at user log on. Under Computer Configuration, as well as under User Configuration, there are three categories of setting:
Software Settings are used to control the installation of software, and there are no local settings for this. This section can only be configured through AD. Windows Settings are used to set a wide range of system and startup values. Administrative Templates contain Registry-based policies. In each category there are additional objects that group related settings. If we look at Group Policy in AD, we will see more options than in Local Group Policy.
Example Settings
Lets take a look at some Group Policy settings on a local Windows XP workstation.
13
Image 138.3 - Password Policy
Image 138.4 - Security Options
Notice that when we make a selection on the left, the right part of the window shows us two columns. In the first column we see a descriptive Policy name, and in the second column we see current settings for our Policies. If our computer is on a domain, then the current settings are a combination of local settings and settings defined in AD.
14

To edit a setting, just click double on policy name and choose the appropriate setting.
Remember
We can open pre-defined Group Policy console by typing gpedit.msc in Run menu. There are two major sections in Group Policy console: Computer Configuration section and User Configuration section. Computer Configuration section contains settings that are applied for the entire computer. User Configuration node contains settings that are applied only to users. Software Settings are used to control the installation of software, and there are no local settings for this. Windows Settings are used to set a wide range of system and startup values. Administrative Templates contain Registry-based policies. Commands that are mentioned in this article
gpedit.msc - run pre-defined Group Policy console (enter in Start menu Run command).
15
Regional and Language Options in XP

Windows XP supports many languages and different regional settings. As we go to the Control Panel, we will find an icon for our Regional and Language settings.
Before you start

Objectives: find out where can you configure regional and language options in XP. Prerequisites: no prerequisites. Key terms: language, regional, keyboard, format, display
Regional Options
In previous versions of Windows, in order to move between various languages, we had to install separate packages. Windows XP now allows us to navigate quickly and easily and select which language options we would like to use. As we go in to the Regional and Language options in Control Panel, we will notice that we have three tabs of information. First, we have Regional options, then Language options, and then Advanced options.
Image 190.1 - Regional Options
In Regional Options we can define how we want to represent our numbers, currency, time and date. For example, in United States a common format for representing the date is: mm/dd/yyyy. In Europe a common format for dates is: dd/mm/yyyy. The same thing is for our currencies. In United States we use commas (1,000 = one thousand),
16

and in Europe we use decimals to separate thousands (1.000 = one thousand). In addition to having the number settings, we also have the ability of setting up our location. Our location is used by programs such as Internet Explorer. This is handy for getting news, weather, etc.
Language Settings
In Language settings we have the ability of selecting a bunch of different languages, as well as Keyboard layouts. This becomes very handy when we are using our Word processing applications. For example, if we need to create a document in different languages, we can hot-key between various language inputs. This means that by using our keyboard, we can quickly switch between letters that we will be typing in and in which format.
Image 190.2 - Language Options
We can also choose to have different keyboard layout. We can have the standard QWERTY keyboard or we can use, for instance, Dvorak keyboard. Dvorak keyboard has different key layout and it is optimized for efficiency. We have also additional language support for countries that use right-to-left writing, and we can also add support for east Asiatic languages. Advanced language options are intended for non-Unicode programs. Windows can ship in Localized version or in Multi-language version. In both versions we can change date, time, measurement display, create, view, and edit documents in multiple languages (including East Asian and right-toleft languages), but we can't display Windows menus and dialogs in multiple languages in Localized versions of Windows.
Remember
In Regional Options we can define how we want to represent our numbers, currency, time and date. In Language settings we have the ability of selecting different languages, as well as Keyboard layouts, which comes very handy when we are using our Word processing applications.
17
Utilize Windows XP Users and Groups
Users and Groups Manage Users in XP

Parent Category: XP Category: Users and Groups
There are two different ways to manage user accounts in Windows XP. We can use the User Accounts applet for basic account management, or we can use Local Users and Groups snap-in for advanced user management.
Before you start

Objectives: learn to create new users, change passwords and edit other properties for existing users. We will work with local user accounts. For advanced user management go to Local Users and Groups Management. Prerequisites: before you read about user management, you have to be aware of what a user account actually is. Key terms: account, user, password, new user, user management, local user
User Accounts Applet

If the computer is a standalone workstation or a member of a workgroup, we can use the User Accounts applet in the Control Panel to easily create user accounts and modify user account properties. To open User Accounts applet go to Start > Control Panel > User Accounts.
Image 167.1 - User Account Applet
The User Accounts applet lists common tasks at the top of the windows, such as Change an account, Create a new account, and Change the way users log on or off. Accounts are listed at the bottom of the applet.
Creating New Account
18

To create a new user, we have to click on Create a new account, and we need to type a name for the new user account.
Image 167.2 - Account Name
On the next window, we will have to choose an account type. We have two options:
Computer administrator - with the administrator account we have the ability to make system wide changes, create, change and delete accounts, install programs and access all files. Limited - with the limited account we can only make changes to our own account settings, view files that we have created and files in Shared Documents folder. We will not always be able to install programs.
Image 167.3 - Account Type
Anders is a computer administrator, so we will choose that option and click on Create Account. Notice that now we can see Anders Parker's account in the list of the user accounts.
Image 167.4 - Anders Parker Account
User Management
In User Accounts applet we can perform basic user account administration tasks, such as add or delete users, change passwords and modify account capabilities. To modify properties for specific account, we can select it
19

from list, or we can click on the Change an account option, and then select an account that we want to change. In this case we will change the properties for Kim's user account.
Image 167.5 - Kim Verson Account
Notice that Kim Verson's account is configured as Computer administrator, and that it doesn't have a password. To create a password for this account, click on Create a password.
Image 167.6 - Password Options
We have to type in a new password, and then type it in again to confirm it. We also have to type in a hint for our password in case we forget it. When we click on Create Password button, Kim Verson will have password protected user account. We can also change Kim's account type. We don't want her to be computer administrator anymore. To do that, let's click on Change the account type option, select Limited option, and click onChange Account Type button.
20
Image 167.7 - Account Type
Guest Account
To enable Guest account, select Change an account option, and pick a Guest account. In this case, Guest account is turned off. There aren't many configuration settings that we can change for the Guest account. Basically, we can just turn it on or off.
Image 167.8 - Guest Account
Logon and Logoff Options

We can also use User Accounts applet to change the way users log on or off to the computer. Notice that currently we are using the Welcome screen for users to log on to this computer. If we use the Welcome screen for logging on we will see all user names for accounts that are currently active on our computer. This is not as secure as traditional log on, because everyone can see all user accounts that are active on the computer. Because of that, here we can select to use traditional log on method. But, if we do that we will not be able to use Fast User Switching feature anymore.
21
Image 167.9 - Logon Options
Local Users and Groups Snap-in

For advanced user account management we will use the Local Users and Groups snap-in which is located in Computer Management console. We can find the Computer Management console in Administrative Tools (in Control Panel), or we can right-click on My Computer icon and select Manage option from the pop-up menu. Either way, the following window appears:
Image 167.10 - Local Users and Groups Snap-in
We have to browse to Local Users and Groups. With this tool we can create users and groups, assign group membership and manage user and group properties.
Creating New Account

To create a new user account, click on Users folder, then in Action menu select New User... option. We can also right-click on Users folder, or we can right-click on the right side of the window, where all users are listed, to get the same option.
22
Image 167.11 - New User 1
Image 167.12 - New User 2
Now we need to type in the user name. Ally Anderson will use this account, so we will type inaanderson as a user name, and Ally Anderson as her full name. We need to type in Ally's password too, and then confirm it by entering it again.
Image 167.13 - New User Menu
By default, user would have to change the password at the next logon, and this is the most secure choice. When Ally logs on for the first time she will be forced to change her password to something different. In that way only she will know the password. If we clear the 'User must change password at the next logon' checkbox, we can select 'User cannot change password' or 'Password never expires' option. We would do that in case if we have more users that are using the same user account. Here, we can also disable an account if we want to. We would do that, for example, in a case when a user is not going to use that account right away, or he is not going to use it for a long time. In this case we will select that a user must change password at the next logon, and we'll click on Create button to create her account, and click Close to close the New User menu. When we look into the Users folder, we can see the new account for Ally Anderson.
23
Image 167.14 - User aanderson
User Management
Using the Local Users and Groups snap-in we can easily edit user settings. For instance, if a user forgets his/her password, we can easily set new password for him/her. To do that, we right-click the user account and select Set Password... option.
Image 167.15 - Set New Password
When we select 'Set Password...' option we will get a warning that we should use this feature with caution. This is because if a user has, for example, encrypted files, he/she won't be able to access them any more.
Image 167.16 - Password Warning
If a user know his password, he should log in, then press CTR+ALT+DEL and then click Change Password. In our case we will click on Proceed button for now. We need to type in the new password and then confirm it by typing it again.
24
Image 167.17 - Set New Password
If we have set up account lockout policy, to three log on attempts for example, then it might happen that the user account is locked out, because the user entered wrong password too many times. To unlock a user account, we need to right-click the user account, select Properties, and clear the 'Account is locked out' checkbox. Then, we have to select 'User must change password at next logon' option. This will force the user to change his password when he/she logs on again. We can also easily rename an account. We simply right-click on the account and click Rename. We can also change the full name by clicking on accounts Properties. If we know that some user won't log on to the computer for a while, we can disable his account to prevent anyone to log on using that account. To do that we have to right-click a user account, select Properties, select 'Account is disabled' option and click on the OK button. You will notice the icon change on the user that we have disabled. When the user returns we simply clear the 'Account is disabled' option to re-enable the account. When we create a new account we should always set a password to protect the account. The password should not be something easy to guess (for example, user name). We should always force the user to change the password at the next logon. We should also disable accounts that won't be used for a while. If a user leaves and is replaced by someone else with similar access needs, we should rename the existing account (rather then deleting the account and creating a new one).
Remember
For user management in XP we can use User Accounts applet or Local Users and Groups snap-in. The User Accounts applet can be used to change an account, create a new account and change the way users log on or off. For advanced user account management we will use the Local Users and Groups snap-in.
25
Group Management in XP
When we start dealing with a lot of users, rather then using individual users to control access to resources, it is useful to group users because usually many users have the same requirements. Because of that we need to know how to manage groups. By default, XP already has some built-in groups.
Before you start

Objectives: learn how create or delete groups and how to manage group membership. Also you will familiarize yourself with built-in local groups in XP. Prerequisites: you should know how to manage user accounts in XP. Key terms: group, membership, user, local, account, member, rights, access.
Local Users and Groups Snap-in

We can manage groups with Local Users and Groups snap-in in Computer Management console. We can create our own groups or modify existing groups. We can also modify some groups which the system has created for our usage (we can't modify the SYSTEM, INTERACTIVE, Everyone, and the NETWORK group). Let's say that we have a shared folder on a network. We want some people to be able to manage files in that shared folder and other people to be able to only read files in shared folder. In this situation we can create different user groups and put our users that need to have read rights in one group, and those that need to have read rights in another group. Then we can assign resource permissions to that particular user groups.
Image 171.1 - Local Users and Groups Snap-in
From this particular screen we have the ability of adding new user groups, modify the membership of the existing groups, and we also have the ability to delete or rename user groups. To manage group membership, we have to edit the group properties. To edit group properties, simply right-click the desired group, and select Properties.
26
Image 171.2 - Right Click On Group
When we get into the group properties, we can use 'Add...' or Remove button to edit group membership. For example, let's add a user to the Helpdesk group. We have to click on 'Add...' button and the following windows appears:
Image 171.3 - User Selection
Here we will going to click on 'Advanced...' button to generate a list of users. This computer is not on a domain, so we can only search for users on a local machine (in this case, on ADMIN-8268F4658). When we are ready, we can click on Find Now button. The list of local users now appears, as shown below.
27
Image 171.4 - List of Users
In this case, we will select two users - Kim Verson and wdelmonte. When we are done selecting, we will click on the OK button, and then on the next window click OK again. Now we can see our two users in the member list of the Helpdesk group.
28
Image 171.5 - Helpdesk Group
We can also manage group membership for individual users. To do that, we can go to the user list, right-click on a particular user, and select Properties. Then we have to go to the "Member Of "tab and add or remove groups that the user belongs to.
29
Image 171.7 - Individual User Membership
Create New Group

To create a new group we have to right-click on the group list window and select 'New Group...' option. We have to provide group name (Developers in our case), and optional, group description. We can also add members to the group right away by clicking on 'Add...' button. In this case, we will add the anderson user account. When we are done, we have to click on the Create button to create a group.
30
Image 171.6 - New Group
Delete Existing Group

To delete a group of users, we have to select a group we want to delete and then click on the Remove button. When we delete a group from the computer, we don't delete the users that were members of the group. We only delete the group, and the users stay on the local machine. Removing a user account from a group does not delete the group or the user account. We can not remove the local Administrator user account from the Administrators group and Guest user account from the Guests group.
Built-in Groups
Whenever possible, we should use built-in groups to assign rights and permissions. For example, to allow someone to back up and restore the system, we should make the user account a member of the Backup Operators group. We should use caution when modifying the default rights and permissions assigned to built-in groups. When assigning security, we should make user accounts members of groups, then assign the rights or permissions to the group rather than the user accounts. Built-in local groups are:
Administrators - Members have complete and unrestricted access to the computer, including every system right. The Administrator user account and any account designated as a "computer administrator" is a member of this group. Backup Operators - Members can back up and restore files (regardless of permissions), log on locally, and shut down the system. Members cannot change security settings. Guests - Members have limited rights (similar to members of the Users group). Members can shut down the system. Users - Members can use the computer but cannot perform system administration tasks and might not be able to run legacy applications. Members cannot share directories or install printers if the driver is not yet installed. Members cannot view or modify system files. Any user created with Local Users and Groups is automatically a member of this group. User accounts designated as "limited user" accounts are members of this group. A user account created as a "computer administrator" is made a member of this group.
31
Power Users - Members can create and modify user accounts and local groups. They can remove users from Power Users, Users and Guests groups. They can change the system date and time, and install applications. They can not change the membership of the Administrators or Backup Operators groups, take ownership of files, back up or restore files, load or unload device drivers, and manage security settings. Windows XP also includes the following local groups:
Network Configuration Operators Remote Desktop Users Replicator In order to participate in one of the groups, a user has to be added to a particular group and they automatically inherit particular privileges.
Special Built-in Groups

There are also other specific built-in user groups, like the Everyone group. The membership of the Everyone group is everyone. It's created for simplified access to the resources. We can not modify the membership of the Everyone group because everyone belongs to it. As we look into original permissions and security settings in Windows XP, we will notice that the default is always is the Everyone group. The first thing that we will probably want to do is remove the Everyone group from the list, and add our own groups of users to have access to particular resources. Two groups that we should also mention are INTERACTIVE group, and the NETWORKgroup. Let's say that we have two computers that are linked over computer network. One user is logged on to the particular machine and is actively using the keyboard, the mouse and looking at the monitor of that particular computer. In that case we consider that that user is a member of INTERACTIVE group because he is interactive with that computer. It is important to know where the user comes from. If that user access the resources on some machine on the network (shared folder), he becomes a member of a NETWORK group. Sometimes we refer to those groups as implicit groups or special identities. They act as variables to represent either a set of users or a set of programs running on the computer. The identity and membership of these groups is dynamically configured, so they are not listed in Local Users and Groups. In many cases, user accounts are being dynamically made a member of these groups when users perform certain actions (such as logging on or creating a file). Implicit local groups are:
ANONYMOUS LOGON - Membership is obtained by logging on without a user name and password (anonymous logon is commonly permitted if the computer is acting as a web server) AUTHENTICATED USERS - Membership is obtained by logging on with a user name and password CREATOR GROUP - Membership is obtained by creating an object CREATOR OWNER - Membership is obtained by creating an object (such as a file) DIALUP - Membership is obtained by connecting to the computer through a dial-up connection Everyone - Membership is obtained by gaining access to the computer except through anonymous logon INTERACTIVE - Membership is obtained by logging on interactively (also called logging on locally) through the computer console NETWORK - Membership is obtained by logging on to the computer through a network connection REMOTE INTERACTIVE LOGON - Membership is obtained by logging on to the computer through a remote desktop connection Except the Everyone group, we can recognize these groups because their names are all written in caps.
Remember
We can manage groups with Local Users and Groups snap-in. We can create our own groups or modify existing groups. To manage group membership, we have to edit the group properties. To create a new group we have to right-click on the group list window and select 'New Group...' option. To delete a group of users, we have to select
32

a group we want to delete and then click on the Remove button. Whenever possible, we should use built-in groups to assign rights and permissions. Administrators have complete and unrestricted access to the computer. Members of Users group can use the computer but cannot perform system administration tasks. ANONYMOUS LOGON membership is obtained by logging on without a user name and password. NETWORK membership is obtained by logging on to the computer through a network. INTERACTIVE membership is obtained by logging on interactively.
33
Manage User Profiles in XP

User profiles help us to separate files and settings that belong to different users. Along with local user profiles, we can also create roaming user profiles or mandatory user profiles.
Before you start

Objectives: learn where to find user profile, how to create roaming or mandatory profile and how to change target locations for specific folders. Prerequisites: you should know what is user profile in general and how to manage user accountsin XP. Key terms: profile, user, account, documents, ntuser, roaming, mandatory
Profile Location
User profile contains all of our custom settings that we have made to our computer. In Windows XP user profiles are stored in C:\Documents and Settings\ folder. Inside this directory we will see a folder for each user which has logged on to the computer.
Image 178.1 - Documents and Settings Folder
If we open a folder for some particular user we will see, among other things, an NTUSER.dat file, which contains user settings. Specific user files are contained in folders like Desktop, My Documents etc. In the picture below we can see Administrator profile. Note that hidden files have to be shown to see NTUSER.dat file.
34
Image 178.2 - Administrator Profile
Types of Profiles
Along with local profile we can also have a Roaming user profile. We would use Roaming profile if we often log on to multiple computers on the network, and we want our settings to follow us around. Another type of profile that we can create is the Mandatory user profile. Mandatory profile is a read only profile, so that any changes made by a user will be lost when they log off.
Create Roaming Profile

To create a roaming profile we have to create a shared folder on some server. In this example, we have created shared folder called Profiles on a computer named server. The UNC (Universal Naming Convention) path to this folder is now \\server\profiles\. We will use this path when providing profile path for particular user (\\server\profiles\%username% syntax). The next step can be done in two ways. We can either copy existing profile to the network share or we can simply define new profile path for particular user. If we copy existing user profile to the shared folder, we have to ensure that the proper permissions are set on that folder, so that only particular user has access to it. In this case we would set the user profile path to that particular directory. To do that we can go to the Computer Management, then Local Users and Groups, Users folder, right-click on particular user and then select the Profile tab. In our example we have copied existing user folder for anderson user account. On the picture below, notice that we have changed the profile path for that particular user.
35
Image 178.3 - Profile Path
Another option is that we only set the profile path (without copying user profile to the shared folder). In this case system will automatically create new user profile on a shared folder when a user logs on to the computer. That's because no user profile for that user account will exit on that location.
Create Mandatory Profile

The first step in specifying the mandatory profile is to create a profile that will be shared by multiple users. In our case we will create a user account named Students.
36

Image 178.4 - Students User Account
Next thing we need to do is to log on to the system using the Students user account and make the appropriate changes. After we configure all the settings we want, we have to log off from the Students account and then log on using some other account with administrative privileges (Administrator in our case). The next step in configuring a mandatory profile is to save it to a central location. Let's go to the Start Menu, right-click My Computer and select Properties to open system properties. Now, we will go to the Advanced tab, and under User Profiles section we will click on the Settings button. In this window we can see all profiles that are currently saved on the system.
Image 178.5 - List of User Profiles
We are currently logged on as Administrator so we can not copy or delete this particular user profile. This is why we have created different user account that we will be using as a mandatory user account. Now, we want to copy Students profile, so we will select that account, and then clickCopy To button. We have already created a folder in which we will save this profile, so we will click on Browse button, navigate to the C:\MandatoryProfile folder, and click on the OK button. Now , we have to change permissions for this user profile, so we have to click on the Change button in 'Permitted to use' section. Normally, profile is used by a single user, but this profile is going to be used by multiple users, so we will give the Everyone group permission to use this profile.
37
Image 178.6 - Copy Profile
The next step is to make that profile a read-only profile. To do that, we will browse to the C:\MandatoryProfile\ folder and rename the NTUSER.dat to NTUSER.man. This makes it a mandatory profile. If you don't see NTUSER.dat file, it's because it's hidden by default. In that case, we have to select 'Show hidden files and folders' in Folder Options menu.
Image 178.7 - Renaming NTUSER file
The final step is to configure local user account to use the mandatory profile (Students in our case). Let's go back to Computer Management, and Users folder under Local Users and Groups. We right-click on the Students user, select Properties option, go to the Profile tab, and enter the Profile path, which is in our case C:\MandatoryProfile.
38
Image 178.8 - Students Profile Path
We can point any other user to use that same mandatory profile, at the same time. We don't have to create a separate mandatory profile for different user accounts (but we can if we want to).
Create Custom Default Profile

The Default User profile is used to create a new profile for users who have never logged on to the machine before. To create a custom default profile we have to begin by logging in with some random user account (in our case we will use IMadruga account), and make changes that we want to be available for all new users. When we make changes to user profile, we will copy that profile to the Default User location. Let's go to the Start Menu, right-click My Computer, select Properties to open System Properties, go to the Advanced tab, and under User Profiles click on the Settings button. Now we will copy the IMadruga user profile, so we will select it and click the Copy To button. We have to select the new location for our user profile and in this case, we will navigate to theC:\Documents and Settings\Default User\ folder, because we want this profile to be used as the default user profile.
Image 178.9 - Copy to Default User Location
39

When we click the OK button, we have to change the permissions for default user profile. We want everyone to be able to use this profile, so we will select the Everyone group. We have to keep in mind that the old default profile is now overwritten. If we wanted to save old settings, we should have backed it up. Now, whenever a new user logs on to this particular machine, he will get our newly defined default user settings.
Redirect Folders
XP creates My Documents folder for each user account. This folder is used to store files saved by the user. Let's take a look to the properties of My Documents. We will right-click it and select the Properties option.
Image 178.9 - Target Location for My Documents Folder
Notice the target location. This My Documents folder is located on the C drive, in Administrator profile folder. If we want to, we can change or move the location of My Documents folder, even to a network path. Moving My Documents folder is useful for data protection or for easier backup. End users can only redirect the following folders: My Documents, My Music, My Pictures, and My Videos. Group Policy can only redirect the following folders: Application Data, Desktop, My Documents, My Music, My Pictures, My Videos, and Start Menu. We can use the %username% variable to redirect folders to unique parent folders based on user name. When we redirect folders, the default is to copy the existing folder contents to the new location. Redirecting folders does not delete the existing folder or prevent data from being stored in the folder. It only redirects the shortcut that points to the target folder. By default, users are given the necessary permissions to manage their redirected folders.
Remember
NTUSER.dat file is hidden by default. Roaming profile is saved on a network share. To create a roaming profile we can simply change the path of the profile to point to the network share, and the system will create new, roaming profile for that particular user. To create a mandatory profile we have to rename the NTUSER.dat file to NTUSER.man, which will make it a read-only profile. Everyone must have permisions to access the Default profile. We can change target location for specific folders like My Documents, Desktop etc. Paths that are mentioned in this article
C:\Documents and Settings\ - folder in which all user profiles are located by default \\server\profiles\ - shared folder which was used to save roaming user profile C:\MandatoryProfile - folder which we used to create mandatory profile C:\Documents and Settings\Default User\ - path to the defualt user profile
40
User Rights and Group Policy in XP

User rights define special local system actions that are permitted for specific users and groups. To add or remove rights for users and groups we can use Group Policy editor.
Before you start

Objectives: learn how can you confgure user rights trough Group Policy editor. Prerequisites: you should know what is Group Policy. Key terms: policy, user, group, rights, assignment, editor, security
User Rights Assignment

We can open GP editor through Run menu by typing in gpedit.msc and clicking on the OK button. This opens Group Policy editor for local computer. Next, we have to navigate to the Computer Configuration, Windows Settings, Security Settings, Local Policies, and then User Rights Assignment.
Image 183.1 - User Rights Assignment Section
Let's find and open the 'Change the system time' policy. Notice that Administrators and Power Users can currently change time on the system.
41
Image 183.2 - Change the system time Policy
Let's remove the Power Users from this list, so that only administrators can change the system time. Let's add Power Users the right to Debug programs. We will open 'Debug programs' policy, click 'Add User or Group...' button, and look for the Power Users group. Before we can reach groups, we have to select Groups option in the Object Types section.
42
Image 183.3 - Object Types
When we are finished, we can click on the OK button to exit this policy. Power Users will now be able to debug programs. As you can see, we have a lot of options for setting up user rights. Remember that we can do this for any user or group that we create.
43
Utilize Windows XP Hardware
Hardware Devices in XP
Parent Category: XP Category: Hardware
We can use Device Manager to view and configure computer hardware. The Device Manager MMC is included as a part of a Computer Management console.
Before you start

Objectives: learn how to use Device Manager to check installed devices, and how to add non-plug and play devices using Add New Hardware wizard. Prerequisites: you should know about devices in Windows in general. Key terms: device, hardware, manager, wizard, computer, resources
Device Manager
To open Device Manager, click Start, right-click My Computer, and select Manage to open up the Computer Management. Then, browse to the Device Manager under System Tools. We can also open Device Manager as a standalone console. Again, let's go to the Start menu, right-click My Computer, but this time select Properties to open system properties. Then go to the Hardware tab, and click on the Device Manager button.
Image 199.1 - Device Manager
Notice that devices are organized in a tree view, by type. So, for example, if we look at Display adapters, we can see the video card on this machine. We can also use the View menu to change the organization. Organization can be 'Devices by type' or 'Devices by connection', or we can look 'Resources by type' or 'Resources by connection'. We can also show hidden devices. If we select this option we will also see Non-Plug and Play drivers as well as printers, in our tree view.
44

We can use the device icons to view and manage our devices. For example, let's look at the properties of the COM port COM1. Right-click the device and open its properties.
Image 199.2 - COM1 Properties
Device properties typically have a General and a Driver tab. The General tab gives us the device status. For example, COM1 port in our case is working properly. If we are having problems, we can run the Troubleshooter by clicking on the 'Troubleshoot...' button to get more information on how to solve our problem. On the Driver tab, we can see driver details or we can update, roll back, or un-install our drivers. Many devices also have a Resources tab. Here we can configure resources such as IRQs and I/O ranges. Keep in mind that we don't usually configure resources for Plug and Play devices. Also, depending on the hardware device, we may have other tabs. For example, there is a Port Settings tab on COM1 device. These are typical settings that we can configure for a COM port. Different type of device would have different tabs. If a device is no longer used on our computer, begin by physically removing the device. In most cases, Windows will detect that the hardware no longer exists, and it will remove the corresponding icon in the Device Manager. If the icon remains after the hardware is removed, we can right-click the icon and select Uninstall option. This uninstalls the device from the computer. If the device is no longer used, and it can not be physically removed, we can use the Disable option instead. For example, suppose that we have a network card that's integrated on the motherboard, but we have installed a new network adapter and we don't want to use the integrated NIC. In this case, we can use the Disable option to prevent the integrated network adapter from being used by Windows. Although the device still appears in the Device Manager, it can no longer be used.
Troubleshooting
Most hardware devices are Plug and Play devices, and they will be automatically installed and configured on windows. If windows does not detect the device, or the device is not fully installed, we can use the Add Hardware Wizard to manually install it. Let's go to the Start Menu > Control Panel > Add Hardware Wizard.
45
Image 199.3 - Add Hardware Wizard
Take a look at the warning message here. If we have an installation CD, we should use it rather than this wizard. Let's click next. At this point wizard is doing the plug and play search, similar to Scan for new devices in Device Manager. Now we need to answer a question. Have we already connected the hardware or not? If we select the No option, the wizard finishes and prompts us to connect the device. Let's select the Yes option and click Next. At this point we get a list of installed devices, and if we scroll down all the way, we can select the 'Add a new hardware device' option. We will select that option and click Next.
46
Image 199.4 - New Device Option
Next, we can choose from two options. If we choose the first option, computer will search and install the hardware automatically. This search is more extensive than the previous search. It will search for detectable legacy or detectable non-plug and play devices. We can also select the device from the list. To do that, we have to select the second option and click Next. First we have to select the device category and then click Next. Now we have to select the manufacturer and the model. After we made all of the selections, and provided all of the resources settings, our new device should be up and running, and also visible in Device Manager.
Remember
We can use Device Manager to check our devices. Many devices in Device Manager will have options for resources utilization. Resources are things such as IRQs and I/O ranges. Keep in mind that we don't usually configure resources for Plug and Play devices. If some device is no longer used, but we can't remove it physically, we can disable it in Device Manager. If windows does not detect newly added device, or the device is not fully installed, we can use the Add Hardware Wizard to manually install it. Paths that are mentioned in this article
Start Menu > Control Panel > Add Hardware Wizard - path to the Add Hardware wizard
47
Quality of Drivers in XP
Since device drivers can cause system instability and contain malicious code, Microsoft provided several ways to check the integrity of the drivers in XP.
Before you start

