Documente Academic
Documente Profesional
Documente Cultură
Collecting information
o o o o o o o o o o o
Insert Windows XP CD and reboot the PC Setup program starts when you boot from the CD. Press F6 for third party disk driver, F2 for automatic recovery A welcome dialog box appears, press enter to install XP, R for repair of XP installation, F3 to quit Licensing agreement, F8 to accept, ESC to refuse Partitions screen appears Copying of setup files Remove CD and reboot PC
Installing Windows Regional settings, choose locale (numbers, currencies, dates and times view options) and keyboard layouts User name and organization screen Product key screen, 25 character key Computer name
o o o o o o
up to 15 bytes for NetBIOS compatibility 1 byte is 1 character in most languages (2 in say Chinese) FQDN has a limit of 155 bytes for DC in Windows 2000/2003 (255 bytes in NT 4.0) Computer name has a limit of 63 bytes Computer name has to be unique on the network
Administrative password If you have a plug and play modem, you set it up now Date and time Network settings Work group name or domain affiliation Automated finishing tasks
o o o
%systemdir%\setupact.log - installation actions log %systemdir%\setuperr.log - errors that occurred during installation %systemdir%\netsetup.log - network related log (like domain joining)
o o o o o o o o
Mass storage devices Plug and Play devices HALs Set passwords Configure language, regional, and time zone settings Display settings Converting to NTFS Installing applications can choose from the following options
Use cmdlines.txt to add applications during GUI portion of the setup Within answer file configure [GuiRunOnce] section to install an application the first time a user logs on Create a batch file Use the Windows installer Use sysdiff tool to install applications that don't have automated install procedures
CD based image
Contains only Windows XP OS Copies all files to the target PC before commencing installation of the Windows XP OS Created automatically during installation of RIS Can contain both Windows XP OS and applications This images is based on pre-configured computer Copies only files needed for installation on given PC, thus faster than CD based image which copies everything
Can be deployed to the clients that have the same HAL and HD controller Must be created manually, not automatic like CD based image
For RIS you need DHCP, DNS and AD configured on your network RIS server uses Boot information negotiation layer (BINL) for initial contact, then TFTP is used to transfer bootstrap image RIS and DHCP server need to be authorized in AD, RIS server is authorized through DHCP manager The following services are run as part of RIS: BINL, SIS, SIS Groveler, TFTP To configure RIS server use risetup.exe NTFS is required to store image files with at least 2Gb free space on separate from OS partition RIS template files are used to specify installation parameters, default file is ristndrd.sif You need following user rights to install images using RIS
o o
Create Computer accounts Logon as batch job (Administrator doesn't have this right by default)
For non-PXE network cards use rbfg.exe utility to create RIS boot disk (this utility doesn't support all network cards)
o o o
Both computers must have the same HD controller Both computers must have the same HAL Plug and Play devices may not be the same as long as there are drivers for all of them
You will need to extract sysprep utility from the deploy.cab Sysprep strips user personal data from the installation image After you copy the installation image to the destination PC a mini wizard runs (unless you have an answer file) Sysprep modes:
Audit: allows for the verification of hardware and software installation by a system builder while running in factory floor mode. Audit boots allow a system builder to reboot after factory floor mode has completed its automated pre-install customization, in order to complete hardware and software installation and verification, if necessary. Factory: allows for the automated customization of a pre-install on the factory floor by using a Bill of Materials file to automate software installations, software, and driver updates, updates to the file system, the registry, and INI files such as Sysprep.inf. This mode is invoked via the "sysprep -factory" command. Reseal: is run after an original equipment manufacturer (OEM) has run Sysprep in factory mode and is ready to prepare the computer for delivery to a customer. This mode is invoked via the "sysprep -reseal" command. Clean: Sysprep will clean the critical device database. The critical device database is a registry listing of devices and services that have to start in order for Windows XP to boot successfully. Upon setup completion, the devices not physically present in the system are cleaned out of the database, and the critical devices present are left in tact. This mode is invoked via the "sysprep -clean" command.
