2285B

2285B: Installing, Configuring, and Administering Microsoft Windows XP Professional
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links are provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2005 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, ActiveX, MSDN, Outlook, PowerPoint, Windows, Windows Media, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. First Printing
Course Number: 2285B Part Number: X11-01707 Released: 12/2004
END-USER LICENSE AGREEMENT FOR OFFICIAL MICROSOFT LEARNING PRODUCTS TRAINER EDITION PLEASE READ THIS END-USER LICENSE AGREEMENT (EULA) CAREFULLY. THIS EULA ACCOMPANIES AND GOVERNS THE USE OF ALL SOFTWARE AND LICENSED CONTENT THAT ACCOMPANIES THIS EULA. BY USING THE CONTENT AND/OR USING OR INSTALLING THE SOFTWARE YOU AGREE TO THE TERMS OF THIS EULA. IF YOU DO NOT AGREE, DO NOT INSTALL OR USE SUCH CONTENT AND/OR SOFTWARE. 1. DEFINITIONS. 1.1. Authorized Learning Center(s) means a training session conducted at a Microsoft Certified Partner for Learning Solutions location, an IT Academy, or such other entity as Microsoft may designate from time to time (for more information on these entities, please visit www.microsoft.com). 1.2. Authorized Training Session(s)means those training sessions authorized by Microsoft and conducted at or through Authorized Learning Centers by a MCT providing training to Students solely on Official Microsoft Learning Products (formerly known as Microsoft Official Curriculum or MOC). 1.3. device. Device(s) means a single computer, device, workstation, terminal, or other digital electronic or analog
1.4. Document(s) means the printed or electronic documentation such as manuals, workbooks, white papers, press releases, datasheets, and FAQs which may be included in the Licensed Content. 1.5. Licensed Content means the materials accompanying this EULA. The Licensed Content may include, but is not limited to, the following elements: (i) Trainer Content, (ii) Student Content, (iii) Media Elements, (iv) Software, and (v) Documents. 1.6. "Media Elements" means the certain photographs, clip art, animations, sounds, music, and/or video clips which may accompany this EULA. 1.7. Software means the Virtual Hard Disks, or such other software applications that may be included with the Licensed Content. 1.8. Student(s) means students duly enrolled for an Authorized Training Session at an Authorized Learning Center. 1.9. Student Content means the learning materials accompanying this EULA that are for Use by Students and Trainers. 1.10. Trainer(s) or MCT(s) means a) a person who is duly certified by Microsoft as a Microsoft Certified Trainer and b) such other individual as authorized in writing by Microsoft and has been engaged by an Authorized Learning Center to teach or instruct an Authorized Training Session to Students on behalf of the Authorized Learning Center. 1.11. Trainer Content means the materials accompanying this EULA that are for Use by Trainers solely for the preparation of and/or Use during an Authorized Training Session. 1.12. Use
(a) Use by Trainers means the use of the Licensed Content by Trainers and/or Students solely to conduct educational classes, labs or related programs designed to train other Trainers and/or Students in the Use of the Microsoft technology, products or services related to the subject matter of the Licensed Content and/or concepts related to such Microsoft technology, products or services. (b) Use by Students means the use of the Licensed Content by Students solely at an Authorized Training Session solely to participate in educational classes, labs or related programs designed to train Students in the use of the Microsoft technology, products or services related to the subject matter of the Licensed Content and/or concepts related to such Microsoft technology, products or services; and (c) Use under this EULA shall not include the use of the Licensed Content for general business purposes. 1.13. Virtual Hard Disks means Microsoft Software that is comprised of virtualized hard disks (such as a base virtual hard disk or differencing disks) that can be loaded onto a single computer or other device in order to allow end-users to run multiple operating systems concurrently. For the purposes of this EULA, Virtual Hard Disks shall be considered Trainer Content.
1.14.
You shall mean Trainer.
2. GENERAL. This EULA is a legal agreement between You (an individual) and Microsoft Corporation (Microsoft). This EULA governs the Licensed Content. This EULA applies to updates, supplements, add-on components, and Internet-based services components of the Licensed Content that Microsoft may provide or make available to You (each, a Component), provided, however, that if a separate end user license agreement appears upon the installation of a Component (a Component EULA) the terms of the Component EULA will control as to the applicable Component. Microsoft reserves the right to discontinue any Internet-based services provided to You or made available to You through the Use of the Licensed Content. This EULA also governs any product support services relating to the Licensed Content except as may be included in another agreement between You and Microsoft. An amendment or addendum to this EULA may accompany the Licensed Content. 3. INSTALLATION AND USE RIGHTS. Subject to Your compliance with the terms and conditions of this EULA, Microsoft hereby grants You a limited, non-exclusive, royalty-free license to Use the Licensed Content as follows: 3.1 Student Content.
(a) You may install and sublicense to individual Students the right to Use one (1) copy of the Student Content on a single Device solely Students personal training Use during the Authorized Training Session. (b) You may install and Use one (1) copy of the Student Content on a single Device solely for Your personal training Use in conjunction with and for preparation of one or more Authorized Training Sessions. You are allowed to make a second copy of such Student Content and install it on a portable Device for Your personal training Use in conjunction with and for preparation of such Authorized Training Session(s). (c) For each Authorized Training Session, Trainers may either (a) install individual copies of the Student Content corresponding to the subject matter of each such Authorized Training Session on classroom Devices to be Used by the Students solely in the Authorized Training Session, provided that the number of copies in Use does not exceed the number of duly enrolled Students for the Authorized Training Session; OR (b) Trainers may install one copy of the Student Content corresponding to the subject matter of each such Authorized Training Session on a network server, provided that the number of Devices accessing such Student Content on such server does not exceed the number of Students for the Authorized Training Session. (d) For the purposes of this EULA, any Software that is included in the Student version of the Licensed Content and designated as Evaluation Software may be used by Students solely for their personal training outside of the Authorized Training Session. 3.2. Trainer Content.
(a) You may sublicense to individual Students the right to Use one (1) copy of the Virtual Hard Disks included in the Trainer Content on a single Device solely for Students personal training Use in connection with and during the Authorized Training Session for which they are enrolled.
(b) You may install and Use one (1) copy of the Trainer Content on a single Device solely for Your personal training Use and for preparation of an Authorized Training Session. You are allowed to make a second copy of the Trainer Content and install it on a portable Device solely for Your personal training Use and for preparation of an Authorized Training Session. (c) For each Authorized Training Session, Trainers may either (a) install individual copies of the Trainer Content corresponding to the subject matter of each such Authorized Training Session on classroom Devices to be Used by the Students in the Authorized Training Session, provided that the number of copies in Use does not exceed the number of duly enrolled Students for the Authorized Training Session; OR (b) Trainers may install one copy of the Trainer Content corresponding to the subject matter of each such Authorized Training Session on a network server, provided that the number of Devices accessing such Student Content on such server does not exceed the number of Students for the Authorized Training Session. WITHOUT LIMITING THE FOREGOING, COPYING OR REPRODUCTION OF THE LICENSED CONTENT TO ANY SERVER OR LOCATION FOR FURTHER REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY PROHIBITED. 4. DESCRIPTION OF OTHER RIGHTS AND LICENSE LIMITATIONS 4.1 Errors; Changes; Fictitious Names.
(a) You acknowledge and agree that (i) the Licensed Content, including without limitation Documents, related graphics, and other Components included therein, may include technical inaccuracies or typographical errors, and (ii) Microsoft may make improvements and/or changes in the Licensed Content or any portion thereof at any time without notice. (b) You understand that the names of companies, products, people, characters and/or data mentioned in the Licensed Content may be fictitious and are in no way intended to represent any real individual, company, product or event, unless otherwise noted. 4.2 Software.
Virtual Hard Disks. The Licensed Content may contain versions of Microsoft Windows XP, Windows Server 2003, and Windows 2000 Advanced Server and/or other Microsoft products which are provided in Virtual Hard Disks. No modifications may be made to the Virtual Hard Disks. Any reproduction or redistribution of the Virtual Hard Disks not in accordance with this EULA is expressly prohibited by law, and may result in severe civil and criminal penalties. Violators will be prosecuted to the maximum extent possible. YOUR RIGHT TO USE THE VIRTUAL HARD DISKS SHALL BE DEPENDENT UPON YOUR EMPLOYING THE FOLLOWING SECURITY REQUIREMENTS: If You install the Licensed Content on any Device(s) at an Authorized Training Session, you will make sure that: a) the Licensed Content, and any components thereof, are removed from said Device(s) at the conclusion of each such Authorized Training Session and b) no copies of the Licensed Content are copied, reproduced and/or downloaded from such Devices. 4.3 Use and Reproduction of Documents. Subject to the terms and conditions of this EULA, Microsoft grants You the right to reproduce portions of the Documents provided with the Licensed Content solely for Use in Authorized Training Sessions. You may not print any book (either electronic or print version) in its entirety. If You choose to reproduce Documents, You agree that: (a) the Documents will not republished or posted on any network computer or broadcast in any media; and (b) any reproduction will include either the Documents original copyright notice or a copyright notice to Microsofts benefit substantially in the format provided below. Form of Notice: 2005. Reprinted with permission by Microsoft Corporation. All rights reserved. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the US and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. 4.4 Use of Media Elements. You may not modify the Media Elements.
4.5 Use of PowerPoint Slide Deck Templates. The Trainers Content may include Microsoft PowerPoint slide decks. Subject to the terms and conditions of this EULA, Trainers may Use, copy and modify the PowerPoint slide decks solely in conjunction with providing an Authorized Training Session. If You elect to exercise the foregoing rights, You agree: (a) that modification of the slide decks will not constitute creation of obscene or scandalous works, as defined by federal law at the time the work is created; and (b) to comply with all other terms and conditions of this EULA, including without limitation Sections 4.8, 4.9, and 7. 4.6 Use of Components in Trainer Content. Solely in conjunction with providing an Authorized Training Session, and subject to the terms and conditions of this EULA, Trainers may customize and reproduce or customize for their own purposes, those portions of the Licensed Content that are logically associated with instruction of an Authorized Training Session, including without limitation the labs, simulations, animations, modules, and assessment items for each such Authorized Training Session. 4.7 Use of Sample Code. In the event that the Licensed Content includes sample code in source or object code format (Sample Code), subject to the terms and conditions of this EULA, Microsoft grants You a limited, non-exclusive, royalty-free license to Use, copy and modify the Sample Code; if You elect to exercise the foregoing rights, You agree to comply with all other terms and conditions of this EULA, including without limitation Sections 4.8, 4.9, and 7. 4.8 Permitted Modifications. In the event that You exercise any rights provided under this EULA to create modifications of the Licensed Content, You agree that any such modifications: (a) will not be used for providing training where a fee is charged in public or private classes and will not be used for training other than at an Authorized Training Session; (b) indemnify, hold harmless, and defend Microsoft from and against any claims or lawsuits, including attorneys fees, which arise from or result from Your Use of any modified version of the Licensed Content; and (c) not to transfer or assign any rights to any modified version of the License Content to any third party without the express written permission of Microsoft.
Your license to the Licensed Content or any of the Software or other materials included therewith, does not include any license, right, power or authority to (a) create derivative works of the Software in any manner that would cause the Microsoft Software and/or derivative works thereof, in whole or in part to become subject to any of the terms of the Excluded License. Excluded License means any license that requires as a condition of use, modification and/or distribution of software subject to the Excluded License, that such software of other software combined and/or distributed with such software be (A) disclosed or distributed in source code form; (B) licensed for the purpose of making derivative works; or (C) redistributable at no charge. 4.9 Reproduction/Redistribution Licensed Content. Except as expressly provided in this EULA, You may not reproduce or distribute the Licensed Content or any portion thereof (including any permitted modifications) to any third parties without the express written permission of Microsoft. 5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to You in this EULA. The Licensed Content is protected by copyright and other intellectual property laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the Licensed Content. You may not remove or obscure any copyright, trademark or patent notices that appear on the Licensed Content, or any components thereof, as delivered to You. The Licensed Content is licensed, not sold. 6. LIMITATIONS ON REVERSE ENGINEERING, DECOMPILATION, AND DISASSEMBLY. You may not reverse engineer, decompile, or disassemble the Licensed Content, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation. 7. LIMITATIONS ON SALE, RENTAL, ETC. AND CERTAIN ASSIGNMENTS. You may not provide commercial hosting services with, sell, rent, lease, lend, sublicense, or assign copies of the Licensed Content, or any portion thereof (including any permitted modifications thereof) on a stand-alone basis or as part of any collection, product or service. 8. CONSENT TO USE OF DATA. You agree that Microsoft and its affiliates may collect and Use technical information gathered as part of the product support services provided to You, if any, related to the Licensed Content. Microsoft may Use this information solely to improve our products or to provide customized services or technologies to You and will not disclose this information in a form that personally identifies You. 9. LINKS TO THIRD PARTY SITES. You may link to third party sites through the Use of the Licensed Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for the contents of any third party sites, any links contained in third party sites, or any changes or updates to third party sites. Microsoft is not responsible for webcasting or any other form of transmission received from any third party sites. Microsoft is providing these links to third party sites to You only as a convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party site. 10. ADDITIONAL LICENSED CONTENT/SERVICES. This EULA applies to Components that Microsoft may provide to You or make available to You after the date You obtain Your initial copy of the Licensed Content, unless we provide a Component EULA or other terms of Use with such Components. Microsoft reserves the right to discontinue any Internet-based services provided to You or made available to You through the Use of the Licensed Content. 11. U.S. GOVERNMENT LICENSE RIGHTS. All software provided to the U.S. Government pursuant to solicitations issued on or after December 1, 1995 is provided with the commercial license rights and restrictions described elsewhere herein. All software provided to the U.S. Government pursuant to solicitations issued prior to December 1, 1995 is provided with Restricted Rights as provided for in FAR, 48 CFR 52.227-14 (JUNE 1987) or DFAR, 48 CFR 252.227-7013 (OCT 1988), as applicable. 12. EXPORT RESTRICTIONS. You acknowledge that the Licensed Content is subject to U.S. export jurisdiction. You agree to comply with all applicable international and national laws that apply to the Licensed Content, including the U.S. Export Administration Regulations, as well as end-user, end-use, and destination restrictions issued by U.S. and other governments. For additional information see <http://www.microsoft.com/exporting/>. 13. NOT FOR RESALE LICENSED CONTENT. Licensed Content identified as Not For Resale or NFR, may not be sold or otherwise transferred for value, or Used for any purpose other than demonstration, test or evaluation. 14. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this EULA if You fail to comply with the terms and conditions of this EULA. In the event Your status as a Microsoft Certified Trainer a) expires, b) is voluntarily terminated by You, and/or c) is terminated by Microsoft, this EULA shall automatically terminate. Upon any termination of this EULA, You must destroy all copies of the Licensed Content and all of its Component parts. 15. DISCLAIMER OF WARRANTIES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND ITS SUPPLIERS PROVIDE THE LICENSED MATERIAL AND SUPPORT SERVICES (IF ANY) AS IS AND WITH ALL FAULTS, AND MICROSOFT AND ITS SUPPLIERS HEREBY DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY (IF ANY) IMPLIED WARRANTIES, DUTIES OR CONDITIONS OF MERCHANTABILITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF RELIABILITY OR AVAILABILITY,
OF ACCURACY OR COMPLETENESS OF RESPONSES, OF RESULTS, OF WORKMANLIKE EFFORT, OF LACK OF VIRUSES, AND OF LACK OF NEGLIGENCE, ALL WITH REGARD TO THE LICENSED CONTENT, AND THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES, INFORMATION, SOFTWARE, AND RELATED CONTENT THROUGH THE LICENSED CONTENT, OR OTHERWISE ARISING OUT OF THE USE OF THE LICENSED CONTENT. ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NONINFRINGEMENT WITH REGARD TO THE LICENSED CONTENT. THE ENTIRE RISK AS TO THE QUALITY, OR ARISING OUT OF THE USE OR PERFORMANCE OF THE LICENSED CONTENT, AND ANY SUPPORT SERVICES, REMAINS WITH YOU. 16. EXCLUSION OF INDIRECT DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS INTERRUPTION, FOR PERSONAL INJURY, FOR LOSS OF PRIVACY, FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE LICENSED CONTENT, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES, INFORMATION, SOFTWARE, AND RELATED CONTENT THROUGH THE LICENSED CONTENT, OR OTHERWISE ARISING OUT OF THE USE OF THE LICENSED CONTENT, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS EULA, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), MISREPRESENTATION, STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY OF MICROSOFT OR ANY SUPPLIER, AND EVEN IF MICROSOFT OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. 17. LIMITATION OF LIABILITY. NOTWITHSTANDING ANY DAMAGES THAT YOU MIGHT INCUR FOR ANY REASON WHATSOEVER (INCLUDING, WITHOUT LIMITATION, ALL DAMAGES REFERENCED HEREIN AND ALL DIRECT OR GENERAL DAMAGES IN CONTRACT OR ANYTHING ELSE), THE ENTIRE LIABILITY OF MICROSOFT AND ANY OF ITS SUPPLIERS UNDER ANY PROVISION OF THIS EULA AND YOUR EXCLUSIVE REMEDY HEREUNDER SHALL BE LIMITED TO THE GREATER OF THE ACTUAL DAMAGES YOU INCUR IN REASONABLE RELIANCE ON THE LICENSED CONTENT UP TO THE AMOUNT ACTUALLY PAID BY YOU FOR THE LICENSED CONTENT OR US$5.00. THE FOREGOING LIMITATIONS, EXCLUSIONS AND DISCLAIMERS SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EVEN IF ANY REMEDY FAILS ITS ESSENTIAL PURPOSE. 18. APPLICABLE LAW. If You acquired this Licensed Content in the United States, this EULA is governed by the laws of the State of Washington, and, in respect of any dispute which may arise hereunder, You consent to the jurisdiction of the federal and state courts located in King County, Washington. If You acquired this Licensed Content in Canada, unless expressly prohibited by local law, this EULA is governed by the laws in force in the Province of Ontario, Canada; and, in respect of any dispute which may arise hereunder, You consent to the jurisdiction of the federal and provincial courts sitting in Toronto, Ontario. If You acquired this Licensed Content in the European Union, Iceland, Norway, or Switzerland, then the local law of such jurisdictions applies. If You acquired this Licensed Content in any other country, then local law may apply. 19. ENTIRE AGREEMENT; SEVERABILITY. This EULA (including any addendum or amendment to this EULA which is included with the Licensed Content) is the entire agreement between You and Microsoft relating to the Licensed Content and the support services (if any) and supersedes all prior or contemporaneous oral or written communications, proposals and representations with respect to the Licensed Content or any other subject matter covered by this EULA. To the extent the terms of any Microsoft policies or programs for support services conflict with the terms of this EULA, the terms of this EULA shall control. If any provision of this EULA is held to be void, invalid, unenforceable or illegal, the other provisions shall continue in full force and effect. Should You have any questions concerning this EULA, or if You desire to contact Microsoft for any reason, please use the address information enclosed in this Licensed Content to contact the Microsoft subsidiary serving Your country or visit Microsoft on the World Wide Web at http://www.microsoft.com. Si vous avez acquis votre Contenu Sous Licence Microsoft au CANADA : DNI DE GARANTIES. Dans la mesure maximale permise par les lois applicables, le Contenu Sous Licence et les services de soutien technique (le cas chant) sont fournis TELS QUELS ET AVEC TOUS LES DFAUTS par Microsoft et ses fournisseurs, lesquels par les prsentes dnient toutes autres garanties et conditions expresses, implicites ou en vertu de la loi, notamment, mais sans limitation, (le cas chant) les garanties, devoirs ou conditions
implicites de qualit marchande, dadaptation une fin usage particulire, de fiabilit ou de disponibilit, dexactitude ou dexhaustivit des rponses, des rsultats, des efforts dploys selon les rgles de lart, dabsence de virus et dabsence de ngligence, le tout lgard du Contenu Sous Licence et de la prestation des services de soutien technique ou de lomission de la une telle prestation des services de soutien technique ou lgard de la fourniture ou de lomission de la fourniture de tous autres services, renseignements, Contenus Sous Licence, et contenu qui sy rapporte grce au Contenu Sous Licence ou provenant autrement de lutilisation du Contenu Sous Licence. PAR AILLEURS, IL NY A AUCUNE GARANTIE OU CONDITION QUANT AU TITRE DE PROPRIT, LA JOUISSANCE OU LA POSSESSION PAISIBLE, LA CONCORDANCE UNE DESCRIPTION NI QUANT UNE ABSENCE DE CONTREFAON CONCERNANT LE CONTENU SOUS LICENCE. EXCLUSION DES DOMMAGES ACCESSOIRES, INDIRECTS ET DE CERTAINS AUTRES DOMMAGES. DANS LA MESURE MAXIMALE PERMISE PAR LES LOIS APPLICABLES, EN AUCUN CAS MICROSOFT OU SES FOURNISSEURS NE SERONT RESPONSABLES DES DOMMAGES SPCIAUX, CONSCUTIFS, ACCESSOIRES OU INDIRECTS DE QUELQUE NATURE QUE CE SOIT (NOTAMMENT, LES DOMMAGES LGARD DU MANQUE GAGNER OU DE LA DIVULGATION DE RENSEIGNEMENTS CONFIDENTIELS OU AUTRES, DE LA PERTE DEXPLOITATION, DE BLESSURES CORPORELLES, DE LA VIOLATION DE LA VIE PRIVE, DE LOMISSION DE REMPLIR TOUT DEVOIR, Y COMPRIS DAGIR DE BONNE FOI OU DEXERCER UN SOIN RAISONNABLE, DE LA NGLIGENCE ET DE TOUTE AUTRE PERTE PCUNIAIRE OU AUTRE PERTE DE QUELQUE NATURE QUE CE SOIT) SE RAPPORTANT DE QUELQUE MANIRE QUE CE SOIT LUTILISATION DU CONTENU SOUS LICENCE OU LINCAPACIT DE SEN SERVIR, LA PRESTATION OU LOMISSION DE LA UNE TELLE PRESTATION DE SERVICES DE SOUTIEN TECHNIQUE OU LA FOURNITURE OU LOMISSION DE LA FOURNITURE DE TOUS AUTRES SERVICES, RENSEIGNEMENTS, CONTENUS SOUS LICENCE, ET CONTENU QUI SY RAPPORTE GRCE AU CONTENU SOUS LICENCE OU PROVENANT AUTREMENT DE LUTILISATION DU CONTENU SOUS LICENCE OU AUTREMENT AUX TERMES DE TOUTE DISPOSITION DE LA U PRSENTE CONVENTION EULA OU RELATIVEMENT UNE TELLE DISPOSITION, MME EN CAS DE FAUTE, DE DLIT CIVIL (Y COMPRIS LA NGLIGENCE), DE RESPONSABILIT STRICTE, DE VIOLATION DE CONTRAT OU DE VIOLATION DE GARANTIE DE MICROSOFT OU DE TOUT FOURNISSEUR ET MME SI MICROSOFT OU TOUT FOURNISSEUR A T AVIS DE LA POSSIBILIT DE TELS DOMMAGES. LIMITATION DE RESPONSABILIT ET RECOURS. MALGR LES DOMMAGES QUE VOUS PUISSIEZ SUBIR POUR QUELQUE MOTIF QUE CE SOIT (NOTAMMENT, MAIS SANS LIMITATION, TOUS LES DOMMAGES SUSMENTIONNS ET TOUS LES DOMMAGES DIRECTS OU GNRAUX OU AUTRES), LA SEULE RESPONSABILIT OBLIGATION INTGRALE DE MICROSOFT ET DE LUN OU LAUTRE DE SES FOURNISSEURS AUX TERMES DE TOUTE DISPOSITION DEU LA PRSENTE CONVENTION EULA ET VOTRE RECOURS EXCLUSIF LGARD DE TOUT CE QUI PRCDE SE LIMITE AU PLUS LEV ENTRE LES MONTANTS SUIVANTS : LE MONTANT QUE VOUS AVEZ RELLEMENT PAY POUR LE CONTENU SOUS LICENCE OU 5,00 $US. LES LIMITES, EXCLUSIONS ET DNIS QUI PRCDENT (Y COMPRIS LES CLAUSES CI-DESSUS), SAPPLIQUENT DANS LA MESURE MAXIMALE PERMISE PAR LES LOIS APPLICABLES, MME SI TOUT RECOURS NATTEINT PAS SON BUT ESSENTIEL. moins que cela ne soit prohib par le droit local applicable, la prsente Convention est rgie par les lois de la province dOntario, Canada. Vous consentez Chacune des parties la prsente reconnat irrvocablement la comptence des tribunaux fdraux et provinciaux sigeant Toronto, dans de la province dOntario et consent instituer tout litige qui pourrait dcouler de la prsente auprs des tribunaux situs dans le district judiciaire de York, province dOntario. Au cas o Vous auriez des questions concernant cette licence ou que Vous dsiriez vous mettre en rapport avec Microsoft pour quelque raison que ce soit, veuillez utiliser linformation contenue dans le Contenu Sous Licence pour contacter la filiale de succursale Microsoft desservant Votre pays, dont ladresse est fournie dans ce produit, ou visitez crivez : Microsoft sur le World Wide Web http://www.microsoft.com
Installing, Configuring, and Administering Microsoft Windows XP Professional
ix
Contents
Introduction
Course Materials......................................................................................................2 Prerequisites ............................................................................................................3 Course Outline.........................................................................................................4 Setup......................................................................................................................10 Demonstration: Using Microsoft Virtual PC .........................................................12 Microsoft Learning ................................................................................................15 Microsoft Certified Professional Program.............................................................18 Facilities ................................................................................................................21
Module 1: Installing Windows XP Professional