Objectives: learn how to check that drivers are compatible with XP, and how to use available tools to check that drivers are signed (sigverif, driverquery, sfc). Prerequisites: you have to know what drivers are. Key terms: driver, system, signed, check, tool, verification, signature
Quality of Drivers
There is a lot of concern about the quality of the drivers because they can cause system instability or they can contain viruses. Because of that Microsoft came up with a way to help us ensure the quality and compatibility of the device drivers on our system. This feature is known as Driver Signing. Driver signing is intended to ensure that the device software is compatible with Windows XP and to ensure that nobody has tampered with the drivers (that nobody inserted malicious code). Since not all hardware manufacturers are on board with the Driver Signing, it becomes important for us to be able to allow or deny the unsigned driver to be installed on the system. In XP, Microsoft provided us with three levels of control for installation of unsigned drivers. These levels are Block,Warn and Ignore. To manage this settings, go to the Start Menu, right-click My Computer, select Properties, go to the Hardware tab and then click on Driver Signing.
Image 207.1 - Driver Signing Options
Block level will block the installation of any unsigned driver to the system. This will ensure that drivers are always compatible with the system, and that our drivers don't have any viruses. The negative side of this is that many manufacturers are not on board with driver signing, so if we want to use the latest drivers, they may not be available. The Warn level will give us a warning when we try to install an unsigned driver. The criteria here is do
48

we trust the source where we got our driver from. The Ignore level will simply install all the drivers without prompting us for our approval. Of course, we would recommend that the Warn level is enabled at least. We can make any of this level the default setting through out our system. To do that simply check the 'Make this action the system default' option. Another way to enforce driver signing is through GPOs. We can do this either at the local level, or at the domain level, which makes it easy to manage driver signing through out our organization. Group membership can also have a little bit of control over driver signing as well. Remember, only members of the Power User group (and up) have the ability of installing software. As a result of that, only Power Users and Administrators can install drivers.
Driver Verification Tools

Microsoft also provided useful tools to check if the drivers are signed. The first one of these tools isSigverif.exe, which is used to check if files are signed or not. Another utility that we can use isDriverquery.exe which enables us to check existing drivers on the system (it is command line tool, so use '/si' switch to check driver signing). Another utility that we can use is Msinfo32.exe, which can show us information for all our drivers (like dates, manufacturers, and also if they are signed or not). Another command line utility that we can use is Sfc.exe. Normally, Sfc.exe allows us to check the system files and verify their integrity. The thing is, sometimes drivers can overwrite key system files. We can use Sfc.exe /scannow command to see if our system files have been overwritten or become corrupted when we installed new drivers, especially when we installed unsigned drivers.
File Signature Verification Tool (sigverif)

The first tool is File Signature Verification tool. Let's go to the Run command, type in 'sigverif', and click the OK button to run the File Signature Verification tool. By default, this tool checks all system files in the Windows directory. To limit this search a little bit, click on Advanced , and browse toSystem32, and select 'drivers' folder. This will limit the search to the drivers folder and its sub-folders (if we check the 'Include sub-folders' option). Click 'Start' to start the file signature verification process.
Image 207.2 - File Verification
In our case, all our files are verified as digitally signed. In other case, this tool would show us a list of unsigned files.
Driver Query
Another way we can verify digital signatures for driver files is through the Driver Query program. To run this program, we need to go to the Run command and open the Command Prompt. To do that, type in 'cmd' in Run
49

menu and click OK button. Next, we need to type in 'driverquery', and then provide the '/si' switch. The '/si' switch reports back the signature status.
Image 207.3 - Driverquery Result
As you can see, we have a column named 'IsSigned'. If we look down, in our case all our drivers are signed. Here we can see exactly which device does not have a signed driver.
MSINFO32
Another tool that we can use to find the same information is 'msinfo32'. Again, we will go to the Run command, type in 'msinfo32', and click the OK button. Now, we need to browse to the Software Environment, and then Signed Drivers section.
Image 207.4 - Signed Drivers in System Information
In this window we can sort drivers by the Signed column, so that we can see unsigned drivers first.
Remember
Driver signing is intended to ensure that the device software is compatible with Windows XP and to ensure that nobody has tampered with the drivers. In XP, Microsoft provided us with three levels of control for installation of
50

unsigned drivers. These levels are Block, Warn and Ignore. To verify drivers we can use these tools: sigverif, driverquery (in CLI), msinfo32 and sfc (CLI).
51
Power Options in XP
Windows XP supports two types of power management. Those are Advanced Power Management (APM) and Advanced Configuration Power Interface (ACPI).
Before you start

Objectives: learn how to configure power options on XP machine Prerequisites: no prerequisites. Key terms: power, scheme, option, acpi, conserve, advanced, battery
APM vs ACPI
Advanced Power Management (APM) is Microsoft's first attempt to do power management. All power options were set in the BIOS and the BIOS controlled the shutting down of devices. This was very simplistic and it really did not help a lot. As a result of that, Microsoft developed the Advanced Configuration Power Interface (ACPI). Some of the advantages that ACPI brought is that Windows is in charge of power management now. This gives us more flexibility when controlling power options. ACPI enables us to control power options for each individual device. We can use Device Manager to set power options for individual devices. Also, some devices can send a signal that will wake up the rest of the system for us. ACPI enabled us functionalities like Hibernation and Standby. ACPI comes with a specialized Hardware Abstraction Layer (HAL). We can install this HAL only if the BIOS supports the ACPI management.
Power Schemes
Windows XP introduced Power schemes which we can use to quickly set the appropriate power options. For example, one of the Power schemes can be for Home/Office Desk. In our Home/Office default settings is that after 20 minutes of inactivity system automatically powers off our monitor. This makes us Green Star compliant and it allows us to conserve power, which is very important. Presentation Power scheme is used when we don't want our computer to power off at all. In Presentation scheme everything is always on. This allows the presenter to continue to talk without worrying that the computer will hibernate or go into the Standby mode. Another interesting power scheme is Portable/Laptop scheme.This scheme will shut down various devices based on inactivity to preserve battery power. For example, system will shut down monitor after 15 minutes by default, hard drive after 30 minutes and after some determined idle time, other additional devices as well. Of course, we can edit these Power schemes to further conserve power.
Example Configuration
We can change the way that our computer uses power. This is useful if we want to conserve energy, prolong the battery life of the portable computer or configure a UPS. To customize Power Options let's go to the Start Menu > Control Panel > Power Options. We will start by looking at the Power Schemes tab.
52
Image 212.1 - Power Schemes
Here we can configure the computer to turn off the monitor or hard disks when the computer has been idle for a while. Notice that for the Home/Office Desk scheme, monitor will be turned off after 20 minutes by default, but hard disks will not be turned off. Let's say that this computer is a laptop, so we will want to select the scheme which will conserve the battery. If we change the scheme to the Portable/Laptop, our monitor will be turned off after 15 minutes and hard disks after 30 minutes, by default. We can edit the scheme to further conserve power. To do that, just choose different option from 'Turn of monitor' drop-down menu or from 'Turn of hard disks' dropdown menu. If we are doing a presentation, we should change to the Presentation power scheme, so that our computer can always be on. The Presentation scheme is different from Always On scheme. In Always On scheme, by default, monitor will turn off after 20 minutes, while in Presentation scheme everything is always on. Let's go to the Advanced tab.
53
Image 212.2 - Advanced Tab
In Advanced tab we can set the 'Prompt for password when computer resumes from standby' option which is very useful setting. Here, we can also set the power button options. We can configure what will happen when we press the power button on our computer. We can configure it to shut down, do nothing or to ask us what to do. Let's take a look at the Hibernate tab.
54
Image 212.3 - Hibernation Tab
Notice that hibernation is not enabled on this machine. When our computer hibernates, it stores all the memory content to the hard disk and then shuts down the computer. Hibernation will use as much disk space as we have RAM installed on our machine. Let's look at the UPS tab.
55
Image 212.4 - UPS Tab
If this computer was connected to a UPS, we would use the 'Select...' button to identify the UPS.
Remember
We can change the way that our computer uses power. This is useful if we want to conserve energy, prolong the battery life of the portable computer or configure a UPS.
56
Hardware Profiles in XP
Windows XP enables us to create different hardware profiles so that we can automatically run or disable various hardware devices, depending on the situation we are in.
Before you start

Objectives: learn what is Hardware Profile and how to create and configure new Hardware Profiles. Prerequisites: no prerequisites. Key terms: hardware, device, profile, boot, menu, manager, system
Hardware Profile
A hardware profile is a set of instructions that tells Windows which devices to start when we power on our computer. Most common usage is on laptop computers. Usually, portable computers are used in a variety of locations and hardware profiles let us change which devices our computer uses when we move it from location to location. When we first install Windows XP, a hardware profile named Profile 1 is created. By default, every device that is installed on our computer is enabled in the Profile 1 hardware profile. For laptop computers, the default profile is namedDocked Profile or Undocked Profile. Windows XP will automatically detect Docked and Undocked states, and create two different profiles for us to be able to use. If there is more than one hardware profile on our computer, we can designate a default profile that is used every time we start our computer. Windows can also prompt us for which profile to use when we start our computer. After we create a hardware profile, we can use Device Manager to disable and enable devices that are in that particular profile. When we disable a device in a hardware profile, the device drivers for the device are not loaded when we start our computer with that profile. For example, if we have a laptop computer, we can create one profile for when the laptop is connected to the company network and another profile for when the laptop is at another location. This allows us to control which devices we want to use in particular situations. To create a custom hardware profile, we have to go to the Hardware Profile Manager. To create new hardware profile, we have to copy an existing profile. Once we copy an existing profile, we have to reboot our computer so we can select our new hardware profile during boot up. Once we boot up using new hardware profile, we will go to the Device Manager where we have to disable or enable the devices for the current profile. From that point on, every time we reboot we will have a choice of which Hardware Profile we want to utilize. This makes it very easy to utilize many different types of devices without always using Device Manager to configure them. We also have the ability to organize which profiles get listed first on the Hardware Profile menu. In our Hardware Profile Manager we have little arrow buttons on the side of the screen that allow us to move profiles up and down on the list. The first profile on the list becomes the default profile. In addition to that, we can also set the system timer which is by default set to 30 seconds. If we don't make a selection during that time, Windows will boot up using default hardware profile. This setting is editable, and many users like to adjust this system timer so that they don't see hardware profile menu for such a long time during boot up process. Some users like to hide the boot menu all together. To do that, we have to set the system timer to 0 (zero). In this case, if we need to have the Hardware Profile menu brought up, all we need to do is press the space bar during the boot process which will bring the Hardware Profile menu. Then we can make our selection. We can also hide the Profile items out of the menu if we desire. This makes the menu a little easier to see. In order to do that we have to choose to include particular profiles by checking the 'Always include this profile as an option when Windows starts' check box. By checking that option that particular profile will always be available on
57

the hardware profile menu. If we remove the check, we can hide that particular profile. Once again, by pressing the space bar we will be able to see all options, so we can make the proper choice.
We must be logged on as an Administrator or a member of the Administrators group to complete this procedure. If the computer is connected to a network, network policy settings may also prevent us from completing this procedure. Let's go to the Start Menu, right-click My Computer and select Properties to open System properties (we can also open System properties from the Control Panel). Now, go to the Hardware tab and click 'Hardware Profiles' button. This following screen appears:
Image 213.1 - Hardware Profiles
To create a new hardware profile, we will simply copy an existing profile. Notice that 'Profile 1' is currently selected so we will click the Copy button and give the copied profile a new name. In this case the name will be 'Work'. We will click OK and now we want to rename 'Profile 1' profile. To do that, we have to select 'Profile 1' and click on the Rename button. In this case we will rename it to 'Home'.
Image 213.2 - New Profile
58

If the computer is a laptop computer, we can easily identify the 'docked' or 'undocked' state of the computer by editing the profile properties. To do that, select some profile and then click on the Properties button. First, we have to check the 'This is a portable computer' option. Now, we can select 'The computer is undocked' or 'The computer is docked' option. In this case, for Work profile, we will select the 'The computer is undocked' because at work, we don't use docking station.
Image 213.3 - Portable Computer Options
We can also use Device Manager to specifically modify the hardware configuration of particular profile. When we open Device Manager, we are editing the current hardware profile. If we want to use Device Manager to edit some other profile, we need to reboot our computer and select the profile we want to manage.
Image 213.4 - Hardware Profiles Selection
59

In this case, we have selected our new hardware profile, the Work profile. Now, let's open Device Manager to edit our new profile. In this example we will disable the COM ports because we don't use serial devices at work. To do that, right-click the Communication Port (there are two of them in our example), open its properties and then under 'Device usage' select 'Do not use this device in the current hardware profile (disabled)' option.
Image 213.5 - COM Device Usage
Let's go back to Hardware Profiles to make boot configuration choices. Under 'Available hardware profiles' we can move the profile to the top to make it the default profile selected during boot up. If the computer is at the office more than it is at home, we should move the Work profile to the top to make it the default boot profile. Notice that the Work profile is now at the top of the list which means that it is the default profile.
60
Image 213.6 - Default Hardware Profile
Under 'Hardware profiles selection' we can configure our system to wait until a hardware profile has been selected automatically. The default value is 30 seconds which means that if we don't make a choice during that time, the system will automatically boot after 30 seconds using the profile that is first on the list. If we want to skip the choice screen, we can change the wait period to zero seconds.
Remember
A hardware profile is a set of instructions that tells Windows which devices to start when we power on our computer. To create new hardware profile we have to copy an existing profile.
61
Utilize Windows XP Networking
Networking Manage Network Components in XP

Parent Category: XP Category: Networking
To create a network connection we have to have a network device installed which will then use different protocols to establish a connection on the computer network. In Windows we can use different networking protocols, services and clients, which are independent from the hardware itself because of the standardization.
Before you start

Objectives: learn where to find and how to manage various networking components in XP Prerequisites: to read about network connections in general check out the article Required Parameters for Network Connection Key terms: component, network, connection, service, manage, properties, protocol, client
Networking Components
After we attach our network device, for example Network Interface Card (NIC), to our computer, and after we install appropriate drivers, we need to create a network connection. In order for that network connection to work we need to use network components, which are protocols, services and clients. Every networking device will have some networking components bound to it. The concept of binding is to associate either a service or a protocol to a connection or to a particular piece of hardware.To manage network components in XP, go to Control Panel, then Network Connections, select particular connection, right-click it, and go to its properties.
62
Image 214.1 - Network Components
Here we can customize how our computer communicates on the network by adding and removing various network components. To add a component click 'Install' button, and select the type of a network component. In our case we will select 'Protocol' and then select IPv6, so that our machine will be ready if we move to the IPv6 enabled network.
Image 214.2 - Component Type
63
Image 214.3 - Protocol Selection
Now let's take a look at the items that were actually installed.
Image 214.4 - IPv6 Added
As you can see, the 'Microsoft TCP/IP version 6' was installed successfully. Now we'll install a service. Click 'Install', select 'Service' this time, and click 'Add'.
Image 214.5 - Service Component
64

We want to install the 'Service Advertising Protocol' so we'll select it and click OK again.
Image 214.6 - Service Advertising Protocol
In most cases, when we install networking component, it is automatically enabled for use by all network connections for which the component is valid. To remove networking components from the computer, open the properties for connection, select the component, and click 'Uninstall' button. In this case, let's remove the 'QOS Packet Scheduler'.
Image 214.7 - Component Uninstall
65

Click Yes to confirm. Keep in mind that the component is removed for all connections, not just the connection we're currently editing. To disable a component on a specific connection, we will go to its properties, and use the check boxes.
Image 214.8 - Disable Component
We do not want to use the 'Uninstall' button in the situation where we want to disable particular component for particular device, as this will remove the component from all adapters.
Remember
Networking components can be protocols, services and clients. We can customize how our computer communicates on the network by adding and removing various network components. If we want to uninstall component for all connections we can use the 'Uninstall' button. If we want to disable particular component for particular connection we should use the appropriate check box.
66
TCP/IP Settings in XP
The most commonly used networking protocol in the Microsoft environment is a protocol known as Transmission Control Protocol and Internet Protocol, which we commonly call the TCP/IP. At bare minimum, TCP/IP requires that we configure an IP address and the Subnet mask for our host.
Before you start

Objectives: learn how to enter static TCP/IP configuration on XP machine and which tools can be used to troubleshoot connectivity. Prerequisites: you should know what parameters should be entered for network connection. Also, you should know what is IP address and what is MAC address. Key terms: address, ip, default, server, gateway, network, tcp, apipa, configuration, ipconfig, alternate, dns, local, protocol
Entering Information
Along with the IP address and the Subnet Mask, we can also enter information about Default Gateway and DNS server. There are two ways of entering all this information. The first way is manual entry, and we call that Static Configuration. The second way of entering this information is using Automatic Configuration. For automatic configuration we use a service called Dynamic Host Configuration Protocol (DHCP). If the client is configured to use DHCP for configuration, but is unable to contact one, it will configure itself. This means that it will use the function called the Automatic Private IP Addressing, or APIPA. The APIPA network address is 169.254.0.0, so it is easy to tell if the computer is using APIPA. To configure basic TCP/IP settings, open the Control Panel, and open Network Connections.
Image 229.1 - Network Connections
By default, Windows XP will configure the connection to use TCP/IP. To edit TCP/IP settings, right-click the Local Area Connection and open its properties. Select the Internet Protocol (TCP/IP), and then click the Properties button.
67
Image 229.2 - Internet Protocol Selected
68
Image 229.3 - Internet Protocol Properties
By default, TCP/IP is configured to receive both the IP address and the DNS server address from a DHCP server. Let's change that to static configuration. First, we must check the 'Use the following IP address' option. Then, we will enter 192.168.1.70 as our IP address. The Subnet mask will be 255.255.255.0, and the Default gateway will be 192.168.1.1. In order for the Default Gateway to be valid, it needs to be on the same subnet as the IP address. In this example notice that the IP address and the Default Gateway are both on the network 192.168.1.0. DNS server will be the same as our Default gateway.
69
Image 229.4 - Static Configuration
We can manually enter DNS server, while the IP address can still be assigned automatically. Also notice that we can't get a DNS server address automatically if we are using static IP address. DNS servers don't need to be on the same subnet as the IP address, but they do need to be accessible through the Default Gateway. Windows XP includes a new feature that lets us configure an alternate IP address for connection. This alternate address is used when the computer cannot contact a DHCP server for its address. We can use the alternate IP address for computers that connect to networks without a DHCP server, or to configure a backup IP address in case the DHCP server goes down. To edit alternate settings for TCP/IP, click on the Alternate Configuration tab in Internet Protocol Properties.
70
Image 229.5 - Alternate Configuration Tab
By default, our computer is configured to use Automatic Private IP Addressing (APIPA). Let's imagine that our computer will connect to two different networks, one with DHCP, and one without DHCP server. If the computer can't find DHCP, it will self configure it self using an Automatic Private IP Addressing scheme (APIPA). The default network address for APIPA is 169.254.0.0. Sometimes APIPA is not desirable, because we may be using some services that require that we use static or predefined IP address. To avoid APIPA we can set Alternate Configuration for TCP/IP. First, we have to select 'User configured' option. In this case, for alternate configuration we will set 172.16.0.10 as IP address, 255.255.0.0 as Subnet Mask, 172.16.0.1 as our Default gateway. Preferred DNS server will be the same as our Default Gateway.
71
Image 229.6 - Alternate Configuration Configured
Now, when the computer boots and cannot contact a DHCP server, it will use the manually configured alternate address.
Address Resolution Protocol (ARP)

IP address is used to transfer data between various networks and MAC address is used by network devices to communicate on the local network. The bond between the IP address and the MAC address is made trough the Address Resolution Protocol (ARP). The function of the ARP is to take the IP address and link it to the physical address (MAC address) of our particular device. Every network interface card is assigned a hardware address. To check ARP settings, go to the CMD, and type the arp /a command.
Image 229.7 - ARP Cache
Using that command we can see the content of our ARP cache. We can see the IP address and the Mac addresses of every computer that we've talked to. The cache stores this information for total of two minutes. If we
72

reuse that information inside of the two minutes, the information is kept for ten minutes. After ten minutes, information is purged form cache.
Troubleshooting
There are several tools that we can use to troubleshoot connectivity problems in Windows XP. The first tool is ipconfig utility.
IPCONFIG
To use ipconfig, first we have to open command prompt. Then we can type in ipconfig. We can also use switches with that command, and the most common used switch with ipconfig is '/all'.
Image 229.8 - IPCONFIG /ALL
Using ipconfig tool we can verify our IP address, Subnet mask, Default Gateway, etc. If we use DHCP, and we have some problems, we can try and use the 'ipconfig /renew' command to try and renew the IP address from the DHCP server. If this does not help, we'll need to do additional troubleshooting to find out exactly what is wrong. If we see an IP address of 169.254.0.0 network, then we know that the DHCP was not available, and that our computer used APIPA for auto configuration.
PING
The other tool we can use is Packet Internet Groper or 'PING'. This tool allows us to send small packets to particular machine to see if it will respond back to us. Microsoft recommends the following order for using the PING. First we should test the Loopback Address which is 127.0.0.1. By pinging this address we are checking that the TCP/IP protocol stack is properly installed. The next address to ping is the local IP address assigned to the machine. This ensures that the communication to our NIC is possible. If we have done ipconfig, and if it was successful, the ipconfig already did the same two steps that we mentioned. The next step is to check the communication with local hosts. To do that, we can ping the Default Gateway since it is also on the local network. By pinging Default Gateway we check that our local network is up and running. The next ting to do is to ping remote hosts. In this case we are checking the connectivity between the Default Gateway and the remote host. If this is was not successful, we know that we have problem with our Router.
73
Image 229.9 - PING
TRACERT
Another tool we can use is tracert (trace route). By typing in tracert and then the destination IP address or host name, we can see the route that our computer will take in order to communicate with the destination. We will see all the Routers that we will use in order to get to destination, and also we will see the the responsiveness from all those particular Routers.
Image 229.10 - TRACERT
PATHPING
To get more even more information we can use the 'pathping' tool. This tool is a combination of 'tracert' an 'ping', and it enables us to see how fast particular Routers respond back to us. We will also be able to see the entire route taken from our computer to the destination computer.
74
Image 229.11 - PATHPING
Using these tools we can see which Router is causing problems. In the example above, we can see that our Internet Service Provider is using firewall to prevent pathping requests being made. We know that because there are '*' at the third hop (after our Default Gateway).
Remember
When configuring TCP/IP settings, we have to enter IP and Subnet Mask at minimum. For full connectivity we should also enter Default Gateway Address and DNS server address. By default, XP will configure our connection to use DHCP. If the DHCP server can't be contacted, it will use APIPA. We can also configure alternate IP address, in which case APIPA will not be used. ARP is used to take the IP address and link it to the physical address (MAC address) of our particular device. We can use IPCONFIG /ALL command to check our TCP/IP settings. We can use PING tools to check connectivity with another host. We can use TRACERT command to check the route that our computer will take. Commands that are mentioned in this article Commands are entered in CMD. arp /a - display ARP cache ipconfig /all - verify IP configuration ipconfig /renew - renew the IP address from the DHCP server ping - test a network connection tracert - check the route to the destination pathping - trace route and provide network latency and packet loss
75
Configure DNS in XP
Computers use IP addresses to communicate, but for humans it is easier to refer to devices using their names. Solution to this problem is Domain Name Service or DNS. DNS is used to resolve names to IP addresses.
Before you start

Objectives: learn where can you configure advanced DNS settings in XP. Prerequisites: no prerequisites. Key terms: dns, name, ip, server, wins, address, domain, netbios, resolution
DNS Usage
When we look at some IP address, we see four octets (grouping of eight bits). Every host on the network has its own IP address. For example, every website resides on a server. If we want to visit some website, we have to connect to the particular server which hosts the website that we want to visit. To do that, our computer has to know the IP address of that server. Instead of using IP addresses, we refer to websites using their names (for example www.google.com). For humans, names are a lot easier to use then to remember numbers like IP addresses. Solution for that problem is Domain Name Service, or DNS. We are using DNS to resolve names to IP addresses, because it's the IP address that computers use to talk to one another. We can easily check that by pinging some host, for instance www.google.com. As a result, we will get back the IP address from the DNS server. As we can see, DNS serves have a very simple function. DNS takes user-friendly names, like www.google.com, and it converts it into a complex IP address, and vice-versa. This way we don't have to remember IP addresses, and we can navigate the Web simply and easily.
FQDN
DNS name servers perform name resolution by resolving a Fully Qualified Domain Name (FQDN) into an IP address. A client asks its local name server for the IP address associated with the Fully Qualified Domain Name. For example, the client asks what is the IP address of www.google.com. The local name server checks its list, and if it finds the entry for www.google.com, it passes the information back. If the local name server can't find the entry, it sends a fully qualified domain name to one of the DNS root servers. The DNS root server returns its referral to the local name server. The referral points to the name servers for the top-level of the DNS domain. The local name server sends an iterative query to one of the top-level domain name servers (.com in www.google.com case). The .com domain server responds with a referral to one of the Google name servers. The Google name server responds with the IP address of www.google.com. Now the client can contact the host which hosts the www.google.com website.
WINS
Microsoft first developed its own naming system. It was using NetBIOS names for hosts, and Windows Internet Name Service (WINS) to resolve names to IP addresses. NetBIOS name is a 15 character name that is used for identifying our computers on the network. All this is a part of Microsoft's networking services, which Microsoft introduced with NT family of operating systems. It is continued on through the NT 4.0 family. With the Windows 2000 and Windows XP, Microsoft adopted the Domain Naming Service as its primary tool for resolving names to IP addresses while the rest of the Internet was always been using DNS. The problem that Microsoft had originally with DNS is that all of its entries had to be statically entered (DNS became a dynamic tool later). In WINS environment, a client would first get its IP address from DHCP server. Then the client would contact the WINS server, reporting its IP address. In this way, the WINS server has IP addresses of all clients on the local area network. So, WINS was the solution that solved this particular problem. With Windows 2000 the DNS service
76

became more of a dynamic service. It could dynamically register clients and use that information to register the IP address. At that point Microsoft went back to using the DNS service as its primary name resolution service. Now, when we use Windows XP, it will automatically register its name with the DNS server. This simplifies the number of services that we have to run, because we don't need a WINS server for our local area network. We still use WINS, but only for legacy machines that don't understand that the DNS can now accept dynamic updates from clients. As we moved into the dynamic DNS, Microsoft had to adjust the names. Instead of being just a NetBIOS name, now we also add the domain information to the name structure as well. In order to find out who's who on our network, we can use DNS using a FQDN instead of just a simple NetBIOS name that we used for WINS service.
In order to configure Name Resolution Services on XP, we need to go to the connection properties and click the 'Advanced...' button on our TCP/IP configuration window. In advanced properties we can see current IP settings, DNS, WINS and Options tab.
Image 239.1 - Advanced TCP/IP Properties
Although most computers have a single IP address, and a single default Gateway, notice that on the IP Settings tab we can configure multiple addresses and gateways. Let's open the DNS tab. Here we can edit DNS settings for our computer.
77
Image 239.2 - DNS Tab
The first thing that we would do on the DNS tab is to add additional DNS servers. Of course, the primary DNS server needs to be placed first on the list. If the first DNS server can't be contacted, our system will try to contact the next DNS server on the list. Another thing that we can do here is to to append additional suffixes. Let's say that we need to contact 'host-pc' using DNS. Let's say that 'host-pc' is on 'utilizewindows.com' domain. Let's say that we want to access the 'host-pc' from the computer that is also on the 'utilizewindows.com' domain. If we type only the name of the computer - 'host-pc', the DNS server will automatically look into the 'utilizewindows.com' and try to locate the IP address for 'host-pc'. Now, let's say that we want to contact the 'host2' that is located on 'utilizeothersystem.com'. If we type in only the name 'host2', our DNS server will also try to locate the computer in 'utilizewindows.com'. The DNS server will be unsuccessful in locating the 'host2', because it is located on 'utilizeothersystem.com'. If 'utilizeothersystem.com' is a domain that we frequently use, and is in some relation with our primary 'utilizewindows.com' domain, we can add 'utilizeothersystem.com' as an appended suffix. In this case, if we look for 'host2', our DNS server would first check 'utilizewindows.com', and then, in case of failure, it would check the 'utilizeothersystem.com'. Let's open the WINS tab. Here we can also add, remove, and control the order of our WINS servers. Once again, we have to put our primary WINS server at the top of the list. WINS servers are used for performing NetBIOS name resolution.
78
Image 239.3 - WINS Tab Here we can also enable the LMHOSTS, and edit the NetBIOS settings. We have the ability to disable NetBIOS over TCP/IP, and we would do that if we are in an environment where we are using DNS only.
Troubleshooting
Windows XP supports two different types of name resolution services, DNS and WINS. Remember, when we mention DNS, we are talking about Fully Qualified Domain Names, ie. DNS is using FQDN to identify particular computer. An example of this might be 'host1.utilizewindos.com'. On the other hand, WINS uses only NetBIOS names for name to IP resolution. NetBIOS names are simple names, and can contain only 15 characters. For example, NetBIOS name could be 'host1'. When troubleshooting name resolution services, first we have to check that everything is OK with TCP/IP. For example, if we ping some IP address, and everything goes fine, we know that IP connectivity is OK. If we ping the name of the computer, and get an error, we know that we have problem with our name service.
79
Image 239.4 - PING
The next utility that we should run is 'ipconfig /all'. With this tool we can verify that the IP addresses for DNS or WINS are properly configured.
Image 239.5 - IPCONFIG
The next thing we can do is run the 'nslookup' and see if we get an IP address from our DNS server.
80
Image 239.6 - NSLOOKUP
If all our settings are configured correctly, we should check the services related to name resolution (like 'DNS Client'), and make sure that they are up and running. Another thing we can do is to try and re-register with our DNS server. To do that we have to enter 'ipconfig /registerdns' in command prompt. For NetBIOS names we can use the 'nbtstat -rr' to see name resolution status, and 'nbtstat -RR' to re-register with the WINS server.
Image 239.7 - REGISTERDNS
We can also use the 'ipconfig /flushdns' command to delete DNS cache, because sometimes we can have wrong information contained in it. For NetBIOS names we would use 'nbtstat -R' command to do the same thing. In the end, as a temporary solution we can use HOSTS file to configure DNS names, or LMHOSTS file for NetBIOS names.
Remember
We can have multiple DNS servers defined. The primary DNS server needs to be placed first on the list. WINS servers are used for performing NetBIOS name resolution.
81
Configure Dial-up and Direct Connection in XP