o o
o o o o o
Fully automated installation GUI attended installation Read only installation Hide pages installation Provide defaults installation
o o
Published applications - not advertised, can be installed through Add/Remove programs. They can also be installed through opening of a document that uses uninstalled published application. Assigned applications - advertised through programs menu, installed next time user starts the PC, before log on prompt appears
Please note that Windows Installer packages cannot be published to computers in Windows XP, all other options are OK, i.e. you can assign applications to computers and assign/publish applications to users
You can create your own MSI files using VERITAS Software Console or WinINSTALL LE Discover You create GPO for MSI package which is to be published or assigned. If it is for a user, User Configuration\Software Settings\Software , if it is a computer Computer Configuration\Software Settings\Software Using AD you can uninstall old application, upgrade on top of old application. Computers can accept only mandatory upgrades, users support both optional and mandatory upgrades. If you have multiple versions of the same software, you will need to configure install order and/or whatever it is a mandatory install You need AD to deploy packages which are found on a share on a file server Msiexec.exe - provides the means to install, modify, and perform operations on Windows Installer from the command line. For example you can force end user to enter CD key for the software that is being installed
o o o o
Files and Settings Transfer Wizard (F.A.S.T.) It is one of the least known new features in Windows XP. Supports all Windows versions from Windows 95 (with IE4) through Windows XP (XP as destination only) Can be used as poor man's backup utility, creates a backup files that can be stored to HD or CDRW Can move user accounts one at a time, good for single users
o o o
Devices connected through standard COM port or infrared connection are not supported by WIA
The MMC is an utility used to create, save, and open collections of administrative tools that are called consoles Access control options for MMC
o o o o
Author mode - full customization of the MMC console User mode-full access - as author mode, except that users cannot add or remove snap-ins, change console options, create Favorites, or create taskpads User mode-limited access, multiple windows - access only to those parts of the console tree that were visible when the console file was saved. Users can create new windows but cannot close any existing windows. User mode-limited access, single window - as 'user mode limited access, multiple windows' but users cannot create new windows
o o o o o o o o
Harmful driver install prevention HCL - Hardware compatibility list, replaced by Windows catalog Run d:\i386\winnt32 /checkupgradeonly from Windows XP CD to check hardware compatibility Command line sigverif.exe is used to check drivers from command line By default system is set to warn user if he or she is installing unsigned driver (other options are: ignore and block) Driver signing can also be controlled from GP using object settings for local computer (or computer configuration for domain) choices are: Silently succeed, Warn but allow installation and Do not allow installation. Unsigned driver means that the driver was not tested by Microsoft and is not supported by Microsoft. For most part these drivers are still OK When driver is signed by Microsoft it and the hardware are tested by Microsoft
Some older devices (like CD-ROM etc.) plug into LPT port on the PC. You will need to set LPT port to "Legacy plug and play support" on port settings tab for older devices to work. The easiest way to solve embedded device conflict with an add on device is to disable the on board device. For example, to use add on music card, you will need to disable on board music card Many problems are caused by incorrect drivers, for example graphic card that displays only 800x600 resolution. Update driver to solve these problems. Driver.cab on Windows XP CD contains all original Windows XP drivers
o o o
Level one turns off the monitor and hard drives Level two turns off the CPU and cache as well Level three turns off everything but the RAM
Fully active PC You configure standby through the Power options in Control panel, Level 2 and 3 of standby are only available if universal power supply (UPS) has been configured Through power options you can also configure alerts when system is running on battery power and behaviour of power button
Through Keyboard properties you can configure typing delay and cursor behaviour as well as keyboard key layout You need a keyboard in order to install Windows XP Through Mouse properties you can configure mouse properties such as: speed, buttons, wheel and pointers USB 2.0 supports up to 127 devices per root hub, up to 5 deep nested external hubs, transfer speeds up to 12Mbps. You can see power & bandwith usage by checking out root properties. USB supports two speeds, low and high, which use different cables USB controllers require that an IRQ be assigned in the computer BIOS. Make sure you have newest BIOS and/or firmware. Wireless devices, RF - Radio Frequency and IrDA - Infrared Data Association
o o o o o
HKEY_CURRENT_USER - for user who is currently logged on the computer HKEY_USERS - configuration data for all users of the PC HKEY_LOCAL_MACHINE - computer hardware and software configuration, devices drivers and startup options HKEY_CLASSES_ROOT - used by Windows explorer for file type to application association, software configuration data and OLE (object linking and embedding) data HKEY_CURRENT_CONFIG - hardware profile that is used during system startup
[4.13] Services
A service is a program, routine or a process that performs a specific function Service startup types: automatic, manual and disabled You can choose the account service uses to log on When service fails you can choose the OS to do one of the following options SC.exe used for communication with service control manager
o o o o
Take no action Restart the service Run a file Reboot the computer
Windows will ask you which profile to use every time you start your computer if you have more then one profile and you don't specify default profile with 0 wait time You can also use hardware profiles as a debuging tool. For example, you can set up profiles that omit the hardware devices you suspect of being defective.