Overview .................................................................................................................1 Lesson: Manually Installing Windows XP Professional .........................................2 Lesson: Automating a Windows XP Professional Installation ..............................11 Lesson: Using an Image to Install Windows XP Professional ..............................20 Lesson: Transferring User Files and Settings to a New Computer........................24 Lesson: Installing Windows XP Service Pack 2....................................................29 Lesson: Monitoring Windows XP Professional Security Status by Using Security Center ......................................................................................................37
Module 2: Adding Hardware to Windows XP Professional Clients

Overview .................................................................................................................1 Lesson: Installing Hardware Devices ......................................................................2 Lesson: Configuring Modems, Printers, and Monitors..........................................12 Lesson: Troubleshooting Device Drivers ..............................................................16 Lesson: Disabling and Uninstalling Hardware Devices ........................................24
Module 3: Resolving Boot Process Issues

Overview .................................................................................................................1 Lesson: Understanding the Boot Process ................................................................2 Lesson: Using Advanced Boot Options...................................................................9 Lesson: Using the Boot.ini File to Change Startup Behavior................................13 Lesson: Using the Recovery Console to Start a Computer....................................20 Lab A: Troubleshooting the Boot Sequence..........................................................25
Module 4: Configuring the Desktop Environment

Overview .................................................................................................................1 Lesson: Configuring User Desktop Settings............................................................2 Lesson: Configuring System Settings....................................................................18 Lesson: Managing User Profiles............................................................................23 Lesson: Using Remote Administration..................................................................31 Lesson: Using Remote Assistance in Windows XP Professional..........................37 Lab A: Using Remote Assistance to Configure a Computer Running Windows XP Professional .....................................................................................43
Installing, Configuring, and Administering Microsoft Windows XP Professional
Module 5: Configuring Internet Explorer and Supporting Applications

Overview .................................................................................................................1 Lesson: Configuring Security and Connection Settings for Internet Explorer ........2 Lesson: Customizing and Deploying Internet Explorer Settings...........................15 Lesson: Supporting Applications in Windows XP Professional............................26 Course Evaluation..................................................................................................36
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network

Overview .................................................................................................................1 Lesson: Configuring Windows XP Professional for a Workgroup..........................2 Lesson: Configuring Local Security ......................................................................14 Lesson: Configuring Windows Firewall................................................................23 Lesson: Configuring Network Options in a Workgroup........................................35 Lesson: Joining a Domain .....................................................................................45
Module 7: Configuring Windows XP Professional for Mobile Computing

Overview .................................................................................................................1 Lesson: Configuring Hardware for Mobile Computing...........................................2 Lesson: Configuring Power Management for Mobile Computing ..........................7 Lesson: Making Files and Web Sites Available Offline........................................14 Course Evaluation..................................................................................................27
2285A: Installing, Configuring, and Administering Microsoft Windows XP Professional
xi
About This Course

This section provides you with a brief description of the course, audience, suggested prerequisites, and course objectives. Description Course 2285B, Installing, Configuring, and Administering Microsoft Windows XP Professional, addresses the principal tasks of desktop support and desktop interoperability. This course enables information technology (IT) support professionals to become proficient as desktop support personnel, thus providing a better user experience for our customers. This course also provides a training solution for students who are on the primary track for Microsoft Certified Systems Administrator (MCSA) certification and Microsoft Certified Systems Engineer (MCSE) certification for Microsoft Windows Server 2003 without requiring them to take additional training that includes redundant material. Course 2285 includes the content from Course 2272: Implementing and Supporting Microsoft Windows XP Professional, but includes duplicate material from neither Course 2274: Managing a Microsoft Windows Server 2003 Environment, nor from Course 2275: Maintaining a Microsoft Windows Server 2003 Environment. Audience This course is intended for systems administrators who are responsible for implementing, configuring, and administering the Windows XP Professional client. Systems engineers who have designed Windows Server 2003 networks can also take this course. Student prerequisites This course requires that students meet the following prerequisites:
! ! !
CompTIA A+ certification or equivalent knowledge CompTIA Network+ certification or equivalent knowledge Course 2208A: Updating Support Skills from Microsoft Windows NT to Windows Server 2003 - or Course 2274: Managing a Microsoft Windows Server 2003 Environment - and Course 2275: Maintaining a Microsoft Windows Server 2003 Environment
xii
Course objectives
After completing this course, the student will be able to:

! !
Plan and perform an installation of Windows XP Professional. Install and support hardware devices and drivers on computers running Windows XP Professional. Identify and resolve boot process issues on computers running Windows XP Professional. Configure desktop settings for computers running Windows XP Professional. Configure security settings for Internet Explorer and application compatibility for computers running Windows XP Professional. Configure computers to run Windows XP Professional in a Windows networking environment. Configure and support computers running Windows XP Professional for mobile computing.
xiii
Course Timing
The following schedule is an estimate of the course timing. Your timing may vary.
Day 1
Start 9:00 9:45 10:30 10:45 11:30 12:00 1:00 1:30 2:30 2:45 3:15 End 9:45 10:30 10:45 11:30 12:00 1:00 1:30 2:30 2:45 3:15 4:00 Module Introduction Module 1: Installing Windows XP Professional Break Module 1: Installing Windows XP Professional (continued) Module 2: Adding Hardware to Windows XP Professional Clients Lunch Module 2: Adding Hardware to Windows XP Professional Clients (continued) Module 3: Resolving Boot Process Issues Break Lab: Troubleshooting the Boot Sequence Module 4: Configuring the Desktop Environment
Day 2
Start 9:00 9:30 10:15 10:45 11:00 12:00 1:00 2:30 2:45 End 9:30 10:15 10:45 11:00 12:00 1:00 2:30 2:45 4:00 Module Day 1 review Module 4: Configuring the Desktop Environment (continued) Lab: Using Remote Assistance to Configure a Computer Running Windows XP Professional Break Module 5: Configuring Internet Explorer and Supporting Applications Lunch Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network Break Module 7: Configuring Windows XP Professional for Mobile Computing
xiv
Trainer Materials DVD Contents

The Trainer Materials DVD contains the following files and folders:
!
Autorun.inf. When the DVD is inserted into the DVD drive, this file opens StartCD.exe. Default.htm. This file opens the Trainer Materials Web page. Readme.txt. This file explains how to install the software for viewing the Trainer Materials DVD and its contents and how to open the Trainer Materials Web page. StartCD.exe. When the DVD is inserted into the DVD drive, or when you double-click the StartCD.exe file, this file opens the DVD and allows you to browse the Trainer Materials DVD. StartCD.ini. This file contains instructions to launch StartCD.exe. 2285B_vs.doc. This file is the Microsoft Virtual PC Classroom Setup Guide. It provides instructions for setting up the instructor computer, student computers, and virtual machines. Powerpnt. This folder contains the Microsoft PowerPoint slides that are used in this course. Pptview. This folder contains the Microsoft PowerPoint Viewer, which can be used to display the PowerPoint slides if Microsoft PowerPoint 2002 is not available. Do not use this version in the classroom. Setup. This folder contains the files that install the course and related software to computers in a classroom setting. Student. This folder contains the Web page that provides students with links to resources pertaining to this course, including additional reading, review and lab answers, lab files, multimedia presentations, and course-related Web sites. Tools. This folder contains the files and the utilities that are used to complete the setup of the instructor computer. Webfiles. This folder contains the files that are required to view the course Web page. To open the Web page, open Windows Explorer, and in the root directory of the DVD, double-click StartCD.exe.
! !
! !
xv
Student Materials Compact Disc Contents

The Student Materials compact disc (CD) contains the following files and folders:
!
Autorun.inf. When the CD is inserted into the CD drive, this file opens StartCD.exe. Default.htm. This file opens the Student Materials Web page. It provides you with resources pertaining to this course, including additional reading, review and lab answers, lab files, multimedia presentations, and courserelated Web sites. Readme.txt. This file explains how to install the software for viewing the Student Materials CD and its contents and how to open the Student Materials Web page. StartCD.exe. When the CD is inserted into the CD drive, or when you double-click the StartCD.exe file, this file opens the CD and allows you to browse the Student Materials compact disc. StartCD.ini. This file contains instructions to launch StartCD.exe. Addread. This folder contains additional reading pertaining to this course. Appendix. This folder contains appendix files for this course. Democode. This folder contains demonstration code. Flash. This folder contains the installer for the Macromedia Flash browser plug-in. Fonts. This folder contains fonts that may be required to view the Microsoft Word documents that are included with this course. Labfiles. This folder contains files that are used in the hands-on labs. These files may be used to prepare the student computers for the hands-on labs. Media. This folder contains files that are used in multimedia presentations for this course. Mplayer. This folder contains the setup file to install Microsoft Windows Media Player. Practices. This folder contains files that are used in the hands-on practices. Webfiles. This folder contains the files that are required to view the course Web page. To open the Web page, open Windows Explorer, and in the root directory of the CD, double-click StartCD.exe. Wordview. This folder contains the Word Viewer that is used to view any Word document (.doc) files that are included on the CD.
! ! ! ! !
! !
xvi
Document Conventions
The following conventions are used in course materials to distinguish elements of the text.
Convention Bold Use Represents commands, command options, and syntax that must be typed exactly as shown. It also indicates commands on menus and buttons, dialog box titles and options, and icon and menu names. In syntax statements or descriptive text, indicates argument names or placeholders for variable information. Italic is also used for introducing new terms, for book titles, and for emphasis in the text. Indicate domain names, user names, computer names, directory names, and folder and file names, except when specifically referring to case-sensitive names. Unless otherwise indicated, you can use lowercase letters when you type a directory name or file name in a dialog box or at a command prompt. Indicate the names of keys, key sequences, and key combinations for example, ALT+SPACEBAR. Represents code samples or examples of screen text. In syntax statements, enclose optional items. For example, [filename] in command syntax indicates that you can choose to type a file name with the command. Type only the information within the brackets, not the brackets themselves. In syntax statements, enclose required items. Type only the information within the braces, not the braces themselves. In syntax statements, separates an either/or choice. Indicates a procedure with sequential steps. In syntax statements, specifies that the preceding item may be repeated. Represents an omitted portion of a code sample.
Italic
Title Capitals
ALL CAPITALS monospace
[]
{} |
... . . .
Introduction
Contents Introduction Course Materials Prerequisites Course Outline Setup Demonstration: Using Microsoft Virtual PC Microsoft Learning Microsoft Certified Professional Program Facilities 1 2 3 4 10 12 15 18 21
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links are provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2005 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, ActiveX, MSDN, Outlook, PowerPoint, Windows, Windows Media, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Introduction
iii
Instructor Notes
Presentation: 45 minutes Required materials The Introduction module provides students with an overview of the course content, materials, and logistics for Course 2285B, Installing, Configuring, and Administering Microsoft Windows XP Professional. To teach this course, you need the following materials:Delivery Guide
!
Trainer Materials digital video disc (DVD)
Preparation tasks
To prepare for this course, you must:

!
Complete the Course Preparation Checklist that is included with the trainer course materials. Familiarize yourself with the Microsoft Virtual PC setup. Practice using the virtual machines. Complete all practices and labs.
! ! !
iv
Introduction
How to Teach This Module

This section contains information that will help you to teach this module. Introduction Welcome students to the course and introduce yourself. Provide a brief overview of your background to establish credibility. Ask students to introduce themselves and provide their backgrounds, product experience, and expectations of the course. Record student expectations on a whiteboard or flip chart that you can reference later in class. Course materials Tell students that everything they will need for this course is provided at their desks. Have students write their names on both sides of the name cards. Describe the contents of the student workbook and the Student Materials compact disc (CD). Important This course has assessment items for each lesson, located on the Student Materials CD. You can use them as pre-assessments to help students identify areas of difficulty, or you can use them as post-assessments to validate learning. Consider using them to reinforce learning at the end of the day. You can also use them at the beginning of the day as a review of the content that was taught on the previous day. Tell students where they can send comments and feedback on this course. Demonstrate how to open the Web page provided on the Student Materials CD by double-clicking StartCD.exe in the Student folder on the Trainer Materials DVD. What is Microsoft Operations Framework (MOF)? Very briefly explain the general components of the Microsoft Operations Framework (MOF) and how it can provide guidance on how to effectively design, develop, deploy, operate, and support solutions that are built on Microsoft products and technologies. Discuss the basic MOF concepts very briefly, and then refer the students to the MOF Web site at http://www.microsoft.com/technet/itsolutions/techguide/mof/mofeo.mspx for more information. Describe the prerequisites for this course. This is an opportunity for you to identify students who may not have the appropriate background or experience to attend this course. Briefly describe each module and what students will learn. Explain how this course will meet students expectations by relating the information that is covered in individual modules to their expectations. Describe any necessary setup information for the course, including course files and classroom configuration. Explain the Virtual PC configuration. Students might be very interested in Virtual PC technology; refer them to the Microsoft Virtual PC home page at http://www.microsoft.com/windows/virtualpc/ default.mspx for further technical information.
Prerequisites
Course outline
Setup
Introduction
Demonstration: Using Microsoft Virtual PC
In this course, students will use Virtual PC 2004 to perform all the hands-on practices. Demonstrate how to use Virtual PC by performing the following procedures: 1. On your desktop, use the Start menu to open Microsoft Virtual PC. 2. In the Virtual PC Console, click 2285B-LON-DC to select the London machine, and then click Start. Mention that students can run two virtual machines at once using just 1 GB of memory. 3. Show the students that the system tray of the host computer contains an icon for Virtual PC. If Virtual PC is running, but the window becomes hidden, you can reactivate the window by double-clicking the icon in the system tray. You can also simply right-click the icon in the system tray to create, start, and configure virtual machines. 4. Start the Glasgow machine by clicking 2285B-GLA-PC, and start the Vancouver machine by clicking 2285B-VAN-PC. 5. Show the students that the title bar of each virtual machine indicates which server they are accessing. 6. Switch to 2285B-GLA-PC, and then log on by pressing the ALT key on the right side of the keyboard at the same time that you press the DELETE key. Point out that the ALT key on the right side of the keyboard is referred to as both the right-ALT key and the HOST key in Virtual PC 2004 Help and menus. Log on to the nwtraders domain as Administrator with a password of P@ssw0rd. 7. Demonstrate Full-Screen mode by pressing right-ALT+ENTER. Repeat this key sequence to return to a window view. 8. Point out that the 2285B-GLA-PC desktop indicates the word Glasgow. 9. Switch to 2285B-LON-DC, and then log on as Administrator by pressing right-ALT+DELETE. 10. Point out that the 2285B-LON-DC desktop indicates the word London. 11. Use ipconfig/all at a command prompt at London, Glasgow, and the host computer to show the IP addresses configured for each. Use ping to show that Glasgow can ping London, but cannot ping the host computer or any other computer on the hosts network. For informational purposes, the IP address for London is 192.168.1.200, and the IP address for Glasgow is assigned from the DHCP address range on the London server. 12. From Glasgow, show how to map drive Z to drive C of the host computer. (Click Edit, click Settings, and then click Shared Folders. Click Share Folder, click Local Disk, and then click OK twice.) Point out that students can use this mapped drive to access information stored on the host computer, and that they can create additional mapped drives using the Shared Folders option in Virtual PC 2004. 13. Close London and Glasgow, and point out that students can either commit or discard changes when closing Virtual PC. Tell students that the lab instructions will prescribe whether they should commit or discard changes each time they close Virtual PC. 14. Start London and Glasgow, and leave them running for use in later demonstrations.
vi
Introduction
Practice: Starting and Logging on to Virtual PC 2004
The purpose of this practice is for students to open a virtual machine. Starting the London, Glasgow, and Vancouver virtual machines at this point will save time when they begin to use the virtual machines in the practices. Students will not use the Glasgow virtual machine until later in the course; pausing Glasgow when it is not in use will improve system performance. Be sure students have the necessary logon information for the Host computer. Students might find it helpful if you write a list of Virtual PC shortcut key combinations on the board.
Microsoft Learning
Explain the Microsoft Learning curriculum, and present the list of additional recommended courses. Refer students to the Microsoft Learning Web page at http://www.microsoft.com/learning/ for information about curriculum paths.
Microsoft Learning Product Types
Tell students that Microsoft offers four different learning product types, and that each type has different components and emphasis. Identify the key differences among the types. It is important that students understand the differences among these product types as well as the focus of the product type that they are currently attending. This understanding is particularly important for students who are considering attending a clinic, workshop, or seminar so that their expectations are appropriate prior to registration and attendance. Inform students about the Microsoft Certified Professional (MCP) program, any certification exams that are related to this course, and the various certification options. Explain the class hours, extended building hours for labs, parking, restroom location, meals, phones, message posting, and where smoking is or is not allowed. Let students know whether your facility has Internet access that is available for them to use during class breaks. Also, make sure that the students are aware of the recycling program if one is available.
Microsoft Certified Professional program Facilities
Introduction
Introduction
*****************************ILLEGAL FOR NON-TRAINER USE******************************
Introduction
Course Materials
*****************************ILLEGAL FOR NON-TRAINER USE****************************** The following materials are included with your kit:
! !
Name card. Write your name on both sides of the name card. Student workbook. The student workbook contains the material covered in class, in addition to the hands-on lab exercises. Student Materials compact disc (CD). The Student Materials CD contains a Web page that provides you with links to resources pertaining to this course, including additional readings, review and lab answers, lab files, multimedia presentations, and course-related Web sites. Note To open the Web page, insert the Student Materials CD into the CD-ROM drive, and then in the root directory of the CD, double-click StartCD.exe.
Assessments. There are assessments for each lesson, located on the Student Materials compact disc. You can use them as pre-assessments to identify areas of difficulty, or you can use them as post-assessments to validate learning. Course evaluation. Near the end of the course, you will have the opportunity to complete an online evaluation to provide feedback on the course, training facility, and instructor. Evaluation software. An evaluation copy of the software is provided for your personal use only. To provide additional comments or feedback on the course, send e-mail to support@mscourseware.com. To inquire about the Microsoft Certified Professional program, send e-mail to mcphelp@microsoft.com.
Introduction
Prerequisites
*****************************ILLEGAL FOR NON-TRAINER USE****************************** This course requires that you meet the following prerequisites:
! !
CompTIA A+ certification or equivalent knowledge CompTIA Network+ certification or equivalent knowledge and either: Course 2208: Updating Support Skills from Microsoft Windows NT 4.0 to Windows Server 2003. - or Course 2274: Managing a Microsoft Windows Server 2003 Environment Course 2275: Maintaining a Microsoft Windows Server 2003 Environment
! !
Introduction
Course Outline
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Module 1, Installing Windows XP Professional, describes how to prepare for and perform an installation of Windows XP Professional. The module also describes how to automate an installation of Windows XP Professional, how to use an image to install Windows XP Professional, and how to transfer user files and settings to a new computer. In addition, the module describes how to add Windows XP Service Pack 2 (SP2) to a Windows XP Professional installation, and how to use Security Center to monitor system security. After completing this module, you will be able to install Windows XP Professional. Module 2, Adding Hardware to Windows XP Professional Clients, introduces the tasks that you need to perform to add new hardware to your computers, update a driver, or modify your hardware configuration. The module also describes how to disable drivers and uninstall hardware. After completing this module, you will be able add hardware to Windows XP Professional clients. Module 3, Resolving Boot Process Issues, describes the boot process and the tools and techniques that you can use to identify and resolve startup issues. After completing this module, you will be able to resolve boot process issues. Module 4, Configuring the Desktop Environment, introduces configuration and customization settings for user desktops. The module explains how to use profiles to implement and enforce desktop customization policies, how to use Remote Administration with computers running SP2, and how to use Remote Assistance to respond to requests for help. After completing this module, you will be able to configure the desktop environment.
Introduction
Module 5, Configuring Internet Explorer and Supporting Applications, explains how to configure security and connection settings for Internet Explorer, and how to manage the SP2 enhancements to Internet Explorer. This module also explains how to use the Internet Explorer Administration kit and Group Policy to customize and deploy Internet settings. Finally, the module describes how to use add/remove programs filtering, configure program compatibility settings, and use Dr. Watson to gather application troubleshooting information. After completing this module, you will be able to configure Internet Explorer and support applications. Module 6, Configuring Windows XP Professional to Operate in a Microsoft Network, explains how to create and configure user accounts, how to configure local security, and how to configure Windows Firewall. This module also explains how to configure computers running Windows XP Professional to operate in a Windows workgroup or domain. After completing this module, you will be able to configure Windows XP Professional to operate in a Microsoft network. Module 7, Configuring Windows XP Professional for Mobile Computing, explains how to help mobile users work more effectively by controlling the power usage of their computers. The module also explains how to make files, folders, and Web pages available offline. After completing this module, you will be able to configure Windows XP Professional for mobile computing.
Introduction
What is Microsoft Operations Framework (MOF)?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Network administrators in corporate support environments rely on an operational framework, such as Microsoft Operations Framework (MOF), to maintain day-to-day information technology (IT) operations. MOF is guidance on how to effectively design, develop, deploy, operate, and support solutions that are built on Microsoft products and technologies. It is a collection of best practices, principles, and models that are delivered through white papers, operation guides, services, and courses. IT service management is the concept of applying a structured set of common functions and processes to service solutions to meet service-level requirements that are agreed-upon with the customer. In IT, models are used to establish order and structure for processes. The MOF Process Model is one of three core MOF models that focus on life cycle iteration in the context of an ongoing operations environment: the MOF Process Model, the MOF Team Model, and the MOF Risk Model. The MOF Process Model describes the Microsoft approach to the IT operations and service management life cycle. Central to the MOF Process Model are its four quadrants of operational processes and procedures, called service management functions (SMFs). SMFs are foundational-level best practices and prescriptive guidance for operating and maintaining an IT environment. The following four quadrants encompass virtually every activity within an operations environment:
!
The MOF Process Model
MOF Process Model quadrants
Changing quadrant. Includes the SMFs required to identify, review, approve, and incorporate change into a managed IT environment. This includes changes in software, hardware, documentation, and roles and responsibilities, in addition to specific process and procedural changes. Operating quadrant. Includes the SMFs required to monitor, control, manage, and administer service solutions on a daily basis to achieve and maintain service levels within predetermined parameters.
Introduction
!
Supporting quadrant. Includes the SMFs required to identify, assign, diagnose, track, and resolve incidents, problems, and requests within the approved requirements contained in the service level agreements (SLAs). Optimizing quadrant. Includes the SMFs that contribute to maintaining business and IT alignment by focusing on decreasing IT costs while maintaining or improving service levels. This includes review of outages and incidents, examination of cost structure, staff assessments, availability and performance analysis, and capacity forecasting.
Supporting quadrant mission of service
Network administrators responsibilities typically cover all quadrants of the MOF Process Model at some level. In most cases, however, they spend the majority of their time in the supporting and operating quadrants of the MOF Process Model. The supporting quadrant mission of service is to quickly resolve incidents, problems, and inquiries. This quadrant incorporates the following key ideas:
! !
Service restoration is the first priority. Incidents, problems, and known errors must be clearly distinguished from one another. Service levels are governed by SLAs. Customers interact with the service desk for the resolution of problems. Electronic self-help does not make human representatives obsolete.
! ! !
SMFs in the supporting quadrant
The following three SMFs comprise the supporting quadrant and help to accomplish its mission:
!
Service desk SMF. The service desk coordinates all activities and customer communications regarding incidents, problems, and inquiries related to production systems. It is the single point of contact between service providers and end users on a day-to-day basis. Service desks receive requests for help with solving issues and problems across a vast array of applications, communication systems, desktop configurations, and facilities. Incident management SMF. Incident management, which is the primary activity of the service desk, is the process of managing and controlling faults and disruptions in the use or implementation of IT services as reported by users. The primary goal of incident management is to restore normal service operation as quickly as possible when it is disrupted, and minimize any adverse impact on end-user or corporate operations. Problem management SMF. The goal of problem management is to identify and correct underlying problems in the IT infrastructure through both reactive and proactive means. Reactive problem management is initiated when the service desk reports problems, while proactive problem management involves continuously monitoring and evaluating data to identify problems before they occur. Problem management is responsible for escalation procedures, incident correlation, root cause analysis, problem resolution, and reporting, and is tightly coupled with incident management performed at the service desk level.
Introduction
Operating quadrant mission of service
The operating quadrant mission of service is to provide users with an environment that is always available to them. This quadrant includes the following objectives:
! !
Create and maintain operations guides for all service solutions. Manage operating level agreements to ensure customer SLA is met by the teams. Establish automated methods to monitor and resolve system problems where possible.
The SMFs that enable the operations quadrant to meet its goals include:
! ! ! ! ! ! !
System administration Security administration Directory services administration Network administration Service monitoring and control Storage management Job scheduling
SMFs in the operating quadrant
The following seven SMFs comprise the operating quadrant and help to accomplish its mission:
!
System administration. This function is responsible for keeping IT systems working. System administration usually refers to being responsible for enterprise-level IT management tasks. Tasks include administration of operating system, application, messaging, database, Web server, and telecommunications systems. Security administration. Maintaining a safe computing environment is the big-picture function of security administration. Within security administration, the goals include ensuring confidentiality, integrity, and availability of data. To ensure these, the administrator needs to perform daily risk management, periodic patch management, security incident management, and monitoring for intruder detection. Directory services administration. The daily operation, maintenance, and support of the enterprise direction fall to the directory services administrator. This functional area is responsible for directory-enabled applications; metadirectories; creating, deleting, and managing users, groups, and other directory resource objects; and managing, monitoring, and troubleshooting the enterprise directory. Network administration. The network administration function is responsible for all of the networks within the organization, including LANs, WANs, SANs, VPNs, Internet access, wireless access, and remote access. This covers maintenance and administration of physical network components such as servers, routers, switches, and firewalls.
Introduction
!
Service monitoring and control. The monitoring portion of this function is the observation of the health of services in real time. Monitoring of process heartbeat, job status, queue status, server resource loads, response time, and transaction status and availability are needed to evaluate the relative health of the services. Identifying when values for the monitored elements are outside of permissible boundaries or recognizing an outage of the service falls in the control portion of this function. The staff needs to resolve or find someone to resolve the problem and restore service health. Storage management. This function includes maintaining and safeguarding all types of storage components such as servers, storage hardware and software, storage networks, tools, and operational processes. The efficient operation of all of these services should be seamless to the users. Job scheduling. The most efficient sequencing of batch jobs and achievement of maximum throughput to meet SLA requirements are part of the job scheduling function. Job scheduling also includes defining job schedules, scheduling procedures, and batch processing.
Additional reading
For more information on MOF, see the Microsoft Operations Framework home page at http://www.microsoft.com/technet/itsolutions/techguide/ mof/default.mspx.
10
Introduction
Setup
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This course uses Microsoft Virtual PC to host three complete computers on a single workstation. The following table describes the virtual machines used in this course, including their roles and any pre-installed tools and applications.
Virtual machine London Role Domain controller Installed tools/applications Windows Server 2003 Microsoft Active Directory, DNS, DHCP, WINS Glasgow Vancouver User computer User computer Windows XP Professional Windows XP SP2 Windows XP Professional Windows XP SP2
Introduction
11
Course files
There are files on the Vancouver virtual machine that are associated with the practices and labs in this course. You can find them in the following locations:
! !
Practice files are located in the folder E:\MOC\2285B\Practices. Lab files are located in the folder E:\MOC\2285B\Labfiles.
When you reach a point at which you need a file to complete a practice or lab, you will be given the appropriate information about the virtual machine and file path. Classroom setup Additional Reading Each computer in the classroom will have the same virtual machines configured in the same way. For more information on Microsoft Virtual PC technology, see the Microsoft Virtual PC home page at http://www.microsoft.com/windows/virtualpc/ default.mspx.
12
Introduction
Demonstration: Using Microsoft Virtual PC
*****************************ILLEGAL FOR NON-TRAINER USE****************************** In this demonstration, your instructor will help familiarize you with the Virtual PC environment in which you will work to complete the practices and labs in this course. You will learn:
! ! ! ! !
How to open Virtual PC. How to start Virtual PC. How to log on to Virtual PC. How to switch between full screen and window modes. How to tell the difference between the virtual machines that are used in the practices for this course. That the virtual machines can communicate with each other and with the host, but they cannot communicate with other computers that are outside of the virtual environment. (For example, no Internet access is available from the virtual environment.) How to close Virtual PC.
Keyboard shortcuts
While working in the Virtual PC environment, you may find it helpful to use keyboard shortcuts. All Virtual PC shortcuts include a key that is referred to as the HOST key or the right-ALT key. By default, the HOST key is the ALT key on the right side of your keyboard. Some useful shortcuts include:
! ! !
ALT+DELETE to log on to the Virtual PC ALT+ENTER to switch between full screen mode and window modes ALT+RIGHT ARROW to display the next Virtual PC
For more information about using Virtual PC, see Virtual PC Help.
Introduction
13
Practice: Starting and Logging on to Virtual PC 2004
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Instructions Complete the procedures below to practice starting and logging on to Virtual PC 2004. In this practice, use the following values.
Variable Virtual machinedomain controller Domain administrator Virtual machineuser computer Local administrator Virtual machineuser computer Local administrator Value London Administrator Glasgow Administrator Vancouver Administrator
Procedures
! To start Virtual PC 2004