With Dial-up and direct connections we can join other networks. With Dial-up we can also connect to the Internet trough our Internet Service Provider. Using VPN we can connect to our workplace securely.
Before you start

Objectives: learn where and how to configure Dial-up and direct connections in XP. Prerequisites: no prerequisites Key terms: connection, dial-up, connect, authentication, server, multilink, direct, user, callback, modem, protocol
Dial-up
With Dial-up networks we are actually dialing into a host computer and joining other network. In corporate environments typically we are dialing into the services of a Remote Access Server (RAS). This allows us to join and participate as a member, or a node of that particular network. We can also use Dial-up to connect to the Internet. In this case, we will dial-up and join as a node on the Internet, but this time through our Internet service provider (ISP).
Types of Modems
There are two types of modems that we will normally use for Dial-up. The first one is our standard modem which gives us a connection speed of 56K. The second type is ISDN modem. This type of modem has three channels of operations. We have two channels that are called 'B channels', and the speed on those channels is 64K each. They can be used independent of each other, and they are associated with separate phone numbers. We can use one channel for voice communication and other for data transfer. The third channel, called D channel, is a 16K channel. It is used to control the B channels. We can also consolidate both of those B channels to increase the bandwidth of our connection.
Authentication
When we dial in, we need to authenticate ourselves. Authentication process requires that we enter our username and password. In Windows XP, there are a lot of ways to protect authentication information. Windows utilizes several different protocols, like Extensible Authentication Protocol (EAP), Microsoft version of Challenge Handshake Authentication Protocol (MS-CHAP, version 1 and 2), Shiva Password Authentication Protocol (SPAP), and Password Authentication Protocol (PAP). The PAP is unencrypted, so it is not normally used.
Callback
When the user is authenticated, we have other options that we can use. If we are using Windows 2000 or 2003 server, we can use the Callback feature. If we enable this option, the client will make an initial connection, then the server will disconnect the connection, and then it will immediately call back the client to re-establish the connection. Callback can work in two modes. We can use a preset number for callback, which is a security feature. If somebody calls in and authenticates as a particular user, the server will look at that user's account, and use a preset number for Callback. If somebody is trying to act as an imposter, the connection will be lost to them, because the server will call the preset number for the original user. The second option that we can use for callback is set by the user itself. When the user authenticates, the server will ask for a phone number to use for Callback. This is more an issue of who pays the bill for the telephone charges, not necessarily a security issue.
MultiLink
82

Another feature that we can use with Dial-up connections is a MultiLink. MultiLink is the ability to connect multiple connections into one logical connection. The idea behind MultiLink is to increase the overall bandwidth. 56K is really slow connection, or when talking about ISDN, the 64K is also not really fast. With MultiLink we can use two 56K modems, or use two ISDN channels to create one logical connection, and double the overall capacity. In order to do that, both the client and the server have to be configured to allow a MultiLink connection. We can not use Callback with MultiLink.
Example Dial-up Configuration

Let's configure a Dial-up connection to connect to the Internet. We will go to the Control Panel, and open Network Connections.
On the left menu, in Network Tasks section, let's click on the 'Create a new connection' option. The following wizard appears.
Image 240.2 - New Connection Wizard
We will click 'Next >', and choose the 'Connect to the Internet' option.
83
Image 240.3 - Connect to the Internet Option
We will click 'Next >', and choose 'Set up my connection manually' option.
Image 240.4 - Set up my connection manually Option
We will click 'Next >', and choose 'Connect using a dial-up modem' option.
Image 240.5 - Dial-up modem Option
We will click 'Next >', and enter a name for our connection.
Image 240.6 - Connection Name
We will click 'Next >', and enter a phone number that our ISP gave us.
84
Image 240.7 - Phone Number
We will click 'Next >', and enter a username, password, and again password to confirm it. We will leave the default options checked.
Image 240.8 - Credentials
On the next windows we can click 'Finish' to create our connection.
Multilink and Direct Connections

Using MultiLink, two or more physical modems are used simultaneously to establish a single logical connection. We can configure a single connection to use MultiLink with the bandwidth allocation protocol to dynamically dial and drop connections. To create a MultiLink, first we have to install two or more modems. Next, we have to create a dial-up connection that uses both modems. By default, our connection will use both modems, but we could dial only the first available device, if we want to. We can dial devices only as needed. For example, we can configure it to dial a separate line when the traffic on the first line reaches 80% of the bandwidth and lasts for 20 seconds, and to drop the second line when the traffic falls below 40% and lasts longer then one minute. We can also communicate with other computers using a Direct Connection. A Direct Connection uses a direct link between the two devices, such as a cable attached to the serial or parallel port, or communication through infrared device. We can connect directly to another computer using, for example, a direct parallel link, or we can configure an incoming connection so other users can connect to our computer. To connect directly to another computer, go to the Control Panel > Network Connections > and start the New Connection Wizard. Select the 'Set up an advanced connection' option, and click 'Next'.
85
Image 240.10 - Advanced Connection
Select 'Connect directly to another computer' option, and click 'Next'.
Image 240.11 - Connect Directly
In this example, our computer will access information on the Host computer, so we will select the 'Guest' option. On the next window we have to enter the name of the connection.
Image 240.12 - Guest Option
Image 240.13 - Connection Name
In this example we will use a parallel port for communication.
Image 240.14 - Device Selection
86

Click 'Next', and select 'Finish'. To connect to another computer using a direct connection, we have to provide a user name and a password.
On the other hand, if we want to allow others to access data on our computer, we can create an Incoming Connection. To configure an Incoming Connection, we can simply use our computer as a 'Host'.
Image 240.16 - Host Option
If we configure our computer as a Host, we have to select which users can connect to our computer.
87

Image 240.17 - Allowed Users
Notice that this way we can use only one device that will accept incoming connections. To add more devices, go to the New Connection Wizard, select the 'Set up an advanced connection' option. Next, select the 'Accept incoming connections' option. This way we can select multiple devices that will accept incoming connections.
Image 240.18 - Multiple Devices
We can also enable Virtual Private Network connections (VPN) this way. We will not do that now.
Image 240.19 - VPN Options
Again, we have to select user which will be able to connect to our computer. Next, we need to select the LAN protocols and services that are used for the connection. We have to verify that the protocols we need are in the list.
Image 240.20 - Protocols
On the next window we can click 'Finish' to create an Incoming Connection.
88
More About Remote Authentication Protocols

Password Authentication Protocol (PAP) - authentication is done by comparing a user name and password to a table with paired user names and passwords on the network. PAP does not support secure passwords. Challenge Handshake Authentication Protocol (CHAP) - server sends a challenge message to a peer. Based on the challenge message, the peer calculates a value using a hash, a number generated algorithmically from a string of text, and returns the value to the server. The server checks the value against its own calculation. If the values match, the peer is authenticated. Microsoft has two versions of CHAP: MS-CHAP and MS-CHAP v2. CHAP, MS-CHAP, and MS-CHAP v2 require secure passwords, but only MS-CHAP and MS-CHAP v2 support data encryption. Extensible Authentication Protocol (EAP) - EAP supports several authentication methods, including smart cards, certificates, one-time passwords, and public key authentication. EAP supports secure passwords and data encryption.
Remember
When configuring Dial-up connection, we have to have a dial-up modem installed. We also have to have valid user credentials in order to dial in to remote server. Using Dial-up connection we can also connect to the Internet trough ISP. When using MultiLink, two or more physical modems are used simultaneously to establish a single logical connection. We can create direct connections which can be used to access other computers or to allow access to our own computer using, for example, Serial, Parallel or Infrared port. Paths that are mentioned in this article
Control Panel > Network Connections - location which displays all network connections which are currently configured
89
Configure VPN in XP
When we surf the Internet there are ways for others to capture our data, since Internet is a public network. To get rid of this problem we can create Virtual Private Network (VPN), which is a tunnel between two computers that can be encrypted so that no one else can eavesdrop on our communication.
Before you start

Objectives: learn how to create a VPN connection in XP. Prerequisites: we have to have a VPN server which we will connect to. Key terms: vpn, connection, connect, protocol, internet, network, communication, dial-up, username
VPN Usage
Let's say that we have a client computer which needs to talk to the server. Before VPN, we could just dial-in direct to that particular server with dial-up networking protocols.The problem is that a long-distance charges quickly add up this way. Now when the Internet is widely present, we have the ability to go trough our Internet Service Providers (ISP) and enable communication between the computers of our interests. We can create a communication tunnel between two computers, and we can also encrypt it so that nobody else can eavesdrop on that particular data transmission. That's essentially what a VPN can do for us.
Protocols
The tunnel can be created with one of two protocols. Both of these protocols are based on the PPP (Point to Point Protocol) that is commonly used by Microsoft. The first protocol is PPTP (Point to Point Tunneling Protocol) and the second is L2TP (Layer 2 Tunneling Protocol). The PPTP is the most commonly used protocol because it has built-in encryption. The problem is that it misses some of the more advanced features. Features like header and data compression comes with L2TP, which enables more efficient usage of that particular protocol. The downside of the L2TP is that it does not have built-in encryption. In order to get its encryption we have to use an additional protocol called IP security (IPSec). IPSec uses something known as certificates, which enables us to use 'key pair'. The 'key pair' is used by the client to communicate with the server, and it has two keys. We have a private key and a public key. We do the encryption using the public key, and we decrypt using the private key. The whole idea behind creating a VPN is to ensure a secure communication over a public network.
Example VPN Configuration

VPN connection establishes a secure communication channel through unsecured network. A VPN connection is a logical connection that uses an existing hardware connection. If we were using, for example, a dial-up connection to connect to the Internet, first we would have to connect to the Internet with our dial-up connection, and than use a VPN connection. We will create a VPN connection to securely send data between our home computer and our work network through the Internet. To create a VPN connection, go to the Control Panel > Network Connections and then click on 'Create a new connection' to open a 'New Connection Wizard'.
90
Image 241.1 - New Connection Wizard
Click 'Next', and choose 'Connect to the network at my workplace'.
Image 241.2 - Connect to the Workplace
Click 'Next', and choose 'Virtual Private Network connection'.
Image 241.3 - VPN Connection Option
91

Click 'Next', and enter a company name. In our example we will enter 'utilizewindows'. This is the name of the connection.
Image 241.4 - Company Name
Click 'Next'. In our example, we will automatically dial initial connection, which is called 'Internet', to connect to the Internet before we use a VPN connection.
Image 241.5 - Dial Initial Connection
Click 'Next' and enter a host name or IP address. In our example we will enter 'vpn.utilizewindows.com'.
Image 241.6 - Host Name
Click 'Next', and click 'Finish' to create a VPN connection. To use a VPN connection, we need to have a username and password which we will use to connect to the VPN server.
92
Image 241.7 - VPN Credentials
We can edit properties for our VPN connection. To do that, we have to right-click our VPN connection and select 'Properties'. If we are using dial-up, or a broadband connection (which requires username and password), we should use that connection to connect automatically before the VPN connection. In our case, we have selected to dial 'Internet' connection automatically before the VPN connection.
Remember
Before we can use VPN to connect to another network, we already have to be connected to the Internet in some way. To access another network using VPN, there has to be a VPN server configured on that other network.
93
Configure ICS in XP
The idea behind Internet Connection Sharing (ICS) is that the computer which has got a connection to the Internet shares it with other computers that are connected to our Local Area Network (LAN).
Before you start

Objectives: learn how to configure Internet Connection Sharing on local network using XP machine. Prerequisites: you should have a Switch which will be used to connect all clients on the local network. Also, some kind of Internet connection is required on the XP computer which will be used to configure ICS. Key terms: internet, connection, network, server, ip, address, private, tcp, firewall, dhcp, access, protocol, udp
ICS Server
Let's say that we have one computer which has ICS enabled. This will be our ICS server, so this computer needs to have two connections. The first connection has to be connected to the Internet and the second connection, typically Network Adapter Card, is going to be connected to the Local Area Network so that it can communicate with other computers. When configuring ICS we have to share an external connection, so everybody has access to the Internet. All other computers on the LAN will go to the Internet using the IP address of the external connection. On the internal side, we have to configure our network card with an IP address of 192.168.0.1. This is a protocol that's been established for use with ICS. With ICS we also install a mini DHCP, which means that all of the clients will get their IP address from the ICS server. It also becomes a mini DNS server, so it will do all of the name resolution for other computers so that they can connect to their resources on the Internet. ICS computer also becomes a Router. It is going to route between the LAN and the Internet connection. For clients to be able to use ICS, they have to be DHCP enabled, so they can get an IP address that is going to be compatible with the 192.168.0.0 network. If we have another DHCP server on the network, we should disable it. If we want our clients to use new DHCP server on ICS machine, we have to go to each client and type ipconfig /renew. This way they will get a new IP address from the new DHCP server. We can configure our ICS to connect to the Internet on demand. For example, if an ICS is currently not connected to the Internet, and if a client computer needs to access some resources on the Internet, it will send a message to ICS saying that it needs to go to the Internet. At that particular moment, the ICS server will connect to the Internet and establish the connection, so that any of those clients can have full access to the Internet. In summary, the ICS system is configured as a NAT router, a limited DHCP server, and a DNS proxy (name resolution requests from the private network are forwarded to DNS servers on the Internet). The IP address for the private interface is automatically changed to 192.168.0.1 with a mask of 255.255.255.0. The default gateway of the ICS system is set to point to the Internet connection. Hosts on the private network should use DHCP for address and DNS server information. The ICS system uses DHCP to deliver the following information to hosts on the private network: IP address in the range from 192.168.0.2 to 192.168.0.254, with a Subnet Mask of 255.255.255.0, DNS server address of 192.168.0.1 (the private interface of the ICS system), and the Default Gateway address of 192.168.0.1. We should not use other DHCP servers, DNS servers, or Active Directory on our private network when we have ICS enabled. We should enable Internet Connection Firewall on the Internet connection, not on the private connection. Enabling ICF on a private connection can disable communication with hosts on the private network. By default, the Firewall allows all outgoing Web traffic and responses but blocks all incoming traffic. To allow incoming Web traffic, we have to open ports in the firewall based on the services we want to allow in. If the incoming service is hosted by a computer on the private network, we have to redirect the incoming port to the private host.
Firewall
94

Firewall is a device that can filter or forward packets that are coming inbound or outbound from our computer. Firewall is a device or a piece of software that comes between the Internet and our computer. Firewall will make decisions on every packet that arrives, and that decisions can be to forward it, or to filter it (drop it). When a packet from the Internet comes to our computer, the Firewall will make a decision, based on its settings, whether to allow that packet to come through or to discard the packet. The same thing is true when we send packets out to the Internet. Every packet coming from the Internet is considered to be an Inbound packet. Packet sent from our computer to the Internet is considered to be Outbound packet. We can have different sets of rules concerning inbound and outbound packets. We can configure our Firewall on all connections, but we should always enable it on a connection that connect us to the Internet. We can configure which ports (services) can be used, and which can not. This way we can protect our computer by having smaller 'attack surface'. Windows built-in firewall is designed for home users, or the small office users that needs to be directly connected to the Internet.
Enabling ICS
Internet Connection Sharing lets us share Internet connection with other computers on a home or small office network. In this example we have two network connections on the computer which we will use as ICS server. One is a broadband connection to the Internet and the other is a LAN connection to the home network. In our case, broadband connection is connected to the Internet trough DSL modem, and LAN connection is connected to the Switch. All other clients are also connected to the Switch.
The first step in configuring ICS is to make sure that both connections are configured. Let's examine the configuration of the Local Area Connection. Let's open its properties, and then open the Internet Protocol properties. Notice that the IP address on this network adapter is now 192.168.1.70.
95
Image 242.2 - LAN IP Address
To configure connection sharing, we have to edit the properties of the connection that is used to connect to the Internet. In this case, we are using broadband connection called 'Internet'. Let's open its properties and go to the Advanced tab.
96
Image 242.3 - Internet Connection Properties - Advanced
To enable Internet Connection Sharing we have to check the 'Allow other network users to connect trough this computer's Internet connection' option.
Image 242.4 - Credentials Warning
Notice the warning. Right now the username and password for this Internet connection were not saved for use by all users. This means that this connection can only be initiated if we are currently logged on to the computer. We are going to fix this later. Let's click OK, and take a look at other options that we can configure. Typically we do want to enable demand dialing. Demand dialing establishes an Internet connection whenever a computer on a network tries to connect to the Internet. Also, we can allow other users to be able to control the Internet connection sharing. In this example we will leave the default settings. Let's click OK to save our changes. Take a look at the warning message.
97
Image 242.5 - ICS Warning
When we enable Internet Connection Sharing, the IP address on a network adapter will be changed to 192.168.0.1. Click Yes to confirm the change. Next, we need to save the username and password of the Internet connection for all users. Notice that right now the username and password are only available for us.
That means that we have to be logged on for anyone else to be able to use this connection. We need to change this so that anyone who uses this computer is able to use the Internet connection. When we select the 'Anyone who uses this computer' option, we have to reenter our password and click 'Connect', so that our credentials get saved. Finally, let's take another look at the Local Area Connection properties and the TCP/IP properties. Notice that the IP address for this network adapter has been changed to 192.168.0.1.
98
Image 242.7 - LAN IP After ICS
Remember, all clients in our private network needs to be configured to use DHCP to automatically obtain IP addresses.
Firewall Settings
By default, when we configure an Internet connection on our workstation, a connection is configured only as a client connection. Internet Connection Firewall is enabled to prevent hosts on the Internet from contacting hosts on the private network directly. If our computer or computer on our private network provides services on the Internet (such as Web or FTP server), we need to allow access to those services. To edit those settings, we have to open the properties for the Internet connection, and go to the Advanced tab.
99
Here, under the 'Windows Firewall' section, we have to click the 'Settings' button. Again, we have to go to the Advanced tab.
100
Image 242.9 - Advanced Firewall Tab
Here, under the 'Network Connection Settings', we have to select the connection which we use to connect to the Internet, and click the 'Settings' button.
101
Image 242.10 - List of Services
The Services tab identifies the services provided by hosts on the private network. These are the services that can be contacted by clients from the Internet. For example, we are going to enable FTP server on this computer. Let's check the 'FTP Server' service. The following window appears:
Image 242.11 - FTP Server
102

Let's click OK. Now, we are also going to enable Web server access. However, in the example, the Web server is actually running on a different computer on our private network, so we need to type in its IP address (or name), and click OK. In this example the machine which will act as a web server is named 'webserver'.
Image 242.12 - Web Server
We can use the 'Add' button to add additional services and ports. Now, let's open the ICMP tab. Here we can control the system's response to ICMP packets. The default is to not respond to any ICMP messages. For example, with Internet Connection Firewall (ICF) enabled, our computer will not respond to 'ping' or 'traceroute'. Let's enable 'Allow incoming echo request', which essentially means people can 'ping' this computer.
103
Image 242.13 - Allow Ping
Other options allow us to customize which ICMP messages are supported. Click OK to save the changes, and click OK again to finish.
Common Port Numbers

Domain Name Service (DNS) - 53 (TCP and UDP) Dynamic Host Control Protocol (DHCP) - UDP port 67 for sending data to the server, and UDP port 68 for data to the client File Transfer Protocol (FTP) - TCP port 20 (data) and TCP port 21 (control) Internet Message Access Protocol (IMAP) - TCP port 143 L2TP VPN - 1701 (UDP) and 1707 (TCP) PPTP VPN - 1723 (TCP and UDP) Internet Mail Access Protocol version 3 (IMAP3) - 220 (TCP and UDP) Internet Mail Access Protocol version 4 (IMAP4 or just IMAP) - TCP port 143 IP Security (ISAKMP) - UDP port 500 Lightweight Directory Access Protocol (LDAP) - 389 (TCP and UDP) Post Office Protocol (POP3) - TCP port 110 Remote Desktop - 3389 (TCP and UDP) Secure Web (HTTPS, SSL) - TCP port 443 Send Mail Transfer Protocol (SMTP) - TCP port 25 Telnet - TCP port 23 Web Server (HTTP) - 80 (TCP and UDP)
Remember
104

In order for ICS to function we have to have two connections on ICS server. One connection will connect us to the Internet, and another to the LAN. Other computers (clients) on the LAN will access the Internet trough ICS server. We also have to manage Firewall settings on ICS server. Note that ICS configuration may deffer depending on the network design and devices used. Default IP address of ICS server is 192.168.0.1 and Subnet Mask is 255.255.255.0. All other devices on local LAN should be DHCP enabled so that they automatically get IP addresses in the proper subnet from the ICS server.
105
Remote Assistance in XP
Remote Assistance enables other users to connect to our machine, take remote control, and help us solve any problems that we may be having.
Before you start

Objectives: learn various methods of sending invitations for remote assistance in XP. Prerequisites: no prerequisites. Key terms: invitation, remote, help, assistance, helpdesk, session, e-mail, messenger, invite
Protocol
Remote Assistance Protocol uses the Remote Desktop Protocol as its core protocol for making a connection. Using Remote Assistance, the help desk can establish a chat session with the user, so they can let the user know exactly what they are doing. If we encounter a problem and we don't know how to solve it, the first thing we have to do is send an invitation to the help desk. Help desk is not always connected to our machine, so we have to let them know that we have a problem. We do that by sending an invitation. We can send an invitation by email, or we can use the Windows Messenger to contact the help desk. Once the help desk gets the invitation, they will send back a response to us. The response will come in the format of a dialog box, and in the dialog box it will say 'OK, I'm ready now to help and assist you', and we will click OK. That way we let the help desk know that we're ready to establish a Remote Assistance session. In the next dialog box we have to input our user password so that they can login as us. Once that's done, the Remote Assistance session is opened. At this point the help desk can take remote control of our computer and do any of the troubleshooting that is necessary. Once the session is connected, the user has the ability to terminate the session at any moment. If our Remote Assistance session is going over the Internet, we have few things to remember. Of course, we have to be connected to the Internet the whole time the Remote Assistance session lasts. If we get disconnected from the Internet during Remote Assistance session, it is possible that we will get a new IP address when we connect back to the internet. In this case, we have to send a new Invitation to the help desk, because the help desk will connect to our computer using the IP address that we got from our Internet Service Provider. If our computer goes to 'Stand by' or 'Hibernate' mode, the session will, of course, end. Also, we have to make sure that the port 3389 is opened in our Firewall. If that port is not enabled, the Firewall will prevent the Remote Assistance communication.
Configuration
Remote Assistance is enabled by default with Windows XP Professional. To disable or configure Remote Assistance properties, right-click 'My Computer' and select 'Properties' to open system properties, and then click the 'Remote' tab. Notice that the Remote Assistance is enabled.
106
Image 243.1 - Remote Tab
If we want to disable it, we can simply clear that check box and click on the 'Apply' button. Let's click 'Advanced' button to set additional properties.
Image 243.2 - Advances Settings
Right now the computer is configured to allow remote control. If we don't want to allow remote control of our computer, we can simply clear that check box and click the OK button. Also, we can set the maximum time
107

invitation can remain open. This setting sets the time in which we can get an answer from the help desk. There are several ways to send a Remote Assistance invitation. We can use Windows Messenger for sending invitations to our friends or coworkers. When we sign in to Windows Messenger, we can right-click on a particular contact and select 'Ask for Remote Assistance'.
Image 243.3 - Messenger and Remote Assistance
Image 243.4 - Invitation Sent
108

Windows Messenger comes with Windows XP installation, but we can also use a newer version which is called 'Windows Live Messenger'. In Live Messenger, all we have to do is to start a conversation with our contact, go to the 'Activities', and then select 'Request Remote Assistance'.
Image 243.5 - Live Messenger
Let's cancel this request and minimize Windows Messenger. We can also use the 'Help and Support' center to send invitations using several different methods. Go to the Start Menu and select 'Help and Support'. Under 'Ask for assistance' section we can invite a friend to connect to our computer with Remote Assistance.
109
Image 243.6 - Help and Support
Let's select that and invite someone to help us.
Image 243.7 - Remote Assistance
Let's click on 'Invite someone to help you'.
110
Image 243.8 - Choosing a Method
Notice that we can use Windows messenger to send the invitation to our friends in the contact list. We can click on a person from a list, and click on 'Invite this person'.
Image 243.9 - Sending Invitation to Contact From Messenger
Let's cancel this. Notice that we can also use e-mail to send the invitation. Let's type an e-mail address ' helpdesk@utilizewindows.com'.
Image 243.10 - Invitation Trough E-mail Address
Click 'Invite this person'. On the next screen we can enter a message to explain our problem.
111
Image 243.11 - Invitation With Message
Click 'Continue >'. On the next screen we can set the invitation time to expire. In our example we will leave the default setting. We can also require the recipient to use a password to connect to our computer. It is strongly recommended to use this feature. Of course, we do need to contact the person that will help us and tell what the password is.
Image 243.12 - Invitation Settings
112

Let's click on 'Send Invitation'. Our default e-mail application will open up and ask us to confirm that we want to send the invitation. We will click 'Send'.
Image 243.13 - Sending Invitation Using Mail
Let's go back to 'Help and Support' and let's choose 'Invite someone to help you' again. Now, notice that we have a third option when working with invitations. We can save our invitation as a file. Let's click 'Save invitation as a file (Advanced)'. We can set the name and the time for an invitation to expire.
Image 243.14 - Save Invitation
Let's click 'Continue >'. On this screen we can set a password for the recipient to use. Of course, we do need to contact the person that will help us, and tell that person what the password is.
113
Image 243.15 - Setting Password
Let's click 'Save Invitation'. A new window will open. We can choose where to save our invitation. In this case we will save it to 'My Documents' folder.
Image 243.16 - Saving to My Documents
Our invitation has been successfully saved.
114
Image 243.17 - Result
Now, all we have to do is open our default e-mail application and send the invitation as an attachment. We can also review the status of our invitations. To do that let's open 'Help and Support' again, and select 'Ask a friend to help'. Here, let's click on 'View invitation status'.
Image 243.18 - Invitation Status
Here we can see the status and details of our invitations. We can also delete or manually set the status of an invitation to 'expired'. To do that, first we have to select an invitation, and then click on any of the buttons bellow. If our invitation expired, we can resend an invitation to make it active again.
115
Image 243.18 - Invitation Details
Remember
Remote Assistance is enabled by default with Windows XP Professional. We can send an invitation by e-mail, or we can use the Windows Messenger to contact the help desk. Port 3389 has to be enabled on our Firewall.
116
Remote Desktop in XP
Remote Desktop allows us to connect to and manage remote computers. It is used for remote administration or to run remote applications.
Before you start

Objectives: learn how to configure XP machine to accept Remote Desktop connections, how to initiate a Remote Desktop connection, and how to configure Firewall settings to enable Remote Desktop. Prerequisites: no prerequisites. Key terms: remote, desktop, connection, user, connect, firewall, xp, internet, local, network
About Remote Desktop

Remote Desktop was introduced with Windows XP, however clients for the Remote Desktop can range down to Windows 95. All we have to do is install Terminal Services Client on older Windows operating systems. We can also run applications trough Remote Desktop from older Windows versions. For example, we can run applications that were designed for Windows XP, remotely on a Windows 95 machine. Remote Desktop uses protocol that is known as Remote Desktop Protocol (RDP). RDP was originally implemented with Microsoft Windows Terminal Services. RDP allows us to send screenshots from one computer to another (from the host to the client). Of course, video compression is used, so that we don't send the entire screen every time. Besides video, RDP has a very narrow bandwidth requirement. All it sends to the host is keystrokes and mouse inputs. Windows XP automatically installs the Remote Desktop capability, but before we can use it we have to enable it. If we are going to use the client on operating system older then Windows XP, we have to install the Terminal Services Client so that we can make the connection to the Windows XP host. To use Remote Desktop, we have to create user accounts that are going to be enabled for Remote Desktop. The user has to use a password (can not have blank password). Not every user can make a Remote Desktop connection. We have to authorize particular user or groups of users to use Remote Desktop. Remote Desktop works great on Local Area Network. However, we can also install and configure RDP to run over Internet as well. To enable web access, we have to install Remote Desktop Web Connection. In order for the web connection to work, we have to install the Internet Information Services (IIS). Once IIS is installed, we can enable our clients to connect using Internet Explorer. When connecting over Web, the client will use HTTP protocol. Of course, it will connect to the computer that is hosting Remote Desktop Protocol (using the right port), and it will use the web service that will enable us to connect to the host. This service is called 'tsweb'. The full address in our Internet Explorer will look like this: http://hostname/tsweb. This will allow us to connect Remote Desktop client to the Remote Desktop Host.
Configuration
Let's configure our Windows XP system to accept Remote Desktop connections. This will allow us to connect to our computer remotely. Let's go to the Start Menu, right-click 'My Computer', and select 'Properties'. This will open system properties. Now, go to the 'Remote' tab.
117
Image 244.1 - Remote Tab
Let's check 'Allow users to connect remotely to this computer' and click 'Apply'.
118
Image 244.2 - Remote Desktop Enabled
Remember, if we are using Remote Desktop, all our users should have password enabled accounts. Let's click the 'Select Remote Users...' button.
Image 244.3 - Remote Desktop Users
119

This is a list of users who are allowed to make a remote connection to our computer. Notice that members of the administrators group can connect even if they're not listed. To add a user, we have to click on the 'Add...' button.
Image 244.4 - Select Users
We can enter a user name, click 'Check Names', and then click OK button. In this example, we have entered 'Kim Verson'.
Image 244.5 - User Kim Verson
We can also select 'Advanced...', and then click 'Find Now' to generate the list of users on our computer.
120
Image 244.6 - List of Users
In this example we will select anderson. Let's click OK. These users can now connect to our computer using Remote Desktop.
121
Image 244.7 - Remote Users
When we select remote users here, we are actually making them members of the Remote Desktop Users group.
Image 244.8 - Remote Desktop Users Group
Configuring Firewall
122