o o o o o
You can select a different theme You can display web page on your desktop or just a picture(s) You can set up a screen saver In appearance you can change many aspect of the choosen theme In settings you can change aspects of video display adapter
Default Windows XP theme is also known as 'Luna' Local profile is created when user logs on for the 1st time, consists of following folders: Desktop, NetHood, PrintHood, SendTo, Start Menu, Cookies, Favorites, Application Data Notification area was previously named system trey
o o
Multilangual editing and viewing which supports multiple languages while user is viewing, editing and printing documents Multilanguage user interface
Localized Windows XP - include fully localized user interface for the language that was selected. This version allows user to view, edit and print documents in more than 60 languages. There is no support for multilangual user interface. Multilanguage Windows XP - provides user interfaces in several different languages. You will need to install the following files
o o
Language groups - contain fonts and files needed to process specific language Windows XP multilanguage version files - contain language content required by user interface and help files, can be up to 45Mb in size
Use muiseteup.exe to setup default user interface Multilanguage version of Windows XP is not available in retail, need Windows volume licensing On localized version of Windows XP you configure multiple languages through 'Regional and language options'
o o o o
StickyKeys - allows user to enter key combinations one key at a time FilterKeys - ignores brief repeated keystrokes ToggleKeys - user hears tones when togling CAPS LOCK/NUM LOCK/SCROLL LOCK MouseKeys - allows you to use the numeric keypad to control the mouse pointer
ShowSounds - instructs programs that convey information by sound to also provide information visually SoundSentry - allows you to change settings to generate visual warnings You can also set the time after which options are turned off and when they are turned on (like on user log on)
o o o
Clicking mode - user clicks the on-screen keys to type text Scanning mode - on-Screen keyboard highlights areas where you can type characters Hovering mode - use a mouse or joystick to point to a key for period of time to type character
Utility manager - start and stop accessability utilities, can start/stop utilities on user log on or when PC is locked
[6.2] Logging on
There are two type of users, local and domain Local user credential are compared to local security database, domain user credentials are checked agains active directory stored on domain controller When user logs onto the system an access token is created Local user credentials cannot be used to access network resources
o o o o o
User account consist of: Name and password SID (security identifier) - consists of a domain SID, which is the same for all SIDs created in the domain, and a RID, which is unique for each SID created in the domain. SIDs are unique in the network. Can have other attributes, like group membership
User names can be up to 256 bytes (characters) long and must be unique (different than other user names and group names) User names cannot contain *{}\/:;,=|+?"<> and cannot be made of spaces and periods alone User names are not case sensitive but passwords are You can create users using net user You have following user options:
o o o o o o o o o o o o
User name (required field) Full name (by default same as user name) Description Password textbox (up to 127 bytes (characters), 15 for NTLM) Confirm password textbox User must change password at next logon checkbox User cannot change password checkbox Password never expires checkbox Account is disabled checkbox
You can set the following user properties User profile path - stored in 'Documents and settings\%username%' folder, contains user preferences, and file ntuser.dat. In Windows NT 4.0 the path was \%systemdir%\profiles\ %username% Logon script - files that are run every time user logs into the PC Home folder - is where users commonly store their personal files and documents
Password reset disk - use when user forgot their password. If you just reset the user password access to encrypted data will be lost. Mandatory profiles can only be used with roaming profiles, they don't work with local profiles. Mandatory profiles can only be set up by an administrator You can copy profiles using 'User profiles' tab of 'System properties' UNC path - is in the format //computer_name/share_name Renaming an account maintains all group membership, permissions, and privileges of the account. Copying a user account maintains group membership, permissions, an privileges assigned to its groups, but doing so does not retain permissions associated with the original user account. Deleting and recreating an account with the same name loses all group membership and permissions.
Backup operators - can only access file system through backup utility Network configuration operators (new) - network settings Guests - limited privileges Power users - can add/remove users, create non-administrative shares, manage printers, start and stop services that are not started automatically Remote desktop users (new) - members can logon remotely Replicator - for directory replication used by domain servers Users - run programs, print stuff, nothing special HelpServices (new) - support through Microsoft Help services
o o o
Audit policy - disabled by default User rights assignment - too many to list here, see explanation underneath Security options - also too many to list
Local policies are set for all users of the computer, you cannot single users out (you need AD for that)
[7.5] Auditing
Account logon events - success or failure of domain logon Account management - events such as resetting passwords and modifying user properties Directory services - any time user access AD an event is generated
Logon events - success or failure of local logon or logon to a share Object access - file, folder or printer access Policy change - success or failure of change of security options, user rights, account policies and audit policies. Both domain and local PC changes are tracked. Process tracking - useful for applications System events - system events such as shutting down PC or clearing the logs
o o
Privileges, such as the right to back up files and directories Logon rights, such as the right to logon to a system locally
o o o o o
The following options are available for overriding the default policy application No override - enforce policy inheritance, you force all child policy containers to inherit the parent's policy, even if that policy conflicts with the child's policy and even if Block Inheritance has been set for the child. This option is used by corporations that want to have corporate level security and don't want low level administrators to be able to override it. To set no override option open properties screen of domain or OU in the GPO Links list, r-click the GPO link that you want to enforce, click No Override. Block inheritance - used if you don't want to inherit GP settings from parent containers. You can block policy inheritance at the domain or OU level by opening the properties dialog box for the domain or OU and selecting the 'Block Policy inheritance' check box
Group Policy is not inherited from parent to child domains, i.e. blah.boom.com does not inherit from boom.com The smallest unit you can apply GP to is an organizational unit (OU)