1. On your local (or host) computer, click Start, point to All Programs, and then click Microsoft Virtual PC. 2. In the Virtual PC Console, click 2285B-LON-DC, and then click Start to start the London virtual machine.
14
Introduction
! To log on to Virtual PC 2004

1. On the London virtual machine, press right-ALT+DELETE. Note The ALT key on the right side of the keyboard is referred to as both the right-ALT key and the HOST key in Virtual PC Help and menus. 2. In the Log On to Windows dialog box, in the User name box, type Administrator. In the Password box, type P@ssw0rd. In the Log on to box, verify that NWTRADERS is selected, and then click OK. 3. Switch to the Virtual PC Console window. 4. Start Vancouver (2285B-VAN-PC). You do not need to log on. 5. Start Glasgow (2285B-GLA-PC). You do not need to log on. 6. After the Glasgow virtual machine has started, click Action and then click Pause to pause the virtual machine. Note Pausing virtual machines that are not in use will improve the system performance of the running machines. 7. Leave the London and Vancouver virtual machines running for use in the next module.
Introduction
15
Microsoft Learning
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Microsoft Learning develops Official Microsoft Learning Products for computer professionals who design, develop, support, implement, or manage solutions by using Microsoft products and technologies. These learning products provide comprehensive, skills-based training in instructor-led and online formats. Microsoft Learning information For more information, visit the Microsoft Learning Web site at http://www.microsoft.com/learning/.
16
Introduction
Microsoft Learning Product Types
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Microsoft Learning offers four types of instructor-led products. Each is specific to a particular audience type and level of experience. The different product types also tend to suit different learning styles. These types are as follows:
!
Microsoft Official Courses are for IT professionals and developers who are new to a particular product or technology and for experienced individuals who prefer to learn in a traditional classroom format. Courses provide a relevant and guided learning experience that combines lecture and practice to deliver thorough coverage of a Microsoft product or technology. Courses are designed to address the needs of learners engaged in planning, design, implementation, management, and support phases of the technology adoption lifecycle. They provide detailed information by focusing on concepts and principles, reference content, and in-depth, hands-on lab activities to ensure knowledge transfer. Typically, the content of a course is broad, addressing a wide range of tasks necessary for the job role. Microsoft Official Workshops are for knowledgeable IT professionals and developers who learn best by doing and exploring. Workshops provide a hands-on learning experience in which participants use Microsoft products in a safe and collaborative environment based on real-world scenarios. Workshops are the learning products where students learn by doing through scenario and through troubleshooting hands-on labs, targeted reviews, information resources, and best practices, with instructor facilitation.
Introduction
!
17
Microsoft Official Clinics are for IT professionals, developers and technical decision makers. Clinics offer a detailed how to presentation that describes the features and functionality of an existing or new Microsoft product or technology, and that showcases product demonstrations and solutions. Clinics focus on how specific features will solve business problems. Microsoft Official Seminars are for business decision makers. Through featured business scenarios, case studies, and success stories, seminars provide a dynamic presentation of early and relevant information on Microsoft products and technology solutions that enable decision makers to make critical business decisions. Microsoft Official Seminars are concise, engaging, direct-from-the-source learning products that show how emerging Microsoft products and technologies help our customers serve their customers.
18
Introduction
Microsoft Certified Professional Program
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Microsoft Learning offers a variety of certification credentials for developers and IT professionals. The Microsoft Certified Professional (MCP) program is the leading certification program for validating your experience and skills, keeping you competitive in todays changing business environment. MCP certifications The MCP program includes the following certifications:
!
MCDST on Microsoft Windows XP The Microsoft Certified Desktop Support Technician (MCDST) certification is designed for professionals who successfully support and educate end users and troubleshoot operating system and application issues on desktop computers running the Microsoft Windows operating system.
MCSA on Microsoft Windows Server 2003 The Microsoft Certified Systems Administrator (MCSA) certification is designed for professionals who implement, manage, and troubleshoot existing network and system environments based on the Windows Server 2003 platform. Implementation responsibilities include installing and configuring parts of systems. Management responsibilities include administering and supporting systems.
MCSE on Windows Server 2003 The Microsoft Certified Systems Engineer (MCSE) credential is the premier certification for professionals who analyze business requirements and design and implement infrastructure for business solutions based on the Windows Server 2003 platform. Implementation responsibilities include installing, configuring, and troubleshooting network systems.
Introduction
!
19
MCAD The Microsoft Certified Application Developer (MCAD) for Microsoft .NET credential is appropriate for professionals who use Microsoft technologies to develop and maintain department-level applications, components, Web or desktop clients, or back-end data services, or who work in teams developing enterprise applications. The credential covers job tasks ranging from developing to deploying and maintaining these solutions.
MCSD The Microsoft Certified Solution Developer (MCSD) credential is the premier certification for professionals who design and develop leading-edge business solutions with Microsoft development tools, technologies, platforms, and the Microsoft Windows DNA architecture. The types of applications MCSDs can develop include desktop applications and multiuser, Web-based, N-tier, and transaction-based applications. The credential covers job tasks ranging from analyzing business requirements to maintaining solutions.
MCDBA on Microsoft SQL Server 2000 The Microsoft Certified Database Administrator (MCDBA) credential is the premier certification for professionals who implement and administer SQL Server databases. The certification is appropriate for individuals who derive physical database designs, develop logical data models, create physical databases, use Transact-SQL to create data services, manage and maintain databases, configure and manage security, monitor and optimize databases, and install and configure SQL Server.
MCP The Microsoft Certified Professional (MCP) credential is for individuals who have the skills to successfully implement a Microsoft product or technology as part of a business solution in an organization. Hands-on experience with the product is necessary to successfully achieve certification.
MCT Microsoft Certified Trainers (MCTs) demonstrate the instructional and technical skills that qualify them to deliver Official Microsoft Learning Products through a Microsoft Certified Partner for Learning Solutions.
Certification requirements
Requirements differ for each certification category and are specific to the products and job functions addressed by the certification. To become a Microsoft Certified Professional, you must pass rigorous certification exams that provide a valid and reliable measure of technical proficiency and expertise. For More Information See the Microsoft Learning Web site at http://www.microsoft.com/learning/. You can also send e-mail to mcphelp@microsoft.com if you have specific certification questions.
20
Introduction
Acquiring the skills tested by an MCP exam
Official Microsoft Learning Products can help you develop the skills that you need to do your job. They also complement the experience that you gain while working with Microsoft products and technologies. However, no one-to-one correlation exists between Official Microsoft Learning Products and MCP exams. Microsoft does not expect or intend for the courses to be the sole preparation method for passing MCP exams. Practical product knowledge and experience is also necessary to pass MCP exams. To help prepare for MCP exams, use the preparation guides that are available for each exam. Each Exam Preparation Guide contains exam-specific information such as a list of topics on which you will be tested. These guides are available on the Microsoft Learning Web site at http://www.microsoft.com/learning/.
Introduction
21
Facilities
*****************************ILLEGAL FOR NON-TRAINER USE******************************
THIS PAGE INTENTIONALLY LEFT BLANK

Contents Overview Lesson: Manually Installing Windows XP Professional Lesson: Automating a Windows XP Professional Installation Lesson: Using an Image to Install Windows XP Professional Lesson: Transferring User Files and Settings to a New Computer Lesson: Installing Windows XP Service Pack 2 Lesson: Monitoring Windows XP Professional Security Status by Using Security Center 1 2 11 20 24 29
37
iii
Instructor Notes
Presentation: 90 minutes This module provides students with the knowledge and skills necessary to plan an installation of and then install Microsoft Windows XP Professional. Students will learn both manual and automated installation methods and how to activate Windows XP Professional after installation. There is no lab for this module.
Lab: 00 minutes Objectives
After completing this module, students will be able to:

! ! ! ! ! !
Install Windows XP Professional manually. Automate an installation of Windows XP Professional. Use an image to install Windows XP Professional. Transfer user files and settings to a new computer. Install Windows XP Service Pack 2. Monitor Windows XP Professional security status by using Security Center.
Required materials
To teach this module, the following materials are required:

! !
Microsoft PowerPoint file 2285B_01.ppt. Module 1 multimedia, The Implementing and Supporting Microsoft Windows XP Professional Installation Guide. This guide contains the first two modules of e-learning Course e2272, Implementing and Supporting Microsoft Windows XP Professional. Multimedia presentation How Setup Uses Answer Files and UDFs.
Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, the slides may not appear correctly. Preparation tasks To prepare for this module:
! ! !
Read all of the materials for this module. Complete the practices and the demonstration. Read all of the materials listed under Additional reading in this module.
iv

This section contains information that will help you to teach this module. For some topics in this module, references to additional information appear in notes at the end of the topic. Read this additional information when preparing to teach the module. During class, ensure that students are aware of the additional information. Most of the students attending this course have already installed a Windows operating system. This module is therefore designed as a high-level review of the information that students must know to perform a manual or automated installation of Windows XP Professional. Modules 1 and 2 of Course e2272, Implementing and Supporting Microsoft Windows XP Professional, are included in the Additional Reading section of the Student Materials compact disc. Students can use the e-learning modules for more detailed and additional information, and as a review to prepare for Exam 70-210 or Exam 70-270. Review the modules from the e-learning course before teaching this module. You may also use the modules to create a blended-learning strategy for this content. Depending on the level of the students, you can:
!
Demonstrate the contents of the e-learning modules as indicated in the lesson material. Make the modules a course prerequisite, which gives you the option not to teach this module. Use the modules to supplement course materials in the classroom. Position the modules to students as supplemental material, to be referenced outside the classroom.
! !
Demonstration Pages, Practices, and Labs

Explain to the students how the demonstrations, practices, and labs are designed for this course. A module includes two or more lessons. Most lessons include demonstration pages and a practice. Demonstration pages The demonstration pages provide you with the steps to demonstrate a task. Students do not perform the tasks on these pages with the instructor. They will use these steps to perform the practice at the end of each lesson. After you have presented the contents of a topic and demonstrated the procedures for a lesson, explain that the practices will give students a chance for hands-on learning of all the tasks discussed in the lesson. Some modules include a lab (located at the end of the module). The lab enables students to practice the tasks that are discussed and applied in the entire module. Using real-world scenarios, the lab gives students a set of instructions in a twocolumn format. The left column provides the task (for example, Create a group). The right column provides specific instructions that students will use to perform the task (for example, From Active Directory Users and Computers, double-click the domain node). An answer key for each lab exercise is located in the Appendices folder on the Student Materials compact disc, in case students require step-by-step instructions to complete the lab. They can also refer to the practice pages in the module.
Practices
Labs
vi
Lesson: Manually Installing Windows XP Professional

This section describes the instructional methods for teaching the following topics. Demonstration: The Implementing and Supporting Windows XP Professional Guide Perform the demonstration on the Host computer, logged on to the local computer as Administrator. For this demonstration, open the guide from the Additional Reading section on the Student Materials compact disc, and show students where they can find additional information. For example, navigate through the topic Planning an Installation of Microsoft Windows XP Professional, and use the topic Troubleshooting Failed Installations to show students material that is not presented in this module. Answer any questions that students have, and make sure that they know where to find the guide on the Student Materials compact disc. Present the issues that students must consider before they install Windows XP Professional. Emphasize that although Windows XP Professional can run on a computer that meets the minimum requirements, it will run more efficiently on a computer that has the recommended system levels. Describe how to install Windows XP Professional from a compact disc or from a server connected to a network. Emphasize the use of strong passwords. For more information about creating strong passwords, see the Microsoft Web site at http://www.microsoft.com/windowsxp/home/using/productdoc/en/ default.asp?url=/windowsxp/home/using/productdoc/ en/windows_password_tips. Emphasize that failing to activate Windows XP Professional renders a computer unusable. The computer will remain unusable until the student activates the operating system. This practice activity is a simulation. Start the simulation on your computer. (You should be aware that Microsoft Internet Explorer warning messages will only appear if the host system is a Windows XP Professional computer with Service Pack 2 installed. Service Pack 2 changes to Internet Explorer will be covered later in the course. Tell students to click Yes if the warning message appears.) When the Practice Activity window opens, students can click anywhere to begin the simulation. The simulation does not use a strong password because it is being reused from an earlier course. Stress that students should use strong passwords in the real world.
The Pre-Installation Process
How to Install Windows XP Professional
How to Activate Windows XP Professional Practice: Installing Windows XP Professional
vii
Lesson: Automating a Windows XP Professional Installation

This section describes the instructional methods for teaching the following topics. What Are the Components of an Automated Installation? Introduce the two types of files that are used to automate an installation of Windows XP Professional: answer files and Uniqueness Database Files (UDFs). The animation in this lesson will describe answer files and UDFs in detail. To prepare for this topic, review the material in Modules 1 and 2 of Course e2272, Implementing and Supporting Microsoft Windows XP Professional. Explain that using the Setup Manager Wizard is the easiest way to create an answer file. Students will use the wizard in a practice later in the lesson. This animation, which is approximately five minutes in duration, illustrates how Setup uses answer files and UDFs. Explain to students that the table in the Workbook describes scenarios and outcomes that are described in the animation. This multimedia concludes with interactive questions. You can work through these questions with the class as a group. Practice: Running Setup Manager Practice: Viewing and Verifying an Answer File In this practice, students will extract and install the Setup Manager files, and will use Setup Manager to create an answer file. In this practice, students will examine the contents of the answer file they created, and will verify that it is correct by comparing it against a sample answer file.
How to Use the Setup Manager Wizard Multimedia: How Setup Uses Answer Files and UDFs
Lesson: Using an Image to Install Windows XP Professional

This section describes the instructional methods for teaching the following topics. What Is an Image? Introduce the concept of an image. Explain that creating an image is like taking a picture of a configured computer that preserves all of the configuration settings of that computer. When you deploy the image, you superimpose that picture on other computers. Emphasize the difference between automating a setup and creating and deploying an image. Present the six steps to create and deploy an image. The slide associated with this topic is a six-part animated slide. Review the steps in the topic before class so that you can describe the tasks as you navigate the animated slide.
How to Create and Deploy an Image
viii
Lesson: Transferring User Files and Settings to a New Computer

This section describes the instructional methods for teaching the following topics. How to Transfer User Files and Settings Describe the Files and Settings Transfer (FAST) Wizard and the User State Migration Tool (USMT), which you can deploy to transfer user files and settings. The rest of the lesson focuses on the USMT. Explain to students the circumstances under which you would use each tool, but do not spend too much time on the FAST Wizard. Discuss the advantages of using the USMT, and then review the contents of one or more .inf files with students. Present the tools and files in the USMT that you can use to transfer user files and settings. (Be sure to review the additional material when preparing for this topic.) Explain to students that the USMT process has two parts: scanning the source computer and loading the destination computer. Discuss the syntax for INF scripts.
How the USMT Works
Lesson: Installing Windows XP Service Pack 2