Another thing that we have to keep in mind are Firewall settings. When we enable Remote Desktop on our machine, Windows will automatically open necessary ports in Windows Firewall. To check our settings, we will go to the Control Panel, Network Connections, right-click Local Area Connection, select its Properties, and go to the 'Advanced' tab.
Image 244.9 - Advanced Local Area Connection Properties
Here, click on the 'Settings' button, and go to the 'Exceptions' tab.
123
Image 244.10 - Remote Desktop Exception
As we can see, Remote Desktop is enabled, and it will go trough our Firewall. Let's select Remote Desktop, and click on the 'Edit...' button.
Image 244.11 - Edit Service
124

Here we can change the scope of our settings. Let's click on the 'Change Scope...' button.
Image 244.12 - Change Scope
As we can see, Remote Desktop is enabled for any computer, including those on the Internet. We can change that to our network only, or only to particular computers (IP addresses). Let's click OK, and then OK again. These settings are applied on all connections on our computer. If we want to edit settings for individual connections, we can click on 'Advanced' tab, select a connection that we want to edit (Internet in this example), and click on the 'Settings...' button.
125

Image 244.13 - Firewall Individual Connection
In our example, we can see that Remote Desktop is not enabled on the 'Internet' connection. However, Remote Desktop will still work. It will work because we have put and exception in our Windows Firewall. If we want to enable ports only for individual connections, we should remove an exception from Windows Firewall. Then we should edit Firewall settings for individual connection. This option is Important when we are sharing an Internet Connection on our computer. When we are using Internet Connection Sharing (ICS), our computer is acting as a Firewall for the whole network. Because of that we have to add an exception in Firewall for Internet connection. The default port for Remote Desktop is 3389.
Creating a Connection
Now we are ready to establish a Remote Desktop Connection. In this example we will connect to another computer on our Local Area Network. Let's go to the Start Menu > All Programs > Accessories > Remote Desktop Connection.
Image 244.14 - Remote Desktop Connection
To make a connection simply enter the computer name or IP address, and then click Connect. However, we can optimize connection properties before we create the connection. To do that, let's click on 'Options >>'.
126
Image 244.15 - More Options
On the 'General' tab, we should enter a name of the remote computer. In our example the computer name will be 'verson'. Username is Kim Verson. We will also check 'Allow me to save credentials'.
127
Image 244.16 - General Tab
Let's go to the Display tab. Here we can choose the size of our remote desktop. We can also set the color quality. This way we can minimize the amount of data sent over that connection. Because we will use this connection on LAN, we will leave the default settings.
128
Image 244.17 - Display Tab
Let's go to the 'Local Resources' tab. If we are on a slower connection we can disable sounds. Here, we can also configure the remote system to access resources on our local system. For example, right now, if we want to print something when working on remote computer, it will actually print on the local computer instead of the remote computer. We will leave the default settings.
129
Image 244.18 - Local Resources
Let's go to the 'Programs' tab. The Programs tab allows us to launch programs.
130
Image 244.19 - Programs Tab
Let's go to the 'Experience' tab. Here we can optimize data for various connection speeds. Notice that right now the connection will be optimized for Dial-up speed.
131
Image 244.20 - Experience Tab
From the drop-down menu we will select 'LAN', because our remote computer is on local network. We are ready now to connect to the remote computer. Before we do that, we can save this connection by going to the 'General' tab, and clicking on a 'Save as' button. If our remote computer is, for example, at our office (on different network), we can connect to it over Internet using Virtual Private Network. First we have to connect to the Internet. Then we have to initialize a VPN connection to our work network. Then, we can create a Remote Desktop Connection to the remote computer. We can also use Terminal Services Gateway (TS Gateway) to connect to remote computer without having to initialize a VPN connection.
Remember
Windows XP automatically installs the Remote Desktop capability, but before we can use it we have to enable it. All our users should have password enabled accounts on the machine which has Remote Desktop enabled. Also, we have to add specific users to the Remote Desktop Users group, which will then be able to connect to our machine remotely. Windows Firewall has to be configured to allow port 3389. When connecting to another computer, we can optimize connection settings such as display, color quality, sounds, etc. Paths that are mentioned in this article
Start Menu > All Programs > Accessories > Remote Desktop Connection - connect to another computer using Remote Desktop
132
Utilize Windows XP Files and Folders
Files and Folders File Compression in XP

Parent Category: XP Category: Files and Folders
File compression enables us to save hard drive space on our computer. Windows XP supports ZIP function as well, so we should know the difference between the File Compression in XP and ZIP function.
Before you start

Objectives: learn how to manage File Compression in XP. Prerequisites: no prerequisites. Key terms: folder, compression, attribute, ntfs, file, partition
ZIP vs File Compression

ZIP allows us to create compressed set of files. We can take a bunch of files and compress them into single entity. With File Compression we can compress a file or a folder in Windows directly. When we work with compressed files or folders, Windows will automatically decompress them. When we are finished, Windows will automatically compress them back.
Compressed Attribute
Every file and folder on NTFS partition has a 'Compressed' attribute. This attribute can be 'true' or 'false'. Because of that attribute Windows knows which files should be compressed to save disk space. To set this attribute, we can right-click any file or folder, select 'Properties', and select 'Advanced' on the 'General' tab. Here we can check 'Compress contents to save disk space' option.
Image 245.1 - Advanced Attributes
If we set a 'compression' attribute to a folder, we have an option to compress all the sub folders and all of the files inside of that particular folder. If we add a new file to that folder, it will also be compressed since it will inherit the
133

compression attribute of that particular folder. If we decide to move that file to another folder on the same partition, the compression attribute will remain set. If we decide to copy that file to another location, the new copy will inherit the compression attribute from the new folder. If we move or copy that file to a different partition, it will always inherit the attributes of the new target folder. In this case, when we move a file, Windows will first create a copy, and once the copy has been verified, Windows will delete the original. Because of that, Windows will see that file as a new file, so it will use the attributes from the new folder to set compression status.
NTFS File System

We can use compression on NTFS file system. If we move a compressed file to the non-NTFS partition, the file will be uncompressed. We can not use compression and encryption together. We cannot save or copy a compressed folder or file to a disk containing less free space than the real size of the folder or file when they are uncompressed. NTFS compression on volumes with cluster sizes larger than 4 KB is not supported. If we copy or move a zipped folder, it always remains zipped (regardless of the destination file system).
CMD Tools
We can use a 'Compact.exe' for compression, which is a Command Prompt tool. We can use the following switches with 'compact': /C to compress the specified files (folders are marked as compressed), /S to compress all sub folders of the specified folder, /U to uncompress the specified files (folders are marked as uncompressed). The following example command will compress all files in the 'Great citations' folder (including subfolders). compact /C C:\Documents and Settings\Administrator\My Documents\Great citations\*.* /S
To compress a file or folder, we have to navigate to the file or folder that we want to compress. In our example, we will navigate to the 'My Documents' folder, and then select 'Great citations' folder.
Image 245.2 - Great citations Folder
Let's right-click that folder, select 'Properties, click on the 'Advanced' button, and then select 'Compress content to save disk space'.
134
Image 245.4 - Commpress Attribute Checked
Click OK. The system will ask us do we want to apply changes to this folder only, or to the folder and all of its subfolders.
135
Image 245.5 - Confirm Attribute Changes
We will apply this changes to this folder, subfolders and files. Let's click OK. We can also see our compressed files in blue color if we want. To do that, go to the Tools menu, select 'Folder Options', go to the 'View' tab, and scroll down. Check the 'Show encrypted or compressed NTFS files in color', and click 'OK'.
Image 245.6 - Tools Menu
136
Image 245.7 - View Tab
Let's uncompress a file. To do that, let's open the 'Great citations' folder, right click on the 'Seneca - On Providence' file, select 'Properties, and click on the 'Advanced' button. To uncompress a file we need to clear the check box for 'Compress contents to save disk space', and click OK. Notice the color change.
Image 245.8 - Uncompressed File
We would do the same thing for our compressed folders.
Remember
ZIP compression and NTFS File Compression are two different things. Every file and folder on NTFS file system has a Compression attribute which we use to set compression on or off. In XP we set compression attribute by checking the 'Compress contents to save disk space' option.
137
Encryption in XP
Encryption helps us to protect data on our computer. For Windows, Microsoft came up with the Encrypting File System to protect the data on our hard drives.
Before you start

Objectives: learn how to manage encryption of files in XP system. Prerequisites: no prerequisites Key terms: enyrypted, file, folder, key, ntfs, recovery, agent, attribute, certificate, fek, user, access
Encrypting File System

Encrypting File System (EFS) uses certificates to manage access to files. These can be trusted third-party certificates, or they can be self signed certificates. Encryption is represented as an attribute of a file or a folder, just like a 'compression' attribute. We can either encrypt or compress a file. We can not use both of those attributes together (we can not encrypt a compressed file or folder). When we set the 'Encrypt' attribute on a single file, the file will be encrypted. To do that we have to go to the advanced properties of a file. When we encrypt a folder, we can also choose to encrypt all the files and sub folders that are in that particular folder. We can also use command prompt to encrypt files. To do that we can use the 'cypher' command. When talking about encryption, one of the concerns is what will happen if we move an encrypted file. To be able to use the encryption, we have to have NTFS formatted partition. If we move our encrypted file somewhere else on the same partition, it will remain encrypted. If we move our encrypted file to another partition that is also NTFS formatted, it will still remain encrypted. If we move our file to the FAT32 partition, our file will be decrypted. Only the original user can move encrypted file to the FAT or FAT32 partition, because it first needs to be decrypted. This will happen if we move our file to the Floppy disk or a USB stick. If we copy an unencrypted file to an encrypted folder, the file is encrypted. If we move an unencrypted file into an encrypted folder, the file remains unencrypted.
Recovery
By default, only original user can read encrypted files. There's also the recovery agent. The recovery agent is the default Administrator for the local computer. In Windows XP, user has the ability of designating additional users that can read and access files that have been encrypted. In a domain, the domain Administrator account is the default recovery agent. We must have Write permission to a folder or file to encrypt it. We cannot encrypt System or Read-only files. To recover encrypted files, the files and recovery key need to be on the same computer. Without the private key or recovery key, we cannot copy or move an encrypted file. We can however, back up the files and restore them to the computer where a recovery key is located. We can also export the recovery key and import it onto the computer storing the files we want to recover. Normally, encrypted files are meant to be stored and read on the local computer only. We can only encrypt files stored on remote computers if the computer is trusted for delegation in Active Directory. When moving files encrypted on our local system to another computer (for use on that computer), we have to make sure that our certificate and private key are available on the other computer. Otherwise, we might be unable to open those files. When moving encrypted files to another computer over the network, files are not encrypted while they are in transit. Files might be intercepted as they are transferred. We should use IPSec to secure network communications in this case. When we do a backup of our encrypted files, the encryption will be preserved, and we will be able to restore it to an NTFS partition.
Encryption Process
EFS encrypts file content with a randomly generated secret key called the File Encryption Key or FEK. This key is specific to each file. The FEK is then encrypted by the user's public key and stored with the file as an attribute called the Data Decryption Field or DDF. The recovery agent's public key also encrypts the FEK, so that the
138

recovery agent can open the file if necessary. The Recovery Agent version of the FEK is stored in the file as an attribute called the Data Recovery Field or DRF. When the file is accessed by the user who encrypted it, Windows uses that user's private key to decrypt the FEK found in the DDF. It then uses the FEK to decipher the file's contents. When the recovery agent access the encrypted file, Windows uses the recovery agent private key to decrypt the file encryption key found in the DRF. It then uses the FEK to decrypt the file. This process keeps the user's private key safe because no one else has access to it, not even the recovery agent. When someone without the appropriate private key tries to open and encrypted file, they will be denied access because they are unable to decrypt the FEK.
Encrypting a File or Folder

Encryption protects the contents of the file saved on an NTFS partition. Let's encrypt a folder. To do that we have to right click a particular folder, go to it's properties, and then click on the 'Advanced' button in the 'General' tab. In our case we will encrypt the 'Confidential' folder on our E partition.
Image 246.1 - Advanced Attributes
Here we can select to 'Encrypt contents to secure data' option. Click OK to confirm, and then click OK again. Now we are given a choice to apply changes to this folder only, or we can encrypt this folder, all subfolders, and all files in the subfolders. In our example we will select the default option and click OK.
139

Image 246.2 - Confirmation
We can configure Windows to show encrypted files and compressed files in a different color. To do that go to the Tools menu, select 'Folder Options', go to the 'View' tab, scroll down, select 'Show encrypted or compressed NTFS files in color' and click OK. Notice that our encrypted files are now shown in different color.
Image 246.3 - Encrypted Folder
Normally, encrypted files can only be opened by the user who encrypted the files, or by the designated recovery agent. In Windows XP we have the ability to identify additional users who can open the encrypted file. To allow additional users to open an encrypted file, open the properties of the file, click 'Advanced', and then click 'Details'. In our example, we will select the 'Reckoning.doc' file which is located in the 'Confidential' folder.
Image 246.4 - Details
The box at the top shows the list of users who can access the file. Notice that only the Administrator has the access to the file. Data Recovery Agents are not defined in our case. To add additional users, we will click the
140

'Add' button, and select them from the list. This list only shows users with valid certificates. If the user is not listed, that means the user simply doesn't have a valid certificate. Let's add Kim Verson.
Image 246.5 - Adding Kim Verson
Image 246.6 - Final List
Click OK, and click OK again to finish.
Remember
141

In XP we can encrypt files and folders by checking the 'Encrypt contents to secure data' option, in file/folder properties. We can configure Windows to show encrypted files and compressed files in a different color. Normally, encrypted files can only be opened by the user who encrypted the files, or by the designated recovery agent. We can also identify additional users who can open the encrypted file.
142
Disk Quotas in XP
Disk Quotas enables us to limit a user size of files that they can place on a particular partition. With Disk Quotas we can make it appear to that user that they have only a limited amount of space on particular hard drive and we can select to disallow them to exceed those particular quotas. Every file and folder that users create, copy, save, or take ownership of on a volume or partition, counts toward their disk quota.
Before you start

Objectives: learn how to manage Disk Quotas in XP. Prerequisites: no prerequisites. Key terms: user, limit, file, space, partition, entry, set, drive, ownership, enable
Considerations
The first requirement for setting up Disk Quotas is that we have to be using an NTFS partition. We set the quotas on the partition, not on the individual folders or files. Each NTFS volume or partition on a hard disk has its own set of Disk Quotas, even if they are on the same Hard Disk. The quotas are based on the file ownership. As user starts creating new files, that counts towards their disk quotas. If we are just using somebody else's files, that doesn't have an impact as far as file ownership is concerned. Disk Quota can be set to 'Disabled', 'Tracked', or to 'Enforced'. When we enable quotas, we have to set the limits on space usage on particular partition or Hard Drive. This only applies to new users. If the user already has files on that partition, the Disk Quota doesn't apply to that user. We also have the ability of setting up warning limits. This will let our users know that they are approaching their limits. When working with quotas, we have an option to enforce the disk quotas. By failing to set up enforcement, the users will be allowed to exceed the limits that we have set up previously. So, to really limit disk usage, we need to set up enforcement. Remember, the quotas will not apply to existing users. To limit disk usage for existing users, we have to edit their quota entries. When we go to quota entries, we will see that there's already a default generic quota entry for all new users. Here we can add additional users or groups of users, and then apply specific quotas to those users. This applies to all users except the 'Administrators' group. The quota is never applied to the administrators. System and application files count toward Disk Quotas, so the user account which installs software needs a higher limit. If a user exceeds the quota limit, we can delete files owned by the user, change ownership of files (quota limits are enforced based on owned files), move files to other volumes (quota limits are enforced on a volume or partition basis), or increase the quota limit. We cannot reduce the amount of space used by files by compressing them. Quotas count the uncompressed size of a file toward the quota limit. If we need to remove the quotas, we will have to take the ownership away from those particular users, and then reset their limits. We cannot delete a user's account quota until we remove or take ownership of all users files on the volume. We can also use the Fsutil.exe command line tool to manage quotas from the command prompt.
Configuring Quotas
We can use Disk Quotas on NTFS partitions to keep track or restrict the amount of disk space used by specific users. We can enable quotas by editing the properties of an NTFS drive. Let's right-click E drive, open its properties, and go to the 'Quota' tab.
143
Image 247.1 - Quota Tab
To enable quotas, select 'Enable quota management', and then click 'Apply'. The warning message will appear.
Image 247.2 - Warning
We will click OK to enable quota management. When we enable quotas, the system scans the drive and creates the quota entry for all users who currently own files on that partition. Let's click 'Quota Entries' to take a look at the entries that have just been created.
144
Image 247.3 - Quota Entries
Notice that we have entries for administrators group, Administrator, Ally Anderson, and Kim Verson. At this point, quotas are doing nothing more than reporting the used disk space on the drive. Let's close the 'Quota Entries' window, and let's select the default quota limit for new users on this volume. To do that, check the 'Limit disk space to' option.
Image 247.4 - Limit Disk Space To
In this case we will accept the default limit of 1K with the default warning level of 1K, and then click 'Apply'. Keep in mind that this limit only applies to users who currently have no files on the drive. The limit value for the existing users have not changed. Let's take a look a the 'Quota Entries'.
145
Image 247.5 - Quota Entries 2
Notice that Ally Anderson and Kim Verson still have no quota limit. Let's close that window. Currently we are logged on with an Administrator account. Let's log on with another account to see how will our quotas behave. Let's log on as 'wdelmonte', which is a new user who has never loged on to our computer before.
Image 247.6 - wdelmonte Log On
Let's try to copy a file to the E partition. Let's create a new folder named 'wdelmonte'. We will copy an mp3 file to that folder.
Image 247.7 - File Copied
Notice that our mp3 file is much larger than the 1 KB (which is our quota limit). We could go over our limit because we did not enforce disk quotas. Let's take a look at our Quota Entries again.
146
Image 247.8 - Exceeded Limit
Notice that Willie has exceeded his quota limit. To deny disk space usage for those who exceed quota limit, we have to check 'Deny disk space to users exceeding quota limit' option. This way we will enforce Disk Quotas.
Image 247.9 - Deny Disk Space Option Checked
We can also edit individual quota entry for users. To do that, open 'Quota Entries', right-click on a user, and select 'Properties'. Let's limit disk space for Willie Delmonte to 100 MB, and set warning level to 90 MB. Click 'Apply' to confirm.
147
Image 247.10 - Modified Quota Entry
If the quota is not needed for particular users, we can delete Quota Entry for that particular users. In our case we will delete Ally Anderson quota entry. Let's right-click Ally Anderson, select 'Delete', and click 'Yes' to confirm. The following window will appear.
148
Image 247.11 - Files That Ally Owns
The thing is, we have to do something with the files that Ally currently owns. We can delete, take ownership of those files, or move them somewhere else. In our case, we will select all files, and click the 'Delete' button.
149
Image 247.12 - Delete Files
Notice that the quota entry for Ally Anderson is now gone.
Image 247.13 - Quota Entry for Ally is Removed
Remember
We can use Disk Quotas on NTFS partitions. We can enable quotas by editing the properties of an NTFS drive.
150
Configure NTFS Permissions in XP

NTFS permissions allows us to control access to folders and files for both local and network users. There are several broad categories of NTFS permissions.
Before you start

Objectives: learn how to configure NTFS permissions for files and folders in XP Prerequisites: no prerequisites Key terms: permission, group, folder, user, modify, file, ntfs, acl, control, check, read
Permission Categories
The first category is 'Full control', which allows users to do whatever they need to do to a file or a folder. It allows them to add or delete content, take ownership or to change the permissions for other users. The second permission is called 'Modify'. It allows us to add or delete content and execute files. It does not allow us to take ownership or to modify the permissions. The next permission is 'Read and execute'. It allows us to read the content of the file, and if it is an executable, it allows us to execute the content of the file. The next permission is 'List content', which is applied to folders. It allows us to see the content of the folders, but it does not allow us to open or modify the content of those folders. The next permission is 'Read'. It allows us to read the content. The next permission is 'Write'. It allows us to modify the content. To modify the permissions of the file or folder, we need to go to its properties, and then the 'Security' tab. Here we can see the 'Access Control List' (ACL). ACL shows us what our users can or can not do on particular file or folder. In ACL there are two columns of permissions. One column is the 'Allow' column, and the other is the 'Deny' column. The 'Allow' column shows us what is allowed for a particular user. The 'Deny' column allows us to deny access for particular user. This column becomes important when we have the same users assigned to different groups, and we want to deny some actions for that users on particular file or folder. The 'Deny' setting always takes precedence and overrides the 'Allow' setting. If users or groups of users are not listed in ACL, they don't have access to that particular file or folder.
Default Permissions
To edit NTFS permissions, we have to open the properties for the drive, folder or file, and then use the 'Security' tab. In our example, we will go to the E drive, and then open the properties of the 'Paulaner' folder.
151
Image 248.1 - Paulaner Properties
In our case we can see the 'Security' tab. If you don't see a 'Security' tab, check that your drive is formatted with NTFS file system, and check that you don't have 'Simple sharing' enabled. To disable 'Simple sharing' and enable 'Advanced sharing', go to the 'Tools' menu, 'Folder options', and then the 'View' tab. Scroll down and clear 'Use simple file sharing' and click OK. Let's now open the 'Security' tab, and take a look at NTFS permissions.
152
Image 248.2 - Security Tab The top box shows the users or groups with existing permissions for the folder. When we select a user, the bottom box shows the permissions of that user or group. Let's select the 'Administrators' group.
153
Image 248.3 - Administrators Group
Notice that the 'Allow' permissions are grayed out, and we can't modify them. We could use the 'Deny' option to modify permissions, but that is not recommended in this case. In addition, we can't remove a user or a group from the list. Let's check that out by trying to remove the 'Users' group.
Image 248.4 - Removing a Users Group
We get a warning message that we can't remove users because this object is inheriting permissions from parent. In this case the parent is the E drive. The 'Paulaner' folder is inheriting its NTFS permissions from the E drive. Let's click OK. To see more information about NTFS permissions, let's click on the 'Advanced' button.
154
Image 248.5 - Advanced Security
On the 'Permissions' tab, we can see the list of permission entries. Each entry shows whether the permission is denied or allowed, the user or group, the actual permission, where the permission is inheriting from, and what it's applied to. In our case, the parent object is the E drive. Administrators have full control because they need to manage the drive and its contents. The 'Creator Owner' group also has full control so that users can manage their own files (they need to manage the files that they create). The 'System' group also has full control so that the operating system can access files as necessary. The 'Users' group has 'Read and Execute' permission. Users with 'Special' permission have advanced permissions that don't show up on a regular list. By default all files and folders are configured to inherit permissions from the parent object. If we want to change the inherited permissions we need to clear the 'Inherit from parent the permission entries that apply to child objects' option. When we do that, we are given a choice.
Image 248.6 - Editing Inheritance
155

We can either copy the existing permissions or we can completely remove them. If we want to make minor changes to the inherited permissions, 'Copy' is the best solution. 'Copy' copies the existing permissions, but it removes inheritance. After the copy is finished, we can change the existing permissions. If the existing permissions are completely wrong, we could just remove them and build our own permissions from scratch. In our case, we want to make some minor changes, so we will select the 'Copy' option, and click OK.
Image 248.7 - Users Group Selected
Notice that we have the same permissions list as we had before. But this time we can edit the permissions. Now we can delete the 'Users' group from the list.
Remember, if we want to edit permissions for particular file or folder, we have to clear the 'Inherit from parent the permission entries that apply to child objects' in 'Advanced Security Settings'. Otherwise the permissions will be inherited from the parent. When we add new user or group to the ACL, we can assign the permissions for that user or group of users as we desire. For example, if we check the 'Modify' permission, the system will automatically check 'Read & Execute', 'List Folder Options', 'Read', and 'Write' permission. If we check 'Read & Execute' the system will automatically check 'List Folder Options', and 'Read' permission. On every permission we have an 'Allow' column and a 'Deny' column. We use the 'Deny' column to explicitly deny access to a particular user. Our users can belong to more than one group, so this option comes in handy in that case. Let's say that we have one user that belongs to several groups. Let's say that this user is a member of 'Accounting' group, and also member of the 'Development' group. Let's say that the 'Accounting' group has the 'Read & Execute' permission, and Development' group has the 'Write' permission on particular folder. In this case we will add the privileges up.
156

The effective permissions for this user will consist of the 'Read & Execute' from one group, and 'Write' from another group. Now, let's say that the 'Accounting' has the 'Modify' permission, and the 'Development' has the denied 'Write' permission. The 'Modify' will give users the ability to read and execute files, but the denied 'Write' permission from 'Development' will deny writing from the 'Modify' permission set for the 'Accounting' group. If the user belongs to both groups, the effective permission is 'Read & Execute' in this case. We can see the effective permissions if we go to the 'Advanced', and then to the 'Effective Permissions' tab. We have to select the user or a group. The effective permissions will appear for that user or a group of users. Let's see an example. We have a folder named 'Databases' on our E drive. We want members of the 'Accounting' local group to be able to add and remove files in the folder. To work with NTFS permissions we have to be sure that the 'Use simple file sharing' setting is unchecked. Go to 'Tools', 'Folder Options', 'View' tab, and scroll down. Then clear 'Use simple file sharing' and click OK.
Image 248.8 - Simple File Sharing
Now, we'll modify the Access Control List for the 'Databases' folder. In other words, we are going to modify the NTFS permissions. Open the properties of the 'Databases' folder, and go to the 'Security' tab.
157
Image 248.9 - Database Folder Properties
Notice that each of the entries have inherited the permissions from the parent drive. We want to have more restricted permissions, so we need to modify the inherited permissions. Let's click 'Advanced', clear the 'Inheritance' check box, and select 'Copy' to copy existing permissions.
158
Image 248.10 - Advanced Settings
Image 248.11 - Inheritance Unchecked
159
Image 248.12 - Permissions Copied
Click OK to close the advanced dialog box. Now we can modify our existing permissions. We are going to keep the 'Administrators' group with full control so that they can continue to manage the folder.
160
Image 248.13 - Administrators Group
We will keep the 'CREATOR OWNER' group, because this allows users full control over their own files. This group has 'Special Permissions'.
161
Image 248.14 - Creator Owner Group
We will remove the 'Users' group. We don't want any individual user to have access to this folder, so we will also remove the 'Administrator' account from the list too. Finally, we will add the 'Accounting' group to the ACL. We will click 'Add', type in 'Accounting', and click 'Check Names'. Click 'OK' to add the group to the ACL.
Image 248.15 - Adding a Group
162
Image 248.16 - Accounting Group Added
The 'Accounting' group was added with default permissions of 'Read & Execute', and 'List Folder Contents'. We will also check 'Modify' permission, so that our users from the 'Accounting' group can modify the content of the folder.
163
Image 248.17 - Modify Permission Added
However, we don't want them to have full control. Giving them 'Full Control' permission would allow them to modify the ACL. In other words, they could change permissions on this folder. We only want the 'Administrators' group, and the 'Creator Owner' group to have full control. Let's click 'OK' to finish our permissions assignment. Every folder and file has several permissions that we can set to control access. Let's take a look at the permissions on the 'Manuals' folder.
164
Image 248.18 - Kim Verson Permissions
Notice that Kim Verson has three permissions allowed. These are 'Read & Execute', 'List Folder Content', and 'Read'. However, many of the standard permissions are really a combination of more advanced permissions. To see advanced permissions click the 'Advanced' button.
165
Image 248.19 - Advanced Permissions
Here we can see all permission entries. Let's select Kim Verson and click on the 'Edit' button.
166
Image 248.20 - Advanced Permissions for Kim
Notice that Kim Verson now has five permissions instead of three. We will modify the permissions for this user by granting her the 'Take Ownership' permission. Click 'OK' twice.
167
Image 248.21 - Kim Verson Special Permission
Notice that now Kim Verson has 'Special Permission' checked. That's because the 'Take Ownership' permission is not one of the normal permissions. In addition to granting special permissions, we can configure how those permissions apply to the folder and its files. Let's go back to 'Advanced', select Kim Verson, and click 'Edit' again. Notice the 'Apply onto' list.
168
Image 248.22 - Apply Onto
As we can see, we have a number of different choices. In this example, let's apply our changes to the files only, give 'Full Control' permission, and click OK.
169
Image 248.23 - Files Only
170
Image 248.24 - Special Permissions
Notice that Kim Verson has only 'Special Permission' selected. Even though we granted the 'Full Control' permission, in the 'Security' tab only 'Special Permissions' is checked. Other permissions are not shown, but are indicated by a check mark in the 'Special Permissions' box. Let's go back to 'Advanced', select Kim Verson again, click 'Edit', and this time select 'Apply onto: This folder, subfolders, and files'.
171
Image 248.25 - This folder subfolders and files
Click OK twice to confirm. Let's look at the 'Security' tab. Notice that, for Kim Verson, the 'Full Control' permission has been granted and 'Special Permission' is no longer selected.
172
Image 248.26 - Full Control
Let's add the 'Accounting' group to the ACL for the 'Manuals' folder, with default permissions. Note that Kim Verson is the member of the 'Accounting' group. When we have several groups of users in ACL it is good to check the 'Effective Permissions' for individual users. While we could calculate this ourself, we can let Windows show us the effective permissions. To do that, go to the 'Advanced', and go to the 'Effective Permissions' tab. We need to select some user account. We will click on the 'Select' button, type in 'Kim Verson', click 'Check Names', and then click 'OK'.
173
Image 248.27 - Kim Verson Effective Permissions
Notice that Kim Verson has all possible permissions, while other users that belong to the 'Accounting' group only have default permissions. This is because we have added Kim Verson individually to the ACL and edited her's permissions. In addition to NTFS permissions, files and folders on an NTFS partition identify the file owner. Ownership is important because some actions can only be performed by the owner. In other cases, we can take ownership of the file to modify the permissions on a file when we would otherwise not be able to. In our example, we have a file in the 'Manuals' folder called 'Keeway Cruiser 250'. Kim Verson created this file and she removed all other users and groups from the ACL.
174
Image 248.28 - Keeway Security Properties
Now, let's log on with an Administrator account and try to change the NTFS permissions for the 'Keeway Cruiser 250' file. Notice the Warning.
Image 248.29 - Security Warning
175
Image 248.30 - Security Tab
We can not view, let alone modify the access control list. However, we can take ownership of the file. To take ownership, we have to be logged on as user who is a member of the 'Administrators' group. We are currently logged on as an Administrator, who is a member of the 'Administrators' group. We'll click 'Advanced', and then click the 'Owner' tab.
176
Image 248.31 - Owner Tab
Now, we want to select a user who is going to take ownership of this file. We will select Administrator, and click 'Apply'.
177
Image 248.32 - Owner Changed
Notice that the owner is changed to the 'Administrator' account. Let's click OK to save our changes, and click OK again. Now, as the file owner, if we open the file properties and go to the 'Security' tab, we can view and modify the NTFS permissions for the file.
178
Image 248.33 - File Properties
Remember
If we want to edit current permissions for particular file or folder, we have to clear the 'Inherit from parent the permission entries that apply to child objects' option in 'Advanced Security Settings'. When we add new user or group to the ACL, we can assign the permissions for that users as we desire. We use the 'Deny' column to explicitly deny access to a particular user since users can belong to more than one group. We can see the effective permissions if we go to the 'Advanced', and then to the 'Effective Permissions' tab. Giving users 'Full Control' permission allows them to modify the ACL. In addition to NTFS permissions, files and folders on an NTFS partition identify the file owner. Ownership is important because some actions can only be performed by the owner. We can take ownership of the file to modify the permissions on a file when we would otherwise not be able to.
179
Share Folders in XP
In Windows XP we can allows network access to our files and folders. Users can then modify existing files, or create new files over network.
Before you start