In XP Home Edition all user accounts have administrative privileges and no password by default Windows XP Home Edition will not allow you to disable the Guest account. When you disable the Guest account via the Control Panel, it only removes the listing of the Guest account from the Fast User Switching Welcome screen, and the Log on Local right. The network credentials will remain intact and guest users will still be able to connect to shared resources. The "Everyone" group has access to Printers assigned by default Remote desktop is not enabled by default on Windows XP Pro
o o o o o o o o
SCSI
Identifies the controller physical disk is on Multi(x) syntax of the ARC path is only used on x86-based computers For IDE or pure SCSI disks when OS is on the 1st or 2nd SCSI drive The Multi(x) syntax indicates to Windows NT that it should rely on the computers BIOS to load system files. This means that the operating system will be using interrupt (INT) 13 BIOS calls to find and load NTOSKRNL.EXE and any other files needed to boot Windows NT. Numbering starts at 0, for example Multi(0), due to technical reasons it should always be 0 In a pure IDE system, the Multi(x) syntax will work for up to the 4 drives on the primary and secondary channels of a dual-channel controller In a pure SCSI system, the Multi(x) syntax will work for the first 2 drives on the first SCSI controller (that is, the controller whose BIOS loads first) In a mixed SCSI and IDE system, the Multi(x) syntax will work only for the IDE drives on the first controller Identifies the controller physical disk is on The SCSI(x) syntax is used on both RISC and x86-based computers Using SCSI() notation indicates that Windows NT will load a boot device driver and use that driver to access the boot partition On an x86-based computer, the device driver used is NTBOOTDD.SYS, on a RISC computer, the driver is built into the firmware Numbering starts at 0, for example SCSI(0) Windows NT Setup always uses Multi(x) syntax for the first two drives
o o o o o o
Disk
o o o o
Rdisk
Identifies the physical disk attached to controller 0 if Multi(x) present, Disk is only for SCSI For SCSI value of Disk(x) is the SCSI ID and can be 0-15 Note: one channel is always reserved for the controller itself Numbering starts at 0, for example Disk(0)
o o o o
Identifies the physical disk attached to controller Almost always 0 if SCSI(x) is present, Rdisk is for Multi(x), ordinal for the disk, usually number 0-3 Numbering starts at 0, for example Rdisk(0)
Partition Refers to the partition on the hard disk where Windows system folder is located on
o o o o o o o
All partitions receive a number except for type 5 (MS-DOS Extended) and type 0 (unused) partitions, with primary partitions being numbered first and then logical drives A partition is a logical definition of hard drive space Numbering starts at 1, for example Partition(1)
Signature Used when system BIOS or controller hosting the boot partition cannot use INT-13 Extensions The signature() syntax is equivalent to the scsi() syntax Using the signature() syntax instructs Ntldr to locate the drive whose disk signature matches the value in the parentheses, no matter which SCSI controller number the drive is connected to The signature() value is extracted from the physical disk's Master Boot Record (MBR)
o o
If you r-click and select properties -> general tab you can see location heading with a number. That number is the ARC number of the HD. If you need a disk formatted in FAT or FAT32 you cannot do it from disk manager, you need to use: format x: /fs:FAT32 Note Windows can format FAT 32 disks up to maximum of 32Gb but can read higher capacity drives DiskPart.exe - you can create scripts to automate tasks, such as creating volumes or converting disks to dynamic. Fsutil.exe - perform many NTFS file system related tasks, such as managing disk quotas, dismounting a volume, or querying volume information. Mountvol.exe to mount a volume at an NTFS folder or unmount the volume from the NTFS folder.
Simple volume:
o o
Single disk No fault tolerance Can be NTFS or FAT maximum of 32 disks Cannot extend spanned volumes, need to delete and recreate No fault tolerance Also known as RAID 1 Windows XP Pro does not support mirror volumes
Spanned volume:
Mirror volume:
Can be NTFS or FAT Fault tolerance, data is the same on both disks To replace the failed mirror in a mirrored volume, right-click the failed mirror and then click Remove Mirror, and then right-click the other volume and click Add Mirror to create a new mirror on another disk Variation of mirroring called duplexing uses HD connected to different controllers for even more fault tolerance Also known as RAID 0 Maximum of 32 disks Breaks data into 64Kb chunks for writing to different disks that make up the stripe It is recommended to use same type of hard drives for member drive Windows XP cannot be installed on software RAID 0 You cannot extend striped volume, need to recreate it No fault tolerance Made up of three disks with each storing parity information Fault tolerance when one disk fails Maximum of 32 disks, minimum of 3 Not available in Windows XP professional To replace the failed disk region in a RAID-5 volume, right-click the RAID-5 volume and then click Repair Volume
Striped volume:
o
RAID 5:
Only in Windows XP Professional, Windows 2000 Professional and Windows 2003 server (all editions) you can use dynamic disks Note: if disk fails for which ARC path is in boot.ini system will not boot. You should have a disk with modified boot.ini Mounted volumes - can mount HD as a NTFS folder Uninstall disks prior to moving them, Re-scan disk when you attach it Dynamic disks can be re-configured without re-boot When your boot disk is also a dynamic disk, then you will not be able to dual boot into OS that is not dynamic disk capable Dynamic disks are not supported on laptops due to luck of advantage over basic disks in this scenario Dynamic disk partition table types:
o o
dynamic GUID partition table (GPT) disks, for 64bit editions of Windows dynamic MBR disks, for 32 and 64bit editions of Windows
The Foreign status occurs when you move a dynamic disk to the local computer from another computer You can have a maximum of 2000 volumes on a dynamic disk, recommended maximum is 32 Volumes created after the 26th drive letter has been used must be accessed using volume mount points Hard drives that are connected to the Pc using USB or IEEE 1394 can not be converted to dynamic volumes Extending simple volume:
o o o o
Similar to spanned volume but uses the same physical HD with simple volume You can extend a simple volume only if it does not have a file system or if it is formatted using the NTFS file system. You also need free space on HD and the volume could not have been originally a basic disk partition. You cannot extend volumes formatted using FAT or FAT32 You cannot extend a system volume, boot volume, striped volume, mirrored volume, or RAID-5 volume
If you convert a boot disk, or if a volume or partition is in use on the disk you attempt to convert, you must restart the computer for the conversion to succeed. The conversion may fail if you change the disk layout of a disk to be converted or if the disk has I/O errors during the conversion. After you convert a basic disk into a dynamic disk, any existing partitions on the basic disk become (dynamic) simple volumes. If you are using shadow copies and they are stored on a different disk then original you must first dismount and take offline the volume containing the original files before you convert the disk containing shadow copies to a dynamic disk. If you are converting disks form dynamic to basic the disk being converted must not have any volumes on it nor contain any data before you can change it back to a basic disk. If you want to keep your data, back it up before you convert the disk to a basic disk.