This section describes the instructional methods for teaching the following topics. What Is Windows XP Service Pack 2? Service Pack 2 Features Explain the function of a service pack and explain that the main purpose of Service Pack 2 is to increase default system security, but that it also includes a variety of functional enhancements. Provide an overview of the major features of Service Pack 2. Point out that the features covered in the course are primarily those that affect user interface and administrative tools. The service pack also makes other programmatic changes to the operating system. Explain that you will examine some of the Service Pack 2 features in more depth elsewhere in the course, but that complete information is available in the white paper Changes to Functionality in Microsoft Windows XP Service Pack 2, which is located on the Student Materials compact disc. Explain that the Windows Update Web site is the primary source for obtaining service packs and other important updates. Encourage students to regularly check for updates. Differentiate between critical updates and noncritical updates that enhance functionality. Mention that organizations can install Software Update Services (SUS) on a computer running Microsoft Windows Server 2003 as a local access point for Windows updates. Present the procedures for obtaining updates from the Windows Update Web site. Differentiate between performing an Express install and a Custom install. Present the main options for obtaining and installing Service Pack 2. Explain that Service Pack 2 can be installed in an unattended manner.
What Is Windows Update?
How to Update a Computer Using Windows Update How to Install Service Pack 2
ix
Lesson: Monitoring Windows XP Professional Security Status by Using Security Center

This section describes the instructional methods for teaching the following topics. Common Threats Against Personal Computers Security Pack 2 Security Components Present the common threats against personal computers that exist in todays networking environment. Although there are many potential threat sources, emphasize those threats that can most easily be mitigated by configuring the proper security components in Service Pack 2. Present a general overview of the most important and easily accessed security components of Service Pack 2, including Windows Firewall, Automatic Updates, and Internet Explorer security enhancements. Help students draw the connection between these security features and the common network threats you just discussed. Present the basic functionality of Security Center, and explain that Security Center provides easy access and management for the most important security configuration settings on the computer. Note that specific configuration procedures for Windows Firewall and Internet Explorer options will be covered later in the course. Present the methods for configuring basic system security by using the options in Security Center. Also explain how to configure Automatic Updates automatically by configuring local policy settings. In this practice, students have an opportunity to work with Security Center and verify the security settings for Windows Firewall. Students will work with the Windows Firewall user interface in more depth later in the course.
What Is Security Center?
How to Configure Security Center Options Practice: Exploring Security Center Options
Assessment
There are assessment questions for each lesson in this module located on the Student Materials compact disc. You can use them as pre-instruction assessments to help students identify areas of difficulty, or as post-instruction assessments to validate learning. Consider using assessment questions to reinforce learning at the end of each day. You can also use them at the beginning of the day as a review of the information that you taught on the previous day.
Overview
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction As a support professional, one of your tasks may be to install users operating systems. There are several ways to perform an installation. You must decide which installation method is best for your purposes and choose the correct setup options. In this module, you will learn how to plan and perform an installation of Microsoft Windows XP Professional, and how to perform important postinstallation tasks. After completing this module, you will be able to:
! ! ! !
Objectives
Install Windows XP Professional manually. Automate an installation of Windows XP Professional. Use an image to install Windows XP Professional. Transfer user files and settings to a new computer running Windows XP Professional. Install Windows XP Service Pack 2. Monitor Windows XP Professional security status by using Security Center.
! !
Lesson: Manually Installing Windows XP Professional
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This lesson reviews the requirements for planning an installation of Windows XP Professional and the steps for installing the operating system from a product compact disc or from a network server. This lesson also describes how to activate Windows XP Professional after installation. After completing this lesson, you will be able to:
! ! ! !
Lesson objectives
Identify the tasks that you must complete prior to an installation. Describe the procedures for installing Windows XP Professional. Install Windows XP Professional. Activate Windows XP Professional after installation.
Demonstration: The Implementing and Supporting Windows XP Professional Guide
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction The Implementing and Supporting Microsoft Windows XP Professional Guide, found in the Additional Reading section of the Student Materials compact disc, contains detailed information about the installation process. In this demonstration, the instructor shows you how you can use the guide to find more in-depth information about topics introduced in this module, in addition to information about additional topics.
The Pre-Installation Process
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points The following list describes the issues that you must address before installing Windows XP Professional:
!
System requirements. Recommended hardware includes a PC with 300 megahertz (MHz) or faster processor clock speed, 128 megabytes (MB) or greater of RAM, 1.5 gigabytes (GB) of available hard disk space, Super VGA (800 600) or higher resolution video adapter and monitor, CD-ROM or DVD drive, keyboard, and Microsoft Mouse or compatible pointing device. (Minimum requirements include a 233 MHz processor and 64 MB of RAM.) Hardware and software compatibility. Check your hardware devices against the Hardware Compatibility List (HCL). Using hardware that is not on the HCL may result in problems during or after installation. You can also run the Microsoft Windows Setup Advisor on the product compact disc to generate compatibility reports. These reports provide you with information about incompatible hardware and software. Disk partitioning strategy. There are four disk-partitioning options from which to choose during installation. If you make an entire disk one partition, you cannot repartition the disk later without either reinstalling the operating system or using a third-party tool. File system strategy. NTFS is the recommended file system for Windows XP Professional because it provides security and enables file compression. If you do not require these security and compression features or if you plan to use a dual-boot configuration to run applications that are not compatible with Windows XP Professional, you can use FAT32 (file allocation table). Installation location. Typically, a network administrator or network architect decides whether to install Windows XP Professional in a workgroup or a domain. If you are unable to join a domain during Setup or if you have not made a decision before installation, join a workgroup. You can join a domain after completing the installation.
Additional reading
For more information about pre-installation tasks for Windows XP Professional, see The Implementing and Supporting Microsoft Windows XP Professional Guide, found in the Additional Reading section of the Student Materials compact disc. For more information about system requirements, see the Microsoft Web site at http://www.microsoft.com/windowsxp/pro/evaluation/sysreqs.asp. For the most recent version of the Windows XP Professional HCL, see the Microsoft Web site at http://support.microsoft.com/ default.aspx?scid=kb%3ben-us%3b314062.
How to Install Windows XP Professional
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points When you install Windows XP Professional from a compact disc, the first part of the Setup program is text-based. After you set a file system for the installation partition, the computer will restart in graphical mode using the Setup Manager Wizard. Use the Setup Wizard to customize regional settings, if necessary. You can also use the wizard to identify the user and organization, the product key, and the computer name and password for the local Administrator account. The local Administrator account resides in the computers Security Accounts Manager (SAM), not in the Microsoft Active Directory directory service. If you install in a domain, you must either assign a computer name in advance for an existing domain account, or assign the right to create a computer account within the domain. Note To increase security on your network, use complex passwords that are difficult for anyone to guess. For best practices in password policies, see Module 9, Configuring Microsoft Windows XP Professional to Operate in Microsoft Windows Networks, in Course 2272B, Implementing and Supporting Microsoft Windows XP Professional. If you are installing Windows XP Professional from a server connected to a network, the computer on which you will install Windows XP Professional must be able to connect to that server. After the computer is connected, run the Setup program and perform the installation in the same way as an installation from the product compact disc.
Important You should always install the Windows XP Professional operating system with the latest service pack.
Important You should always install antivirus software immediately after installing Windows XP Professional. You should be sure to keep your antivirus software up-to-date. Additional reading For more information about installing Windows XP Professional, see The Implementing and Supporting Microsoft Windows XP Professional Guide, found in the Additional Reading section of the Student Materials compact disc.
How to Activate Windows XP Professional
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points The first time you start a computer running Windows XP Professional, you are prompted to activate the installed copy of the operating system:
!
To activate Windows XP Professional by using the Internet, when the Activate Windows dialog box appears, click Yes, lets activate Windows over the Internet now and then click Next. To activate Windows XP Professional by using the telephone, click Telephone, and then follow the directions.
You must activate Windows XP Professional within 30 days of installation. After 30 days, users are prevented from gaining access to the operating system until activation occurs. In large organizations, you can use a Volume License Product Key that eliminates the need to individually activate each installation of Windows XP Professional. You can also activate Windows XP Professional as part of an automated installation (see Automating a Windows XP Professional Installation in this module). Additional reading For more information about product activation for Windows XP Professional, see the technical market bulletin Microsoft Product Activation for Windows XP, found in the Additional Reading section of the Student Materials compact disc. For a demonstration on product activation, see the Microsoft Web site at http://www.microsoft.com/windowsxp/evaluation/features/activation.mspx. For more information about volume license keys, see the Microsoft Web site at http://www.microsoft.com/piracy/activation_volumefaq.mspx.
Practice: Installing Windows XP Professional
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective In this practice, you will run a simulation that mimics the installation of Windows XP Professional on a new computer. After you have started the simulation, follow the on-screen instructions to complete the exercise. To complete this practice, you need:
! ! !
Practice setup
Simulation files located on the Student Materials compact disc A minimum display resolution of 800 x 600 with 256 colors To be logged on to the Host computer using the credentials your instructor provides
Note In this simulation, accounts that have nonsecure passwords are used to simplify the media. In a production environment, always use complex passwords that contain uppercase and lowercase alpha, numeric, and special characters, such as !, @, #, and $. Scenario You have been assigned the task of installing the base Windows XP Professional operating system on a new computer.
10
! Start the practice activity simulation

1. Insert the Student Materials compact disc into your CD-ROM drive. 2. If prompted that active content can damage your system, click Yes to access the CD-ROM. 3. On the Student Materials Web page, click Multimedia. 4. If necessary, in the Information Bar dialog box, select Do not show this message again, and then click OK. 5. If necessary, in the Information Bar, click the message, and then click Allow blocked content. 6. Click Installing Microsoft Windows XP Professional. 7. When the initial Practice Activity window opens, click anywhere to begin the simulation. 8. Follow the on-screen instructions to complete the simulation. 9. When the Congratulations screen of the simulation is displayed, close the 2272B_PIN and Course 2285: Installing, Administering, and Configuring Microsoft Windows XP Professional windows.
11
Lesson: Automating a Windows XP Professional Installation
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You can automate an installation of Windows XP Professional so that it requires no user intervention or limited user intervention. In this lesson, you will learn how to use answer files and Uniqueness Database Files (UDFs) to automate the installation of the operating system. You will also learn how to use the Setup Manager Wizard to create an answer file. After completing this lesson, you will be able to:
! ! ! !
Lesson objectives
Describe the components required to automate an installation. Extract the Setup Manager Wizard from the product compact disc. Describe how Setup uses answer files and UDFs. Run the Setup Manager Wizard and create an answer file to automate an installation of Windows XP Professional.
12
What Are the Components of an Automated Installation?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points Automating a Windows XP Professional installation requires the following files:
!
Answer file. This text file contains configuration settings that provide responses to setup questions. You can use an answer file to prepare an unattended, fully automated installation of Windows XP Professional. You can also change or add settings to automate an installation of Windows XP Professional on multiple computers that require the same configuration. Use the Setup Manager Wizard to create an answer file. Uniqueness Database File (UDF). This file provides replacement settings for the settings configured in an answer file. Creating a UDF enables you to then use one answer file to automate the installation for multiple client computers that require different setup configurations. Use a UDF to configure the unique settings, such as computer name, for each computer.
Copy the answer file and the UDF to a floppy disk or shared network location, and then run Setup on the client computer. Setup uses the settings from the answer file and the UDF to configure the computer. If you plan to customize the configuration during installation, you can require users to supply any settings by not configuring these settings in the answer file or the UDF. Additional reading For more information about automating an installation of Windows XP Professional, see The Implementing and Supporting Microsoft Windows XP Professional Guide, found in the Additional Reading section of the Student Materials compact disc.
13
How to Use the Setup Manager Wizard
*****************************ILLEGAL FOR NON-TRAINER USE****************************** The Setup Manager Wizard automates the process of creating an answer file by prompting you for installation options and then generating an answer file based on your responses. Installing the wizard The Setup Manager Wizard is a Windows XP Professional support tool. Perform the following steps to extract the wizards files from Support Directory on the product compact disc: 1. Create a folder named Deploy at the root of the system drive (for example, C:\Deploy). 2. Click Start, and then click Run. In the Open box, type drive:\Support\Tools\Deploy.cab (where drive is the location of the Windows XP Professional compact disc), and then click OK. 3. Select all files, right-click one of the selected files, and then click Extract. 4. Select the Deploy folder that you created, and then click Extract. Using the wizard The Setup Manager Wizard enables you to configure many Windows XP Professional installation options, including the user interaction level, distribution method, general settings, network settings, and advanced settings. It also allows you to encrypt the administrator password in the answer file (otherwise the password will be stored in plain text). To create an answer file, double-click Setupmgr.exe to start the wizard, and then follow the instructions to create the type of answer file that you want.
14
Multimedia: How Setup Uses Answer Files and UDFs
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points In this presentation, you will see how Setup uses answers files and UDFs. The value used for a particular setting depends on whether one or both of the files contains a key or value. The presentation describes the scenarios and results shown in the following table.
Answer file Key and value specified Key not specified Key and value specified Key not specified Section, key, or both section and key not specified UDF Key not specified Key and value specified Key and value specified Key specified without value Key and value specified Result Value in answer file is used. Value in UDF is used. Value in UDF is used. No value is set; user may be prompted for input. Section and key are created and used by Setup.
Additional reading
For more information about automating Setup using a UDF, see Unattended Installations in the Windows XP Professional Resource Kit, available on the Microsoft Web site at http://www.microsoft.com/resources/documentation/ Windows/XP/all/reskit/en-us/prbc_cai_tidq.asp.
15
Practice: Running Setup Manager
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective In this practice, you will install the Setup Manager Wizard and then create an answer file to produce an automated installation that meets the set of specified criteria. The London and Vancouver virtual machines should be running. As the manager of the Windows XP Professional deployment team in your organization, you must design an answer file to install Windows XP Professional from a compact disc. The answer file should produce an installation that meets the following criteria:
! !
Practice setup Scenario
Setup must be a fully automated CD-ROM installation. The default user name must be Trader, and the organization name must be Northwind Traders. The computer names must be assigned. The local Administrator account must be protected with a password of P@ssw0rd and the password must be encrypted in the answer file. The display resolution on all client computers must be set to 800 600. The time zone must be set appropriately. Disk Defragmenter (Dfrg.msc) must run the first time that a user logs on. The answer file must be named Unattend.txt and saved in the C:\Deploy folder.
! !
! ! ! !
Note For demonstration purposes in this practice, configure Disk Defragmenter to run when the user first logs on. Normally, you would not run Disk Defragmenter on a recently formatted hard disk.
16
! Extract the deployment files

1. On the Vancouver virtual machine, log on to the NWTRADERS domain as VancouverUser with the password of P@ssw0rd. 2. Click Start, click Run, and in the Open box, type E:\WinXPsupport\tools\deploy.cab and then click OK. 3. In the Deploy window, select all files, right-click a selected file, and then click Extract. 4. In the Select a Destination dialog box, expand My Computer, click Local Disk (C:), and then click Make New Folder. 5. Rename the new folder Deploy and then click Extract. 6. Close the Deploy window.
! Create the Unattend.txt file

1. In Windows Explorer, browse to the C:\Deploy folder, and in the details pane, double-click setupmgr. 2. On the Welcome to Setup Manager page, click Next. 3. On the New or Existing Answer File page, verify that Create new is selected, and then click Next. 4. On the Type of Setup page, verify that Unattended setup is selected, and then click Next. 5. On the Product page, verify that Windows XP Professional is selected, and then click Next. 6. On the User Interaction page, click Fully automated, and then click Next. 7. On the Distribution Share page, click Set up from a CD, and then click Next. 8. On the License Agreement page, select the I accept the terms of the License Agreement check box, and then click Next. 9. On the Name and Organization page, in the Name box, type your_name, in the Organization box, type Northwind Traders and then click Next. 10. On the Display Settings page, in the Screen area list, select 800 X 600, and then click Next. 11. On the Time Zone page, select your current time zone, and then click Next. 12. On the Product Key page, enter a string of 1s for the product key, and then click Next. 13. On the Computer Names page, in the Computer name box, type Vancouver and then click Add and Next. 14. On the Administrator Password page, in the Password and Confirm password boxes, type P@ssw0rd and then select the Encrypt the Administrator password in the answer file check box and click Next.
17
15. On the Networking Components page, verify that Typical settings is selected, and then click Next. 16. On the Workgroup or Domain page, select Domain, and then type nwtraders.msft 17. Select the Create a computer account in the domain check box, type Administrator in the User name box, type P@ssw0rd in the Password and Confirm password boxes, and then click Next. 18. Accept the default settings on the Telephony, Regional Settings, Languages, Browser and Shell Settings, Installation Folder, and Install Printers pages. 19. On the Run Once page, in the Command to add box, type dfrg.msc and then click Add and Next. 20. On the Additional Commands page, click Finish. 21. In the Setup Manager dialog box, in the Path and file name box, verify that C:\Deploy\unattend.txt appears, and then click OK. 22. Close the Setup Manager Wizard and Windows Explorer.
18
Practice: Viewing and Verifying an Answer File
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup In this practice, you will view an answer file and then compare the file with one already created for client computer installations. The London and Vancouver virtual machines should be running. On the Vancouver virtual machine, you should be logged on to the nwtraders domain as VancouverUser. You have already created an Unattend.txt file to automate the installation process. You have been asked to compare it to another file to verify that it was created with the correct parameters for your unattended installation.
Scenario
! Review the contents of the Unattend.txt file

1. On the Vancouver virtual computer, in the C:\Deploy folder, double-click Unattend.txt. 2. Scroll through the file to view the contents. 3. In the answer file, what Section and Key corresponds to each of the following values? 32-byte encrypted data string [GuiUnattended] AdminPassword=Encrypted data __________________________________________________________ your_name [UserData] FullName=your_name __________________________________________________________ Northwind Traders [UserData] OrgName= Northwind Traders __________________________________________________________
19
800 [Display] Xresolution=800 _________________________________________________________ 600 [Display] Yresolution=600 _________________________________________________________ dfrg.msc [GuiRunOnce] Command0=dfrg.msc _________________________________________________________ nwtraders.msft [Identification] JoinDomain=nwtraders.msft _________________________________________________________ 4. Minimize the Unattend.txt window.
! Compare the WinXPinst.txt and Unattend.txt files