Objectives: learn how to enable file sharing, how to make shared folder, how to connect to a share and how to manage share permissions in XP. Prerequisites: no prerequisites. Key terms: share, folder, network, permissions, user, drive, name, control, file, map, unc, read, enable
Tools
To share our folders we can use two tools. The first tool is Windows Explorer. By going in to the properties of any folder, we can go to the 'Sharing' tab, where we can enable sharing of that folder. When we create a share, we have to name it. That is how our users will find the share. We also have to put permissions of the share, and we can also control the limits of the share. We can limit how many users can connect simultaneously to our share. By default, the limit is 10 users and that is the maximum number of users as well. If we need more then 10 people accessing a share, we have to use Windows Server edition. Another tool that we can use to manage shares is 'Shared Folders', which is located in 'Computer Management'. In 'Shared Folders' we can create new shares, or we can manage existing shares.
Access
To access a share we can go to 'My Network Places', where we can see other computers on the network. When we open target computer, we can access shared folders or printers on that computer. Additionally, to access network share, we can use Universal Naming Convention (UNC) path. To access a share with UNC, first we have to type in '\\', then the computer name, then '\', and then the share name. So, if we have a share named 'Factis', on a computer named 'SilverCrest', the UNC path to that share would be '\\silvercrest\factis'.
Administrative Shares
When we install our system, the 'Administrative shares' get created. The 'Administrative shares' are accessible only by the Administrators group. These shares are hidden by default. We can hide the share by putting the '$' sign after the name of the share. These shares are not visible in network neighborhood. In order to access hidden share, we have to use UNC path. Of course, at the end of the UNC path will be the '$' sign.
Enabling Sharing
If our computer is a new computer and is a member of a workgroup, file and printer sharing is disabled. We will not be able to share folders and printers until we first enable sharing. For computers on a domain, sharing is automatically enabled. The recommended method to enable sharing is to run the 'Network Setup Wizard'. Go to the 'Control Panel', click on the 'Network Setup Wizard', and click 'Next'.
180
Image 249.1 - Checklist
We have to ensure that we have installed network card, turn on all computers, printers, and that we have connected to the Internet. Click 'Next'.
Image 249.2 - Connection
In our example we are connected to the Internet trough Local Area Connection. We will use the existing connection (first option). Click 'Next'.
181
Image 249.3 - Computer Name
Here we can enter computer description and change computer name. Click 'Next'.
Image 249.4 - Workgroup
Here we can enter the Workgroup name. We will enter 'Workgroup'. Click 'Next.
Image 249.5 - Turn On File And Printer Sharing
Here we will select 'Turn on file and printer sharing'. Click 'Next'.
182
Image 249.6 - Finish
Here we will select to just finish the wizard, and click 'Next'. Click 'Finish' to close the wizard. This way we have enabled sharing on our computer.
Sharing a Folder
We can use Windows Explorer to quickly share a folder. Simply right-click some folder, open its properties, and then select 'Sharing' tab. In our case we will share the 'Manuals' folder, which is located on our E drive.
Image 249.7 - Sharing Options for Manuals Folder
To share a folder, we have to check 'Share this folder on the network' option.
183
Image 249.8 - Sharing is Enabled
By default, users are not allowed to change our files. This way users can only read our files. We want to allow all users to change our files so we will check 'Allow network users to change my files' option, and click 'Apply'.
Image 249.9 - Modify is Enabled
Let's click OK. Notice the the icon of the folder is changed. It now indicates that the folder is shared.
Image 249.10 - Shared Folder
In this example the computer is configured to use Simple File Sharing. If we want more control over file shares we need to enable advanced sharing. To do this, go to the Tools menu and selectFolder Options. Then go to the View tab, scroll down, clear the 'Use simple file sharing' check box, and click OK.
184
Image 249.11 - Simple File Sharing Disabled
Let's open sharing options for Manuals folder again.
185
Image 249.12 - Advanced Sharing Options
Now we can share the folder multiple times. Let's add an additional share by clicking on the New Share button.
Image 249.13 - New Share
We can share this folder again with a different name. In this example we will name it Motorcycle manuals, and click OK.
186
Image 249.14 - Motorcycle Manuals Share
When using advanced sharing, we can set user limits. For example, we can set the maximum number of users to 2 users, instead of 10.
Image 249.15 - Users Limit
Notice that the maximum number of users for the original share name remains at maximum.
187
Image 249.16 - Original Share Name
We can also set different permissions for different share names. First we have to chose a share name from the drop down list, and then click on the Permissions button.
188
Image 239.17 - Share Permissions
In our case, everyone can read data in Manuals folder.
Shared Folders Tool

We can use Shared Folders plugin in Computer Management to manage our shares. This plugin lets us view and manage all of our shared folders from a central location. To take full advantage of Shared Folders our computer needs to have advanced sharing enabled.
Image 249.18 - Shared Folders Console
189

Let's select Shares to see all shared folders on our system.
Image 249.19 - Shares
Here we can view and edit shared folder properties, such as user limits and permissions. For example, if we open the properties for Manuals, on the General tab we can edit the number of users allowed to connect.
On the Share Permissions tab we can edit the share permissions.
190
On the Security tab we can edit the NTFS permissions.
191
Image 249.22 - NTFS Permissions
Let's click OK. Now, let's create a new share using Shared Folders tool.
Creating New Share

To create new share, right click Shares, select New File Share, and click Next. The wizard will appear.
Image 249.23 - New File Share
192
Image 249.24 - Share Wizard
Now, we need to specify a folder to share. We can browse to find the folder that we want to share.
Image 249.25 - Shared Folder Set Up
In our case we will select Paulaner folder, which is located on E drive. We also need to provide a share name. In our case, we will enter Paulaner.
Image 249.26 - Paulaner Share
193

We can click Next. Now, we need to decide what type of share permissions to use. In this case we will use the default setting, in which all users have read access.
Click Next, and click Finish to share the folder. Notice that the folder has been successfully shared.
Image 249.28 - Paulaner is Shared
Sessions and Open Files

The Sessions folder shows us who is connected to our computer right now.
Image 249.29 - Sessions
Notice that the user Admin is currently connected to our computer. In Open Files we can see which files are accessed by which user.
194
Image 249.30 - Open Files
Deleting a Share
Let's say that we want to stop sharing Manuals folder. Before we delete the share, we should inform all connected users that we are going to delete the share. To do that, right click Shared Folders, select All Tasks, and then select Send Console Message.
Image 249.31 - Send Console Message
Image 249.32 - Message
Click Send to send message. That will give them a chance to disconnect gracefully. Now, we can right click Manuals folder, select Stop Sharing, and click Yes to confirm.
195
Image 249.33 - Stop Sharing
Image 249.34 - Confirmation
Connecting to a Share
There are many ways to connect to a shared folder on another computer. For example, we can go to the start menu and use the Run command. From here we can type in the syntax to the share. This approach uses the UNC syntax or Universal Naming Convention syntax. We want to connect to the share named Public on a computer named Verson. The UNC path to that share is \\verson\public.
Image 249.35 - UNC Path
When we open shared folder, we can go to the Tools menu, and map a network drive.
196

Image 249.36 - Share in Explorer
We have to select the drive letter that we want to use, and we have to enter the UNC path to the share. In our case we will select the Z drive, and enter the \\verson\public as our UNC path.
Image 249.37 - Map Network Drive
Notice that our share is now Z drive.
Image 249.38 - Share is Mapped
We can find shares by browsing the network neighborhood. Let's go to the Control Panel > Network Connections > My Network Places.
197
Image 249.39 - My Network Places
Here we can see all shared folder in a Workgroup. We can also see workgroup computers by clicking on the 'View workgroup computers' form the menu on the left.
Image 249.40 - Workgroup Computers
Let's open Verson computer. Let's map a drive with different user name this time. Right click Public, and select Map Network Drive.
198
Image 249.41 - Map Network Drive
This time the UNC path is already entered. The drive letter will be Y this time. Let's select 'Connect using a different user name'. The user name will be Kim Verson this time.
Image 249.42 - Kim Verson
Click OK, and click Finish. Notice the warning.
Image 249.43 - Error
We will get an error. We can not map the same share with different drive letter and with different user credentials. If we want to map the same share with different credentials, we have to disconnect existing network drive. To do that, go to the My Computer, right click network drive, and select Disconnect.
199
Image 249.44 - Disconnect Option
We can also map a network drive by right clicking My Computer, and selecting Map Network Drive.
Image 249.45 - Map Network Drive Option
Share Permissions
Trough Share Permissions we can control who will have access to our shares. These apply specifically to the network users. The Share Permissions can be on both NTFS and FAT partitions. There are three levels of Share Permissions. Those are Full Control, Change and Read. Full Control gives us full control over all of the attributes of that particular share. It allows us to modify files, to take ownership, and to change permissions of that particular share. The Change permission allows users to do anything with the files inside the share. The Read permission allows users to read and execute the contents of the files that are in the shared folder. With Share Permission we also have an Allow and Deny attribute. The Deny attribute explicitly denies particular permission. Deny will always over ride the Allow permission. This is useful when, for example, some user is a member of multiple groups, and we want to deny particular permission only for that particular user. For local users, only NTFS permissions are applied. When a user access our shares over network, both Share Permissions and NTFS permissions are applied to him. Let's take a look at Share Permissions on Manuals folder.
200
At this point, Everyone can read data in Manuals folder. We will add Accounting group to the ACL, and give it Full Control permission. To do that, click Add, type in 'Accounting', click Check Names, and click OK.
201
Image 249.47 - Accounting Group Added
The default permission is the Read permission, so we had to check Full Control permission manually. Click OK to finish. Share Permissions only restrict network access, while NTFS permissions restrict both local and network access. By setting NTFS permissions on a shared folder we have greater control over data access. When we enable sharing on some folder, by default, everyone will have the Read permission. Trough NTFS permissions we can set permissions more precisely. The most restrictive permission will always be used to control network access. For example, if a user belongs to one group which has Change permission in Share Permissions, and to another group which has only Read permission in NTFS permissions, that user will only have Read permission on that particular folder. This is true for both Share and NTFS permissions.
Remember
We will not be able to share folders and printers until we first enable sharing. The recommended method to enable sharing is to run the 'Network Setup Wizard'. We can use Windows Explorer to quickly share a folder. Simply right-click the folder, open its properties, and then click 'Sharing' tab. When we share a folder users are not allowed to change our files by default. If we want more control over file shares we need to enable advanced sharing. When using advanced sharing, we can set user limits and set different permissions for different share names. We can also use Shared Folders console plugin in Computer Management to manage our shares. We can use UNC syntax to connect to a network share. We can also map a network drive. We can not map the same share with different drive letter, and with different user credentials. We can also find shares by browsing the network neighborhood. Trough Share Permissions we can control who will have access to our shares. These apply specifically to the network users. Paths that are mentioned in this article
202
Control Panel > Network Connections > My Network Places - find available shares on the network
203
Offline Files in XP
Offline Files allow us to create a local cache of the files from a shared folder. These files are copies of files which are on some computer on our network. The advantage of using Offline Files is the sync ability. Whenever we connect to the network, our offline file will be synchronized with files on the network. This is very useful for laptop users.
Before you start

Objectives: learn how to configure Offline Files on XP machine. Prerequisites: no prerequisites. Key terms: file, offline, folder, cache, shared, available, select, sync
Conditions
To set up Offline Files, we have to meet some conditions. First of all, we need to setup the off-line files capability on the 'server' computer. When we create a shared folder, Offline Files are enabled by default. However, if it has been turned off, we need to turn that back on. On the client computer, we have to select which files or folders we want to be available offline. Once we set all this up, we can use the Offline Files feature. We can select to automatically sync Offline Files, or to manual sync. If we want to control space of cached files, we should select manual caching. That way, the user can select when and what to cache. Otherwise, we can select automatic caching. For instance, we can set automatic synchronization whenever user reconnects. This way we ensure that the user has latest files downloaded from the server. We can also encrypt Offline Files (the offline files cache). That way our sensitive data is protected while we are away from the company, for example. We can also choose to preserve NTFS permissions. This can be done if the client computer is formatted with NTFS. When using Offline Files, we have to disable Fast User Switching. We can't use Offline Files if Fast User Switching is enabled. Another problem that often occurs is that the client doesn't have enough disk space to cache all files.
There are two actions that we must take to enable Offline Files. Offline File access must be enabled on the shared folder, and Offline Files must be enabled on each workstation that needs to use offline access for the shared folder. Let's take a look at default settings that are applied when we share a folder. In our example, we will go to the E drive, open properties for the Manuals folder, go to the Sharing tab, and click the Caching button.
204
Image 250.1 - Caching Settings
The default option is 'Manual caching of documents'. That means that only files specified by users are made available offline. We can change this to automatic caching, which means that the file is cached when user opens it. We can also disable off-line caching for the share, and to do that we have to remove check on 'Allow caching of files in this shared folder'. When we enable caching on the shared folder, that simply allows the folder's contents to be cached. We also need to enable Offline Files on the client computer. On the client computer let's open Tools, then Folder Options, and go to the Offline Files tab. We need to enable Offline Files so that they are available on this machine. Click Apply and OK.
205
Image 250.2 - Offline Files Enabled
We have enabled Offline Files, but that does not mean that any files are copied to our computer. We need to select files that we want to have available offline. Let's see some shared folders on the 'verson' computer.
Image 250.3 - Shared Folders on Verson
In our case we want the Public folder available offline. To do that, we have to manually make the files available offline. To make Public folder available offline, right click the folder and select 'Make Available Offline'. When we do our first sync, the wizard will appear.
206
Image 250.4 - Offline Files Wizard
Click Next on the wizard. Here we will select to automatically sync files when we log on and log off our computer.
Image 250.5 - Automatic Sync
Click Next. We will also enable reminders and put a shortcut to the Offline Files folder on our desktop.
207
Image 250.6 - Reminders and Shortcut
Click Finish to sync files. Notice that the icon for the Public shared folder has been changed.
Image 250.7 - Public Folder Synced
If the shared folder has automatic caching enabled, the files that we open on a share will be automatically copied to the cache on a local computer.
Local Cache
With the Offline Files, the copy of a network file or folder is placed on a local system. File copies are stored in the workstation's offline file cache. To view the cache we can go to the Control Panel, then Folder Options, and then open the Offline Files tab. Let's click the View Files button.
208
Image 250.8 - View Files
When we click on the View Files button, the Offline Files Folder opens up. Here we can see all files that are synced with shared folder. As we can see, in our case we have one file in the cache. Files that are synced manually are marked as 'Always available offline'. Shared folder can also be configured with automatic caching. Let's see an example. We created new shared folder named 'Instructions' on Verson computer, which is configured with automatic caching. There is one file in that folder.
Image 250.9 - Content of Instructions Folder
In our case we have simply opened that file and then close it. Because of Automatic sync feature, it was automatically synced with our offline files.
209
Image 250.10 - File is Synced
Notice that the Availability status for files that are automatically shared is 'Temporary available offline'. Now we can work with that files even if we are not connected to the network. If we make changes while we are not connected to the network, files will be synced when we connect back. We can also manually sync files that we want. To do that, go to the Tools menu, and select 'Synchronize'.
210

Image 250.11 - Items to Sync
Here we can select which items we want to sync. Click Synchronize to sync files. We can also delete files from our cache to free up disk space. To do that, just right click a file in the Offline Files Folder and select Delete.
Image 250.12 - Confirm File Delete
When we delete a file from our cache, the file on the network remains intact. We can also delete files using Folder Options. Go to Offline Files tab, and click Delete Files.
Image 250.13 - Delete Offline Files
Here we can choose from which shared folders we want to delete our cached files. We can choose to delete only temporary offline versions, or to delete both temporary and always available cached files. In our case we will select second option and click OK.
211
Image 250.14 - Files Deleted
Remember
Offline File access must be enabled on the shared folder, and Offline Files must be enabled on each workstation that needs to use offline access for the shared folder. When we share some folder, the default option is 'Manual caching of documents'. We need to select files that we want to have available offline. If the shared folder has automatic caching enabled, the files that we open on a share will be automatically copied to the cache on a local computer. File copies are stored in the workstation's offline file cache. Files that are synced manually are marked as 'Always available offline'. Files that are automatically shared have 'Temporary available offline' status. We can delete files from our cache to free up disk space. When we delete a file from our cache, the file on the network remains intact.
212
IIS in XP
Internet Information Services (IIS) allows us to use services such as Remote Desktop, Internet Printing, Active Desktop, and Web Server.
Before you start

Objectives: learn how to install IIS and how to create sites inside of IIS. Prerequisites: no prerequisites. Key terms: folder, iis, web, default, directory, service, file, website, wwwroot, install, manage, content, interpub
About IIS
We can share our folders using the IIS so that others can access our folders via Internet Explorer. As we go to the folder properties, we'll notice that there is a Web Sharing tab (IIS has to be installed). When we install IIS, it is going to create several directories for us. On the C drive we will have the directory named 'inetpub\wwwroot'. This is going to be our default directory for all of our shares. If we want to create a web share, all we have to do is create a sub-directory in 'wwwroot'. Let's say that we want to create 'Public' share. The path to our share would look like this: 'c:\inetpub\wwwroot\public'. All we have to do now is add some data to the 'Public' folder. To access those, we have to type in 'http://', and then the name of our computer. Users will be redirected to our 'wwwroot' folder. This way we will see all web shares on that particular computer. To access a share directly, we have to type in the share name. For example, to access a Public share on a 'Verson' computer, we have to type in 'http://verson/public' in Internet Explorer or some other browser. We can also create shortcuts to directories on our computer, so that we don't have to put all our data in '\inetpub\wwwroot\'. If we go to the properties of some folder and create a web share on the Web Share tab, the system will create a shortcut to that folder in the 'wwwroot' directory. That way, users can access those files without copying them to the 'wwwroot' folder.
Installing IIS
We can use Add/Remove Programs to install IIS on Windows XP Professional computer. Let's go to the Control Panel, open Add or Remove Programs, and select Add/Remove Windows Components from the left menu. Scroll down a bit, and select Internet Information Services (IIS).
213
Image 251.1 - Windows Components Wizard
Let's click on the Details button. Notice that when we install IIS, the World Wide Web service is installed. This is the web or http service. Also notice that the FTP service is not installed by default. We will select it because we do want to install FTP on this machine.
Image 251.2 - FTP Service Selected
Let's take a look at the details of the World Wide Web service. We will select it, and click Details.
214
Image 251.3 - WWW Details
'Printer virtual directory' and 'World Wide Web Service' are installed. We will also select Remote Desktop Web Connection. Click OK. Notice that the Internet Information Services Snap-in is installed by default. Now that we have selected items that we want to install, we will click OK, and then click Next to start installation.
Image 251.4 - Windows Installation Disk is Required
It will ask us to put the Windows CD in our CD drive. After that the installation continues. After the installation click Finish. Now, let's open the IIS Management tool which is located in Administrative Tools. In IIS Management we will open local computer, then Web Sites, and then select Default Web Site.
215
Image 251.5 - IIS Management Console
Let's take a look at that Default Web Site. Let's open Internet Explorer. We can either type in the IP address of this computer, or we can use a localhost as the URL to take a look at the website hosted on this machine.
Image 251.6 - Default Web Site Opened
Web Site Content

When we install IIS, default website is configured and started. Default website contains several directories and files that are used to represent that site. Let's check the contents of the Default Web Site.
216
Image 251.7 - Site Content
As we can see there are number of folders and files used to setup that site. The default website files are located on the system partition in the \inetpub\wwwroot\ folder. We can right-click the website and select Open to open in Windows Explorer.
Image 251.8 - Folder Content
One way to manage website content is to add folders and files to the wwwroot directory. Let's create new folder called 'Manuals' and folder called 'Databases'.
217
Image 251.9 - New Folders
We will also add some simple html file to the Manuals folder.
Image 251.10 - Manuals Folder
Now let's go back to the IIS snap in, and refresh the website.
218
Image 251.11 - IIS Console Now we can see our two new folders that we have created with Windows Explorer. We can also see our 'index.htm' file in Manuals folder.
Image 251.12 - Manuals Folder Content
We can also make directories outside of this directory structure by creating Virtual Directories. Virtual directories are like shortcuts in IIS that point to directories in other locations. To create a Virtual Directory in IIS, right-click a website, point to New, and then select Virtual Directory.
219
Image 251.13 - New Virtual Directory
Click Next to continue. We need to type in the Alias for our Virtual Directory. Let's call it Manuals.
Image 251.14 - Wizard
Click Next to continue. We need to type in the Alias for our Virtual Directory. Let's call it Manuals.
220
Image 251.15 - Alias
Click Next. Now we need to enter the path to our directory. In our example the path will be 'E:\Paulaner'.
Image 251.16 - Path
Click Next. Now we need to select permissions. We will accept the default permissions.
221
Image 251.17 - Permissions
Click Finish. We can see Paulaner in IIS.
Image 251.18 - Paulaner in IIS
We can also use Windows Explorer to make Web Shares. Let's go to E drive, open properties for Databases folder, and go to the Web Sharing tab.
222
Image 251.19 - Web Sharing Tab
Here we will select 'Share this folder'. When we do that, the following window appears.
Image 251.20 - Edit Web Share
223

We will accept default settings and click OK. Click OK again. Now let's go back to the IIS console and refresh the content of the default website.
Image 251.21 - Databases Folder
Databases folder is now visible. Now we can access it by typing http://localhost/databases in Internet Explorer.
Remember
When we install IIS, the World Wide Web service is installed. FTP service is not installed by default. IIS Management tool which is located in Administrative Tools. When we install IIS, default website is configured and started. Virtual directories are shortcuts in IIS that point to directories in other locations. Paths that are mentioned in this article
c:\inetpub\wwwroot\ - default location for IIS sites E:\Paulaner - folder on E partition which we used to create Virtual Directory http://localhost/databases - URL to the local site
224
Utilize Windows XP Optimization
Files System Convert File System in XP

Parent Category: XP Category: File System
On Windows XP we can use FAT (FAT16), FAT32 and NTFS as our File System. In this article we will talk about their differences, advantages and how to move between various File Systems.
Before you start

Objectives: learn how to convert from FAT to NTFS and from NTFS to FAT in Windows XP. Prerequisites: you should know about different types of files systems that can be utilized in Windows. Key terms: convert, fat, ntfs, file, partition, drive, command, conversion, format
In this demonstration we will see how to change from one file system to another. In first example we have an NTFS partition that we want to convert back to FAT32. The only way to do that is to format the partition. To format a partition we have to right-click it, and then select 'Format'.
Image 252.1 - Format Volume
In our example, we have a partition that is 4.9 GB in size. We will convert it to FAT32, leave the default allocation size and enable 'Quick Format'. When we are ready, we will click on the 'Start' button. Remember, we have to backup all our files because formatting will destroy them. When we click 'Start', the warning message appears. We will click OK.
225
If everything went fine, the 'Formating Complete' message appears.
Image 252.3 - Format Complete
To check the File System of our partition, right-click it and select its Properties.
Image 252.4 - Partition Properties
226

In our second example we want to convert from FAT32 to NTFS. We can do this by using the 'format' utility, however, we can also make the conversion without erasing any data from our partition. To do that we can use the 'convert' utility. To open 'convert', we have to go to the Command Prompt. Let's go to the Start Menu, Run, enter CMD, and click OK.
Image 252.5 - Run Menu
Image 252.6 - CMD
Here we have to enter the command 'convert', then the drive that we want to convert (E in our example), then '/fs:', and then file system that we want to convert to. In our example the command will look like this: convert e: /fs:ntfs.
Image 252.7 - Convert Utility
When we hit 'Enter', it will ask us to enter volume label for drive E:. In our example we will enter 'Volume' as our volume label.
Image 252.8 - Volume Label
When we hit 'Enter' again, the conversion process will start. In our example everything went fine.
227
Image 252.9 - Conversion Complete
Let's go to 'My Computer' and check the file system on E partition. As we can see, the file system is now NTFS.
Image 252.10 - NTFS File System
228

Remember
To convert from NTFS to FAT we have to format our partition. Formating will erase all data on the partition. To convert from FAT to NTFS we can use the 'convert' command line utility. When using 'convert' utility, no data is being erased. Commands that are mentioned in this article
convert e: /fs:ntfs - CMD command which will convert E partition to the NTFS file system
229
Manage Hard Disks in XP

We have two different types of disks that we can work with in Windows XP. We have Basic disks and Dynamic disks. By default, our disks will be Basic disks. Basic disks use partitions, extended partitions, and logical drives for storage. Dynamic disks uses Volumes.
Before you start

Objectives: learn how to create new partitions, extend partitions, create logical drives, convert from Basic to Dynamic disks, and create new and extend existing Volumes in Windows XP. Prerequisites: you have to know what is file system. Key terms: partition, volume, create, disk, extend, space, dynamic, basic, logical, drive, hard, free, primary, spanned, upgrade
Configure Partitions
Storage on Basic disks is organized into partitions and logical drives. We can use Disk Management which is located in Control Panel > Performance and Maintenance > Administrative Tools > Computer Management, to manage partitions and logical drives. Notice that Disk 2 (E:) is Basic disk.
Image 253.1 - Basic Disk
To create new partition, we have to right-click the unallocated space and select 'New partition' to open 'New Partition Wizard'.
230
Image 253.2 - New Partition
Image 253.3 - New Partition Wizard
Click 'Next'. We can create a Primary partition or an Extended partition. A Primary partition is a partition from which an operating system can start (it must be marked as Active, and is usually represented with drive letter C:). Only one partition can be marked as 'Active'. We can create up to four primary partitions on a single disk, or we can create three primary partitions and one Extended partition. An Extended partition allows us to create more than four partitions on a Basic disk. Extended partitions actually contain Logical drives. If we create an Extended partition, then we will have to add Logical drives to that Extended partition. To recap, we can only create one
231

Extended partition on single disk, but we can create multiple Logical drives on that partition. Those drives will have their own drive letters in Windows. Let's select 'Primary partition'.
Image 253.4 - Select Partition Type
Click 'Next'. We need to enter the partition size. In this example we will use 1 GB of space.
Image 253.5 - Specify Partition Size
Let's click 'Next'. We will use the E drive.
Image 254.6 - Specify Drive Letter
Click 'Next'. We will use NTFS and perform a quick format.
Image 253.7 - Format Options
Click 'Next'. Click 'Finish' to create partition. As you can see we now have a new partition.
232
Image 253.8 - New Partition
Now, let's create an Extended partition. Right-click the unallocated space, select 'New partition', and click 'Next'.
Image 253.9 - Right-click Unallocated Space
This time we want to create an Extended partition, so we will select 'Extended partition' option.
233
Image 253.10 - Extended Partition
Click 'Next'. Let's use the rest of the space on the disk.
Image 253.11 - Partition Size
Click 'Next' and click 'Finish'. Notice that the Extended partition exists, but there aren't any drives in it.
Image 253.12 - Extended Disk
At this point we need to create Logical drives. Let's right-click 'free space' on our extended partition and select 'New logical drive'. Click 'Next' on the Wizard. We have only one option - to create a Logical drive.
234
Image 253.13 - Logical Drive Option
Click 'Next'. We need to specify the size of the Logical drive. In our example we will enter 1 GB again.
Image 253.14 - Size Options
Click 'Next'. We will accept the F drive.
Image 253.15 - Drive Letter
Click 'Next'. We will perform a quick format on an NTFS volume.
Image 253.16 - Formatting Options
Click 'Next' again and then click 'Finish'. At this point we have one Primary partition and one Extended partition which contains a single Logical drive. We still have some free space left, so we can use that free space to create additional Logical drives.
235
Image 253.17 - Logical Drive Created
Configure Disk Types