[8.12] Defragmenting
You will need at least 15% of free HD space in order to defragment You may need to repeat the process several times in order to achieve planned results Defragmenting should be done on every volume every 1 to 2 months You cannot schedule defragmenting task (unless you use custom scripts) Windows defragmenter works with FAT16, FAT32 and NTFS On modern computer systems that use NTFS and don't use the file system extensively (desktops) the benefits of defragmenting a hard drive are measurable but not noticeable for the end user. Thus defragmenting is only significant performance tool for file servers.
[8.13] Encryption:
Only users who created the files, users whom owner gave access to view the file (new in Windows XP, additional users need to already be issued certificates) and recovery agents can decrypt the file When moving encrypted file from one volume to another volume, it stays encrypted. When copying file it also stays encrypted. This behaviour is unique for encryption! Note that user which has NTFS permissions to an encrypted file can delete that file, even if he/she cannot view that file. They can also move the file around on the same NTFS volume (different volume would mean a copy operation and possible decryption). Cannot encrypt and compress at the same time (due to encryption process using pseudo random salt which cannot be further compressed due to its nature) You can zip 1st using winzip or other 3rd party compression tool, then encrypt to get encrypted and compressed file Executable file cipher.exe is a command line encryption utility By default, the recovery agent is the Administrator account on the 1st DC, there is no default for stand alone server/workstation For encryption property, moving/copying a file to a FAT system decrypts file without warning It is recommended to store recovery agent certificate on a floppy disk in secured location. It is also recommended to copy their file to be recovered to the recovery agent PC where it will be recovered. User needs correct certificate to perform action on a file that would result in that file being decrypted
For domain user certificate is issued by the certification authority - user needs permission to get a certificate Files marked with the System attribute cannot be encrypted, nor can files in the systemroot directory structure. Before users can encrypt or decrypt files and folders that reside on a remote server, an administrator must designate the remote server as trusted for delegation. If you open the encrypted file over the network, the data that is transmitted over the network by this process is not encrypted. Users can use EFS remotely only when both computers are members of the same Windows Server 2003 family forest Encrypted files are not accessible from Macintosh clients Encrypting File System (EFS) no longer requires a recovery agent
o o o
All files are compressed automatically when added but not current folder occupants OR Compression can also be applied to current files and subfolders
Decompression is a reverse process of compression Moving a file on the same volume means that the file location is moved in MFT only, not the physical file itself. When you copy a file, no matter whatever on the same volume or not, the destination file will inherit the destination folder's permissions When you move a file on the same volume, it keeps its original permissions. When you move a file to another volume, the move is treated as a copy operation and the file permissions are inherited from the destination folder. All file attributes behave in the same way with the exception of encryption File compression is supported only on NTFS volumes with cluster sizes 4 KB and smaller For command line use compact.exe, it can display and modify compression attributes but it works only on NTFS
o o o o o
Windows classic or web content in the folders Whatever folders are opened all in the same window or separate windows Opening with single or double mouse click
Folder view options: Configure things that you see once you open files and folders There are too many options to list
File type options are used to associate file extensions with application file types
o o
The first step is to enable (enabled by default) offline file support on the client under Folder options -> Offline files and is available only on Windows XP and above In the folder options for offline files you can set:
o o o
You can set synchronization options: manually synchronize, automatic synchronization (log on or log off) and reminder at certain time intervals You can also set up an option for how much disk space will be used for temporary network files and whatever these will be encrypted
When offline files are enabled connect to a shared folder, right click it and select 'Make available offline' this will bring settings dialog box and start synchronization When the folder is set up as available offline when you right click on it you will have an option to synchronize Folders that are synchronized appear with a small blue arrow pointing down in the lower left corner of the folder icon SMB are used for communication between networked computers, for offline file sharing any SMB PC will do as a server You can disable and enable (default) client's ability to use offline content by changing the options in Share properties -> Caching on the server computer
o o
o o o o o o
User SID is checked against ACE on ACL list of the resource user wants to access Also groups that the user belongs to (group SID) is checked against ACE in ACL If there is no entry, then access is denied Accept if ACE = SIDs in ACL and associated ACE action is accept Windows resolves SID and presents name as ACE Deny right takes precedence over allow right in group and user security context. This is true even for Administrator and object owner.