1. In Windows Explorer, browse to E:\Moc\2285\Practices\Mod1, and doubleclick WinXPinst.txt. 2. Compare the WinXPinst.txt file to the Unattend.txt file, ensuring that the section headings are identical, and then close both files. 3. Close all open windows, and then log off.
20
Lesson: Using an Image to Install Windows XP Professional
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction An image is a duplicate of a hard disk that contains an installation of Windows XP Professional. Using an image can speed the installation process: You create the computer settings that you want once, and then use the image to install Windows XP Professional on all of the computers in your organization. This lesson introduces the process for creating, testing, and deploying an image. After completing this lesson, you will be able to:
! ! !
Lesson objectives
Describe how an image works. Identify the tasks involved in creating and deploying an image. Create and deploy an image.
21
What Is an Image?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points When you create an image of an existing computer and deploy that image on one or more computers, the image will contain Windows XP Professional, as well as the applications, files, desktop settings, and user preferences from the reference computer. Creating and deploying an image requires the following:
!
Reference computer. This computer provides a baseline configuration for other computers. The replicated contents are known as the image. Third-party disk imaging application. Use a non-Microsoft disk imaging application, such as PowerQuest Drive Image Pro. Software distribution point. This is the network share point, or removable media, on which the image is stored. Target computers. These are the new or existing computers on which you deploy an image. Target computers must have the same disk controller type and mass-storage device driver as the reference computer. For example, if the reference computer has a small computer system interface (SCSI) controller with a nongeneric driver, then the target computer must have a SCSI controller and use the same driver.
22
How to Create and Deploy an Image
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points Use the following table as a checklist to complete the tasks for creating and deploying an image.
Task Configure a reference computer. A reference computer includes Windows XP Professional, retail and custom in-house applications, and network and computer settings. Security measures should be applied to the reference computer before the image is created, so that the target systems are secure by default. Preserve custom user settings. Copy the customized user settings to the default user profile on the reference computer. Otherwise, only users who log on the target computer as Administrator will receive the customized settings. Steps 1. Install Windows XP Professional. 2. Configure the components and settings. 3. Install and configure the applications. 4. Implement security measures. 5. Test the configuration.
1. Create a new user account. 2. Log on as the new user and customize the desktop and other user settings. 3. Log on as Administrator and copy the new users profile to the default user profile. 4. Assign everyone permission to use the default user profile. 5. Delete the new user account you just created.
Module 1: Installing Windows XP Professional (continued) Task Automate the Mini-Setup Wizard. By default, a streamlined version of the Windows Setup Wizard will run after the image is deployed on the target computer. Use an answer file to automate the MiniSetup Wizard so that users are not prompted for configuration information. Prepare the hard disk. Run Sysprep.exe to remove all unique configuration settings from the hard disk on the reference computer, such as the SID and computer name. Removing this information prevents security problems that can occur when computers have the same SIDs. Create an image. Use a non-Microsoft disk imaging application to create an image of the reference computer. 1. Start the reference computer. Steps 1. Name the answer file Sysprep.inf. 2. Store the file in the Sysprep folder on the system partition. Note: Sysprep.exe will use the information stored in the Sysprep.inf answer file.
23
1. Copy the Sysprep files, Sysprep.exe and Setupcl.exe, to the Sysprep folder.
2. Run Sysprep.exe.
2. Start the disk imaging application and create the image. 3. Copy the image to removable media or a network share. 1. Start the target computer or computers. 2. Connect to the source of the image and run the third-party application. 3. Deploy the image by using the thirdparty application. The Mini-Setup Wizard completes the configuration when the computer restarts.
Deploy the image. Download the image to a network distribution share. Deploy the image on new or existing computers.
Additional reading
For more information on customizing and automating installations, see the Microsoft Web site at http://www.microsoft.com/resources/documentation/ windows/2000/professional/reskit/en-us/part2/proch05.mspx.
24
Lesson: Transferring User Files and Settings to a New Computer
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction A user state on a computer consists of user files, operating system settings, and settings associated with certain applications. Windows XP Professional has two toolsthe Files and Settings Transfer Wizard and the User State Migration Toolthat you can use to transfer these user files and settings. After completing this lesson, you will be able to:
!
Lesson objectives
Explain how the Files and Settings Transfer (FAST) Wizard and the User State Migration Tool (USMT) work and when to use them. Describe how to use the USMT command-line options and create custom .ini files. Transfer user files and settings to a new computer.
25
How to Transfer User Files and Settings
*****************************ILLEGAL FOR NON-TRAINER USE****************************** FAST Wizard The FAST Wizard enables you to transfer user files, folders, and settings to a new computer or to a clean installation of Windows XP Professional on an existing computer. Use the FAST Wizard in the following situations:
!
After upgrading or performing a new installation of Windows XP Professional on a single computer When end users are responsible for upgrading their own operating systems
USMT
The USMT has the same functionality as the FAST Wizard, and is especially useful for performing large deployments of Windows XP Professional in a corporate environment. The USMT has the following advantages:
!
The USMT enables IT professionals to quickly and easily transfer user files and settings as a part of operating system deployment efforts or computer replacement. The user spends very little time reconfiguring a new operating system or searching for lost files. The USMT reduces the number of reconfiguration calls to the help desk. The time saved can significantly reduce the costs associated with deploying a new operating system or new computers. The USMT can reduce training costs and improve the users experience with the new operating system by presenting a familiar, already configured operating system that requires little user adjustment.
26
Additional reading
For more information about transferring files and settings, see the white paper User State Migration in Windows XP, available on the Microsoft Web site at http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ usermigr.mspx. For a step-by-step guide to the FAST Wizard, see the Microsoft Web site at http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ mgrtfset.mspx.
27
How the USMT Works
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Command-line tools The USMT consists of two executable files, ScanState.exe and LoadState.exe. The following table describes these tools.
Tools ScanState.exe Description Collects user data and settings based on the information contained in: Migapp.inf (for installed applications) Migsys.inf (for system settings) Miguser.inf (for customizing the user environment) Sysfiles.inf (for migrating files) LoadState.exe Deposits the user state data on a computer running a new (not upgraded) installation of Windows XP Professional
Both tools are found on the Windows XP Professional compact disc in the \valueadd\msft\usmt\ folder. When you run the USMT as part of a mass installation, ScanState and LoadState are included as batch files. Tool requirements To transfer files and settings to a new computer by using the command-line tools, you require:
!
A server to which both the source and destination computers can gain access, with adequate space to save the migrating users state. A source computer containing an account for the user being transferred. A destination computer running Windows XP Professional that does not contain a profile for the user whose state you will transfer. An account with administrative privileges on the destination computer. The account cannot have the same name as the migrating user account. The account name and password of the user whose settings and files are to be transferred.
! !
28
Custom .inf files
The USMT is driven by a shared set of .inf files that you can customize for the unique requirements of each migration. Use custom .inf files to change, delete, or add settings, files, and folders during the USMT transfer process. Files, file types, folders, and registry keys or values are some of the objects that you can add to the transfer process. INF scripts use an object specification syntax. The syntax is: <obj type>, <object> [, <attribute> [, . . .]] To add or remove file types, folders, or settings: 1. Use Notepad to create an .inf file. 2. Save the file in a USMT/Scan folder that you create on the server. 3. Add the name of the .inf file that you have created to the default command line when you run ScanState.exe.
Additional reading
For more information about transferring files and settings with the USMT, see The Implementing and Supporting Microsoft Windows XP Professional Guide, which is located in the Additional Reading section of the Student Materials compact disc. For more information about using the command-line tools, see Chapter 7 of The Change and Configuration Management Deployment Guide in the Windows XP Professional Resource Kit.
29
Lesson: Installing Windows XP Service Pack 2
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction In this lesson, you will learn about the features and functionality of Service Pack 2, including how to obtain and install it. You will also learn how to obtain other updates to Windows from the Windows Update Web site. After completing this lesson, you will be able to:
! ! ! ! !
Lesson objectives
Identify the primary functionality of Windows XP Service Pack 2. Describe the features of Service Pack 2. Identify the primary functionality of the Windows Update Web site. Update a computer by using Windows Update. Install Service Pack 2.
30
What Is Service Pack 2?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Updates to Windows Microsoft releases updates to its Windows products on a regular basis. Service packs are a category of comprehensive updates that generally include all prior product updates, as well as important new features and functions. Between service packs, interim updates are released that can include new and improved device drivers and enhancements to Windows functionality. When necessary, updates can be used to address issues in the operating system. To maintain the highest level of security and functionality, all Windows systems should be kept current by regularly applying the latest service packs and other Windows updates. Service Pack 2 Windows XP Service Pack 2 (SP2) is a significant update to Windows XP that Microsoft released as part of a major effort to respond to an increased number of threats against the security of desktop computers. Like all Windows service packs, Windows XP Service Pack 2 includes all of the critical updates released for Windows XP to date. In addition, Service Pack 2 includes many new enhancements to Windows XP. These enhancements are aimed primarily at increasing the default level of security for the operating system. For example, by helping to block potentially harmful Internet content, Service Pack 2 can increase the level of protection that Windows XP provides against network threats such as viruses, hackers, and worms. Service Pack 2 also includes enhancements to improve a users overall computing experience. For example, the enhancements to Microsoft Internet Explorer can make browsing the World Wide Web more pleasant by blocking pop-up advertisements and other unwanted content. Additional reading For an overview of Service Pack 2 features, see Microsoft Windows XP Service Pack 2, located in the Additional Reading section of the Student Materials compact disc.
31
Service Pack 2 Features
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Some Service Pack 2 features directly affect system administrators and the endusers they support, while other features are of more significance to software developers who create or modify Windows-based applications. The Service Pack 2 features that are of the most interest to system administrators and to end users can be grouped into the following categories:
!
Enhancements to network security and configuration Windows Firewall is installed and activated by default, to provide a default level of security for local network traffic as well as traffic to and from the Internet. The Wireless Network Setup Wizard and Wireless Provisioning services make it easier to configure wireless client systems securely.
Improved Web browsing and Internet security Internet Explorer includes a number of tools and configuration settings to help users control unwanted content, such as pop-up advertisements, as well as potentially damaging content, such as downloaded applications. The Information Bar provides a central way for Internet Explorer to notify users about these types of content. It also helps the user respond appropriately to events such as blocked pop-up windows or blocked software installations. Administrators now have greater control over which Web sites users can access. Administrators also have greater control over the type of content users can view or download, either from the Internet or from the local network.
E-mail enhancements Additional protections against downloading potentially damaging e-mail content have been built into the Microsoft Outlook Express e-mail reader.
Improved computer maintenance tools Windows XP with Service Pack 2 includes improved tools for maintaining the operating system and managing the list of installed applications. The Security Center tool provides centralized access to the most important system security configuration settings.
32
Additional reading
For more information about these and other Service Pack 2 features and functionality, see the Microsoft white paper Changes to Functionality in Microsoft Windows XP Service Pack 2, located in the Additional Reading section of the Student Materials compact disc.
33
What Is Windows Update?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Windows Update Windows Update is the most reliable, convenient, and authoritative place to obtain all current Windows updates and enhancements. You can access Windows Update at http://windowsupdate.microsoft.com. Windows Update is a Web site that functions as an online extension of the Windows XP operating system. It provides one-stop access to the entire collection of updates for Windows and the various programs included with Windows. Windows Update can automatically scan computers and recommend updates to install. The list of available updates includes:
! ! !
High-priority updates, including service packs and security updates. Optional hardware updates, including updated device drivers. Optional software updates to enhance Windows operating system functionality.
Software Update Services (SUS)
So that each client computer does not have to connect individually to Windows Update to obtain and install updates, administrators can install Software Update Services (SUS) on a local computer running Microsoft Windows Server 2003. Administrators can then download updated files from Windows Update to the SUS server, choose which updates to include for the client computers, and use the SUS server as a local point of distribution for client updates. For more information about SUS, see the Microsoft Web site at http://www.microsoft.com/windowsserversystem/sus/default.mspx.
Additional reading
34
How to Update a Computer by Using Windows Update
*****************************ILLEGAL FOR NON-TRAINER USE****************************** How to access Windows Update To access Windows Update, use any of the following techniques:
!
In the Help and Support Center, under Pick A Task, click Keep Your Computer Up-To-Date With Windows Update. Click Start, click All Programs, and then click Windows Update. At the command prompt, type wupdmgr In Internet Explorer, on the Tools menu, click Windows Update. In Internet Explorer, navigate to http://windowsupdate.microsoft.com.
! ! ! !
How to locate, download, and install updates
After you are connected to the Windows Update Web site, you can scan for and install available updates. To locate, download, and install updates, follow these steps: 1. Select your installation method. Click Express Install to automatically scan for, download, and install critical and security updates. Click Custom Install to scan for available updates, and then select the updates you want to download and install from a list. 2. Follow the prompts to install each selected update. Each update can have its own installation procedure. 3. Configure update settings on the local computer, if necessary.
35
How to Install Service Pack 2
*****************************ILLEGAL FOR NON-TRAINER USE****************************** There are two major steps in the process of installing Service Pack 2: obtaining the installation source files and performing the installation. Installation sources There are several possible sources where you can obtain the Service Pack 2 installation files:
!
You can download and install Service Pack 2 from the Windows Update Web site directly onto individual machines. You can order a CD-ROM containing the installation files for Service Pack 2 from Microsoft. You can then use the CD-ROM source files to install the service pack on one or more computers. Or you can share the CDROM contents in a network location. You can download the installation package for Service Pack 2 from Windows Update. You can then use this to install the service pack on multiple computers. Place this package in a central location, such as a shared network folder, or create individual installation CD-ROMs.
Service Pack 2 installation
You will start the installation of Service Pack 2 differently, depending on your installation file source:
!
If you are installing from the Windows Update Web site, the installation will proceed automatically. If you are installing from a CD-ROM, place the CD-ROM in the CD-ROM drive. The installation should start automatically. If not, open the CD-ROM and run the installation executable file, XPSP2.exe. If you are installing from a shared network folder, connect to the shared folder location and run the installation executable file. If you are installing from a shared CD-ROM, the executable file will be XPSP2.exe. If you are installing from the network installation package, the executable file will be WindowsXP-KB835935-SP2-ENU.exe.
36
In each case, once the installation is under way, follow the prompts to complete the installation and then restart the computer. Unattended installation You can include Service Pack 2 as part of an unattended installation. This ensures that Service Pack 2 security features are immediately applied to the newly installed system. You can:
!
Add a line to the [GuiRunOnce] section of your answer file and provide the path to the service pack installation source file. In this case, the service pack installation will launch the first time a user logs on after installation. Include a Cmdlines.txt file in the $OEM$ subfolder in your unattended installation source. In the file, include a line that provides the path to the service pack installation source file. In this case, the installation will launch once the main operating system installation has completed. Deploy Service Pack 2 automatically by using server-based tools such as Active Directory Group Policy, Systems Management Server, and SUS. (You must be a network administrator to use this option.)
Note Microsoft does not recommend performing an integrated installation of Windows XP and Service Pack 2. Complete the base operating installation and then install the service pack to prevent loss of network connectivity at the point during the installation when Windows Firewall is enabled. Additional reading For more information about configuring unattended installations of service packs, see Chapter 4, Supporting Installations, in the Windows XP Professional Resource Kit. For more information about planning Service Pack 2 deployments, see the Application Compatibility Testing and Mitigation Guide for Windows XP Service Pack 2, available at http://www.microsoft.com/technet/prodtechnol/ winxppro/deploy/sp2apcom.mspx.
37
Lesson: Monitoring Windows XP Professional Security Status by Using Security Center
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction In this lesson, you will learn about common threats against personal computers and about the major security features of Service Pack 2 that are designed to protect against these threats. You will also learn how to use the Service Pack 2 Security Center to configure security options. After completing this lesson, you will be able to:
! ! ! !
Lesson objectives
Identify common threats against personal computer security. Describe the primary security components of Security Pack 2. Identify the primary functionality of Security Center. Configure Security Center options.
38
Common Threats Against Personal Computers
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points Threats against personal computers can take several forms:
!
Viruses and other malicious software, such as worms or Trojan horses, can infect a system. When a worm is introduced into the local network, it can spread rapidly in ordinary local network traffic, or by infecting documents that users open unsuspectingly. Downloaded Internet content is another way that malicious software can be introduced onto a system. For example, a user may install what seems to be a harmless and amusing screensaver or a useful browser utility, and the seemingly innocuous content carries a virus or worm. E-mail attachments are a common source for transmitting viruses and other malicious software. Viruses can hide inside e-mail messages that seem to arrive for legitimate business purposes, or users can be tricked into opening attachments from unknown or unverified senders. Attackers can make direct attempts to breach the security of a system. They may do this to obtain private data, to disrupt system performance, or to perform unauthorized tasks.
Note Generally, attackers use software tools to connect to the targeted computer across the network. However, they may also contact users directly in hopes of persuading them to breach system security. This type of attack is known as social engineering. To prevent loss of data or system and network instability, all networked computers, including computers that run Windows XP, need to be secured and protected against virus infection or security breaches.
39
Service Pack 2 Security Components
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points The security-related updates in Service Pack 2 range from subtle alterations in security configuration and performance within the operating system to more significant and comprehensive security tools, features, and enhancements. The most prominent security components of Service Pack 2 include the following:
!
Windows Firewall. A firewall checks all traffic that passes to and from a computer, and determines which traffic is allowed or denied based on firewall policies that you set. Windows Firewall is a software-based firewall that is included with Service Pack 2. When you install Service Pack 2, Windows Firewall is enabled by default on all network connections. Automatic Updates enhancements. The Automatic Updates feature in Windows XP enables you to configure a system to automatically detect, download, and install critical updates either from Windows Update or from a local SUS server. Windows XP Service Pack 2 provides a number of enhancements to the Automatic Updates feature in Windows XP. Among these enhancements are the ability to download more categories of updates, better bandwidth management, and consolidation of updates so that less user input is required. Virus protection monitoring. Virus protection software is recommended for all computer systems, including those that run Windows XP. With Windows XP Service Pack 2 installed, the system will monitor for the installation of standard antivirus software packages, prompt the user at regular intervals to install antivirus software if it is not present, and prompt the user to update virus signature files.
40

!
Internet Explorer enhancements. Security enhancements to Microsoft Internet Explorer provide enhanced protection against malicious content on the Web, and also provide interface enhancements that make configuring security easier. The Information Bar consolidates many of the dialog boxes that provide information to the user. Internet Explorer now also includes a built-in pop-up window blocker, in addition to enhanced management for add-on utilities. Outlook Express enhancements. Service Pack 2 also provides security enhancements for Outlook Express users. The user can now block external content from being automatically downloaded and displayed in HTMLformatted messages, and even configure Outlook Express to display messages in plaintext format only. As a result, potentially unsafe attachments that are sent through e-mail and in instant messages are isolated, so that they cannot affect other parts of the system.
41
What Is Security Center?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points Security Center is a Service Pack 2 feature that provides a central interface for determining the status of security configurations of a computer. Security Center runs as a background service and provides real-time alerts when security conditions are detected. Security Center alerts appear in the notification area of the Windows XP taskbar. As a user-interface tool, the Security Center window allows you to view and configure settings for Automatic Updates and Windows Firewall, and view the status of some third-party antivirus software packages. It also enables you to access the security properties for Internet Explorer directly. Note If a computer running Windows XP with Service Pack 2 is a member of a domain, some Security Center options will not be available. For example, Security Center will not send alerts or display security status. For more information, see Windows Security Center overview in the Help and Support Center.
42
How to Configure Security Center Options
*****************************ILLEGAL FOR NON-TRAINER USE****************************** The Security Center window will open automatically following an installation of Service Pack 2 to enable you to configure the major security components of a computer. You can also access Security Center manually at any time. How to access Security Center To access Security Center, use any one of the following methods:
! !
Click Start, click Control Panel, and then click Security Center. Double-click the Windows Security Alerts icon in the taskbar.
How to enable Windows Firewall
When Service Pack 2 is installed, Windows Firewall is enabled by default. You can use Security Center if you need to enable the firewall manually. To enable Windows Firewall: 1. Open Security Center. 2. In the Manage security settings for area, click Windows Firewall. 3. In the Windows Firewall dialog box, click On (recommended), and then click OK. Important Turning off the firewall is a security risk and is not recommended.
43
How to configure Automatic Updates
Using Automatic Updates to detect and install service packs and security updates keeps a computer more secure. To configure Automatic Updates through Security Center: 1. Open Security Center. 2. In the Manage security settings for area, click Automatic Updates. 3. Click the appropriate option, and then click OK.
Click this option Automatic (recommended) To do this Download and install recommended updates at a time you specify. This is the default option. Download updates and have the system prompt you to install them. You must be a member of the Administrators group to receive the update alerts. Scan for updates and have the system prompt you to download and install them. You must be a member of the Administrators group to receive the update alerts. Turn Automatic Updates off.
Download updates for me, but let me choose when to install them.
Notify me but dont automatically download or install them.
Turn off Automatic Updates.
Important Turning off Automatic Updates is a security risk and is not recommended. Tip You can configure Automatic Updates on the Automatic Updates tab of the System Properties dialog box. To open the System Properties dialog box, click Start, right-click My Computer, and then click Properties. Automatic Updates policy settings Group Policy settings may also be used to configure Automatic Updates. These policies can be set in the Local Computer Policy if the computer is in a workgroup or through Group Policy if the computer is a member of a domain. If policies are set on the domain level, they will override any locally set policies. For more information on Group Policy settings for Automatic Updates, see article 328010, How to Configure Automatic Updates by Using Group Policy or Registry Settings, in the Microsoft Knowledge Base at http://support.microsoft.com/default.aspx?scid=kb;en-us;328010.
Additional reading
44
Practice: Exploring Security Center Options
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup Scenario To access the primary security features of Service Pack 2 and Security Center. The London and Vancouver virtual machines should be running. Service Pack 2 has recently been installed on your computer running Windows XP Professional. Your manager has asked you to explore the security features available through Security Center. Also, the IT department would like you to configure the firewall to be set to on and AutoUpdates to be set to off. No virus protection will be installed on your system at this time.
! Explore Security Center help

1. On the Vancouver virtual machine, log on to the nwtraders domain as Administrator with a password of P@ssw0rd. 2. Click Start, and then click Control Panel. 3. Click Security Center. 4. Click Get help about Security Center. 5. What security areas does Windows Security Center check for you? Firewall Virus protection Automatic Updates ____________________________________________________________ ____________________________________________________________
45
6. Why would Security Center not display your security status? If you are in a domain, security status is not displayed. It is only displayed if you are in a workgroup. ____________________________________________________________ ____________________________________________________________ 7. Which Automatic Updates require you to be a member of the Administrators group? Download updates for me, but let me choose when to install them. Notify me but dont automatically download or install them. ____________________________________________________________ ____________________________________________________________ 8. Close the Help and Support Center window.
! Configure security settings through Security Center

1. Click Windows Firewall. 2. In the Windows Firewall dialog box, ensure that On (recommended) is selected, and then click OK. 3. In the Security Center, click Automatic Updates. 4. In the Automatic Updates dialog box, verify that Turn off Automatic Updates is selected, and then click OK. 5. Close the Windows Security Center window and then close Control Panel. 6. Log off as Administrator. (Click Start, click Log Off, and then click Log Off again.)

Contents Overview Lesson: Installing Hardware Devices Lesson: Configuring Modems, Printers, and Monitors Lesson: Troubleshooting Device Drivers Lesson: Disabling and Uninstalling Hardware Devices 1 2 12 16 24
iii
Instructor Notes
Presentation: 60 minutes This module teaches students how to install new hardware devices and how to configure and maintain existing hardware devices and their drivers on computers running Microsoft Windows XP Professional. Students will also learn how to roll back device drivers to a previous version, and how to uninstall drivers and hardware devices. There is no lab in this module.
Labs: 00 minutes Objectives

! ! ! !
Install hardware devices. Configure hardware devices, such as modems, printers, and monitors. Troubleshoot device drivers. Disable, enable, and uninstall hardware devices.
Required materials
To teach this module, you need the Microsoft PowerPoint file 2285B_02.ppt. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, slides may not appear correctly.
Preparation tasks
To prepare for this module:

! ! !
Read all the materials for this module. Complete the practices. Read the materials listed under Additional reading for each topic. Document your own additional reading to share with the class.
iv

This section contains information that will help you to teach this module. For some topics in this module, references to additional information appear in notes at the end of the topic. Read the additional information when preparing to teach the module. During class, ensure that students are aware of the additional information.
Lesson: Installing Hardware Devices

This section describes the instructional methods for teaching this lesson. Types of Hardware Introduce students to basic hardware installation. Focus on the types of hardware devices and the methods for installing and configuring them. Describe hot-swap and cold-swap hardware devices and explain the differences between them, and define a Plug and Play device as a device that works simply by being plugged in, with no configuration required. Present several examples of Plug and Play devices, such as digital Universal Serial Bus (USB) cameras and printers that support USB. Tell students that the use of nonPlug-and-Play devices is not recommended with Windows XP Professional, although they can be used with the appropriate vendor drivers. Typical nonPlug-and-Play devices include video cards, most network adapters, and most modems. Describe the correct procedures for installing new hardware devices. You may want to demonstrate how to use the Add Hardware Wizard, closing the wizard before you actually install a new device. Let students know that they will use the wizard later in a practice. Emphasize the differences between the configuration of Plug and Play devices and nonPlug-and-Play devices. Open Device Manager and expand a few of the device nodes to let students see the types of devices that are listed and the information on the Properties page. Do not spend much time reviewing them because students will view configurations later in the module. It is important that students understand the meaning of device resources. Explain what input/output (I/O) memory addresses are and the use of interrupt request (IRQ) numbers. Open Device Manager and show students the Resources tab for a device (such as the network interface card), highlighting which IRQ setting is in use. In this practice, students will use the Add Hardware Wizard to simulate the installation of a Plug and Play device. After completing that task, students will use the wizard to install a nonPlug-and-Play device.
The Hardware Installation Process
Device Driver Configuration
Device Resource Configuration
Practice: Adding Devices with the Add Hardware Wizard
Lesson: Configuring Modems, Printers, and Monitors

This section describes the instructional methods for teaching this lesson. Modem and Printer Configuration Give students guidelines for configuring hardware devices. Include specific configuration steps by using Control Panel tools such as Printers and Faxes. Do not discuss all of the configuration options, but present examples of settings that can be configured and explain why they are used. Describe the situations in which students would use the multiple monitors feature; for example, if students are working with large documents, books, or spreadsheets. Emphasize the requirements that must be met before they can use multiple monitors. Describe the procedure for adding and arranging multiple monitors. If possible, demonstrate how to set up and use multiple monitors. You can set up a portable computer and another monitor, and then use the Dualview feature by plugging the other monitor into the VGA port on the back of your portable computer. Using just one computer, you can demonstrate how to work on one large document that is spread across two screens or how to work on two separate documents, one on each screen.
Monitor Configuration
How to Configure Multiple Monitors
Lesson: Troubleshooting Device Drivers

This section describes the instructional methods for teaching this lesson. Signed and Unsigned Device Drivers Describe driver signing and the potential problems of using unsigned drivers. Explain that Microsoft tests all drivers and digitally signs them when they meet a certain level of testing. Driver signing guarantees that the drivers have not been altered or overwritten by another programs installation process. Inform students that they can block unsigned drivers by using a Driver Signing option. Explain that drivers can be blocked by using local policy settings, but it is much better practice and much easier to use Group Policy settings to block them. How to Update Device Drivers Practice: Updating Device Drivers How to Roll Back Device Drivers Practice: Rolling Back Device Drivers Open Device Manager and show students the update process without actually updating a driver. In this practice, students will update a device driver. Open Device Manager and show students the rollback process without actually rolling back a driver. In this practice, students will use the Roll Back Driver feature to revert to the driver previously installed. Note Before working on this practice, students must have completed the practice Updating Device Drivers.
vi
Lesson: Disabling and Uninstalling Hardware Devices