Before we can create Volumes to take advantage of the new volume features in Windows XP, we must upgrade our Hard Disk to a Dynamic disk. To do that, go to the Disk Management utility. Let's take a look at Disk 2.
Image 253.18 - Disk 2
Notice the Disc 2 is currently configured as Basic disk. It contains a Primary partition and Extended partition with one Logical drive. We also have some free space on our extended partition. We can upgrade new, clean disks or we can upgrade a disk that already contains data. To upgrade the disk to Dynamic, in our case we will right-click Disk 2 and select 'Convert to Dynamic Disk'.
236
Image 253.19 - Right-click Disk 2
Notice that we can select multiple disks for conversion. In our example we will only check Disk 2. Click OK.
Image 253.20 - Disk Selection
On the next screen we can see all the disks that are going to be converted. Click 'Convert'.
Image 253.21 - Disks to Convert
We will get a warning. If we convert this disk to Dynamic disk, we will not be able to start other installed operating systems. Let's click 'Yes' to continue.
237
Image 253.22 - First Warning
Again we have a warning. The disks being converted will be dismounted. Click 'Yes' to continue.
Image 253.23 - Second Warning
That's it. Notice that the Primary partition, Extended partition, and Logical drive have been converted to Simple volumes. Notice that the free space, that was located on the Extended partition, is now unallocated.
Image 253.24 - Resulting Volumes
Let's say that we have a Dynamic disk and we want to convert it to a Basic disk. To do that first we have to delete all the volumes on the disk. Let's right click on every volume and select 'Delete Volume'. All data on the Volume will be lost. Of course, we have to backup our data before we delete Volumes. Click 'Yes' on the warning message.
238
Image 253.25 - Warning Message
Now we can convert Disk 2 to Basic disk. Let's right-click Disk 2 and select 'Convert to Basic Disk'.
Image 253.26 - Right-click Disk 2
Notice that the Disk 2 is now a Basic disk.
Image 253.27 - Basic Disk
Create Volumes
Storage on Dynamic disks is organized by Volumes. We can use Disk Management to create new Volumes. In our example we have one Basic disk, and two Dynamic disks.
239

Image 253.28 - Disks
Let's create a new Volume. To do that, in our case we will right-click Disk 2, start the 'New Volume Wizard', and click 'Next'. The following window appears.
Image 253.29 - Volume Type
First we need to specify the type of Volume that we want to create. Options that are available depend on the disks that we have in our system. For example, if we have only one disk with free space, we'll be able to create a Simple volume. Simple volume uses one disk. In our example, we have two disks with free space, so we can create a Spanned or a Striped volume. Spanned and Striped volumes require two disks with free space. Let's select 'Spanned'.
Image 253.30 - Spanned Volume Selected
Click 'Next'. Now we need to select disks.
240

On the left we see a list of available disks and on the right we see a list of disks that will be used in our Spanned volume. Notice that Disk 2 is already selected. That's because we have selected Disk 2 when we started the wizard. Let's select Disk 0 and click on the 'Add' button. We can also change the amount of space for our Volume. We can do that on both disks. In our example we will use all available space for our Volume. Let's click 'Next'.
Image 253.32 - Drive Letter
We will use the drive letter 'E'. Let's click 'Next'.
Image 253.33 - Formatting Options
Because we are using Dynamic disks we can only use NTFS. We can also change the allocation unit size. Allocation unit is the smallest amount of space that can be allocated to store a file. The smaller the Allocation unit size, the more efficiently we store information. Let's click 'Next', and 'Finish'. Now we have a Spanned volume on Disk 0 and Disk 2.
241
Image 253.34 - New Volume
Extend Volumes
Let's say that we have a following situation. We have three disks. Disk 1 is Basic disk, Disk 0 is Dynamic disk and we have created a Volume on it. Disk 2 is also a Dynamic disk, but it is now unallocated.
Image 253.35 - Disks
Let's say that we have run out of space on Disk 0. We can extend Disk 0 with free space on Disk 2. To do that, right-click the Disk 0 and select 'Extend Volume'. The Wizard will appear, so click 'Next'.
242
Image 253.36 - Right-click Now, we have to select the disks to extend to. Let's select Disk 2 and click 'Add' button. We will use the maximum available space.
Image 253.37 - Selected Disk
Let's click 'Next', and click 'Finish'. Notice that we have extended our volume E to the Disk 2.
243
Image 253.38 - Extended Volume
Remember
Storage on Basic disks is organized into partitions and logical drives. A Primary partition is a partition from which an operating system can start (it must be marked as Active). Only one partition can be marked as 'Active'. We can create up to four primary partitions on a single disk, or we can create three primary partitions and one Extended partition. An Extended partition allows us to create more than four partitions on a Basic disk. Extended partitions actually contain Logical drives. If we create an Extended partition, then we will have to add Logical drives to that Extended partition. We can only create one Extended partition on single disk, but we can create multiple Logical drives on that partition. Storage on Dynamic disks is organized by Volumes. Before we can create Volumes we must upgrade our Hard Disk to a Dynamic disk. We can upgrade new, clean disks or we can upgrade a disk that already contains data, to Dynamic disk. To convert Dynamic disk back to Basic disk, first we have to delete all Volumes on the disk. Simple volume uses one disk. Spanned and Striped volumes require two disks with free space. With Dynamic disks we can only use NTFS as our File System. We cannot extend Basic disks, or Volume from which the operating system boots from.
Paths that are mentioned in this article

Control Panel > Performance and Maintenance > Administrative Tools > Computer Management > Disk Management - utility which we can use to manage Hard Disks in XP
244
Mount a Volume in XP
A volume mount point allows us to use another partition and represent it as a folder on existing partition. This way we can easily expand the apparent size of an existing partition without having to re-create or resize existing partition.
Before you start

Objectives: learn how to mount a Volume to a folder on existing partition in XP. Prerequisites: no prerequisites. Key terms: disk, folder, volume, mount, partition, ntfs, space, system, dynamic, point
To mount a volume, we have to create a folder on existing partition. Next, we have to point it to the new partition. When we do that, the new partition is represented as a folder on our computer. Data is stored on the new storage space on our new volume, but it's accessible by browsing the folder on the original drive. Both partitions have to be formatted with NTFS. The folder we're mounting to needs to be empty, and it needs to be created on an NTFS partition. Let's see an example. We will open Disk Management and have a look at our disks. In our case, we have three disks. Disk 0 is a Dynamic disk and we have created a volume on it. Disk 1 is Basic disk and it is our System disk. Disk 2 is Dynamic disk and is currently unallocated.
Image 254.1 - Disks
We have created new folder on the E partition, which is called 'Mount Point' in this case.
245
Image 254.2 - New Folder
Let's point our new folder to the Disk 2. To do that, in Disk Management right-click the unallocated space on Disk 2, select 'New Volume', and then click 'Next'.
Image 254.3 - Simple Volume
We want to create 'Simple' volume, so let's select it and click 'Next.
246

Now we need to specify the amount of space that we want to use. In this case we will use all the space on the disk. Let's click Next. Now, we need to select 'Mount in the following NTFS folder:'.
Image 254.5 - Second Option Selected
Click 'Browse'. We need to browse to the E partition, and then 'Mounting Point' folder.
Image 254.6 - Folder Selected
Click 'OK'. The path is now entered.
Image 254.7 - Path Entered
Click 'Next. We will select NTFS, and also quick formating.
247
Image 254.8 - Format With NTFS
Click 'Next', and click 'Finish'. Now we have a new Volume. Notice that it does not have a drive letter. Notice that the default icon for our 'Mounting Point' folder has changed.
Image 254.9 - Disk Status
248
Image 254.10 - Mount Point Folder
Remember
For mounting we can use Basic disks and Volumes on Dynamic disks. All partitions must be formatted with NTFS. Multiple folders can reference the same target partition.
249
Multiple Operating Systems and XP

Windows XP allows us to have multiple operating systems on our computer at the same time. If we use multiple operating systems, every time we start our computer we will see a menu in which we can choose which operating system we want to start. This menu is generated from a file called 'boot.ini'.
Before you start

Objectives: learn what is boot.ini and what sould we consider before installing multiple operating systems on a single computer. Prerequisites: no prerequisites. Key terms: partition, system, controller, parameter, fat, boot, number, drive, ini, scsi, multi
Boot.ini
The boot.ini file is actually a pointer. It contains information about the location of our system files. The pointer file contains data about which controller, which hard drive attached to that controller, and which partition on that hard drive contains system files. This is an example of boot.ini file located on a Windows XP machine: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect The controller can be identified with two parameters. The first parameter is called 'multi', and the second is called 'scsi'. This looks pretty simple, but it's not really. The 'multi' parameter tells us that the controller has the ability of telling the system what devices are attached to the controller. After the 'multi' parameter there is a number in parentheses. This number represents the ID of the controller. When a SCSI controller is identified we can also see a number in parentheses. The 'scsi' parameter tells us that the controller can't tell the system what devices are attached to the controller. The boot process uses this piece of information to determine if it needs to run an additional utility. The additional utility for the SCSI is called the 'ntbootdd.sys'. Remember, if we see a 'multi' parameter, the controller can still be a SCSI controller, but it is an enhanced SCSI controller. The next piece of boot.ini file will depend on whether we've got 'multi' or 'scsi' detected. If we have the 'multi' controller, the next parameter that we will see is the 'disk' parameter. It is also followed by a number. This parameter is followed by an 'rdisk' parameter, which is also followed by a number. The 'disk' parameter is associated with the SCSI devices. The 'rdisk' is associated with 'multi' devices. If a controller is a SCSI, the 'disk' parameter will be used (the number will be read). Numbers in parentheses start from zero. '0' means the first device, and '1' means the second device. The next thing that needs to be identified is the partition. To identify the partition we have a parameter called 'partition', and it is also followed by a number in parentheses. The thing to remember here is that the numbers of partitions start from 1. So, if we see number one after the 'partition' parameter, it means that it is the first partition. This whole path is called the ARC (Advanced Risc Computing) Path. After the ARC Path comes the name of the directory where the system files are located. In Windows XP the file ntoskrnl.exe will actually load up the Windows XP operating system.
Multiple Boot
If we are using multiple operating systems on single computer, we need to know how to divide our Hard Drive. Let's say that we want to have Windows 98 and Windows XP on the same machine, but we have only one Hard
250

Drive. In this scenario we have to create a minimum of two partitions, one for every operating system. However, the better solution is to create three partition, one of which is going to be shared partition. We can set the size of the partition as we like, but we have to be careful about which File System to use on Windows 98 partition. Remember, with Windows 98 we can use FAT or FAT32 as our File System. If we want to have more space than 2 GB on our Windows 98 partition, FAT is not an option. Remember, FAT can support up to 2 GB of partition size, so we will have to use FAT32. We should always use FAT32 instead of FAT if possible. On our Windows XP partition we can use FAT, FAT32, or NTFS file system. With Windows XP we should use NTFS because of all the advantages that it brings. On a shared partition we will have to use the FAT32 file system, because we will be accessing it from Windows XP and Windows 98. Remember, Windows 98 does not recognize NTFS. Now, we also have to think about the drive letters that we are going to use for our partitions. Let's say that our Windows 98 partition is the first partition. Because of that we will use the C drive letter for the Windows 98 partition. Let's say that the Windows XP partition is the second partition, so we will assign the D letter to that partition, and E drive letter for our shared partition. Remember, only Windows 2000/XP supports Dynamic disks and Volumes. We have to use Basic disks and partitions for operating systems older than Windows 2000/XP. When installing Windows 2000/XP together with some older operating system on the same computer, we should install the older operating system first, and then install Windows 2000/XP last. Microsoft recommends the following installation order: 1. 2. 3. 4. 5. MS-DOS Windows 95/98/Me Windows NT Windows 2000/XP Newer OS
Remember
The boot.ini file contains information about the location of our system files. Boot.ini in XP uses ARC path to determine the Controller, Disk and Partition on which the particular system is located. The ntoskrnl.exe will actually load up the operating system. Every operating system has to have it's own partition. Windows 98 does not recognize NTFS, so we can't use Dynamic disks with it. XP can use FAT, FAT32 and NTFS. Older operating system should be installed first and then the newer operating system.
251
Printers Install Printer in XP

Parent Category: XP Category: Printers
There are three different situations when it comes to printer installation. We can install printer which is connected directly to our computer, printer which is connected on another computer on LAN, and we can install network printer directly.
Before you start

Objectives: learn how to install local and network printers. In this article we will also see how to install non plugand-play printers, but note that this is something you won't often do today. Prerequisites: you have to understand the difference between the logical printer and the print device. Key terms: port, network, print, local, install, server, device, connect, attached, ip
Local Printer Installation

Let's see how to install a local printer for a print device attached directly to a local port on the workstation. Let's go to the Printers folder. Go to Control Panel, and select Printers and Faxes.
Image 256.1 - Printers Folder
In our case we only have one printer installed. It is the virtual printer used to export documents to XPS format. Let's add another printer. Click 'Add a printer' from the left menu. The Add Printer Wizard will appear.
252
Image 256.2 - Add Printer Wizard
Click Next. We want to add a local printer attached to this computer. In general we will always want to automatically detect and install plug-and-play printers, so we will select it.
Image 256.3 - Local Printer
Click Next. Most printers we encounter today are plug-and-play. They will be detected and the drivers will be installed automatically. However, In this example, Windows was unable to detect a plug-and-play printer.
Image 256.4 - No Plug-and-Play
We will add it manually, so let's click Next. We will use the LPT1 Port.
253
Image 256.5 - LPT Port
Click Next. Now we need to select the printer model. Let's select Alps MD-1000 (MS).
Image 256.6 - Apls Printer Selected
Click Next. We will use the default name and use that printer as our default printer.
254
Image 256.7 - Printer Name
Click Next. We will not share this printer at the moment.
Image 256.8 - Sharing Options
Click Next. Generally we should print a test page to make sure that everything works.
Image 256.9 - Test Page Options
Click Next and click Finish. Click OK if the Test Page prints OK or click Troubleshoot if it doesn't.
Image 256.10 - New Printer Added
Installing Printer Located on LAN

Printer that is located on Local Area Network is often referred to as Network Interface Printer. The first step in configuring a Network Interface Printer is to create a special port that identifies the printer network card. To do this we need to edit the properties of the Print Server. In the Printer and Faxes window, go to the File menu, select Server Properties, and go to the Ports tab.
255
Image 256.11 - Ports Tab
We need to add a port so let's click on Add Port. We will select standard TCP/IP Port.
Image 256.12 - Printer Ports
Click New Port button. The Wizard will appear.
256
Image 256.13 - Add Port Wizard
Click Next. Here we have to enter the printer name or IP address. We will enter 192.168.1.30 as the IP address of the printer, and accept the default Port Name. The port name is the name that Windows will use to identify the logical port that we are creating.
Image 256.14 - Port Information
Click Next. In some cases, the printer will be auto detected. In our case it wasn't, so we need to select the interface from the list. In our case we will select Kyocera Mita Print Server. If our device is not in the list, we could select Custom and enter all the information manually. Now, let's click Next and Finish to create the port. Close the Printer Ports menu. Now we can see our new port on our Print Server.
257
Image 256.15 - Device Type
Image 256.16 - New Port Added Let's close that window. The next step is to create a printer object that uses the port that we have just created. Let's click 'Add a printer' again and click Next.
258

Image 256.17 - Add Printer
Even though the printer is attached to the network, we have to configure the printer as a local printer. Clear the automatic detection of a printer.
Image 256.18 - Local Printer
Click Next. In the port list we will select the port that we have created.
Image 256.19 - Port
Click Next. Now we need to select the printer model from the list or click on the Have Disk button if we have the appropriate drivers. In our case we will select HP OfficeJet V45.
259
Image 256.20 - Printer Model
Click Next. We will enter HPV45 as our Printer Name.
Click Next. We will also share this printer with the default name.
Click Next. On this screen we can enter information about the printer location.
260
Image 256.23 - Printer Information
Click Next. We can print a test page to see if everything is OK. Click Next and click Finish. Our printer is now installed.
Installing a Network Printer

Let's add a printer that is attached to a different computer on the network and that is shared. Let's click 'Add a printer' to open Add Printer Wizard, and click Next. We have to select 'A network printer, or a printer attached to another computer'.
Click Next. We can browse for a printer, but in this case we will enter a UNC path to the shared printer.
261

Image 256.26 - UNC Path to the Printer
Click Next. We will get a warning about a security threat.
Click Yes to continue. On the next screen we will select this to be our default printer.
Image 256.28 - Default Printer
Click Next, and click Finish. Notice that the icon for our new network printer is different from our local printers.
Remember
Most printers we encounter today are plug-and-play. They will be detected and the drivers will be installed automatically. Before we can install a network interface printer, we have to create a Standard TCP/IP port. If we want to use the printer which is attached to another computer, we can use the UNC path to connect to that printer.
262
Print Management in XP
In Windows XP we can manage printing from several locations. We will go to the different location depending on what we want to do with our printers.
Before you start

Objectives: learn where can you configure different options when it comes to Printer management in XP. Prerequisites: no prerequisites. Key terms: printer, document, server, driver, manage, properties, sharing, options, user, security, control
Printer Properties
The first thing that we will talk about is Printer Object Management. To manage Printer Object we will open printer Properties.
Image 257.1 - Printer Object Properties
On the General tab we can go to the 'Printing Preferences' where we have different settings that we can control. These settings include paper type options, color options, layout, duplexing, etc. Those are the basic settings for the print device.
263
Image 257.2 - Paper and Color
On the Sharing tab we can control the sharing of our printer on the network.
264
If our computer is in Active Directory environment, we will be able to choose to list our printer in the directory. We can also prepare various drivers for different operating systems. On the Security tab we can control print permissions.
265
Image 257.4 - Security Options
The Print permission gives the user or group of users the ability to print. Users with this permission can manage only their own documents on the printer. Users who have the 'Manage Documents' permission can manage all documents that are sent to the printer. The 'Manage Printer' permission enables users to control printer device settings. On the Advanced tab we can control the availability of the printer, priority, spool options, etc.
266
Image 257.5 - Advanced Options
On the Ports tab we can control the ports that we are using for our printer.
267
Image 257.6 - Ports
We can also configure options for Print Server. To manage Print Server, go to the File > Server Properties.
268
Image 257.7 - Server Properties
On the Drivers tab we can see all the devices installed on our Print Server.
269
Image 257.8 - Drivers Tab
On the Advanced tab we can set the Spool folder and printer notification.
270
If our printer has bidirectional support our computer can can receive a messages from the printer - like a paper jam, low on toner, out of paper messages, etc. Printer will send those messages to the Print Server. If we want those messages go toward users we have to turn on print notification. To see the print queue we can simply double click on the printer that we see in our Printers and Faxes folder.
Image 257.10 - Print Queue
Here we can see all documents that are printing. We can also pause printing, or delete a printing job. We can also reorder the jobs (the job at the top of the list will print first).
Printer Sharing
By sharing our printer we are making it available for other users on the network. Let's go to the Control Panel and open Printers and Faxes.
271
Image 257.11 - Printers and Faxes
In this example we will share Alps 'MD' 1000 printer. Let's right click it, and then select Sharing. This takes us straight to the Sharing tab.
Image 257.12 - Sharing Tab
Let's select 'Share this printer' option. All we need to do now is to click the Apply button and our printer will be available on the network. Of course, we can alter the share name of the printer if we want. If we are using old clients that will have to connect to the printer, we should use short share name for our printer, because very old clients are not able to use the longer share names supported by more recent operating systems. If our computer was a member of a domain, here we would also have an option to list our printer in a directory. This allows users to search Active Directory for a list of available network printers. Our workstation is not a member of a domain so we don't have that option. If necessary, we can also install additional drivers. To do that we have to click on the Additional Drivers button. This allows clients running different operating systems to automatically download the appropriate driver when they first connect to the shared printer. Let's try to install driver for Windows 95. We have to check the 'Intel - Windows 95, 98 and Me' option and click OK.
272
Image 257.13 - Additional Drivers
Image 257.14 - Driver Location
As we can see we need to locate the appropriate driver files. If we don't have a CD with drivers, we can always go to the manufacturers website and try to find the drivers for our printer. We will not do that now so we will click Cancel. Notice that the icon of our printer is changed.
273

Image 257.15 - Printer is Shared
Printer Permissions
Permissions identify the users and groups that can use a printer and the types of operations they can perform. Let's see permissions on a printer that is already shared. Let's right click 'Alps MD-1000', select Properties, and go to the Security tab.
Image 257.16 - Security Tab
If you don't see the Security tab, your computer has Simple Sharing enabled. To disable Simple Sharing, go to the Tools menu, open Folder Options, View tab, scroll down and clear the 'Use simple file sharing' check box. Now let's go back to the printers properties. As we can see, we now have a security tab for configuring printer permissions. Printer permissions control both local and network access to the printer. Notice that by default administrators can print, manage printers, and manage documents.
274
Image 257.17 - Everyone Group
Everyone group is only able to print to the printer. In other words, they can not manage all the documents on the printer and they can not manage the printer itself.
275
Image 257.18 - Creator Owner Group
A Creator Owner is someone who has created a print job and sent it to the printer. Notice that the Creator Owner has Manage Documents permission. That means that the person who created a document (who sent it to the printer) is able to manage their own documents. That's why we are able to delete our own documents but not the document someone else sent to the printer.
Printer and Document Management

Default printer is indicated by a check-mark. To change the default printer, right-click the printer you want to be the default and select 'Set as Default Printer' option. We can pause printing for the entire printer. To pause a printer, right-click the printer and select 'Pause Printing'. This pauses entire printer. That means no documents will be printed until we resume the printer again. To resume, right-click and select Resume Printing. We can also cancel all documents currently on a printer. To do that, right-click the printer and select Cancel All Documents. This removes all documents from the current print queue. To view documents waiting to be printed, double click a printer to open its print queue. From that list we can see details about the print jobs such as the number of pages in the document and the document owner. Here we can manage individual documents. We can pause, resume, restart or change the priority of individual documents. Higher priority makes that document print first. Although the document order in the queue might not change, the documents will print in order according to document priority.
Print Server Management

The Print Server is the software process that manages the flow of print jobs from the print queues to the print devices. Each Windows system with an attached print device is a Print Server. Editing server properties affects all of the printers on the computer as opposed to editing the properties of a single printer, which only affects that printer. Let's go to the File menu and select Server Properties.
276
Image 257.19 - Print Server Properties
We can use the Ports tab to add, delete or configure ports. For example, if we select the Standard TCP/IP Port and click Configure Port, we will find port settings for this specific port.
277
Image 257.20 - Port Settings
Let's click Cancel and take a look at the Divers tab.
278
Image 257.21 - Drivers Tab
The Drivers tab lists all of the drivers installed on the system. Here we can remove existing drivers, replace existing drivers, or take a look at the driver properties. We could also add additional drivers for the specific print device. If we click Add, it opens the Add Printer Driver Wizard, which helps us install printer drivers for various platforms on the print server. In other words, we could install a print driver for selected device that works on Windows 98 platform or Windows NT platform. Let's take a look at the Advanced tab.
279
The Advanced tab allows us to configure the location of the Spool folder. Let's suppose that the C drive is running out of space. We could move the print spool folder to the D drive and place it in a folder called Printers. We can also enable printer notification. We could notify clients when documents are printed, or we could notify the computer, not the user, when a remote document is printed.
Remember
Managing printers means taking care of printing preferences, printer sharing, printer security, and general availability. Every Windows computer which has printer installed is also a Print Server. On Print Server properties we can change advanced options like Spool settings, and we can also manage all printer drivers and ports.
280
Advanced Printer Configuration in XP

In this article we will take a look at how to use multiple printers to control our Print Device. We will also see how to use one printer to control multiple Print Devices.
Before you start

Objectives: learn how to use multiple printer objects which point to the same print device in order to provide different level of access to the same physical printer. Prerequisites: no prerequisites. Key terms: printer, user, object, priority, advanced, device, different, physical, security,
Available Options
In the Advanced tab of our printer properties we have a lot of options that we can configure. We can control when the printer is available, priorities and other settings. In priorities, 1 is the lowest and 99 is the highest setting. Each printer that we create can have a different set of permissions established on. That means that different users or group of users can use different printers. That way we can control how and when they are allowed to print. For example, we can create one printer (printer object) which will have the priority of 1, another which will have the priority of 50, and another which will have the priority of 99. All that printers will point to the same print device, but we will give rights for our important users to print trough the printer which has the highest priority, and our less important users to print trough a printer which has lower priority. That way our important users will always print first. Another option we have is to create one printer object which is controlling multiple print devices. In this case, as jobs come into that printer object it will check our print devices to see which one is available to do the actual print job. If the first printer is busy, the print job will be redirected to the the second print device. There is no notification of which print device is actually used, so it is a good idea to keep those print devices together so that users can easily find their documents.
Multiple Printer Objects

We can use multiple logical printer objects to represent a single physical printer. We can use this approach to provide different levels of access to the same physical printer. In our case we have several printers attached to our computers.
Image 258.1 - Attached Printers
Let's say that we have to enable that managers can always print first on our shared printer in our company. Let's take a look at the properties of our Alps MD-1000 (MS) printer object. We have already shared it along with default security settings.
281
Image 258.2 - Alps Printer Shared
282
Image 258.3 - Alps Permissions
The first step in configuring the solution is to create a second printer object. Let's click on "Add a printer" option from the menu on the left, in the Printers and Faxes windows. The Add Printer Wizard will appear. Let's click Next.
283
We will install local printer. Click Next.
Image 258.5 - Local Printer Option
We will use the parallel port. This is the port on which our physical printer is attached to. Click Next.
Image 258.6 - Parallel Port
We have to select the appropriate drivers. Click Next.
284
Image 258.7 - Drivers
We have already installed printer object with these drivers before. We will keep existing drivers. Click Next.
Image 258.8 - Existing Drivers
We will rename our printer to "Alps MD-1000 (MS) - Managers". Click Next.
We will rename our share name to "AlpsMD-Managers". This name is to long for MS-DOS workstations, so they will not be able to access this printer over the network. This is OK since we don't have MS-DOS workstations on our network. Click Next (then Yes in our case).
285
Image 258.10 - Share Name
Here we can enter location information and comments. Click Next.
Image 258.12 - Location and Comments
We will not print a test page in our case. Click Next and then Finish.
Image 258.13 - Test Page
As we can see, our new printer object is now installed.
286

Image 258.14 - Printer Added
At this point printer interface is pointing to the same physical print device. Now we need to edit the permissions for the managers printer. Let's right-click "Alps MD-1000 (MS) - Managers", go to Properties, and select the Security tab.
Image 258.15 - Default Security
Let's remove the Power Users and Everyone group and add the Managers group. Click Apply.
287
Image 258.16 - Managers Group
Managers are now able to print to this printer, and general users are not. Now, let's go to the Advanced tab. By default, this printer will be configured with the priority of 1. Let's increase the priority of this printer object to 99 so that our managers can print before other users. Click OK.
288
Image 258.17 - Priority Changed
Now we have two printers with different priorities. As you probably noticed, only administrators and managers can connect to the "Alps MD-1000 (MS) - Managers", because we have set strict security settings. All other users can connect to other printer object named "Alps MD-1000 (MS)".
Remember
We can use multiple logical printer objects to represent a single physical printer. We can use this approach to provide different levels of access to the same physical printer. Both printer objects mentioned in this article point to the same physical device but the managers print jobs will print first because of higher priority.
289
Replace Print Device in XP

If we have problems with printing, the first thing we should do is pause that particular printer so that it does not accept any new print jobs. This will also disable any communication to the actual print device.
Before you start

Objectives: learn how to replace printing device without removing the printer object from your system, and in that way preserving all the configured printer settings. Prerequisites: no prerequisites. Key terms: printer, device, object, replace, driver, model, port, settings, configure, redirect, malfunctioned
Print Device Model

If our printer has malfunctioned, the easiest way to fix our problem is to replace the print device with the new printer device which is the same model as our old one. Of course, we are not always able to buy the same make and model, but it is good to know that we can just plug the same printer to our computer and it will work with the drivers which are already installed. This is good because we preserve any configured settings on our printer object. If we have to replace our old print device with the new model, but we want to keep the same settings for our printer objects, we need to change the drivers that our printer object will use to communicate with the print device. Of course, first we have to install the drivers for our new printer. When we have done that, we can go to the properties of the printer object, and in the Advanced tab select the new driver from the drop-down list.
290

After that, printing should work with our new print device, but with the same security and other settings that were configured on our printer object.
Redirect Printing
We can also redirect printing to, let's say, another shared printer on the network. We can easily do that by creating a new virtual port that will point to other printer. To create a new port, go to the properties of the printer, open the Ports tab and click on the Add Port button.
Image 259.2 - Port Tab
Image 259.3 - Port Type
291

From the list we will select Standard TCP/IP Port, and click the New Port button. In the wizard we will have to enter an IP address of the shared printer.
Image 259.4 - IP Address
Of course, if our print server does not have the appropriate drivers for new print device, we have to install them. Keeping the used printer object will eliminate the need of checking or changing settings on every particular computer that is accessing our shared printer object. Our users will simply continue to print trough the same printer object after we have selected to resume printing (or restart printing if required).
Remember
If our printer device has malfunctioned, we can simply replace it with the same model and it will work immediately. If we have to replace our printer device with different model, we can install new drivers and set our printer object to use that new drivers. We can also redirect printing to another print device on the network by creating a port which will point to that other printer.
292
Enable Fax Services in XP

Windows XP has built-in capability to handle faxes. Faxing works similar to printing. As we will see, when we will want to fax some document, we will click on the print button and select a fax device from the menu.
Before you start