Read
o o o
Write
o o o
Change file attributes Create new files and write data to files Append data to files
Read and execute = 'Read' + execute file permission Modify = 'Read and Execute' + 'Write' + delete permission Full control = all of above permissions + 'Change Permissions' permission + 'Take Ownership' permission
o o o
Write
o o
Read and execute Modify = 'Read and Execute' + 'Write' + delete permission List folder contents (only permission for a folder)
o o o
Traverse folders List the contents of a folder See folder's or file attribute
Full control = all of above permissions + 'Change Permissions' permission + 'Take Ownership' permission
[9.7] Explicit permissions and inherited permissions for files and folders
There are two types of permissions: explicit permissions and inherited permissions. Explicit permissions are those that are set by default when the object is created, by user action. Inherited permissions are those that are propagated to an object from a parent object. Inherited permissions ease the task of managing permissions and ensure consistency of permissions among all objects within a given container.
Explicit permissions take precedence over inherited permissions, even inherited Deny permissions. This has nothing to do with user and group security context.
o o o
Make the changes to the parent folder, and then the file or folder will inherit these permissions. Remember this is not related to user and group security! Select the opposite permission (Allow or Deny) to override the inherited permission. Clear the 'Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here' check box. You can then make changes to the permissions or remove the user or group from the permissions list. However, the file or folder will no longer inherit permissions from the parent folder. You be presented with a confirmation dialog that has these options
You can 'copy' permission entries making all entries explicit (convert inherited entries into explicit) Or you can remove all inherited permissions and keep only the current explicit permissions
You cannot change parent permissions inside a child object - they show as grayed out if inheritance is on. If the object is inheriting conflicting settings from different parents then the setting inherited from the parent closest to the object in the subtree will have precedence. Only inheritable permissions are inherited by child objects. When setting permissions on the parent object, you can decide whether folders or subfolders can inherit them with Apply onto.
o o o o o
Installed by default on Windows XP, most common protocol supported by almost all OSs TCP/IP is scalable, it is a routed protocol TCP/IP is a fault tolerant protocol that will dynamically reroute pockets if network is down and alternate links exist Companion services such as DNS and DHCP exist This is the most popular protocol and is the basis of the internet
IP address uniquely identifies computers on the network, it has 32 bits in it The loopback IP address is 127.0.0.1, this is your localhost address. The first address in your network is for the network itself, the last address is for the network broadcast. IP class assignments
o o o
Class A 1-126.x.x.x, hosts supported 16777214, with mask 255.0.0.0 Class B 128-191.x.x.x, hosts supported 65534, with mask 255.255.0.0 Class C 192-223.x.x.x, hosts supported 254, with mask 255.255.255.0
Subnet mask is used to specify which part of the IP address is the network address and which part of the address is the host part Default gateway is the location where pockets are sent which are not destined for your network (you need routers). Metrics are used to calculate optimal paths to gateways. Router is a device that connects two or more network segments together Ipconfig is used to show PCs IP configuration Ping is used to send ICMP echo request packets Nbtstat is used to display NetBIOS over TCP/IP connection statistics, also known as NBT Alternate configuration you can specify what happens when there is no DHCP server on the network
o o
Automatic Private IP Addressing (APIPA) - assigns PC address from the range 169.254.0.1 to 169.254.255.254, in use since Windows 98 Manual configuration of alternative settings
[10.3] DHCP
DHCP server is used for automatic IP assignment to hosts, here is the whole process:
o o o o
Client seeking IP address brodcasts on the network DHCPDISCOVER message Any DHCP server that receives the message and has available IP addresses sends a DHCPOFFER for a period of time called lease Client selects one of the offers and brodcasts DHCPREQUEST indicating its selection DHCP server sends DHCPACK message to the client with possible configuration information like DNS server IPs
DHCP server must be authorized in AD if part of a domain If there is no DHCP server on your network segment you can use DHCP server on another network segment, provided that the other DHCP server is configured to give out addresses to PC on other segments and the router that joins segments acts as a DHCP relay agent
[10.4] DNS
DNS servers are used for name to IP and IP to name (reverse DNS) address resolution HOSTS file is used to resolve nicknames or domain names entries, located in systemroot\System32\Drivers\Etc DNS settings:
o o o
DNS server addresses, in order of use - which DNS server will be used first to resolve a query Append primary and connection-specific DNS suffixes - specifies how unqualified domain names are resolved by DNS, for example if primary suffix is microsoft.com and you enter blah, DNS will try blah.microsoft.com Append parent suffixes of the primary DNS suffix - whatever name resolution includes the parent suffix for the primary DNS suffix, up to second level of the domain name, for example given primary suffix win.ms.com and you enter blah, DNS will 1st try blah.win.ms.com then blah.ms.com Append these DNS suffixes - additional suffixes that will be used to resolve unqualified name DNS suffix for this connection - DNS suffix for the PC, can override data supplied by DNS server Register this connection's address in DNS - dynamic registration using PC name Use this connection's DNS suffix in DNS registration
o o o o
[10.5] WINS
o o o
WINS servers are used for NetBIOS name to IP address resolution, this server is for backward compatibility with NT4 Through broadcast (same network segment) LMHOSTS file is a static mapping if IP addresses to NetBIOS computer names, it is located in %systemroot%\System32\Drivers\Etc folder WINS addresses, in order of use Enable LMHOSTS lookup Enable/Disable NetBIOS over TCP/IP Use NetBIOS settings from the DHCP server
WINS settings:
o o o o
NetBEUI - NetBIOS Enhanced User Interface AppleTalk - is not supported by Windows XP (was supported before)