This section describes the instructional methods for teaching this lesson. How to Disable and Enable Hardware Devices Emphasize the difference between disabling and uninstalling devices. Explain that when a device is disabled, only the driver has been disabled. The hardware has not been removed or reconfigured. The system retains disabled drivers but they are not installed and initialized at startup. To re-enable a device, students must enable the driver. Explain that uninstalled devices are no longer listed in Device Manager but drivers remain on the hard disk. Describe surprise removal, and discuss the impact of a surprise removal on the operating system. Discuss the difference between safe removal and surprise removal, and explain how to uninstall devices that support or do not support safe removal. In this practice, student will use Device Manager to disable, re-enable, and uninstall a hardware device. Note Before working on this practice, students must have completed the practice Adding Devices with the Add Hardware Wizard.
What Is Surprise Removal? How to Uninstall Hardware Devices Practice: Disabling and Uninstalling Hardware
Assessment
There are assessment questions for each lesson in this module located on the Student Materials compact disc. You can use them as pre-instruction assessments to help students identify areas of difficulty, or as post-instruction assessments to validate learning. Consider using assessment questions to reinforce learning at the end of each day. You can also use them at the beginning of the day as a review of the information that you taught on the previous day.
Overview
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction After installing Microsoft Windows XP Professional on a computer, you may want to add hardware to the computer, update a driver, or modify the hardware configuration. To enable any hardware that you add, you must:
! ! ! !
Install new hardware safely to protect the hardware and the computer. Configure hardware to maximize functionality. Maintain and upgrade existing hardware to ensure optimum functionality. Uninstall hardware correctly to protect data and the computer.
Objectives
After completing this module, you will be able to:

!
Add hardware efficiently and safely to a computer running Windows XP Professional. Configure modems, printers, and monitors for maximum functionality. Troubleshoot hardware device drivers to resolve installation problems. Uninstall hardware correctly to protect data and the computer.
! ! !
Lesson: Installing Hardware Devices
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This lesson introduces the types of hardware you may want to install on a computer running Windows XP Professional and describes the steps required to install new hardware safely and successfully. This lesson also provides guidelines for safely installing and configuring device drivers and resources. After completing this lesson, you will be able to:
! !
Lesson objectives
Identify types of hardware devices. Install hardware devices efficiently and safely on a computer running Windows XP Professional. Configure device drivers by using Device Manager. Configure device resources by using Device Manager.
! !
Types of Hardware
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Types of hardware devices You can install hot-swap and cold-swap hardware devices on a computer running Windows XP Professional. When you install a new device, Windows XP Professional automatically detects and configures it. The way in which detection occurs depends on the category of the device being installed:
!
Hot-swap hardware. This type of device requires that you plug it into the computer while the power is turned on; it will automatically install and configure itself. You can connect hot-swap devices to the following port types: Universal Serial Bus (USB) IEEE 1394 (FireWire) Small computer system interface (SCSI) Cold-swap hardware. This type of device requires that you turn off the computer before you connect the device. When you turn on the computer again, the device is automatically installed and configured. You can connect cold-swap devices to the following port types: Peripheral Component Interconnect (PCI) cards Industry Standard Architecture (ISA) cards
Windows XP Professional and Windows 2000 support hot-swap and cold-swap hardware devices.
What is a device driver?
A device driver is a software component that enables an operating system to communicate with a hardware device, such as a modem, network adapter, or printer. The hardware vendor may provide the appropriate device drivers. Windows XP Professional also provides device drivers for the most common modern hardware devices. The following list includes several characteristics of device drivers:
!
Before Windows can use a device that is attached to your system, you must install the appropriate device driver. If the operating systems Hardware Compatibility List (HCL) includes a device, a device driver usually accompanies the device. A device driver is installed automatically when you start the computer or when you connect a hot-swap device to the computer.
Types of device drivers
There are two types of device drivers:

!
Plug and Play drivers. These drivers enable a system to recognize and adapt to hardware configuration changes with little or no user intervention. You can install and uninstall a device that uses a Plug and Play driver dynamically, without manually changing the configuration. Some Plug and Play devices can be installed merely by plugging in the device. Other devices, such as Plug and Play ISA cards, require that you shut down the computer to install the device, and then restart the computer to initialize the device. Windows XP Professional and Windows 2000 support Plug and Play drivers.
NonPlug-and-Play drivers. These drivers require that you manually install and configure the devices that use the drivers. Plug and Play support depends on both the hardware device and the device driver. If the device driver does not support Plug and Play, the corresponding device operates as a nonPlug-and-Play device, regardless of any Plug and Play support provided by the hardware. Windows 2000 Professional supports nonPlug-and-Play devices. You can use nonPlug-and-Play devices on Windows XP Professional; however, this is not recommended because the device settings become fixed and do not permit Windows XP Professional to assign resources to them dynamically. Also, if you use too many nonPlug-and-Play device drivers, Windows XP Professional might not install any additional Plug and Play devices.
Additional reading
For more information about Plug and Play, see the white paper Plug and Play, at http://www.microsoft.com/technet/prodtechnol/windows2000pro/evaluate/ featfunc/plugplay.mspx. For more information about Plug and Play BIOS settings, see the Microsoft Web site at http://www.microsoft.com/technet/treeview/default.asp? url=/ technet/prodtechnol/winxppro/reskit/prdh_dmt_odlv.asp.
The Hardware Installation Process
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Connect the device If you are connecting a cold-swap device, turn off the computer before you plug in the device. You can plug in hot-swap devices while the computer is turned on. Windows XP Professional automatically installs Plug and Play hardware devices. The device drivers are stored in .cab files, and are extracted automatically during the installation process. For a nonPlug-and-Play device or if the driver is missing: 1. Obtain the device driver from one of the following sources: Windows XP Professional compact disc Microsoft Windows Update Web site (http:// windowsupdate.microsoft.com) Setup media provided by the device manufacturer 2. Install and configure the device driver by using the Add Hardware Wizard. Use the device Using the Add Hardware Wizard Begin using the device. You should not be required to restart the computer. If Windows XP Professional does not detect the new hardware or if you are installing a nonPlug-and-Play device, use the Add Hardware Wizard to install the new device. To start the wizard from Control Panel, switch to Classic View, and then double-click Add Hardware.
Install the device driver
Support for Bluetooth devices
Bluetooth wireless technology is a low-cost, short-range wireless specification for connecting mobile devices. Windows XP Service Pack 2 provides direct support for installing and configuring Bluetooth devices. When Bluetooth support is enabled with Service Pack 2, Bluetooth Devices is added to Network Connections in Control Panel. For more information about hardware that is compatible with Windows XP Professional, see the most recent HCLs on the Microsoft Web site at http://www.microsoft.com/whdc/hcl. For more information about Bluetooth support in Service Pack 2, see Part 2: Network Protection Technologies in the Microsoft white paper Changes to Functionality in Microsoft Windows XP Service Pack 2, found in the Additional Reading section on the Student Materials compact disc. For more information about installing and configuring Bluetooth devices, see article 883259, How to Install and Configure Bluetooth Devices in Windows XP Service Pack 2, in the Microsoft Knowledge Base at http://support.microsoft.com/default.aspx?scid=kb;en-us;883259.
Additional reading
Device Driver Configuration
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points In addition to automatically installing Plug and Play devices, Windows XP also automatically configures them. However, if you install nonPlug-and-Play devices on a computer running Windows XP Professional, you must use Device Manager to configure them correctly. Device Manager displays a list of active and installed devices. The device list in Device Manager is re-created after every system restart or dynamic change. You configure device drivers by using the Driver tab on the device Properties page. Device Manager can configure drivers and ports, but not actual hardware. Typically, you use Control Panel to configure hardware. Additional reading To find Microsoft and non-Microsoft drivers, see the Microsoft Web site at http://www.microsoft.com/technet/itsolutions/drivers/default.mspx. For more information about developing drivers on the Windows platform, see the Microsoft Web site at http://www.microsoft.com/whdc/driver/default.mspx.
Device Resource Configuration
*****************************ILLEGAL FOR NON-TRAINER USE****************************** To operate correctly, hardware devices require a set of resources to be allocated to them. These resources enable hardware components to gain access to the CPU and to memory without causing conflicts with other devices on the system. Device resource settings determine the physical resources that the device drivers use. Configuring Plug and Play devices Plug and Play devices have no default settings. Windows XP Professional automatically allocates and configures their device resources on request. If more than one device requests the same resource, Windows XP Professional changes the settings of one device to accommodate both requests. To change Plug and Play device resources, you must disable Plug and Play functionality. Change resource settings for a Plug and Play device only if it is necessary to fix a problem with a device. For example, if a hardware device does not initialize or operate properly after you install it, you may be required to change its resource settings. Changing resource settings permanently assigns the resources, which makes it impossible for Windows XP Professional to permit another device to use that resource. If you must change the configuration of a device manually, use Device Manager. Caution Modify resource settings only if necessary. Changing resource settings can cause conflicts and the loss of Plug and Play functionality. Before you change resource settings, make sure that the problem is a resource conflict and not a missing driver.
Configuring nonPlugand-Play devices
You must configure the resource settings of nonPlug-and-Play devices manually. To configure resource settings manually: 1. Generate a Device Resource Settings Report from Device Manager. 2. Compare the existing resource settings with the recommendations of the hardware manufacturer. 3. Change the settings on the Resources tab on the device Properties page.
Additional reading
For more information on configuring hardware devices and drivers, see the Help and Support Center.
10
Practice: Adding Devices with the Add Hardware Wizard
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective In this practice, you will use the Add Hardware Wizard to simulate the installation of a Plug and Play device. You will also use the wizard to install a nonPlug-and-Play device. The London and Vancouver virtual machines should be running. You are responsible for supporting users of computers that are running Windows XP Professional. You must install a new device on one of these computers.
! Add a Plug and Play device

1. On Vancouver, log on to the nwtraders domain as VancouverUser with a password of P@ssw0rd. 2. Click Start, click Control Panel, and then click Switch to Classic View. 3. Hold down the SHIFT key, right-click Add Hardware, and then click Run as to open Add Hardware with administrator privileges. 4. In the Run As box, click The following user. 5. In the User name box, type NWTRADERS\Administrator and in the Password box, type P@ssw0rd and then click OK. 6. On the Welcome to the Add Hardware Wizard page, click Next. 7. On the Is the hardware connected? page, click Yes, I have already connected the hardware, and then click Next. 8. On the The following hardware is already installed on your computer page, in the Installed hardware list, scroll to the bottom of the list and select Add a new hardware device, and then click Next.
11
9. On the The wizard can help you install other hardware page, verify that Search for and install the hardware automatically (Recommended) is selected, and then click Next. 10. On the The wizard did not find any new hardware on your computer page, click Next. 11. On the From the list below, select the type of hardware you are installing page, click Back.
! Add a nonPlug-and-Play device

1. On the The wizard can help you install other hardware page, select Install the hardware that I manually select from a list (Advanced), and then click Next. 2. In the Common hardware types list, select Modems, and then click Next. 3. On the Install New Modem page, select the Dont detect my modem; I will select it from a list check box, and then click Next. 4. When you are prompted to select the manufacturer and the model of your modem, select (Standard Modem Types) under Manufacturer, select Standard 56000 bps Modem under Models, and then click Next. 5. When you are prompted to select the port, verify that Selected ports is selected, select COM1, and then click Next. 6. When Your modem has been set up successfully appears, click Finish. 7. Double-click System. 8. In the System Properties dialog box, on the Hardware tab, click Device Manager. 9. In the Device Manager warning box, click OK. 10. Expand Modems to verify that you have installed the modem. 11. Close the Device Manager window. 12. In the System Properties dialog box, click OK. 13. Keep Control Panel open.
12
Lesson: Configuring Modems, Printers, and Monitors
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To maximize the operation of hardware devices, you must configure them correctly. This lesson provides information about using Control Panel to configure modems, printers, and monitors. After completing this lesson, you will be able to:
! ! !
Lesson objectives
Configure modems and printers by using Control Panel. Configure monitors by using Control Panel. Configure modems, monitors, and printers for maximum functionality.
13
Modem and Printer Configuration
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points You use Control Panel to configure hardware devices such as modems and printers.
!
Use Phone and Modem Options in Control Panel to configure modem settings and telephony. Configurable settings include: Dialing rules: Telephony locations, area code rules, and calling card settings Modem settings: Port settings, diagnostics, and driver settings Telephony provider settings: H323 settings and Telephony Application Programming Interface (TAPI) provider settings Use Printers and Faxes in Control Panel to configure printers. With this tool, you can: Configure printing properties, such as port settings and permissions. Configure printing preferences, such as document options. Add a local printer.
! ! !
! ! !
Note You can also add parallel and serial port printers by using the Printers and Faxes tool. Windows XP Professional automatically detects and installs USB printers. Note Printing preferences are set on an individual basis; therefore, different users can have different preferences for the same printing device. Additional reading For more information about configuring modems and printers on Windows 2000, see the Windows 2000 documentation.
14
Monitor Configuration
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Changing display settings To change the appearance of your desktop, use Display in Control Panel. With this tool, you can change:
! ! ! ! !
Screen resolution Color depth Colors Screen saver Desktop background and theme
Adding multiple monitors
You can extend a Windows XP Professional desktop display across a maximum of 10 monitors. You can also host different applications on different monitors simultaneously. For each desktop display, you can adjust the position of the icons, the resolution, and the color depth according to your requirements. Configuring multiple monitors requires:
!
A Windows XP Professional driver that enables each additional monitor to be an additional display. A peripheral component interface (PCI) or accelerated graphics port (AGP) display adapter, which may require you to: Disable any onboard adapters and install new video adapters. Install additional video adapters. A system that runs in graphical user interface (GUI) mode.
Additional reading
For more information about configuring monitors on Windows 2000, see the Windows 2000 documentation. For more information about connecting multiple monitors, see the Microsoft Web site at http://www.microsoft.com/resources/documentation/windows/ xp/all/proddocs/en-us/display_multi_monitors_overview.mspx.
15
How to Configure Multiple Monitors
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Users who work with multiple applications and want to view the interfaces of these applications simultaneously can benefit from multiple monitors. Configuring multiple monitors 1. To configure multiple monitors: 2. Turn off the computer and install an additional AGP or PCI video adapter. 3. Attach the additional monitor and start the computer. Windows XP Professional will detect the new monitor and install the appropriate drivers. 4. Extend the display of the primary monitor to the additional monitor by using the Settings tab in the Display Properties dialog box. 5. Change the color depth and resolution of the display for the additional monitor as required. Arranging multiple monitors You can arrange the position of multiple monitors on your desktop to represent their physical arrangement. This simplifies your ability to move items from one monitor to another monitor. To arrange multiple monitors: 1. Right-click the desktop, and then click Properties. 2. On the Settings tab, click Identify to display the identification numbers that correspond to the monitor icons. 3. Drag the monitor icons to arrange them, and then click OK. The icon positions determine how you move items from one monitor to another. For example, if you are using two monitors and you want to move items from one monitor to the other by dragging left and right, place the icons in horizontal rows. To move items between monitors by dragging up and down, place the icons in vertical rows.
16
Lesson: Troubleshooting Device Drivers
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This lesson presents information about troubleshooting device drivers. It describes the differences between signed and unsigned device drivers, how to update device drivers, and why and how to roll back device drivers. System administrators must maintain and upgrade device drivers to ensure optimum performance from hardware and guarantee that devices are working correctly. After completing this lesson, you will be able to:
! ! ! ! !
Lesson objectives
Understand the concept and importance of signed device drivers. Verify and block the use of unsigned drivers. Update device drivers. Roll back device drivers. Troubleshoot hardware device drivers to resolve installation problems.
17
Signed and Unsigned Device Drivers
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Signed drivers A driver that is digitally signed has been tested and verified for a particular operating system by the signing authority. For the best performance, Microsoft recommends that you use hardware products that include the Designed for Windows XP logo on the external packaging and on the device itself. The driver files that Windows XP Professional provides have a digital signature from Microsoft. These signatures ensure that each file:
!
Has passed compatibility tests administered by the Windows Hardware Quality Lab. Has not been altered or overwritten by another programs installation process. This guarantees that when you install new software, it will not overwrite system files with older and sometimes incompatible versions, which can cause system instability.
For these reasons, all vendor-provided drivers that are available on the Windows XP Professional compact disc and all drivers published on the Windows Update Web site include digital signatures. Unsigned drivers You control the use of unsigned device drivers by using Windows XP Professional driver-signing options. These options dictate how the system will respond to an installation program that attempts to add an unsigned driver. Typically, these options are set by a Group Policy setting to control all of the computers in an organization, but an administrator can set them manually on a local computer to permit the computer to use an unsigned driver. For more information about using the File Signature Verification utility to identify unsigned drivers and setting driver-signing options, see Driver Signing for Windows in the Windows XP Help and Support Center.
Additional reading
18
How to Update Device Drivers
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points If you require a new or updated driver for a device, you can obtain the driver on a media disk provided by the hardware vendor or, more typically, install or update drivers from the Windows Update Web site. When you access the Windows Update Web site, Microsoft ActiveX controls compare the drivers installed on the your system with the latest updates available. If it finds newer drivers, you can configure Windows Update to download and install them automatically. Windows Update provides high quality and reliable drivers. These drivers are assigned a unique, four-part identification number referred to as the hardware ID, which ensures standard quality. To update a device driver: 1. Open Device Manager. 2. Go to the Properties page of the device. 3. Run the Hardware Update Wizard to update the device driver. Additional reading For more information about Windows Update and how to configure Automatic Updates, see the Microsoft Web site at http://www.microsoft.com/athome/ security/protect/update.mspx.
19
Practice: Updating Device Drivers
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives Practice setup In this practice, you will use Device Manager to update an out-of-date device driver. The London and Vancouver virtual machines should be running. On Vancouver, you should be logged on to the nwtraders domain as VancouverUser. The device driver for your display adapter is not the most current, and you want to update to a newer device driver that you found on an Internet bulletin board. You do not know where the device driver came from, but the post on the bulletin board indicated that the driver would correct some problems that you are having with your display. Note It is not usually recommended that you download from unfamiliar or unverified sources.
Scenario
! Update a device driver

1. On Vancouver, in Control Panel, hold down the SHIFT key, right-click System, and then click Run as to open the tool with administrator privileges. 2. In the Run As box, click The following user. 3. In the User name box, type NWTRADERS\Administrator and in the Password box, type P@ssw0rd and then click OK. 4. In the System Properties dialog box, on the Hardware tab, click Device Manager. 5. In Device Manager, expand Display Adapters, select the VM Additions S3 Trio 32/64 display adapter, and then press ENTER to display the properties. Note that VM Additions S3 Trio 32/64 is the name of the display adapter. You will use this in Practice: Rolling Back Device Drivers.
20
6. In the VM Additions S3 Trio 32/64 Properties dialog box, on the Driver tab, click Update Driver. The Hardware Update Wizard opens. Notice that you have the option to connect to Windows Update to scan for updated software and drivers. 7. Click No, not this time, and then click Next. 8. Click Install from a list or specific location (Advanced), and then click Next. 9. Click Dont search. I will choose the driver to install, and then click Next. 10. Clear the Show compatible hardware check box. 11. In the Manufacturer list, select S3; in the Models list, select S3 Trio32, and then click Next. An Update Driver Warning message may appear, informing you that the device driver is not recommended and that Windows XP Professional cannot verify that it is compatible with your hardware. If this message appears, click Yes. 12. When the installation has completed, click Finish, and then click Close. 13. If you are prompted to restart your computer, click No. 14. Close all open windows, and then shut down the computer. 15. When prompted What do you want to do with your virtual hard disks, with Commit changes to the virtual hard disk selected, click OK. Note You will roll back the display driver you just installed in the practice Rolling Back Device Drivers.
21
How to Roll Back Device Drivers
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points If you experience system problems after you install or update a driver, you can roll back to the previous driver by using the Windows XP Professional system recovery feature, Driver Rollback. This feature enables you to reinstall the last device driver that was functioning before the installation of the current device driver (Windows XP Professional stores prior device drivers). By using this feature, you can avoid spending hours searching for a copy of the original driver. Caution You should use Driver Rollback only when you are certain that a particular driver is causing a problem and you want to revert to the previously installed driver. Note In Windows 2000 Professional, you must manually reinstall the original driver because drivers are overwritten, not stored. To roll back a device driver in Windows XP Professional: 1. Open Device Manager. 2. Go to the Properties page of the device. 3. Roll back the driver. Note Driver Rollback is available for any device except printers. You configure printer drivers through Printers and Faxes, not Device Manager.
22
Practice: Rolling Back Device Drivers
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives Prerequisites Practice setup Scenario In this practice, you will use the Roll Back Driver option in Device Manager to roll back to a previously installed device driver. Before working on this practice, you must have completed the practice Updating Device Drivers. The London and Vancouver virtual machines should be running. After installing a new display adapter device driver that you downloaded from the Internet, you find that your display adapter is not functioning correctly. You must now restore the original driver that was installed before you changed it. You are going to use the Roll Back Driver option in Device Manager to accomplish the restore.
! Roll back to a previous device driver

1. In the Virtual PC Console window, click 2285B-VAN-PC, and then click Start to start the Vancouver virtual machine. 2. Log on to the nwtraders domain as Administrator with a password of P@ssw0rd. 3. Click Start, and then click Control Panel. 4. Click Switch to Classic View. 5. Double-click System, and in the System Properties dialog box, on the Hardware tab, click Device Manager. 6. In Device Manager, expand Display Adapters, click the VM Additions S3 Trio32 32/64 adapter that you chose to update in the practice Updating Device Drivers, and then press ENTER. 7. In the S3 Trio32 Properties dialog box, on the Driver tab, click Roll Back Driver.
23
8. When prompted Are you sure you would like to roll back to the previous driver?, click Yes. 9. Click Close. There is no file copy process because the previous driver is already available in the Windows system folders. 10. In the System Settings Change dialog box, click No. In Device Manager, you will notice that the name of the display adapter changes back to VM Additions S3 Trio32/64. 11. Close all open windows, and then restart the computer.
24
Lesson: Disabling and Uninstalling Hardware Devices
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Lesson objectives You must uninstall hardware correctly to protect your data and computer. After completing this lesson, you will be able to:
! ! !
Disable and enable hardware devices. Understand the concept and impact of surprise removal. Uninstall hardware devices correctly to protect your data and computer.
25
How to Disable and Enable Hardware Devices
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points

!
If you want a Plug and Play device to remain attached to a computer without being enabled, you can disable the device instead of uninstalling it. Disable is different from uninstall because only the drivers are disabled; the hardware configuration is not changed. When you disable a device, the device remains physically connected to your computer, but Windows updates the system registry so that the drivers for the disabled device do not initialize when you start your computer. The device drivers are available again when you enable the device. When you uninstall a device, the drivers are not removed from the computers hard disk, but the device is assumed to be physically removed from the computer and no longer appears in the device list in Device Manager. Disabling devices is useful if you must switch between two hardware devices, such as a network interface card and a modem, or if you must troubleshoot a hardware problem. To disable or enable a device in Device Manager, right-click the device and choose Disable or Enable.
Note In Device Manager, a red X appears on the icon of a disabled device. A yellow question mark appears if Windows cannot find the driver for an installed device.
26
What Is Surprise Removal?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Surprise removal Removing a device from a computer without first stopping the device is called surprise removal because the action is a surprise to the operating system. Typically, Windows XP Professional can function normally with a surprise removal because the device drivers are designed to notify the operating system when a removal occurs. Surprise removal frequently occurs when a devices connection does not prevent the user from physically removing the hardware, such as when the hardware is not inside the computer case or secured with a mechanical interlock. Surprise removal of portable computers from docking stations is also common, especially when the computers are in low-power states. Impact of surprise removal When you perform a surprise removal of a device, the impact on the operating system depends on the type of hardware removed. Surprise removal can produce the following results:
!
Running applications may stop responding. Before removing a device that is communicating with an application, quit the application, and then proceed to remove the device. The removal of PC cards, CardBus cards, and parallel and COM port devices can cause hardware faults and driver faults. Caution Although it is recommended that you first turn off the computer before plugging in or removing any device, it is especially true for PC cards, CardBus cards, and parallel and COM port devices