Objectives: learn how to install fax services in XP. Prerequisites: no prerequisites. Key terms: faxing, enable, install, service, configuration, hardware, add
Preparation
There are several things that we have to have and do before we can use faxing in XP. The first thing is to install the fax hardware. When we have successfully installed our fax modem, we can install fax services. Fax services are not installed by default, so we have to manually install them. After faxing services have been installed we can open fax console where we will be able to set initial settings. In fax console we will be setting up a Transmitting Subscriber ID which is our phone number and name. This is used to present ourselves when we call to send a fax. We can also set a Called Subscriber Identification. This is how we identify ourselves to other fax machines when they call us. If we want to receive faxes we have to make sure that we have enabled both sending and receiving faxes. By default only sending is enabled. We can also set permissions for faxing. As in printing permissions, in faxing we have permission to fax, to manage fax documents and to manage fax configuration.
By default, faxing support is not added during initial setup of Windows XP. First, we need to install our faxing hardware and then add the fax service. To add fax service go to the Control Panel > Add or Remove Programs > Add/Remove Windows Components. Windows Components Wizard will appear. Here we will select Fax Services from the list and click Next to continue.
293
Image 260.1 - Fax Services
At this point Windows can ask you for the Windows XP installation CD, so be prepared for that. When the installation is done we can click on the Finish button and close the Add or Remove Programs window. After the service is installed we can open the fax manager to configure initial parameters for the computer. Let's go to the Printers and Faxes section in the Control Panel, and open our Fax object. Because we have just installed the fax service, the Fax Configuration Wizard runs automatically. Click Next to continue.
294
Image 260.2 - Fax Configuration Wizard
We will use the Sender Information page to enter information about ourselves and our company. This information is used to automatically build parts of the fax cover sheet. We have entered our full name, fax number, e-mail address and a company name. Click Next to continue.
Image 260.3 - Sender Information
Next we have to select the fax device from the list. In our case it is the Standard 56000 bps Modem. We will also check the Enable Receive option with the automatic answer after 2 rings. Click Next to continue.
295
Image 260.4 - Fax Device
The TSID is an identification code that is sent when the computer sends a fax to another system. We will enter the same info for CSID which is located on the next screen. The CSID is an information code that is sent from the computer when it receives a fax. Click Next to Continue.
Image 260.5 - TSID
Image 260.6 - CSID
Now we need to decide what to do when a fax is received. We can send it to the printer or we can store it locally on our computer as a document. In our case we will automatically print our fax on our Alps printer. Click Next and click the Finish button to finish.
Image 260.7 - Automatic Printing
Fax console will automatically open. This console is used for fax management.
296
Image 260.8 - Fax Console
We have a separate article which describes how to send a fax in XP.
Remember
We need to install our faxing hardware and then add the fax service. Receiving is not enabled by default, so we have to enable it during set up. The TSID is an identification code that is sent when the computer sends a fax to another system. The CSID is an information code that is sent from the computer when it receives a fax. When we receive a fax, we can print it on a printer or we can store it locally on our computer as a document.
297
Send a Fax in XP
Sending a fax is similar to printing. Because fax support is integrated with Windows, we can send a fax from almost any application which supports printing.
Before you start

Objectives: learn how to send a fax in XP. Prerequisites: you have to have a fax device installed on your computer. Also, you have to have fax services enabled. Key terms: send, print, console, cover, create, page, device, document, wizard, file, manage
Example
In our example we will fax a simple text document.
Image 261.1 - Sample Text
To send a fax simply click on the the print button or go to the File menu and select Print. The print menu will appear. Instead of printing to the ordinary printer, we will send our text to the Fax.
298
Image 261.2 - Fax Selected
When we click the Print button a Send Fax Wizard will open. Click Next to continue.
Image 261.3 - Fax Wizard
299

We need to enter recipient info. In our case, we will send fax to Kim Verson. We will also check the "Use dialing rules" option because Kim lives in a different area code. Click Next to continue.
Image 261.4 - Recipient Info
Now we can create a cover page. We will check the "Select a cover page template..." option. From the drop-down list we will select Generic template. We can also create our own templates. We will also add a subject line.
Image 261.5 - Cover Page
We can choose when to send our fax. It can be right away, or when discount rates apply or at specific time in the next 24 hours. We will send our fax now. Click Next to continue.
300

Image 261.6 - Choose When to Send
We can preview our fax before we send it. Click Finish to send fax.
Image 261.7 - Completing the Wizard
To check the status of our sent fax, go to the Start > All Programs > Accessories > Communications > Fax > Fax Console. As we can see in our example, we have a pending fax in our Outbox.
Image 261.8 - Outbox
Remember
301

To send a fax we have to select to print our document, but then instead of choosing printer, we have to choose a fax device. We can manage fax documents using the Fax Console. Paths that are mentioned in this article
Start > All Programs > Accessories > Communications > Fax > Fax Console - path to the Fax Console which is used to manage faxing in XP
302
Optimization Task Manager in XP

Parent Category: XP Category: Optimization
We can use Task Manager to manage running processes and view current system statistics about CPU, memory and network usage.
Before you start

Objectives: learn how to open and how to use Task Manager in XP. Prerequisites: you should know what Task Manager is. Key terms: process, priority, usage, application, cpu, running, real time, view
Open Task Manager

To open Task Manager we can right-click Taskbar and select Task Manager from the menu. Another way is to press CTRL+ALT+ DEL, and then select Task Manager from the menu.
Image 263.1 - Application Tab
Usage
303

The Applications tab gives us the list of running applications. As we can see we have Calculator opened and its status is 'Running'. If the status of an application is 'Not Responding', we can end it by right-clicking on it and then selecting 'End Task' option.
Image 263.2 - Right-click on Application
If the program is not responding it will ask us for confirmation to end it. It will also ask us to send a bug report to Microsoft. The Processes tab lets us view processes. We can also view CPU and memory usage for particular process.
304
Image 263.3 - Processes Tab
To change the priority for process, right-click the process and go to 'Set Priority' option. Real-time is the highest priority. Priority is determined in relationship to the other tasks running on the machine. In our case we will set the priority to the Real-time. Click Yes on the warning.
305
Image 263.4 - Priority Options
Image 263.5 - Priority Warning
We can also end a process. To do that, simply select the process and click the 'End Process' button. Notice the warning message. Terminating a process can cause undesired results including loss of data and system instability.
Image 263.6 - End Process Warning
306

This is because when we end a process, it stopped immediately. The process is not given a chance to save any data. Let's look at the Performance tab. Here we can see computer statistics such as CPU and Page File usage.
Image 263.7 - End Process Tab
The Networking tab displays networking statistics.
307
Image 263.8 - Networking Tab
Remember
Using Task Manager we can end applications that are not responding. We can also see running processes and their memory and CPU usage. We can adjust priority for particular process. Real-time is the highest priority. We can also end a process. Terminating a process can cause undesired results including loss of data and system instability.
308
Optimize Disks in XP
There are several common issues that cause our system to stop operating as well as it could. The first issue is disk fragmentation and others include disk errors and lack of free space.
Before you start

Objectives: learn how to optimize disks in XP by using Disk Cleanup, Check Disk and Disk Defragmenter. Prerequisites: you should know how to optimize hard disks in general Key terms: drive, files, hard, defragmenter, cleanup, errors, fragmentation, temporary, case, report, space
Disk Cleanup
The main drive that we're going to want to clean up is usually the C Drive. This is where web pages are cached, where downloaded files are saved, where temporary files are created, etc. We can run a disk cleanup on other hard drives in our system, but the effect won't be so big. We will go to My Computer, select the C Drive, right-click it and then select Properties. Notice that in this tab we can click on Disk Cleanup button.
265.1 - General Tab
When we click it first it will calculate how much disk space can be saved.
309
265.2 - Disk Cleanup Calculation
Then it gives us several different options for cleaning up the disk. We can delete the downloaded program files from the Internet, temporary Internet files which are the web pages and graphics that are cached on our hard drive, delete files in recycle bin, clean out our temporary files, compress old files, etc. Notice that it tells us how much disk space is currently being consumed by each one of those items.
265.3 - Files to Delete
We select the options we want and click OK. As we said earlier, we can do this on other drives besides our main system hard disk drive, but because it's not a system drive we won't have any temporary files, we won't have a web cache for our web browser, etc.
Disk Errors
In Windows we have a utility that will check our hard disk drive for errors. To use this utility, we need to go to My Computer, right-click on the drive that you want to clean up, select Properties, and then go to the Tools tab. In the Error-checking section we will click on the Check Now button. We will see several different options.
265.4 - Check Disk
If we want the error checking utility to automatically fix any file systems errors it finds, we have to mark the first option. Well, actually we should always select this option. If we want to check the surface of the hard disk drive for problems we can also mark 'Scan for and attempt recovery of bad sectors'. If we try to use the Error Checking Utility on a hard disk drive that has Windows system files on it, we will get a warning. We can't check for errors because some system files are in use. In that case we need to run a disk check when the computer restarts.
310
265.5 - Check Disk Warning
The system will reboot and the error checking routine will run before the whole system is loaded. Disk checking will be fast if we don't have many files on it. If we have a lot of files on the drive, error checking will take quite some time.
Disk Defragmenter
Since fragmentation can become a big issue, Windows XP comes with a defragmentation tool called Disk Defragmenter. Defragmentation will reorganize all our files. The system will temporary copy our files on free space on our partition and then rewrite those files so that the clusters are contiguous. When this is the case, reading data on our system becomes optimized. To determine the amount of fragmentation our hard drive click Start > All Programs > Accessories > System Tools > Disk Defragmenter.
265.6 - Disk Defragmenter
Now we need to select the drive we want to analyse. In our case we only have the C drive, so we will select it and click Analyze.
311

265.7 - Analysis Complete
After a few moments a dialog box appears that tells us whether Windows recommends that we defragment our hard drive. In our case we should defragment our drive. Let's click View Report.
265.8 - Analysis Report
Here we can see various information considering fragmentation. To defragment our drive we can click on the Defragment button.
265.9 - View Report or Close
When the defragmentation is done we can click on Close to finish.
Remember
We should often clean our drive where the system is installed. To check disks for errors we can use Check Disk utility. We should check disk fragmentation on regular intervals. We use Disk Defragmenter to check if we need to defragment our disks.
312

Paths that are mentioned in this article
Start > All Programs > Accessories > System Tools > Disk Defragmenter - location of Disk Defragmenter
313
Paging File in XP
If we are low on memory, our system can use our Hard Disks to store temporary files. This is known as virtual memory management.
Before you start

Objectives: learn where to manage virtual memory in XP Prerequisites: no prerequisites. Key terms: page, system, memory, partition, size, virtual, change, manage, optimization, advanced, dump, drive
Overview
The Paging File is used by Windows for virtual memory management. When the system is low on physical memory it uses the Page File to swap data from memory to disk and back. We can improve system performance by creating additional page files. To optimize a Page File we have to know a little about the volumes and partitions that we use. The original partition that we create is called the boot and system partition. It is where all our system files reside. If we put the Page File on our system partition it will compete with the read and writes that are necessary for the system files. To optimize that we should move the Page File to another volume or partition. Another thing that we can do is change the size of the page file. By default page file will be created at one and a half times the size of our main memory. Maximum size of the page file is three times our installed memory.
Page File Management

To manage the Page File, go to Start, right-click My Computer, select Properties, go to Advanced tab, under Performance click Settings, go to Advanced tab and under 'Virtual memory' click the Change button.
314
Image 266.1 - Virtual Memory Management
Here we can set the space that will be available for page file. We can also let our system to manage the size automatically. In our case we only have one partition so we can only create Page File on our system partition, which is not very optimized. If we had another drive we could create another Page File on that drive. We need to be careful if we plan to delete the Page File from the system partition. Windows uses this page file to create the memory dump file if there's a stop error. If we delete the page file on our system partition, Windows will not be able to create the memory dump file.
Remember
Page File is virtual memory on our Hard Disks. We can change the available space for Page File.
315
Backup Tool in XP
Windows XP includes simple utility that we can use to backup our data and system files. Backing up user data is really important because trying to recreate those can be virtually impossible. In ideal situation we should always have a copy of user data on another media.
Before you start

Objectives: learn where to find and how to use Backup tool to back up and restore files in XP. Prerequisites: no prerequisites. Key terms: file, restore, incremental, differential, archive, system, bit, mode, reset
Backup Overview
System State
The system state data includes the operating system configuration information for the system. It includes the Registry, COM+ Class Registration database, system files, boot files, files under Windows File Protection, and the Certificate Services database. System state should be backed up in regular intervals and also anytime we make a configuration change. During a system data backup, all system data is backed up (system data cannot be backed up selectively in portions). System state data can only be restored locally. It cannot be restored to a remote system.
Archive Bit
All files on our system have an attribute called the Archive attribute that plays the key role when doing backup. Archive attribute or bit is set every time a file gets changed or modified. That means that the system automatically flags the file as needing to be archived. When the file is backed up, the backup method may reset (clear) the archive bit to indicate it has been backed up.
Full Backup
When we do a normal or full backup, we actually back up every file regardless of the archive bit. In full backup archive bit is reset so the next time the file is changed, it will be marked as needing to be backed up. To restore, we only restore the last backup.
Incremental Backup
When doing incremental backup we only backup files that have the archive bit set. When those files are backed up, the archive bit is reset.
Differential Backup
When doing differential backup we backup files which have the archive bit set, but after the backup the archive bit is not reset.
Copy Backup
When doing 'copy' backup, we backup all file regardless of the archive bit, but the archive bit is not reset after the backup is finished.
Choose the Right Backup Strategy

Knowing when the archive bit gets set and when it gets reset is important if we are planing some kind of backup strategy. For example, doing incremental backup takes less time because every time the archive bit gets reset so
316

we know that the files have been backed up. But doing a restore from an incremental back up takes more time, because we have to restore every single instance of incremental backup that occurred after the full backup. For example, let's imagine that we take the full backup on Sunday, then incremental backup on Monday (files that have been modified since the last full backup), incremental backup on Tuesday (files that have been modified since the last incremental backup), incremental backup on Wednesday (files that have been modified since the last incremental backup), incremental backup on Thursday (files that have been modified since the last incremental backup), incremental backup on Friday (files that have been modified since the last incremental backup) and incremental backup on Saturday (files that have been modified since the last incremental backup). Remember, when doing incremental backup we only backup files that have been modified. Because of that, backup is fast. Let's say that we want to restore lost data from this kind of backup. First we have to restore the full backup, then the one made on Monday, then on Tuesday, then on Wednesday, then Thursday and so on. As we see, doing restore from incremental backup is slow and complex. Remember, when doing differential backup we only backup files that have the archive bit set (files that have been modified). In contrast to incremental backup, differential backup does not reset the archive bit. Let's say that we take a full backup on Sunday, then differential backup on Monday (files that have been modified since the last full backup), differential backup on Tuesday (all files that have been modified since the last full backup), differential backup on Wednesday (all files that have been modified since the last full backup), differential backup on Thursday (all files that have been modified since the last full backup), differential backup on Friday (all files that have been modified since the last full backup) and differential backup on Saturday (all files that have been modified since the last full backup). Remember, differential backup does not reset the archive bit. That means that all differential backups will contain all data that was modified since the last full backup. For example, differential backup done on Wednesday will also contain files modified on Monday and Tuesday. Differential backup done on Saturday will also contain files modified on Monday, Tuesday, Wednesday, Thursday and Friday. Because of that doing a differential backup takes more time and space as wee move trough the week. Doing a restore from a differential backup is easier then doing a restore from an incremental backup. To restore data from differential backup we have to restore data from the last full backup and then restore data from the last differential backup that we took.
Considerations
Remember that we should not combine incremental and differential backups. Also, if we need to restore data on a system which can not support data compression, we should turn of compression before we do our backup. Also, we could run into problems if we plan to restore our data to a different operating system. To get around that problem we should first restore our data on the same Windows and then copy or migrate our data to the different system. We must be a member of the Administrators or Backup Operators group to perform backups and restores. Backup Operators cannot view, edit, or delete files. Users with the appropriate backup permissions can back up and restore encrypted files. However, they will not be able to open and read those files.
Backup Example
Windows XP includes simple utility that we can use to backup our data and system files. To open Backup tool, go to Start > All Programs > Accessories > System Tools > Backup. The tool will open in wizard mode, but we can choose not to always start in wizard mode.
317
Image 268.1 - Backup or Restore Wizard
On the next screen we can choose to backup data or to restore data. In our case we will choose to backup data.
Image 268.2 - Back up or Restore
On the next screen we can choose what to backup. We can backup our documents and settings, everyone's documents and settings, and all information on our computer. Also we can choose particular files and folders.
Image 268.3 - What to Back Up
318

In our case we will select the last option which will let us choose exactly which files to backup.
Image 268.4 - Selection
Notice that we can select particular files, folders or even the whole drives. Also notice that under My Computer, we can choose to backup System State. In our case we will only back up system state. On the next screen we can choose where to save our data.
Image 268.5 - Destination
In our case we will save our data to the C:\Backups folder and change the name of the file toSystemState.bkf. On the next screen we can choose to finish or take a look at some advanced options. Let's click the Advanced button.
Image 268.6 - Advanced Options
On the first screen we can specify the type of backup that we want to perform, like Normal, Copy, Incremental, Differential or Daily backup. In our case we will select Normal backup and click Next. On the next screen we can select options like data verification, hardware compression or using volume shadow copy, if they are available.
319
Image 268.7 - Backup Options
On the next screen we can choose to append our backup to the existing backups or to replace them.
Image 268.8 - Append or Replace
On the next screen we can choose when to run our backup. Here we can create a schedule entry. In our case we will do our backup now. And that's it, all options are set and our backup is ready to be performed.
Advanced Mode
To start Backup tool in advanced mode click on the Advanced Mode link on the first screen of the Backup Wizard.
320
Image 268.9 - Advanced Mode
To start a new backup we can go to the Backup tab, select what to back up, select our destination and then we can click on the Start backup button.
Image 268.10 - Backup Tab
321
Image 268.11 - Job Information
On the Job Information screen we can click on the Advanced button to set additional options.
Image 268.12 - Advanced Backup Options
These are the same options that we saw when we were in wizard mode. We can also schedule our backup to occur later or on regular intervals. Before we can do that we have to save our backup task. After that we have to provide credentials under which this task is going to run. We need to do this because backup might run when we are not logged on the computer. We also have to provide the Job name and set the dates on which we want our backup to occur. Setting this up is pretty straight forward process. This backup is going to be saved as a task which we can see in Control Panel under Scheduled Tasks.
Restore Data
To restore data, open the Backup tool and go to the Restore tab in advanced mode. Here we will see all backups that we performed before.
322
Image 268.13 - Restore Tab
Notice that we can choose specific data that we want to restore. We can choose to restore files to original location or we can choose some other location. When we click the Start Restore button, another window will appear on which we can go to advanced settings.
Image 268.14 - Advanced Restore Options
Remember
We can use the Backup tool to back up and to restore our data. We can start it in Wizard mode and in Advanced mode. Paths that are mentioned in this article
Start > All Programs > Accessories > System Tools > Backup - location of Backup tool
323
Recover Windows XP
What can we do if our system crashes and we can't log on to Windows anymore. We have several ways to recover our system.
Before you start

Objectives: learn which options are available to recover our installation when our Windows system has crashed. Prerequisites: no prerequisites. Key terms: restore, asr, configuration, console, driver, installation, diskette, mode, try, boot, good, rollback, state, automated
Automated System Recovery

The first one we will talk about is Automated System Recovery or ASR. ASR allows us recover our system using the ASR diskette and a copy of our backup media. These two combined will allow us to restore our entire system. ASR floppy contains only the necessary files in order to start our machine and contains key configuration information about our system. The rest of the information needed to restore our system will be contained on the backup media. We use Windows Backup utility to create ASR backup (including ASR diskette). We can do that by clicking the Automated System Recovery Wizard button on the Welcome tab (start the utility in advanced mode).
Image 269.1 - Welcome Tab
324
Image 269.2 - ASR Wizard
ASR backup only backs up the system state data and does not back up user data. During the backup, we actually create a floppy disk that is used along with the backup files during the restore procedure.
ASR Diskette
The ASR diskette contains the Asr.sif and Asrpnp.sif files. Copies of these files are placed on the backup media so we can copy them manually to the diskette if necessary. The files must exist on the root of the floppy diskette. The system must have a floppy drive in order to perform the ASR recovery. To restore a system, press the F2 key when prompted and insert the ASR floppy disk. ASR will restore disk configuration (including disk signatures of basic and dynamic volumes), install the operating system, and restore the backed up system settings. Remember, ASR does not restore user data. Also, the ASR diskette must match the backup set created by the ASR feature. We cannot use an ASR diskette that was created at a different time than the backup set.
Other System Recovery Options

What can we do if our system crashes and we can't log on to Windows anymore. This can happen, for example, when we install some drivers and after that our system crashes. In this case the first thing that we should try and do is Driver Rollback feature in Windows XP.
Driver Rollback
When we install some driver the rollback point is automatically created. If the driver corrupts the system we can remove that driver and restore it back to the previous configuration. This is done in Device Manager by going to the particular device properties, and then Driver tab.
325
Image 269.3 - Driver Properties
If this doesn't work or we can't get to Device Manager, another option is to use Last Known Good Configuration feature.
Last Known Good Configuration

During every boot process a clone of the system is created. Once the system is logged on, the last known good configuration gets re-created. If we make a configuration change, such as install a driver that now corrupts the entire system, and we haven't logged in again, we may try to reverse bad driver installation effects by using last known good configuration. Sometimes this will not work because we just can't get that far in to the system. So, another option to do a system restore is by going into Safe Mode.
Safe Mode
We can get into Safe Mode by pressing the F8 button during the boot process. Sometimes the system will give us the Safe Mode option automatically if we failed to log in or if the system has crashed. In Safe Mode we can get into a basic configuration of the system. Once we are there we can go to Device Manager and try to rollback the device driver that is causing problems. We can also disable particular device so that it doesn't come up, or uninstall a device so that we remove corrupted device drivers. Also, if we have newer drivers we can try and reinstall particular device. If Safe Mode doesn't work for us we can go to the Recovery Console.
Recovery Console
In order to use Recovery Console we first have to install it or run it from the Windows installation CD. We can run Recovery Console by booting from the installation CD-ROM and choosing theRepair option. To install the Recovery Console we can use the 'win32.exe /cmdcons' command from the installation CD-ROM. The Recovery Console is then available during boot, without the CD. It will be available as an option when we press F8 during boot. Recovery Console is a command line interface. Many key tasks can be accomplished using various
326

commands available. We can fix boot sector (fixboot) or fix master boot record errors (fixmbr). We can also remove or update key system files. We also have disk partitioning utility so we can work with our hard drives as well. We have limited access to user files, but we can work with system files. From the Recovery Console we can also do a System Restore.
System Restore
Using a System Restore is similar to using the Undo feature in a word processing program. With system restore, the system takes periodic snapshots, called restore points, of the system configuration. We can also manually make restore points prior to modifying the system configuration. We can do a System Restore form Recovery Console, or from Windows if we are able to log on to the system. When we want to restore our system to a previous state from Windows, we can run the System Restore program and select the desired restore point.
Windows Backup
We can use the Windows Backup utility to restore the system state data manually, or to restore user data from a backup. Ntbackup does not create partitions. We must manually create partitions and format them before restoring data.
Parallel Installation
If none of these options work we can try parallel installation. What that means is that we can reinstall Windows operating system without reformatting our partition. If we format our partition we lose all our data. The idea of parallel installation is to keep all our data intact.
Remember
Automated System Recovery allows us recover our system using the ASR diskette and a copy of our backup media. ASR backup only backs up the system state, not user data. If some driver is causing problems we should try Driver Rollback feature. We may also try to reverse bad driver installation effects by using Last Known Good Configuration, if we haven't logged in again. We can get into Safe Mode by pressing the F8 button during the boot process. In order to use Recovery Console we first have to install it or run it from the Windows installation CD. Recovery Console is a command line interface. System Restore takes periodic snapshots, called restore points, of the system configuration. We can use the Windows Backup utility to restore the system state data manually, or to restore user data. If none of these options work we can try parallel installation, which means that we reinstall Windows operating system without reformatting our partition. Commands that are mentioned in this article
win32.exe /cmdcons - install Recovery Console from the installation CR-ROM.
327
Utilize Windows XP Security
Security Configure Auditing in XP

Parent Category: XP Category: Security
We can use Auditing feature in XP to see exactly what is going on inside of our computer system.
Before you start

Objectives: learn how to configure local auditing on XP machine. Prerequisites: no prerequisites. Key terms: account, event, logon, local, configure, access, user, file, policy, enable, server, monitor, record, object, fail
Considerations
When we use Audit feature we can configure both successful events as well as failed events. When we do auditing, log files for auditing tend to fill up fairly quickly so we should be careful what we select for auditing. We shouldn't audit everything because the log file will fill up to quickly. Auditing can generate a large amount of data. We have to be sure that we configure the Security log with sufficient size to record all events.
Different Scenarios
Account Logon
Let's say that we share some files on our server and we want to see who is accessing our files. In this case we would turn on successes for Account Logon events. Using those events we can see who is accessing or remotely using our files. Also, maybe someone will try to hack our server. In that case we would look at the failed Account Logon events and see who doesn't have the right privileges to access our server. Account Logon audits logon through a user account. It is recorded by the local computer for the local account, and recorded by domain controller for the AD account. Account logon events are recorded when user account credentials are validated and on the computer where the user account lives. For example, when a user authenticates to a domain, an account logon event is recorded on the domain controller but not on the local computer. If a user logs on using a local computer account, an account logon event is recorded on the local computer.
Logon Events
Logon events pertain to the local computer. Let's say that we have a Remote Access Server and we want to see who is trying to access the server. We are really interested in who's trying to hack the Remote Access Server so we will audit failed logon events. So, network connections to the local computer are monitored. Logon events are generated on the computer where logon occurs, regardless of whether the account used was a domain account or a local account. For example, when a user logs on to a computer using a domain account, a logon event is recorded on the local workstation, while an account logon event is recorded on the domain controller.
Object Access
Another common area for auditing is Object Access. This way we can see who is accessing certain files, folders or printers. Thing to remember here is when we enable Object Access Auditing, files and folders are not monitored automatically. We have to go to the actual file or folder, go to the Security tab, go to the Auditing section and configure auditing. That way we are not auditing everything that happens on our computer. For file auditing to occur, the files must be on NTFS partition.
328

Policy Change
As administrators we want to know who is changing policies and when. Also, we want to know about attempts to change policies that failed.
Privileged Use
We may want to see when users are utilizing their user rights. Failures could be interesting here. We can also audit when an administrator takes ownership of an object.
Account Management
We want to know who is adding or modifying user accounts. This is interesting because we can delegate the control of the creation of user accounts to others. In that case we want to make sure that they are following our policies. We can monitor things like adding, renaming, disabling/enabling, deleting, or changing the password for a user account.
System Events
System Events can include events such as shut down, boot, etc. This way we can record when the system or services got started, etc.
Process Tracking
We can audit when an application performs an action. This is used mainly for program debugging and tracking.
Results
Al auditing events can be viewed in the Event Viewer in the Security log. We should check that log frequently because events can add up quickly. Because auditing consumes system resources and might result in a lot of generated data, we should enable auditing only on the events we are interested in.
Default Settings
By default, event logs are configured to overwrite existing entries when the log is full. To preserve all auditing entries, we can configure the 'Do not overwrite events' setting. With auditing configured, clearing the log generates an event identifying when the log was cleared and by whose authority. Another thing to consider is that in the registry we have a setting called 'CrashOnAuditFail'. If our audit log gets full, this setting will not allow anyone to logon to the computer. By enabling this particular setting, we have the ability of effectively shutting down the system if we can't do any more auditing. If this setting is not enabled, users will be able to logon even if we can not audit events. This prevents hackers from filling the audit log in order to gain access to the system once the log is full. We should save audit logs to keep them for future reference or analysis.
We will use Local Group Policy to configure auditing. Let's go to Administrative Tools and open Local Security Policy. Under Security Settings we will browse to the Local Policies and then Audit Policy.
329
Image 270.1 - Local Security Policy
The first step in configuring auditing is to select the event category that we want to track. In our example we will configure Audit account logon events policy. This security setting determines whether to audit each instance of a user logging on to or logging off from another computer in which this computer is used to validate the account. Because it is important to enable minimum auditing, we will only audit logon failures.
Image 270.2 - Account Logon Events
330

To see generated events we will go to the Event Viewer, Security log. In our case, notice that we have a Failure Audit event in the list. Category of this event is Account Logon (as we set in Policy Editor). Type can be Failure or Success. If we double-click on that event we can see the details.
Image 270.3 - Event Details
Someone with the logon account named 'Monika' tried to log on to our computer.
File and Printer Auditing Configuration

To configure auditing for resource access we first must enable auditing in Group Policy, then define the resource, users and actions that we want to audit. Let's enable Object Access auditing. We will enable both Success and Failure attempts.
331
Image 270.4 - Object Access Policy
At this point no audit events will be created until we define specific objects we want to keep track of, and identify the users we want to monitor. In our case we want to monitor when the user 'Kim Verson' prints on our printer. We right-click our printer, select Properties, go to the Security tab, click the Advanced button and then select the Auditing tab.
332
Image 270.5 - Auditing Tab
Here we need to add our user, Kim Verson. We want to monitor successful prints.
333
Image 270.6 - Print Auditing Entry
Next, we have a folder that contains sensitive files. We already control access to that folder with NTFS permissions, and we want to know when someone tries to modify permissions for the folder or its files. In our case we will configure the Great Citations folder. We will right-click it, select Properties, select Security tab, click Advanced button, select Auditing tab, and click on the Add button.
334
Image 270.7 - File Auditing Entry
This time we will add the Everyone group, because we want to monitor when someone tries to modify permissions. Notice that we can audit many different actions. Here we could also select to monitor the Take Ownership event. When we are finished, system will monitor only those events. Events with other users and files will be ignored.
Remember
We can use Local Group Policy editor to configure auditing on local machine. The first step in configuring auditing is to select the event category that we want to track. To see generated events we use Event Viewer, Security log section. To configure auditing for resource access we first must enable auditing in Group Policy, then define the resource, users and actions that we want to audit.
335
Security Templates in XP
Security template is a way of preserving our settings. We can apply the same template to all our computers so that they all match the same level of security. Microsoft has already published a lot of templates that we can use.
Before you start