o o o
Which TCP ports are permitted Which UDP ports are permitted Which protocols are permitted
This is set for all adapters at once and is separate from firewall It is set up from Network connections -> connection -> TCP/IP properties -> advanced button -> options tab
You can set printer priority (1-99) as well as printer availability (which means when the printer will be available timewise) to different user groups as well as access to the print device itself to different user groups and individual users. For example to use different print priority for two groups you need to setup two print devices, restrict their use and set priority on them If you want to know printer utilization track print queue object in system monitor %systemdir%\system32\spool\printers\ is the default location of the spool folder. You should change it if your server serves many printers. A port is defined as the interface that allows the PC to communicate with the print device Print.exe - sends a text file to a printer Net Print - displays information about a specified printer queue, displays information about a specified print job, or controls a specified print job Bidirectional support - option on ports tab that allows printer to communicate with the computer, for example print errors
[11.5] Spooling
Spooling is the process of saving the jobs to disk in a queue before they are sent to the print device You have the option of:
o o o
Start printing after the last page is spooled - small jobs that enter the queue after large jobs may print before large jobs finish spooling Start printing immediately - strict order of entry into the queue determines who gets printed 1st Print directly to the printer - good for troubleshooting the print device
o o o o o
RAW - makes no change to the job RAW (FF appended) - always adds form feed character RAW (FF auto) - tries to determine whatever form feed character needs to be added NT EMF - for use with other Windows XP clients, multiple versions TEXT - interprets all data as plain text
o o o o o
Set as Default Printer - jobs will by default be sent to this printer Printing preferences - settings like page layout Pause printer - jobs can still be submitted, but will not print Use printer offline - pauses the printer and saves the print queue so documents in it are available even after PC reboot Other options: Rename, Sharing, Delete
[11.11] Sharing
When you share a printer it becomes a Network printer If you don't share your printer it is a Local printer You cannot share a Fax printer You can specify print drivers for following systems:
o o o
[11.12] Security
There are three print related permissions:
o o o o
Print - users can send print jobs to a printer Manage Printers - administration of printer consisting of: can pause,restart printer, change spool settings, share/unshare printer, change print permissions Manage documents - pause/restart/resume and delete queued documents, no control over the printer itself Special permissions - used to customize the print options with allow or deny access with: Print, Manage Printers, Manage Documents, Read Permissions, Change Permissions and Take Ownership
Administrators and Power users can do all tasks Creator Owner group can Manage Documents only Everyone group can Print only Advanced security settings:
o o o o
Permissions - list all users, computers and groups that have been given permissions to the printer Auditing - tracks who is using the printer and what type of access is being used Owner - owner of the printer Effective permissions
o o o o o o o o o o o
Allow unsecured passwords Require secured password Use smart card (you will need EAP)
Logon security protocols MS-chap (Microsoft Challenge Handshake Authentication Protocol) still supports NTLM (but not by default) Same encryption key is used for all connections, both authentication and connection data are encrypted MS-chap v2 no NTLM and stronger encryption (like salting passed encrypted password strings) both MS-chap protocols are the only ones that can change passwords during the authentication process. New key is used for each connection and direction. Chap - need to enable storage of a reversibly encrypted user passwords, encryption of authentication data through MD5 hashing. No encryption of connection data. PAP (Password Authentication Protocol) passwords are unencrypted as well as connection data SPAP (Shiva Password Authentication Protocol) - less secure than CHAP or MS-CHAP, no encryption of connection data EAP-TLS (Extensible Authentication Protocol - transport level security) - certification based authentication (EAP) used with smart cards, both authentication and connection data are encrypted, not supported on stand alone servers - only for domains. EAP-MD5 CHAP (Extensible Authentication Protocol - Message Digest 5 Challenge Handshake Authentication protocol) - this is a version of Chap that was ported to EAP framework. Encrypts only authentication data, not connection data, same like Chap. Unauthenticated access - connections without credentials, good for testing
VPN supports
o o o o
Single inbound connections Tunneling protocols Callback security Multilink support (chaining of multiple modems)
PPTP (Point-to-Point Tunneling Protocol) - build in encryption for IP or IPX protocols inside of PPP datagrams, require IP connectivity between your computer and the server L2TP (Layer Two Tunneling Protocol) - Windows XP implementation of L2TP is designed to run natively over IP networks only, does not support native tunneling over X.25, Frame Relay, or ATM networks. Uses IPsec and certificates for security.
Security zones
o o o o
Content
o o o
Content advisor - you can limit what is accessed based on language, nudity, sex and violence Certificates Personal information - you can configure Auto complete and Microsoft profile assistant
Connections - how you connect to the internet, any connection Programs associated with different internet services, HTML editor, E-mail, News groups, Internet call, calendar and contact list Advanced tab has too many options to list You can print to an internet printer if the print server has IIS and supports internet printing Internet printing uses Internet print protocol (IPP) To install internet printer, start the 'Add printer wizard', choose network printer and type as address http://computername/printers/share_name/.printer You can connect through a web browser to print server by surfing to http://print_server/printers if it is allowed and print server has IIS installed To connect using IE to an ftp server that uses password and user name, use: ftp://user_name:password@ftp.company.com; Otherwise IE will ask you to enter your credentials.