!
27
Data loss or data corruption in removable storage devices can occur. The device drivers for supported removable storage devices enable the operating system to determine if a specific storage device is removable while the system is turned on. If you can safely remove a removable storage device while the system is turned on, the operating system will, by default, disable write caching to prevent data loss. This means that data written to the storage device is written immediately instead of being stored to be written in larger chunks. Because the data is written immediately, the performance of the storage device may be slower.
Additional reading
For more information about surprise removal and undocking of portable computers, see Module 10, Supporting Remote Users, in Course 2272, Implementing and Supporting Microsoft Windows XP Professional.
28
How to Uninstall Hardware Devices
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Removing a device using safe removal Many hot-swap hardware devices now support the safe removal capability, which enables you to simply unplug a device. To use safe removal: 1. Click the Safely Remove Hardware icon in the notification area of the taskbar. 2. Select the device you want to remove on the list of devices. 3. Stop the device to safely remove it. Uninstalling a device that does not support safe removal To safely remove a hardware device that does not support safe removal: 1. Open Device Manager. 2. Expand the appropriate device category, and then select the device. 3. Right-click the device name, and then click Uninstall. 4. Click OK to remove the device from your system. To verify that you have removed the device, open Device Manager, right-click the computer name, and then click Scan for hardware changes. The device you uninstalled will no longer appear in the Device Manager list. Additional reading For more information about the safe removal of Plug and Play devices, see the Microsoft Web site at http://www.microsoft.com/resources/documentation/ Windows/XP/all/reskit/en-us/prdh_dmt_cgwi.asp.
29
Practice: Disabling and Uninstalling Hardware
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives Prerequisites Practice setup Scenario In this practice, you will use Device Manager to disable, re-enable, and uninstall hardware. Before working on this practice, you must have completed the practice Using the Add Hardware Wizard. The London and Vancouver virtual machines should be running. You are responsible for supporting users of computers that are running Windows XP Professional. One user has a modem that is not responding. You will use Device Manager to disable the device.
! Disable, re-enable, and uninstall a device

1. On Vancouver, log on to the nwtraders domain as VancouverUser with the password P@ssw0rd. 2. Click Start, and then click Control Panel. 3. Hold down the SHIFT key, right-click System, and then click Run as to open the tool with administrator privileges. 4. In the Run As box, click The following user. 5. In the User name box, type NWTRADERS\Administrator and in the Password box, type P@ssw0rd and then click OK. 6. In the System Properties dialog box, on the Hardware tab, click Device Manager. 7. Expand Modems. 8. Right-click Standard 56000 bps Modem, and then click Disable. 9. In the Standard 56000 bps Modem message box, click Yes. The Standard 56000 bps Modem icon now has a red X on it, which indicates that the device is disabled.
30
10. Right-click Standard 56000 bps Modem, and then click Enable. The red X on the Standard 56000 bps Modem icon has now disappeared, which indicates that the device is re-enabled. 11. Right-click Standard 56000 bps Modem, and then click Uninstall. 12. In the Confirm Device Removal dialog box, click OK. Note that in the Details pane, the Standard 56000 bps Modem entry has disappeared, which indicates that the device has been uninstalled. 13. Close the Device Manager window, click OK to close the System Properties window, and then close Control Panel.

Contents Overview Lesson: Understanding the Boot Process Lesson: Using Advanced Boot Options Lesson: Using the Boot.ini File to Change Startup Behavior Lesson: Using the Recovery Console to Start a Computer Lab A: Troubleshooting the Boot Sequence 1 2 9 13 20 25
iii
Instructor Notes
Presentation: 60 minutes Lab: 30 minutes This module provides students with information about the Microsoft Windows XP Professional boot process and how to use advanced boot options. It also teaches students how to use the Recovery Console to start a computer and how to use the Boot.ini file to change the computers startup behavior. After completing this module, students will be able to:
! ! !
Describe the Windows XP Professional boot process. Use the LastKnownGood configuration to resolve boot problems. Use the Safe Mode options to access and repair a computer that does not start normally. Modify the Boot.ini file to change: The list of operating systems that is displayed at startup. The boot switch for an operating system. The boot partition for an operating system. Install the Recovery Console. Use the Recovery Console to resolve startup problems.
! !
Required materials
To teach this module, you need the following materials:

! !
Microsoft PowerPoint file 2285B_03.ppt Multimedia presentation Examining the Microsoft Windows XP Professional Boot Process
! ! !
Read all of the materials for this module. Complete the practices, demonstrations, and the lab. Read all of the materials that are listed under Additional reading in this module.
iv

This section contains information that will help you to teach this module. For some topics in this module, references to additional information appear in notes at the end of the topics. Read this additional information when preparing to teach the module. During class, make sure that students are aware of the additional information.
Lesson: Understanding the Boot Process

This section describes the instructional methods for teaching this lesson. Multimedia: Examining the Microsoft Windows XP Boot Process This multimedia presentation describes the entire boot process from power-on self test (POST) through the installation of Windows XP Professional services. You may find it useful to play the entire multimedia presentation once before skimming through it and reviewing the important points.
! To prepare for the multimedia presentation

1. View the multimedia presentation several times, anticipate questions that students may ask, and prepare answers to those questions. 2. Prepare a few questions for students to answer while they watch the video. 3. Review the module and note any information in the video that is prerequisite information. What Are Control Sets? Describe control sets and their contents. Mention the naming convention for control sets, in addition to the four configurations of control sets and their uses. Remember that you will give a demonstration on the use of the SELECT registry key and the LastKnownGood configuration. Before you teach this topic, determine what information you will present now and what information you will present in the demonstration. How the LastKnownGood Configuration Works Describe the LastKnownGood configuration, and then explain how the LastKnownGood configuration is created (when you log on), how the LastKnownGood configuration is a copy of the current configuration, and when and how you would select the LastKnownGood configuration. Show students how the registry entries under the registry subkey HKEY_LOCAL_MACHINE\SYSTEM are used and changed during the boot process. The procedures in the demonstration show students how they can use the regedit command to view the configurations and the SELECT registry key. Perform this demonstration on the Glasgow virtual machine, logged on to the nwtraders domain as Administrator. You can pause the virtual machine when you are finished with this demonstration. Guidelines for Using the LastKnownGood Configuration Explain to students the circumstances in which they should and should not use the LastKnownGood configuration. Describe each of the circumstances that are listed in the tables, and provide various scenarios regarding the use of the LastKnownGood configuration.
Demonstration: Controlling System Settings During the Boot Process
Lesson: Using Advanced Boot Options

This section describes the instructional methods for teaching this lesson. Types of Advanced Boot Options Why Use Safe Mode to Start a Computer? Practice: Using Safe Mode Outline all of the different boot options. Further explain the options by providing an example of each. Keep in mind that this is an overview and that you will present some of these options in more detail later. Describe the Safe Mode option and its variations. Give students a couple of scenarios in which Safe Mode or the LastKnownGood configuration would solve a boot problem, and ask if they know which one to use in those situations. In this practice, students will use Safe Mode to access network resources.
Lesson: Using the Boot.ini File to Change Startup Behavior

This section describes the instructional methods for teaching this lesson. What Is the Boot.ini File? Review the information about the structure of the Boot.ini file and the Advanced RISC Computing (ARC) paths. To ensure that students understand this material, ask them questions about ARC paths. Also, discuss the Boot.ini switches and the two main sections of the Boot.ini file in detail. Show students how to use Control Panel to modify the Boot.ini settings. Explain that this process is safer and easier than editing the Boot.ini file. Also, introduce students to the System Configuration utility (msconfig.exe) and, if possible, show them the utility. Mention that support staff use msconfig.exe to diagnose computer startup and configuration problems. In this practice, students will modify the display name of an operating system and add a boot switch to an operating system.
Ways to Modify the Boot.ini File
Practice: Modifying Display Names and Switches
Lesson: Using the Recovery Console to Start a Computer

This section describes the instructional methods for teaching this lesson. What Is the Recovery Console? Explain that the Recovery Console allows users to access the Windows XP Professional installation when other boot options do not work. Describe the command-line nature of the Recovery Console and briefly explain the main commands listed in the table. Describe the procedure for starting a computer by using the Recovery Console. Mention that help is available by using the help command. Also, emphasize that the Recovery Console is an advanced feature that should only be used by system administrators and other IT professionals. In this practice, students will install the Recovery Console and then test the installation to verify that they can boot to the Recovery Console.
How to Start a Computer by Using the Recovery Console Practice: Installing the Recovery Console
vi
Assessment
There are assessment questions for each lesson in this module located on the Student Materials compact disc. You can use them as pre-assessments to help students identify areas of difficulty, or you can use them as post-assessments to validate learning. Consider using them to reinforce learning at the end of each day. You can also use them at the beginning of the day as a review of the information that you taught on the previous day. Understanding the Boot Process Before they answer this assessment question, remind students that when the third computer first boots, it uses the BIOS to show the monitor display. The computer will not encounter a driver or registry problem until it attempts to load Windows XP Professional. Before students answer this assessment question, mention to students that they can solve the problem by using Safe Mode; however, Safe Mode is not listed as one of the answers.
Using Advanced Boot Options
Lab A: Troubleshooting the Boot Sequence

In this lab, students will resolve a boot-process problem. Before beginning the lab, students should have completed all of the practices and have answered the assessment questions. The lab takes approximately 30 minutes. Students are provided with real-world scenarios in which they resolve problems and answer questions. Students are given a set of instructions in a two-column format. The leftcolumn entry describes the task (for example, Create an alert) and the rightcolumn entry provides specific instructions for the students to perform the task (for example, In the performance logs and alerts pane, create an alert). These steps are high-level instructions only, and are intended to guide students in discovering the answers. Remind students that they can review the lesson and practice pages in the module for assistance. The answer key for each lab is provided on the Student Materials compact disc. The problem that is introduced in this lab is that Ntldr has been renamed to simulate a missing boot file. Students must restore the Ntldr file so that the system can boot normally. If students need assistance diagnosing and resolving the boot problem, you might want to remind them that the boot error message indicates a problem with Ntldr. Suggest that they look at the root of drive C to verify that the boot files, including Ntldr, are present and correct. Once they have identified that Ntldr has been copied and renamed to simulate a missing Ntdlr file, they can use the Recovery Console copy command to copy the Ntldr file from the installation source files to the system folder. Or, for a quick solution, they can use the rename copyofntldr ntldr command to correct the problem.
vii
There is a recovery file for this exercise, Mod03_LabA_exercise1_recovery.bat, that you might want to review prior to conducting the lab. Keep in mind that this file cannot be accessed from within the Recovery Console unless you have changed the local Recovery Console policy to remove the default Recovery Console limitations on using the set command to access all file paths and drives.
Overview
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This module provides you with the knowledge and the skills necessary to diagnose and correct problems with the Microsoft Windows XP Professional boot process. When you start a computer, the computer performs a series of startup tasks called the boot process. In this module, you will learn about the boot process, in addition to the tools and techniques you can use to identify and resolve related problems. Objectives After completing this module, you will be able to:
! !
Explain the Windows XP Professional boot process. Start a computer in Safe Mode and describe the other advanced boot options. Use the Boot.ini file to change a computers startup behavior. Use the Recovery Console to start a computer.
! !
Lesson: Understanding the Boot Process
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This lesson describes the boot process, the components of the boot process, and the different boot configurations. Control sets contain the information that defines those configurations. The configuration that a computer uses depends on the following circumstances:
! ! !
Whether the boot is normal Whether you selected the LastKnownGood configuration Whether boot errors occurred
Based on this knowledge, you can start a computer even when the boot process fails. Lesson objectives After completing this lesson, you will be able to:
! ! ! !
Describe the Windows XP Professional boot process. Describe the roles of controls sets and configurations. Describe the LastKnownGood configuration process. Identify the guidelines for using the LastKnownGood configuration.
Multimedia: Examining the Microsoft Windows XP Boot Process
*****************************ILLEGAL FOR NON-TRAINER USE****************************** File location To view the presentation, open the Web page on the Student Materials compact disc, click Multimedia, and then click Examining the Microsoft Windows XP Professional Boot Process. The multimedia presentation describes the following boot process sequences:
! ! ! ! !
Media content
Pre-boot sequence Boot sequence Kernel load sequence Kernel initiation sequence Logon sequence
Additional reading
For more information about the boot process, see Windows XP Professional Boot Process Sequence, found in the Additional Reading section of the Student Materials compact disc.
What Are Control Sets?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Control sets Control sets are records of the configuration of your computer. The operating system uses control sets during the boot process to load and start device drivers, to start services, and to specify other settings for a particular configuration. To resolve boot problems, you can select a different control set. The registry contains at least two control setsfor example, ControlSet001 and ControlSet002. In this case, ControlSet001 is the default and ControlSet002 is provided in case the default fails to start the computer successfully. Default control sets By default, a typical Windows XP Professional installation contains the following control sets:
!
CloneControlSet. A copy of either the Default or the LastKnownGood configuration. The CloneControlSet, also called the Clone, is not available after logon, and is not visible in the registry. ControlSet001. The default control set. ControlSet00x. The backup to ControlSet001. CurrentControlSet. The control set used for the session that is running.
! ! !
Additional control sets may be created when you change or have problems with system settings.
Configurations
Configurations are registry entries that point to the control sets; they determine when the control sets are used. The configurations are:
!
Current. This entry identifies which control set is the CurrentControlSet. When you use Registry Editor or Control Panel options to change computer settings, you modify the CurrentControlSet. Default. This entry identifies the default control set to be used the next time the system starts. The control set designated as the default contains any configuration changes that were made to the computer the last time a user logged on. Failed. This entry identifies the control set that failed when the LastKnownGood configuration was most recently used. LastKnownGood. This entry identifies a copy of the control set that was used the last time the computer started successfully. After a user successfully logs on, the CloneControlSet is copied to LastKnownGood. You can select the LastKnownGood configuration during the boot process.
For example, if the data value for the Current configuration is 0x1, the CurrentControlSet is ControlSet001. If the data value for the LastKnownGood configuration is 0x2, the LastKnownGood configuration is ControlSet002.
How the LastKnownGood Configuration Works
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points During the kernel initiation sequence of the boot process, the kernel copies the information in the CurrentControlSet to the CloneControlSet. After a successful logon, the information in the Clone is copied to the LastKnownGood configuration. You usually start a computer by using the Default configuration. When you make a configuration change, the change is stored in the CurrentContolSet. When you shut down or restart the computer, the change is copied to the Default configuration. If you make a configuration change, such as adding a device driver, and encounter problems when you restart the computer, your configuration changes may have damaged the Default configuration. In this case, you can use the LastKnownGood configuration to safely restart the computer. The next time that you log on, the Current configuration is copied to the Default configuration, which ensures that the Default configuration will start the computer the next time you restart it.
Demonstration: Controlling System Settings During the Boot Process
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This demonstration shows you how to view and change configurations and control sets. It also demonstrates how the Ntldr program determines which configuration to use during the boot process. Using the Registry Editor, open the HKEY_LOCAL_MACHINE\SYSTEM key: 1. Click Start, click Run, type regedit and then click OK. 2. In the Registry Editor window, expand My Computer, expand HKEY_LOCAL_MACHINE, and then expand SYSTEM. This displays a number of subkeys, including the control set CurrentControlSet, and numbered control sets, such as ControlSet001 and ControlSet002. Examining the SELECT key Use the Registry Editor to open the HKEY_LOCAL_MACHINE\SYSTEM\SELECT key, and then click SELECT. This displays the contents of the HKEY_LOCAL_MACHINE\SYSTEM\SELECT key. The data value of each entryCurrent, Default, Failed, and LastKnownGood points to a control set. By default, Ntldr uses the data value of the Default entry to determine which control set to use at boot time.
Examining control sets
Guidelines for Using the LastKnownGood Configuration
*****************************ILLEGAL FOR NON-TRAINER USE****************************** When to use the LastKnownGood configuration The following table describes when you should use the LastKnownGood configuration.
Problem After you install a new device driver, Windows XP Professional stops responding. You accidentally disable a critical device driver. Solution Use the LastKnownGood configuration during startup. The LastKnownGood configuration will not contain a reference to the new, and possibly defective, device driver. If a critical driver becomes disabled, use the LastKnownGood configuration during startup. Some critical drivers are configured to prevent users from accidentally disabling them. If these drivers are damaged, the computer automatically reverts to the LastKnownGood configuration the next time it starts.
When not to use the LastKnownGood configuration
The LastKnownGood configuration cannot solve problems unless they are the result of configuration changes. The following table describes the circumstances in which you would not use the LastKnownGood configuration.
Problem You have a startup problem unrelated to Windows XP Professional configuration changes. You have a system problem but have already logged on. Reason for not using LastKnownGood The LastKnownGood configuration can only help you recover from configuration changes. After you log on, the LastKnownGood configuration will have been updated with any configuration changes. Therefore, you cannot use it to recover from those changes. You cannot use the LastKnownGood configuration to fix startup failures that are unrelated to configuration changes.
You have a hardware failure, or missing or corrupt files.
Lesson: Using Advanced Boot Options
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Windows XP Professional provides several advanced boot options that can help you to troubleshoot startup problems. In this lesson, you will learn how to use these options to troubleshoot the boot process. After completing this lesson, you will be able to:
!
Lesson objectives
Describe the advanced boot options for computers running Windows XP Professional. Use Safe Mode and the other advanced boot options.
10
Types of Advanced Boot Options
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points

Option Safe Mode Enable Boot Logging
The following table describes the options that appear on the Advanced Boot Options page and how you can use them to troubleshoot startup problems.
Function Starts Windows XP Professional by using the default settings and a minimum of device drivers. Logs all drivers and services that are loaded at startup to a file named Ntbtlog.txt. Ntbtlog.txt resides in the %Windir% directory. All Safe Mode options automatically log to this file. Loads the basic VGA driver instead of another video driver. All Safe Mode options automatically use VGA mode. Starts the computer by using the configuration that was saved the last time the computer started properly. Use to Access and repair your computer when it does not start normally. Determine the cause of system problems by viewing which services and files did or did not load. Start the computer when you have installed a new video driver that is causing Windows XP Professional to function improperly. Start the computer when there is a configuration problem that must be corrected. All configuration changes that you have made since the last successful startup will be lost. Gather debugging information about the startup process when you cannot read debugging information on the damaged computer. Continue the boot process. Restart the boot process. Return to the Operating System Choices menu and select an operating system.
Enable VGA Mode
LastKnownGood Configuration
Debugging Mode
Sends debugging information through a serial cable to another computer.
Boot Normally Reboot Return to OS Choices menu
Closes the Advanced Boot Options page and continues the boot process. Restarts the boot process. Returns user to the Operating System Choices menu.
11
Why Use Safe Mode to Start a Computer?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Safe Mode Safe Mode starts Windows XP Professional by using only the default settings, which include a video graphics adapter (VGA) video driver, a Microsoft mouse driver, and the minimum device drivers necessary to start the computer. When a computer does not start normally, you might be able to start it in Safe Mode. For example, if a computer does not start after you install new software, you might be able to start it in Safe Mode with minimal services running, and then change your computer settings or remove the newly installed software that is causing the problem. Note If a symptom does not recur when you are using Safe Mode, the default settings and the minimum device drivers are not causing the problem. Accessing Safe Mode Start Safe Mode by pressing F8 when you are prompted to do so during the startup process, and then select the Safe Mode option. The first three options on the Advanced Boot Options page are variations of Safe Mode. The following table describes the Safe Mode options.
Option Safe Mode Description The computer starts by using only the basic drivers and files. If the computer does not successfully start using Safe Mode, you might have to use the Recovery Console feature to repair the system, or start the computer by using the LastKnownGood configuration. The computer starts by using the basic files and drivers, and network connections. The computer starts by using the basic files and drivers. After you log on, the command prompt is displayed instead of the Windows XP Professional desktop, Start menu, and taskbar.
Safe Mode options
Safe Mode with Networking Safe Mode with Command Prompt
12
Practice: Using Safe Mode
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup Scenario In this practice, you will reboot using Safe Mode and log on to a network. The London and Vancouver virtual machines should be running. You are experiencing problems with a computer running Windows XP Professional. Because you cannot boot normally and require network resources to fix the problems, you must reboot using the Safe Mode with Networking option.
! Use Safe Mode with Networking

1. Restart Vancouver, and after the power-on self test (POST) has finished and the display goes blank, press F8. 2. On the Please select the operating system to start menu, press F8 again to access the Windows Advanced Options menu. 3. On the Windows Advanced Options menu, select Safe Mode with Networking, and press ENTER. 4. Press ENTER again to select Microsoft Windows XP Professional as the operating system. 5. Log on to the nwtraders domain as Administrator with the password P@ssw0rd. 6. When a warning message appears, click Yes. 7. Click Start, right-click My Computer, and then click Explore. Expand My Network Places, expand Entire Network, expand Microsoft Windows Network, expand Nwtraders, and then expand the London server. You should see various shared folders on London. 8. Click Start, and then click Shut Down. 9. On the Shut down Windows menu, click Restart, and then click OK to restart the computer.
13
Lesson: Using the Boot.ini File to Change Startup Behavior
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction The Boot.ini file controls:

! !
Which operating system is loaded during the boot process. Whether the user is presented with a choice of operating systems during the boot process. The boot switches with which an operating system is loaded.
Understanding the contents and the structure of the Boot.ini file enables you to edit the file safely. Lesson objectives After completing this lesson, you will be able to:
! ! !
Describe the parts of the Boot.ini file and their functions. Modify a Boot.ini file. Use the Boot.ini file to change the startup behavior of a computer.
14
What Is the Boot.ini File?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** The Boot.ini file is in the root directory of the system partition. The Ntldr file uses the information in the Boot.ini file to display the options on the Please Select an Operating System to Start menu. Editing the Boot.ini file You can edit the Boot.ini file to:
!
Modify the list of operating systems on the Please Select an Operating System to Start menu. Change a boot switch for an operating system. Change the boot partition for an operating system.
! !
Note For more information about how the Boot.ini file affects the boot process, open the Web page on the Student Materials compact disc, click Multimedia, and then click Examining the Microsoft Windows XP Professional Boot Process. Components of the Boot.ini file The following table describes the two sections of the Boot.ini file.
Section [boot loader] [operating systems] Description The time-out setting and the path to the default operating system The path to each operating system that is installed on the computer
Note If you install Windows XP Professional in a multiboot configuration, there is an entry for each operating system in the [operating systems] section. Otherwise, there is an entry only for Windows XP Professional.
15
ARC paths
The Boot.ini file uses Advanced RISC Computing (ARC) paths to point to the partitions on which the operating systems reside. The following are examples of ARC paths:
SCSI(0)disk(1)rdisk(0)partition(1)\Windows=Microsoft Windows XP multi(0)disk(0)rdisk(1)partition(2)\Windows=Microsoft Windows 2000
The following table describes each part of an ARC path.