Objectives: learn how to use security templates to apply security settings in XP. Prerequisites: no prerequisites. Key terms: setting, group, password, policy, local, analysis, database, import, compare, member
Naming Convention
When we open the 'templates' folder, we will see several files with .inf extension. Before the '.inf' extension we can see 'ws' or 'dc' added to the name of the template. 'ws' indicate that that template is intended for a workstation. 'dc' indicate settings for the domain controller. Settings for servers will have 'srv' at the end of the template name.
Templates
We start off with a basic set of templates. Those are basic security settings that are applied by default during the installation of the system. In addition to that we also have, the Secure Templates. We also have High Security Settings in which we start to manipulate with user rights. We also have a temple called Compatibility Templates. The common one we will see here is Compatible Workstation or comptws.inf which allows us to apply a security template that is consistent with the previous versions of Windows. Since previous versions are not able to use all of the security settings that we have in Windows XP, we can set those back so that we can still maintain compatibility.
Tools
The first tool that we can use is the Security Analysis and Configuration in Microsoft Management Console or MMC. This tool gives us two components which allows us to analyze our security based on our templates. We can select a template, open up a database using that template and then analyse our computer. After the analysis it will show us everything that meets and exceeds the requirements of the template. Anything that doesn't meet the requirements of the template will be illustrated with the red X. If we want to apply that template we can go to the configuration portion of the Security Analysis and Configuration tool which will allow us to apply all that settings to the computer. When applying settings, if existing setting meets or exceeds particular setting, then it does not make any changes. Another tool that we can use is 'secedit' command line tool which basically allows us to do same thing as with Security Analysis and Configuration tool. We can use secedit command with the/analyse switch to analyse our settings or we can use the /configure switch when we want to make changes to our settings. We can use secedit /export to export database settings to a template.
Issues
When applying high security templates, the Administrators group is reset. Administrators and Power Users group are reset to default members, so if we have a lot of members in that groups it can be an issue. After applying the template we should check those groups and add members back as necessary. Another issue comes up when we move between various templates. If we have applied a high security setting, and after that we want to go back to the basic settings, we have to clear the existing template first. Remember, when we apply our templates, if particular setting meets or exceeds template setting, it will not make any changes.
336
Compare Settings
We will compare the security settings in Local Group Policy on our computer to the settings in a predefined template. In that way we can see what custom settings are modified on the local computer. To do that we need to perform three general tasks. First we need to configure MMC to work with security settings, second we have to import the template database, and third we need to compare the template with the local settings and view the results. Let's start by creating the MMC. We'll go to the Start Menu, in the Run command type in 'mcc' and hit enter. On the File menu, select Add/Remove Snap-in, select and add the Security Configuration and Analysis Snap-in.
Image 271.1 - Security Configuration and Analysis
Now that we have our snap-in set, we can compare the security settings on the local system with those in the template. Now we need to create a new database and import the template settings. Let's right-click Security Configuration and Analysis and select Open Database. We will name it CompareSettings and click Open.
337

Image 271.2 - Database
Next, we have to import our template, that is, we need to select the template that we are going to compare to the local computer.
Image 271.3 - Templates
All those files are actually stored in 'c:\windows\security\templates' folder. In our case we will select 'securews.inf' and click Open. At this point we need to compare the settings in the template with the settings on the local computer. To do that we will right-click 'Security Configuration and Analysis' and select Analyze Computer Now. Click OK to accept the path to the error log file. The following window will appear.
Image 271.4 - Analysis
If we browse the the Account Policies and then Password Policy, we can see the settings from our database and the current computer settings. Notice the red X and the green check mark. A red X tells us that the setting on the local computer does not match the setting in the template, while the green check mark tells us that the settings do match. Notice that we have two columns for details. Those columns are the Database Setting (template setting) and Computer Setting (current setting applied on the computer). For example in our case, notice that the minimum password length in the template is 8 characters while current setting is 0 characters, which basically means 'no restriction'.
Edit Settings
To apply all those settings we can right-click 'Security Configuration and Analysis' and select 'Configure Computer Now' option. All settings will then be applied. To check our new settings we can go to our Group Policy Editor and navigate to the, for example, Password Policy.
338
Image 271.5 - Password Policy
Notice that our settings now include minimum password length of 8 characters. While we can manually edit group policy settings to achieve the desired configuration, we can simplify the process by importing a predefined template. Windows XP ships with several predefined templates. We can also import our template while we are in Group Policy Editor. Let's say that we want to revert our changes to the original settings set during installation. To import a policy, we will right-click Security Settings and then select Import Policy in Group Policy Editor.
Image 271.6 - Import Policy
Compatws.inf provides Windows NT 4 compatible settings. Templates starting with 'secure' likesecuredc.inf and securews.inf are used to increase the security for workstation or domain
339

controller. Securedc.inf is used for domain controllers and securews.inf is used for workstations.Hisecdc.inf and hisecws.inf increase security even further. The 'setup security.inf' is the default security that was created when we installed Windows XP. Let's import 'setup security' to revert to the defaults. We will select it and click Open.
Image 271.7 - Setup Settings
Notice how our password policy has changed. Now they've reverted to the default security settings. Our password history is zero and our maximum password age is 42 days instead of 30. Also our minimum password length is zero characters instead of eight. To edit existing templates we can use the Security Templates MMC snap-in.
Remember
'Setup security.inf' configures the system with the original settings applied during installation. 'Securews.inf' enhances security settings that typically do not affect application compatibility. It defines strong password, lockout, and auditing settings. It also restricts rights granted to anonymous users. 'Hisecws.inf' secures a workstation as much as possible. It forces NTLM v2 between server and client, and removes all members of the Power Users group. It also removes all members of the local Administrators group except for the Domain Administrators group and the local Administrator account. 'Compatws.inf' relaxes the security privileges of the Users group to allow them to run non-user certified applications (applications that are common in previous Windows versions). It also Removes all members of the Power Users group. Paths that are mentioned in this article
c:\windows\security\templates - folder where we can find some predefined security templates
340
Internet Explorer Security in XP

Internet Explorer allows us to make a lot of different security settings.
Before you start

Objectives: learn how to configure Internet Options in XP. Prerequisites: no prerequisites. Key terms: zone, site, cookie, activex, local, control, restrict, manage, privacy
Security Zones
Security in Internet Explorer is managed trough Security Zones. Security Zones allow us to control different types of access depending on sites, which we can group into general categories. We can control whether or not will we allow ActiveX controls or scripts for particular website. We can also control whether or not will we allow downloads to occur from a particular site. All those settings get associated with different types of zones. The first zone is Local Intranet. Local Intranet is everything that's on our Local Area Network. By default, this is anything that has a UNC path associated with it. As we type in the UNC path in the address line, it knows that the source is on the Local Intranet. For example, we can make different security settings for the servers that are on our Local Intranet as opposed to what's available on the Internet. Another security zone is Trusted Sites. In this zone we add sites that are trusted so we may loosen up our security settings for that zone. For example we may allow ActiveX programs to run, allow scripts, downloads, etc. In order to maintain security with our trusted zone we may want to require the use of HTTPS (HTTP Secure) protocol. Another zone that we can use is Restricted Sites. Sites in that zone are restricted and users will not be able to access them. Another important zone is Internet. This zone contains sites that are not included in any of the three previous zones. Issue that comes up with the Internet zone are our privacy settings.
Cookies
We control privacy settings trough Cookies. A Cookie is a file that contains information and those files can be accessed from websites on the Internet. Cookies can have things like our username or password or other information that some website will use while we browse particular site. Cookies allow websites to use existing information for future sessions. In Internet Explorer we can control the use of cookies. We can turn off Cookies which means that we will not accept any cookies from any site. This can also prevent us to from being able to access different websites. Another issue that comes up with Cookies is that we can get cookies which are known as first party cookies(those come from the site we're visiting) and third party cookies (from the site we are not visiting, for example banner ad).
Example Zone Configuration

We can use Internet Options in Control Panel to manage security of Internet Explorer. Let's open Internet Options and then go to the Security tab. We want to allow ActiveX installations only from Local Intranet or from Trusted Sites. ActiveX file should not be installed from any other location in our case. Other settings for each zone should remain unchanged. First, we will restrict ActiveX installation on the Intranet zone. Notice that our current default level is Medium-high.
341
Image 272.1 - Zones
This setting is appropriate for most websites. Notice that unsigned ActiveX controls will not be downloaded, but signed ones will. We want to disable any ActiveX controls. While we could move the slider to High setting to disable ActiveX controls, this would impact other settings as well. We only want to disable ActiveX controls. To do that we will click on the Custom Level button.
342
Image 272.2 - ActiveX Disabled
We have to make sure that all ActiveX options are set to 'Disable'. In this window we could also set various security options like Downloads, .NET Framework, Scripting and other settings. We will confirm those changes and also make them in the Restricted Sites zone. If we check default settings for Restricted Sites zone we will notice that ActiveX controls are disabled by default. The next thing we need to to is allow ActiveX controls on Trusted Sites and Local Intranet zone. Simply select the zone, click on the Custom Level button, and check appropriate options in the ActiveX section of settings. One last thing we need to do is to add sites to the Trusted Sites zone so that ActiveX controls can run on those particular sites. To do that we have to select Trusted Sites zone and click on the Sites button. Notice that by default this zone requires server verification (https:) for all sites in this zone. We are going to keep that option. We will add https://home.live.com/. Notice that we are using https protocol.
343
Image 272.3 - Trusted Sites
We don't have to add sites to the Local Intranet zone because zone membership is managed automatically. All LAN and UNC locations are members of the Local Intranet zone.
Image 272.4 - Local Intranet
We could actually add sites by clicking on the Advanced button, but in our situation it is not necessary. Membership of the Internet zone is also managed automatically. All sites that are not in the Local Intranet, Trusted Sites or Restricted Sites zone are members of the Internet zone.
Example Cookie Configuration

Cookies are files that our browser places on our computer. Websites create cookies to keep track of personal information, often to simplify filling out forms or to customize content based on our preferences. We can use Internet Options to customize how our system handles cookies. We will go to Privacy tab.
344
Image 272.5 - Privacy Settings
Notice that settings configured here only apply to the Internet zone. The slider has predefined levels for cookie handling. If we move it to the highest level, all cookies will be blocked. In our case we want to manually configure our settings so we will click on the Advanced button and then select 'Override automatic cookie handling' option. In our case we will block third-party cookies, check the 'Prompt' option for first-party cookies and check the 'Always allow session cookies'.
345
Image 272.6 - Cookies Set
We can also configure cookie handling on a site basis. To set per-site settings we can go back to the Privacy tab and click on the Sites button. In our case we have entered thewww.utilizewindows.com and clicked the Allow button. This will allow all cookies on utilizewindows.com site and will override any general cookie settings.
Image 272.7 - Allowed Cookies
346

Remember
We can use Internet Options in Control Panel to manage security of Internet Explorer. Security in Internet Explorer is managed trough Security Zones. Security Zones allow us to control different types of access depending on sites, which we can group into general categories. Local Intranet and Internet zone membership is managed automatically. All sites that are not in the Local Intranet, Trusted Sites or Restricted Sites zone are members of the Internet zone. Cookies are files that our browser places on our computer to keep track of personal information. We can configure cookie handling on a site basis.
347
Utilize Windows XP Installation
Installation Preparation for Windows XP Installation

Parent Category: XP Category: Installation
Today in the world of bootable CDs and DVDs we don't really have to worry about making bootable floppy drives. But if we need to start the installation of Windows XP manually, we have to know which executable file we must run and in which environment.
Before you start

Objectives: prepare for the installation and learn about general installation commands and their switches. Prerequisites: you should know about typicall Windows installation sources. Key terms: installation, start, exe, files, switch, winnt, process, run, bootable, cd, hard, hardware
Before the Installation

Before starting the installation we should check the Hardware Compatibility List (HCL) to verify that our hardware is compatible with Windows XP. Also, we should disable virus checking in the BIOS. Also, we should know the facts about the environment in which our computer will be used. This includes things such as a domain name, etc.
Installation Commands
If we run the installation from the bootable CD or if we run the setup from the CD while we are in some 32-bit operating system, the setup.exe will run all necessary commands to start the installation automatically. However, if we have to start the installation manually using CMD line, we have to know which executable files we need to run in order to start the installation. To start the installation process we can use two installation commands, Winnt.exe and Winnt32.exe. The Winnt.exe command is used when we don't have a 32-bit operating system running. For example, we can boot our system using DOS and then use the Winnt.exe command to start the installation process. If we want to start the installation from within a current 32-bit Windows installation, then we can use the Winnt32.exe command.
Command Switches
With mentioned installation commands we can use certain switches to customize the installation process. The first switch we should mention is /makelocalsource. This switch is used when we have a CD that is not supported in Windows XP. In this case with that switch we copy the installation files onto a local hard drive and point our installation to that, rather than the CD. Another switch is /dudisable. This switch will disables the dynamic updates during installation. We can always connect to the Internet later and get all updates after the installation. Another switch is the /makeboot. We use this switch to make a bootup floppies. We can use them if we don't have a CD-ROM that is bootable. Other switches that can be used are /duprepare (download update files and save them locally),/dushare (start the installation with downloaded update files), /u (indicates use of an unattended answer file), /udf (indicates the use of a uniqueness database file), /s (specifies a path to source files), /checkupgradeonly (verifies upgrade compatibility with XP).
Installation Phases
Once we run the commands and the installation begins, we start the phase 1 of the installation process. In this pahse we will see the welcome screen and then we have to determine the source files for the installation. After
348

that, some of the core XP files are copied to the computer memory and will be used to perform are installation. After that, we can install additional drivers, and to do that we need to press F6 to install them. For example, if we need to install additional SCSI or SATA controller adapter drivers, we would use this option. If we want to install a custom Hardware Abstraction Layer (HAL), we can press F5 during the installation. After all this, we will have to configure our hard drives. This allows us to create or delete partitions, and to format the partitions. After we configure our hard disks, the process of file copying will begin. Once all the files are copied to the hard drive and when the system reboots when reboots, we will get to the GUI phase. In this phase we will have to set some options like regional options, date and time settings, serial number which is 25 character code, etc. When it comes to licencing, there are several different options. We can have the volume licence or a single user license. Note that we can use the volume license only with the volume license media. So, the licence code must match to the installation type (volume or single user). When we answer all the questions our computer will reboot itself into the Windows XP environment. At this point we will be prompted to register our Windows XP copy with Microsoft. This is an optional step but it's recommended. Another thing we have to do, and which is not optional, is to activate Windows XP. This is an attempt from Microsoft to reduce the amount of software piracy. We have 30 days to use Windows XP and in that time we have to activate our copy. Activation can be done online or over the telephone. Activation will require some information about our computer so that it is known where that licence is applied, but Microsoft will not collect any private information.
Remember
We have to ensure that our hardware is compatible with XP. To start the installation process we can use two installation commands, Winnt.exe and Winnt32.exe. Common switches to use are /makelocalsource, /dudisable and /makeboot.
349
How to Upgrade From Older System to Windows XP

When considering upgrade to Windows XP we have to be aware of some limitations. Not all operating systems are able to upgrade to Windows XP. Also, if we have to install Windows XP on new machine, we can perform files and settings migration from the old computer to the new one, and in that way save ourselves a lot of time.
Before you start

Objectives: Learn how to prepare for upgrading, which operating systems can be upgraded to Windows XP, and which tools and commands can be used to migrate files and settings from the old installation to the new one. Prerequisites: you should know the specifics about each type of Windows installation. Key terms: settings, files, transfer, computer, upgrade, installation, tool. folder, wizard. network
Types of Installation
As we already know, when installing Windows XP we can do a clean installation, an upgrade of existing operating system to XP, we can do a migration to Windows XP, or we can install Windows XP alongside an existing installation.
Upgrade to Windows XP
Before we do an upgrade to Windows XP, we should check to see if our system can support the upgrade. To check the compatibility we can run a special command which will do just that. This is done in command line when we boot our computer in DOS environment. The command to check for compatibility is "winnt32.exe /checkupgradeonly". The results of the check are saved in the%systemroot%\upgrade.txt file. One of the advantage of doing an upgrade is that it will preserve all user settings and files. This is great because we don't have to configure our users again, we don't have to install our applications again, etc. If we have to do a clean installation, there is a way to transfer all users settings and files from older (or simply another) installation. To do that we can use the tool "Files and Settings Transfer Wizard". This is a GUI tool which we can use to select which files and which settings we want to transfer from the old system. Once we select them, we will be able to export them to some location. The location can even be a network share. Once we are done with the clean installation on our new system, we can import that data, and it will be as if we have done an upgrade to the new OS. We can do the same thing by using the "scanstate" and "loadstate" commands. We use scanstate to save user settings from the original system, and we use the loadstate to restore user settings on the new system. By using scanstate we can export data to the network share.
Files and Settings Transfer Wizard

We can use this tool to migrate settings and data from 9x versions of Windows to Windows XP. To open this tool we can go to Start > All Programs > Accessories > System Tools > Files and Settings Transfer Wizard. The first thing that this tool will ask us is on which computer are we currently working on. We have two options: "New computer" and "Old computer". New computer is the computer we want to transfer files and settings to, and the old computer is the source of that files and settings. In our case this is the old computer.
350
Source or Destination Computer
When we click next, in our case we got a Firewall prompt. That's because this tool tried to access network resources. We will select the "Unblock" option to allow this tool to access our network.
Firewall Prompt
After that we need to specify where do we want to save our settings and files and what will be the transfer method. Notice that some options are available and some are not. This depends on the current settings of our computer and the environment in which our computer resides. In our case we will simply save all data to the C:\Transfer folder. Later you will notice that the Wizard will create additional folder called USMT2.UNC inside of our Transfer folder.
Transfer Method
351

On the next sceen we need to select what do we want to transfer. We can choose to transfer only settings, only files, or both. Based on our selection, we can see what will be transferred on the right side of the window. Notice that we can also select a custom list of files and settings. In our case we will select the "Both files and settings" option.
Files and Settings Option
When this step is complete we can copy our folder where we have saved all our data (in our case C:\Transfer) to the new Windows XP installation. There we will run FaSTW and this time choose the "New computer" option.
New Computer
After that we need to specify the location of our files and settings. In our case we have already collected files and settings so we can choose the last option.
Source
352

Next, we need to specify the location of the files and settings. In our case we have copied our Transfer folder to the C: drive, so the path is again C:\Transfer. This is the folder where our files and settings are located.
Location
When we click next, the Wizard will start the transfer. When the whole process is complete we will have to log off for changes to take effect.
Supported Operating Systems

Not all operating systems are supported for the upgrade. Some operating systems may be supported but they require certain service pack to be installed. Operating systems which can be upgraded to Windows XP Professional are: Windows 98 (including SE), Windows ME, Windows NT 4.0 Workstation (with latest SP), Windows 2000 Professional and Windows XP Home Edition.
353
Prerequisites for Network Installation of Windows XP

We have two different ways in which we can do a network installation. One method includes a configuration of special server which is used to deploy installations to multiple computers. In other method we simply create a network share which includes all source files required for the installation.
Before you start

Objectives: Learn what is RIS server and which commands can be used to start the installation from the network share. Prerequisites: no prerequisites. Key terms: network, installation, boot, ris, server, share, files, create, updates, clients, command
Network Installation
Installations performed from the installation source which is located on the network is great if we have a lot of computers which we have to install simultaneously. We can do network installation in several different ways. The first method is to create a network share which contains all of the required installation files. From the destination computer we would connect to that network share and run the "winnt" command from there. This will start the remote installation. The second method is to use Remote Installation Services (RIS) to automate network installations of Windows XP. When we use RIS, we connect to the RIS server with our client to download the necessary files and perform the installation. There are some requirements to successfully create RIS environment. We have to configure DHCP services on our RIS server. The clients have to be able to requests IP addresses from the RIS server. The RIS server also has to act as a DNS server. The clients will register themselves with the RIS server for the purpose of the installation. One other component that our RIS server has to have is Active Directory. On the RIS server we also have to create a remote installation image. This image will actually contain all the necessary files for the installation. All files from the i386 directory are included in this image. If we plan to install service packs automatically, we also have to have their folders available. To apply a service pack to the source installation files, we can use the Update.exe s:[network_share] command and switch. This applies the service pack to the installation files in the network share. We can also take advantage of the dynamic update feature during the setup. We can download the updates to a network share, so if we don't have access to Internet during the installation process, we can use special command switches to include the appropriate location where the updates are. For example, the /duprepare:[path to downloaded updates] switch will prepare the updates which are located on the network share. After that we can use the /dushare:[path to downloaded updates]switch which will force the setup process to install updates from a shared location instead of the Internet.
Network Boot
Clients have to be able to boot to our network in order to perform network installation. To do that, clients must have a PXE enabled network card. These NICs have the ability of booting the system. Also, network boot option must be enabled in BIOS. Normally we boot our computer using our hard drive, but in this case, we boot to the network. If we don't have a NIC which supports PXE, we can create network boot floppies using the "Rbfg.exe" command (Remote Boot Disk Generator). The boot disk will simulate the PXE boot process.
Remember
354

We can do a network installation from the network share. Our computer must be able to boot to the network (PXE enabled). We can use RBFG.exe command to create network boot floppies. We can use Remote Installation Services to deploy prepared images to our clients.
355
Create an Answer File in Setup Manager

By using Setup Manager we can create an unattended setup answer file. We can create different types of answer file, depending on the type of the installation that we will be performing.
Before you start

Objectives: Learn how to create an answer file for unattended setup by using Setup Manager in Windows XP. Prerequisites: you have to know the basics of automated Windows installation. Key terms: file, create, setup, windows, answer, option, user, choose, case, screen, manager, option
Setup Manager
We can find Setup Manager on the Windows XP installation CD. We have to unpack it from the "deploy.cab" file which is located in the "SUPPORT\TOOLS" folder. In our case our CD-ROM is on the D: drive.
DEPLOY.CAB File
When we open the deploy.cab file, among other files we will see a "setupmgr.exe" file. This is our Setup Manager application, and now we need to extract it to some folder on our computer. Simply right click it, and select the Extract option. In our case we will extract it to our Desktop. Now we can run the Setup Manager by opening the setupmgr.exe file. When we first run it, the wizard will automatically run. It will ask us if we want to create a new answer file or modify an existing one. In our case we will create a new file.
Create New File
356

On the next screen we have to choose the type of answer file that we want to create. We can create a "Unattend.txt" file, "Sysprep.inf" file or a .sif file. If we want to create an unattended setup, we can create an unattend.txt file or Winnt.sif file (Winnt.sif is used for CD-based installations). For Sysprep setup we will create Sysprep.inf file, and we can create a .sif file if we will use Remote Installation Services. In our case we will choose an Unattended setup option.
Type Of File
On the next screen we can choose the Windows version for which we will create an answer file. In our case we will choose the Windows XP Professional.
Windows Version
Now we have to select the type of user interaction we want. "User controlled" option provides default options and the end user can change them during the installation. "Fully automated" option requires no user interaction at all. In this case we will specify all values in the answer file. With "Hidden pages" option we provide answers for certain setup pages, and those pages are then hidden from the end user. "Read only" option makes all answers visible, but the user can't change them. In "GUI attended" option the GUI portion of the setup runs normally, while the text portion of the setup is automated. In our case we will select the "Hidden pages" option. This way we will set only some options, while the user will have to enter all the options that we didn't enter in our answer file.
357
User Interaction Level
On the next screen we can choose to create a new distribution share, modify existing one or select to set up Windows from a CD. The thing is, Setup Manager can create a distribution share on our network with the required Windows source files. After that we can also add files to that share to further customize our installation. In our case we will select the "Set up from a CD" option. That means that we will take Windows installation CD to each workstation and start the installation with the CD-ROM.
Distribution Share Option
After this we will see a menu with many different options that we can customize. On the left we can choose different configuration screens that we want to edit for Windows setup. On the right we have to provide the information for the particular screen. For example, for the first screen we will enter the organization "Utilize Windows". We will leave the Name box empty, which means that the name will have to be entered during the installation by the end user.
Name And Organization
358

When we click Next, we will move to the next screen on which we can enter configuration for our answer file. The next interesting screen is "Computer Names". If we will install many computers which will reside on the same network, they have to have unique names. On this screen we can choose a text file which contains computer names, or we can choose to automatically generate computer names based on organization name.
Computer Names
We should also configure default administrator password, so that administrators can always log on to all computers that will be installed. Notice that we can encrypt that password in an answer file. We can also choose to join all computers to the domain. When we join a domain, we can also create a computer account in that particular domain, and for that we will need a user account that has permissions to add a computer to the domain. Other options that we can configure are dialing options, regional settings, languages, browser and shell settings, installation folder, network printers, etc. In the end, when we click Finish, we will have to save our unattend.txt file.
Save File
Remember that if we plan to use our answer file with a CD-base installations, we have to name it "Winnt.sif". Winnt.sif than has to be copied to a Floppy disk, so that it can be used with a CD-ROM when we install Windows XP.
359
Typical Windows XP Installation Problems

When installing Windows XP, there are some issues that may arise during installation. If everything is OK with our hardware, we should be able to install Windows XP successfully.
Before you start

Objectives: familiarize yourself with typical Windows XP installation problems and how to deal with them. Prerequisites: no prerequisites. Key terms: installation, windows, switch, xp, system, bios, command, debug, default, file, information
BIOS
Sometimes the issues will be caused by the settings in the BIOS. Well, we may find that the BIOS sees Windows XP as a virus. In order to correct this we can simply go into the BIOS and disable the virus protection before we continue with the installation. When we experience a problem during installation of Windows XP, the installation process will try to continue with the installation from where it stopped when we restart the computer. This automatic feature is built in into the system. In addition to that we can also try using the Recovery Console to recover the installation process. When troubleshooting installation, it is great to see what is actually going on during installation. In order to see additional information about the installation we can use the "/debug" switch with the "winnt32" command. The full command would be: winnt32 /debuglevel:logfile. This will create a log of installation actions. The default log file is C:\%systemroot%\Winnt32.log. We can use five different levels (from 0 to 4) with the /debug switch. Level 0 will display the least amount of information, while with level 4 we will get the most detailed information. The default debug level is 2. If our installation is unstable we can use the System File Checker (Sfc.exe) to verify the integrity of protected system files. With the Sfc command we can use several switches. The /Scannow switch will perform a scan immediately. The /Scanboot switch will perform a scan every time the operating system boots. The /Revert switch will reset the scan behavior to the default. With the "/Cachesize = size " switch we can determine how much disk space can be used to store cached versions of protected system files.
Dual-boot Problems
If we want to utilize dual-boot environment on our machine, we have to ensure that we have the most current version of our boot files (NTLOADER and NTDETECT.com). Also, we have to be carefull in which order we install Windows versions. Remember that newer operating system should always be installed last. For example, if we want to have Windows ME and Windows XP on one machine, we should install Windows ME first, and then Windows XP.
Uninstalling Windows Components

If we have problems with the Service Packs that were installed on our Windows XP machine, we can run the "spuninst.exe" command from the service pack or hot fix uninstall folder. With spuninst we can also use several switches. The -u switch will use unattended mode. The -f switch will force other applications to close at shutdown. With -z switch our computer will not reboot when complete. The -q switch enables quiet mode, meaning no user interaction. To isolate a driver causing our installation to fail, we can add the /Sos switch to the Boot.ini file. This loads the drivers individually, allowing us to isolate the bad driver.
360

Utilize Windows XP

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Utilize Windows XP

Încărcat de

Drepturi de autor:

Formate disponibile

This e-book is a collection of articles that were originally published on www.utilizewindows.com.

Utilize Windows XP Basics

Basics Introduction to Windows XP

Before you start

Utilize Windows XP Basics

Utilize Windows XP Basics

Before you start

Image 70.1 - Welcome Screen

Utilize Windows XP Basics

Image 70.2 - Desktop

Image 70.3 - Taskbar

Notification Area (Tray)

Utilize Windows XP Basics

Image 70.5 - Start Button

Image 70.6 - Start Menu

Utilize Windows XP Basics

Image 70.7 - Control Panel

Utilize Windows XP Basics

Image 70.9 - Settings Tab

Adding Administrative Tools to the Start Menu

Utilize Windows XP Basics

Microsoft Management Console (MMC) in Windows XP

Before you start

Image 118.1 - Computer Management MMC

Utilize Windows XP Basics

Image 118.3 - Run dialog

The following window will open:

Utilize Windows XP Basics

Image 118.4 - Empty MMC Console

Image 118.5 - Adding MMC Snap-in

Utilize Windows XP Basics

Image 118.6 - Custom MMC

Utilize Windows XP Basics

Group Policy in Windows XP

Before you start

Local Group Policy Console

Image 138.1 - Run Group Policy

Utilize Windows XP Basics

Image 138.2 - Group Policy

Utilize Windows XP Basics

Image 138.3 - Password Policy

Image 138.4 - Security Options

Utilize Windows XP Basics

Utilize Windows XP Basics

Regional and Language Options in XP

Before you start

Image 190.1 - Regional Options

Utilize Windows XP Basics

Image 190.2 - Language Options

Utilize Windows XP Users and Groups

Users and Groups Manage Users in XP

Before you start

User Accounts Applet

Image 167.1 - User Account Applet

Creating New Account

Utilize Windows XP Users and Groups

Image 167.2 - Account Name

Image 167.3 - Account Type

Image 167.4 - Anders Parker Account

Utilize Windows XP Users and Groups

Image 167.5 - Kim Verson Account

Image 167.6 - Password Options

Utilize Windows XP Users and Groups