[13.2] Performance
To set process priority at run time, go use start "process name" /"priority value" Another way is to: cmd /c start /"priority setting""application name" -- you cannot use this from the run menu Priority types:
Real time (you will need Administrator access to set this priority level)
o o o o o
Processor affinity is the process of assigning specific processors to specific tasks in multiprocessor system, this is done through task manager Relog - extracts performance counters from performance counter logs into other formats, such as textTSV, text-CSV, binary-BIN, or SQL Logman - manages and schedules performance counter and event trace log collections on local and remote systems
Using the default Windows XP Pro data provider or another application provider, trace logs record detailed system application events when certain activities, such as a disk I/O operation occurs. When the event occurs, your OS logs the system data to a file. A parsing tool is required to interpret the trace log output, like Tracerpt When counter logs are in use, the service obtains data from the system when the update interval has elapsed, rather than waiting for a specific event. Remember that trace logs are event driven and Counter logs are update interval driven
o o o
o o o o
You can log alerts in application log Can send a network message Start performance data log Run a program
o o o
Application - tracks events related to applications that are running on your PC Security - tracks events related to Windows XP auditing System - tracks events related to the Windows XP OS
Log file extension is .evt (files with this extension can be viewed by event viewer) Tracerpt - processes event trace logs or real-time data from instrumented event trace providers
Information - logged for informative purposes Warning - non critical events that might indicate a problem Error - indicates a problem Success Audit - indicates occurrence of an even audited for success Failure Audit - indicates occurrence of an even audited for failure
o o o o o o
Command line execution for the program that is running the task The folders containing needed for execution files Comments The user name and password of the user the task is to be run as Whatever the task is enabled or not Many other advanced options, like running task when CPU is idle
Scheduler service must be running for scheduled task execution to occur Scheduler tasks needs appropriate permissions to run the scheduled task Security can be set by group or user
o o o
Recovery point - how much data can we loose? Most medium size companies are OK with loosing up to 24h - thus daily backup is OK. Time frame for recovery - how long does it take to recover affected systems Hot sites are ultimate backup solution for server farms (a hot site can take on all functions of the current site, is kept synchronized and is in a different physical location) Backup files have .bkf extension When files are backed up they retain all of their original attributes including encryption File attributes are lost when you restore backup to a FAT volume
o o o o o o o o o o o o o o o o
Power on self test (POST) is run when PC is turned on, system configures hardware The Master Boot Record (MBR) is loaded to which BIOS points MBR points to the active partition which in turn is used to specify which partition should be used to boot the OS NTLDR is used to start Windows XP boot process
Boot sequence NTLDR switches the processor from real mode to 32-bit flat memory mode and starts mini file system drivers which support PC file systems Operating system selection with BOOT.INI occurs, for OS other than Windows XP file BOOTSECT.DOS is used NTDETECT.COM detects hardware which is stored in registry Control is passed to NTOSKRNL.exe
Kernel load sequence HAL (hardware abstraction layer) driver is loaded (hal.dll) Control set that the OS will use is loaded Low level drivers such as disk are loaded
Kernel initialization sequence The registry key HKEY_LOCAL_MACHINE\HARDWARE is created with current PC hardware The Clone Control set is created, it is the exact data used to configure the PC without changes made by setup Low level drivers are initialized and higher level subsystems are being loaded
Logon sequence Log on dialog box appears, user enters valid credentials Service controller performs scan of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services to see whatever there are any services that still needs to be loaded
o o o
o o o
Recovery console is good for missing boot files Can run recovery console from Windows XP CD, to run console from CD boot from CD and press R (repair installation) When boot files are missing you will have to copy new ones from installation CD The maximum number of lines in the [operating systems] section of the Boot.ini file in Windows XP is 10. If you add an 11th line (or more), only lines 1 through 10 will be seen during the boot phase of Windows XP Directory services restore mode:
o o
This is like a safe mode for a domain controller Active directory is not started
o o o
o o o o o o o
Default operating system - OS loaded by default if no selection is made on OS selection menu Time to display list of OSs - how long the OS selection menu is shown (30 sec by default) Time to display recovery options (30 sec by default) Write event to the system log - event is written each time system fails (enabled by default) Send Administrative alert - when system fails message is sent to the administrator (enabled by default) Automatically restart You can also edit the boot.ini file and specify the size of the kernel dump file
Recovery password can be different than administrator password For problems with boot files use recovery console and copy needed files over from the CD Dr. Watson - used to troubleshoot application errors, DRWTSN32.EXE Boot disk can be created by copying onto a floppy the following files: NTLDR, NTDETECT.COM, NTBOOTDD.SYS (for SCSI without BIOS), BOOT.INI System restore - creates restore points that can be used to restore PC to a previous state. Enabled by default, daily backups or when significant changes occur. To manually create restore points, use system restore wizard, which is located under Accessories -> System Tools -> System Restore. By default 12% of hard drive space is used for system restore data storage Runas is also known as secondary logon, you need to have Secondary Logon service running to use it. This command line utility is used to run programs within different user's security context. For example, network administrator is logged on as a regular user and needs to run system utility that requires administrative privileges. Instead of logging out and back in as an administrator, the user could use runas command which uses the following syntax: runas /user:ComputerName\UserName "program name"