Convention SCSI(x) Multi(x) Description Specifies a SCSI controller on which the SCSI BIOS is not enabled. Numbering begins at 0. Specifies any controller other than the one that uses the SCSI(x) convention. The x here represents a number that indicates the load order of the controller. Numbering begins at 0. The SCSI ID. For multi, the y value for disk (y) is always 0. For SCSI, y identifies the disk on which the operating system resides. Numbering begins at 0. Identifies the disk on which the operating system resides. Numbering begins at 0. Specifies the partition on which the operating system resides. Numbering begins at 1.
disk(y)
rdisk(z) partition(a)
Boot.ini switches
The following table lists the common switches used in the [operating systems] section of the Boot.ini file and their uses.
Switch /basevideo Function and uses Boots the computer by using the standard VGA video driver. Use this switch to start Windows XP Professional if a video driver is not functioning, and then change the driver while you are logged on. Enables boot logging to Ntbtlog.txt in the Systemroot folder. For more information about boot logging, see Windows XP Professional Help. Loads the Windows kernel debugger when Windows XP Professional is started. Included with every entry by default, this switch disables serial mouse detection when a port is specified, and disables peripheral detection on all COM ports when a port is not specified. Specifies the amount of RAM that Windows XP Professional uses. (The n is the amount of RAM in the computer, in kilobytes.) Use this switch when you suspect that a memory chip is corrupted.
/bootlog
/debug /fastdetect=[com |comx,y,z]
/maxmem:n
16
Module 3: Resolving Boot Process Issues (continued) Switch /noExecute=parameter Function and uses Controls settings for Data Execution Prevention (DEP), a Service Pack 2 feature that helps secure computer systems by preventing code from executing from data-storage locations in system memory. The default parameter is OptIn, which enforces DEP for Windows system code and for programs that opt in to DEP. Boots the computer without displaying the graphical boot status. Forces the computer to start in Safe Mode by using the specified parameters. You can also use these boot options by pressing F8 when prompted at startup. Displays device drivers as they are being loaded. Use this switch if you suspect that a startup problem is caused by a corrupted driver.
/noguiboot /safeboot:parameter
/sos
Additional reading
For more information on DEP, see article 875352, A Detailed Description of the Data Execution Prevention (DEP) Feature in Windows XP Service Pack 2, in the Microsoft Knowledge Base at http://support.microsoft.com/ default.aspx?scid=kb;en-us;875352.
17
Ways to Modify the Boot.ini File
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points The safest way to modify the settings in a Boot.ini file is by using Control Panel:
!
You can modify the time-out and default values of the Boot.ini file by using System Properties in Control Panel. You can alter the display names of operating systems that appear on the Please Select an Operating System to Start menu. For example, if there are two operating systems on a computer with a dual-boot configuration, you can change the display names of the operating systems to reflect their purposesfor example, Windows XP Professional Workgroup and Windows 2000 Domain. You can also add or remove switches to the entries under the [operating systems] section of the Boot.ini file. For example, you may want to disable the /fastdetect switch.
You can also modify the Boot.ini file by using an editor. Manually editing Boot.ini requires that you have access to hidden system files, which renders these files vulnerable to corruption. Additionally, you can use the System Configuration utility, msconfig.exe, to automate common changes to the Boot.ini file when you are troubleshooting. Primarily a diagnostic utility for Windows XP Professional, the System Configuration utility also provides control over a large set of the boot options in Boot.ini. Advanced options in msconfig.exe include:
! !
/NUMPROC, which sets the maximum number of processes /DEBUGPORT, which selects a serial port down which to send debug messages /BAUDRATE, which specifies the bit rate of the serial port specified by /DEBUGPORT
18
Practice: Modifying Display Names and Switches
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup Scenario In this practice, you will modify the display name of an operating system and add a boot switch to an operating system. The London and Vancouver virtual machines should be running. You have installed two operating systems on a computer with a dual-boot configuration. You now need to alter the display names of the operating systems that appear on the Please Select an Operating System to Start menu to reflect their purposes. Also, you are experiencing problems with a computer and you suspect that a driver may not be loading. You will use the /sos switch to determine which driver is causing the problem.
! Modify the display name of an operating system

1. On Vancouver, log on to the nwtraders domain as Administrator with the password P@ssw0rd. 2. Click Start, right-click My Computer, and then click Properties. 3. On the Advanced tab, under Startup and Recovery, click Settings. 4. Under System startup, click Edit. 5. To change the display name of an operating system, locate the name of the operating system, which is enclosed in quotation marks, in the [operating systems] section of the Boot.ini file. The display name for the Windows XP Professional installation appears as \WINDOWS= Microsoft Windows XP Professional. Change the name within the quotation marks to Microsoft Windows XP Professional SP2.
19
! Add a boot switch to an operating system

1. To add the switch, type /sos at the end of the Microsoft Windows XP Professional SP2 line. 2. On the File menu, click Save, close the window, and then click OK twice. 3. Reboot the computer.
! Remove the /sos switch

1. On Vancouver, log on to the nwtraders domain as Administrator with the password of P@ssw0rd. 2. Click Start, right-click My Computer, and then click Properties. 3. On the Advanced tab, under Startup and Recovery, click Settings. 4. Under System startup, click Edit. 5. Delete /sos from the end of the Microsoft Windows XP Professional SP2 line. 6. On the File menu, click Save, close the window, and then click OK twice. 7. Log off from the computer.
20
Lesson: Using the Recovery Console to Start a Computer
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Lesson objectives If you cannot start a computer by using the LastKnownGood configuration or the advanced boot options, you can use the Recovery Console. After completing this lesson, you will be able to:
! !
Describe how to use the Recovery Console to resolve startup problems. Use the Recovery Console to start a computer.
21
What Is the Recovery Console?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points You can use the Recovery Console feature in Windows XP Professional to start a computer if Safe Mode and other boot options do not work. The Recovery Console can fix a variety of startup problems. The following table shows the more common startup problems and their Recovery Console solutions.
Problem A service or device driver is preventing the computer from starting properly. A missing file is preventing the computer from starting properly. Recovery Console solution Use the disable command to disable the service or driver, restart the computer without the service or driver functioning, and then determine the problem. Use the expand command to repair the computer by uncompressing a compressed file and copying it from a floppy disk or a compact disc to the appropriate folder. - or Use the copy command to repair the computer by copying an uncompressed file from a floppy disk or a compact disc to the appropriate folder. The boot sector is damaged. The master boot record is damaged. Use the fixboot command to write a new partition boot sector on the system partition. Use the fixmbr command to repair the master boot record on the partition boot sector.
Additional information
For more information on Recovery Console commands, see Windows XP Professional Help or look for cross-references to the commands in the resource kits.
22
How to Start a Computer by Using the Recovery Console
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points You can use the Recovery Console to start a computer when Safe Mode and other methods have not worked. You can run the Recovery Console from the Windows XP Professional compact disc, or install the feature on the computer so that it is available when the operating system cannot start. To use the Recovery Console to start a computer: 1. Start the Recovery Console from the Operating System Selection menu or from the Windows XP Professional compact disc. 2. If there is more than one operating system installed, select the installation that you want to repair. 3. Log on to the Recovery Console using the administrators password. For more information about Recovery Console commands, use the help command. Important The Recovery Console is a powerful feature that can damage the operating system if you use it improperly. Use the Recovery Console only if the advanced boot options cannot solve the problem.
23
Practice: Installing the Recovery Console
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup In this practice, you will install the Recovery Console. The London and Vancouver virtual machines should be running. Note For more information about Recovery Console commands, see Windows XP Professional Help or look for cross-references to the commands in the resource kits. Scenario One of the computers in the group that you support occasionally stops during the boot process. To solve the problem, you want to install the Recovery Console so that it is always available for troubleshooting the boot process. After you install the Recovery Console, you will need to test the Recovery Console installation.
! Install the Recovery Console

1. On Vancouver, log on to the nwtraders domain as Administrator with the password P@ssw0rd. 2. Open a command-prompt window. 3. Type c:\I386\winnt32.exe /cmdcons and then press ENTER. 4. When you are prompted Do you want to install the Recovery Console, click Yes. Windows XP Professional setup should begin installing the Recovery Console. 5. When the Getting Updated Setup Files dialog box appears, click Skip this step and continue installing Windows, and then click Next.
24
6. When the Microsoft Windows XP Professional Setup message appears, click OK. 7. Close the command-prompt window and restart the computer. Note After you install the Recovery Console, you must restart the computer to ensure that the Operating System Selection menu is displayed and to verify that you can boot to the Recovery Console.
! Test the Recovery Console installation

1. From the Operating System Selection menu, select Recovery Console, and then press ENTER. 2. On the initial Recovery Console screen, type 1 and then press ENTER. 3. When you are prompted for the Administrator password, type P@ssw0rd and then press ENTER. 4. At the C:\Windows prompt, type help and then press ENTER. 5. Scroll through the list of Help commands to see the available Recovery Console functions. 6. Type exit and then press ENTER to exit Recovery Console and restart the computer. 7. On the Operating System Selection menu, select Microsoft Windows XP Professional SP2 to boot normally to Windows XP Professional.
25
Lab A: Troubleshooting the Boot Sequence
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives After completing this lab, you will be able to use the Recovery Console to resolve boot process problems. Note This lab focuses on the concepts in this module. As a result, it may not comply with Microsoft security recommendations. Lab setup Estimated time to complete this lab: 30 minutes The London and Vancouver virtual machines should be running. Note An answer key containing a detailed solution for this lab is available in the Appendices folder of the Student Materials compact disc.
26
Using the Recovery Console to Solve Boot Process Problems

In this exercise, you will use the Recovery Console to solve boot process problems.
Scenario
One of the users in the group that you support has gained access to a computer as an administrator, and has accidentally deleted files that are necessary for the boot process. You want to restore the computer without reinstalling the operating system.
Tasks
1.
Specific Instructions
a.
Prepare for the exercise.
On Vancouver, log on to the nwtraders domain as Administrator with the password P@ssw0rd. Browse to E:\MOC\2285\Labfiles\Lab03.
b. Click Start, right-click My Computer, and then click Explore. c. d. Double-click Mod03_labA_exercise1.bat. 2.
Determine the boot process problem, and then use the Recovery Console to correct it.
a. c. d. e. f. g. i. j.
Reboot the computer. Insert the Windows XP Professional compact disc into the CD-ROM drive, and reboot again. On the Press any key to boot from CD menu, press any key. On the Windows XP Professional Setup screen, press R. At the Microsoft Windows XP<TM> Recovery Console prompt, press 1 and then press ENTER. Type the Administrator password P@ssw0rd and then press ENTER. Use Recovery Console commands to resolve the problem. Reboot your computer to ensure that the boot problem is resolved.
b. Record the error message displayed during the boot process.
h. Determine the boot process problem.

Contents Overview Lesson: Configuring User Desktop Settings Lesson: Configuring System Settings Lesson: Managing User Profiles Lesson: Using Remote Administration Lesson: Using Remote Assistance in Windows XP Professional Lab A: Using Remote Assistance to Configure a Computer Running Windows XP Professional 1 2 18 23 31 37
43
iii
Instructor Notes
Presentation: 90 minutes Lab: 30 minutes Objectives This module provides students with the knowledge and skills necessary to configure and customize the desktop, configure system settings, manage local user profiles, and use Remote Assistance to provide help to Microsoft Windows XP Professional users. After completing this module, students will be able to:
! ! ! !
Configure user desktop settings. Customize the desktop environment. Configure system settings. Manage local user profiles and understand how Group Policy settings can control desktop customization. Use remote administration to manage computers. Use Remote Assistance on their workstations to view and control user computers.
! !
Required materials
To teach this module, you need the Microsoft PowerPoint file 2285B_04.ppt. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, the slides may not appear correctly.
Preparation tasks

! ! !
Read all of the materials for this module. Complete the practices, the demonstration, and the lab. Read all of the materials listed under Additional reading for each topic.
iv

This section contains information that will help you to teach this module. For some topics in this module, references to additional information appear in notes at the end of the topic. Read this additional information when preparing to teach the module. During class, make students aware of the additional information.
Lesson: Configuring User Desktop Settings

This section describes the instructional methods for teaching this lesson. How to Configure Windows XP Professional Accessibility Options Demonstration: Using Accessibility Features Describe the different accessibility options and their functions. Emphasize that there are accessibility options and accessibility programs, and discuss the differences between them. Explain that understanding these features will be important in environments where there are users with vision, hearing, and mobility impairments. Demonstrate some of the accessibility options and programs. The Narrator program requires that you set up and enable a sound card and speakers on the Host computer. Make sure that you follow the steps closely and practice the demonstration a few times before you conduct it in class. Perform this demonstration on the Glasgow virtual machine, logged on to the nwtraders domain as Administrator. You can pause the virtual machine after completing this demonstration. What Are Regional Settings? Explain the settings available to configure regional options. You may also want to demonstrate these settings as you talk. For example, you can add an extra input language and show students how to switch between the two languages by clicking the taskbar button. The information about Asian languages is included for completeness, but do not spend too much time on the subject. Explain that the most commonly used languages are included on the product compact disc, which is helpful for users who compose documents in languages other than their native languages. Describe the Start menu, and emphasize which elements can be customized. Also emphasize the use of pinned programs. It is important that students understand the difference between setting up Start menu items for all users and setting up Start menu items for individual users. Explain the procedures for customizing the Start menu, including how to add submenus and shortcuts, and how to modify the Startup folder. Ensure that students understand the different sections of the taskbar and the function each section performs or what each section indicates. Explain grouped icons. Also, discuss the additional toolbars that students can add to the taskbar, the functions of those toolbars, and how to customize them.
How to Support Multiple Languages
Elements of the Start Menu
How to Customize the Start Menu How to Customize the Taskbar
How to Customize My Documents
Students must understand the basic concept of the My Documents folder and its uses. Review the example on the page to ensure that students grasp the concept. Present the information about customizing the My Documents folder and tell students that Group Policy can control the folders settings. Also, emphasize that the information in this section assumes that the folder is located on an NTFS partition. Explain the various procedures students can use to change the location of the My Documents folder, change its attributes, and share it securely.
Practice: Customizing Menus and Folders
In this practice, students will customize the Start menu and change the location of the My Documents folder to a server on the network. If students receive a message that the task cannot be completed, have them try it a second time.
Lesson: Configuring System Settings

This section describes the instructional methods for teaching this lesson. How Environment Variables Work Describe how to use environmental variables and how to modify them manually to change the default system behavior. Ensure that students understand the differences between user variables and system variables, and discuss when students would alter these variables. Explain the purposes of the system failure settings and their importance. Describe all of the debugging choices and when students would use them. Open the System Properties dialog box and show students the options, but do not save the settings. (Doing so might require you to restart the computer.)
System Failure Settings
Lesson: Managing User Profiles

This section describes the instructional methods for teaching this lesson. You can present this lesson as a refresher; students learned most of this information (from the server perspective) in Course 2274, Managing a Microsoft Windows Server 2003 Environment, and Course 2275, Maintaining a Microsoft Windows Server 2003 Environment. Types of User Profiles How Group Policy Controls Desktop Customization How to Manage User Profiles Practice: Managing Local User Profiles Ensure that students understand the difference between local and roaming profiles, and between changeable profiles and mandatory profiles. Explain that Group Policy settings, which are used to support organizational and network policies, always take precedence over a setting in a profile. Explain the benefits of using Group Policy to control desktop customization. Explain that when you change the default user profile, it is a good idea to base it on a new reference user account, rather than making modifications to an active user profile. In this practice, students will create local user profiles, and then copy one profile to another user. Ensure that students read the scenario first, and advise students to reread the instructions to verify that the practice works as intended. If this practice fails, have students shut down the Vancouver virtual computer, restart it, then try the practice again. It should work fine after restarting Vancouver.
vi
Lesson: Using Remote Administration

This section describes the instructional methods for teaching this lesson. What Is Remote Administration? Remote Administration Issues Related to Service Pack 2 Emphasize that remote administration is not a single feature, but rather a method of using a variety of administrative tools to manage multiple computers. In this topic, make students aware of the issues that might arise when performing remote administration with Windows XP Professional systems that include Service Pack 2, and explain how these issues can be resolved. You should be aware that you can also open TCP port 445 by enabling the default File and Printer Sharing exception in the Windows Firewall user interface. You do not need to present the Windows Firewall interface at this time because you will cover the procedures for configuring Windows Firewall later in the course. Present the procedures for performing remote administration tasks on Windows XP Professional systems that include Service Pack 2. In this practice, students will use Event Viewer on the Vancouver virtual computer to connect remotely to the Glasgow virtual computer and then perform event log management tasks remotely. Make sure that all three virtual machines are running and not paused before students begin this practice.
How to Use Remote Administration Practice: Using Remote Administration
Lesson: Using Remote Assistance in Windows XP Professional

This section describes the instructional methods for teaching this lesson. What Is Remote Assistance? How to Establish a Remote Assistance Session Ensure that students understand the purpose of Remote Assistance. After you discuss how to establish a session, demonstrate how to take control of a users computer. Explain the Remote Assistance process. If possible, establish a Remote Assistance session with another computer so that you can demonstrate the various tasks as you present the material. Ensure that students understand that the user requesting help and the support professional or other helper must interact in real time. Also, point out the necessity of enabling the Remote Assistance exception if Windows Firewall is used on the Internet connection. Describe the process of sending a file in the Remote Assistance console, and explain the best practice for informing the user that you are sending a file. Illustrate how this capability is useful in a support environment. Emphasize the best practices for maintaining security when using Remote Assistance.
How to Send and Receive Files Using Remote Assistance Best Practices When Using Remote Assistance
vii
Assessment
There are assessment questions for each lesson in this module located on the Student Materials compact disc. You can use them as pre-assessments to help students identify areas of difficulty, or you can use them as a post-assessment tool to validate learning. Consider using assessment questions to reinforce learning at the end of each day. You can also use them at the beginning of the day as a review of the information that you taught on the previous day.
Lab A: Using Remote Assistance to Configure a Computer Running Windows XP Professional

In this lab, students will use the Vancouver and Glasgow virtual machines to send and accept Remote Assistance invitations. Students will then perform support tasks on the remote computer. The lab takes approximately 30 minutes. Students are provided with real-world scenarios in which they resolve problems and answer questions. Students are given a set of instructions in a two-column format. The leftcolumn entry describes the task (for example, Create an alert) and the rightcolumn entry provides specific instructions for students to perform the task (for example, In the performance logs and alerts pane, create an alert). These steps are high-level instructions only, and are intended to guide students in discovering the answers. Students must complete all of the practices before starting the lab. Remind students that they can review the lesson and practice pages in the module for assistance. The answer key for each lab is provided on the Student Materials compact disc.
Overview
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction As an IT support professional, you will need to help users to work with their desktops. In this module, you will learn how to configure and customize user desktops, and how to manage user desktops with user profiles, remote administration, and Remote Assistance. After completing this module, you will be able to:
! ! !
Objectives
Configure user desktop settings. Configure system settings. Manage local user profiles and describe how Group Policy can control desktop customization. Use remote administration to manage computers. Use Remote Assistance to view and control user computers from your workstation.
! !
Lesson: Configuring User Desktop Settings
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction When you configure user desktop settings, you change the appearance of a users work area and the items that it contains. Customizing the desktop environment can increase user productivity by making it easier to access an important resource. As a support person, you will be asked to set up a computers initial desktop to match the organizations standards and the individual needs of your users. After completing this lesson, you will be able to:
!
Lesson objectives
Configure Microsoft Windows XP Professional accessibility options to support users with disabilities. Configure Windows XP Professional to match users regional standards. Configure Windows XP Professional to support multiple languages. Identify the elements of the Start menu. Customize the Start menu. Customize the taskbar. Customize the My Documents folder.
! ! ! ! ! !
How to Configure Windows XP Professional Accessibility Options
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Windows XP Professional includes several accessibility options and programs to enhance the computing experience of people who have visual, hearing, or motion disabilities. These accessibility features provide a minimum level of functionality for users with special needs, and do not require additional software or hardware. Using the Accessibility Wizard You can configure each available accessibility option and program individually. However, the easiest and most effective way to configure them is to use the Accessibility Wizard. This wizard asks a variety of questions about the users abilities, and then enables the accessibility options that best meet the users needs. To run the Accessibility Wizard, click Start, point to All Programs, point to Accessories, point to Accessibility, and then click Accessibility Wizard. Configuring individual options If you do not want to use the wizard, you can use Control Panel or the Start menu to configure individual accessibility settings:
!
You can use the Accessibility Options tool in Control Panel to access individual options, such as accessing SerialKeys to configure alternative input devices. You can use the Accessibility program on the Start menu to configure settings, such as configuring the Narrator to read aloud on-screen text and the names of dialog boxes, menus, and buttons.
Additional reading
For more information about Windows XP Professional accessibility options and programs, see Accessibility Options in Windows XP Professional, located in the Additional Reading section of the Student Materials compact disc. For more information on the accessibility settings available in Windows XP Professional, see Accessibility in the Help and Support Center. For more information about Microsoft support for accessibility technologies, see the Microsoft Accessibility home page at http://www.microsoft.com/enable.
Demonstration: Using Accessibility Features
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This demonstration shows you how to use some of the accessibility programs in Windows XP Professional to improve the working environment of users with different disabilities. To use the Narrator accessibility program: 1. Click Start, point to All Programs, point to Accessories, point to Accessibility, and then click Narrator. 2. Click OK. 3. Click Start, and then click Run. 4. Type notepad and then click OK. 5. Slowly type a short sentence in Notepad. Listen for each key narration. 6. Close Notepad, and when asked if you want to save changes, click No. 7. In the Narrator window, click Exit, and then click Yes to quit the program. To use the Magnifier accessibility program: 1. Click Start, point to All Programs, point to Accessories, point to Accessibility, and then click Magnifier. 2. Click OK. 3. Click the bottom of the magnified window and drag the window down to increase the size of the window to about half of the screen. 4. Move the pointer over some text, desktop icons, and dialog boxes. 5. In the Magnification level list, select 5. 6. Move the pointer over the desktop again to show the increased magnification level. 7. In the Magnifier Settings window, click Exit.
Examining Narrator, Magnifier, and StickyKeys
To use the StickyKeys accessibility option: 1. Click Start, and then click Control Panel. 2. Click Accessibility Options, and then click Accessibility Options again. 3. Select the Use StickyKeys check box, and then click Apply. 4. Click Start, click Run, type wordpad and then click OK. 5. Press CTRL, press B, and then type a short sentence. 6. Press CTRL, press U, and then type another short sentence. 7. Close WordPad, and when asked if you want to save changes, click No. 8. Press CTRL and then press ESC to open the Start menu. 9. Press ESC to close the Start menu. 10. In the Accessibility Options window, clear the Use StickyKeys check box, and then click OK. 11. Close Accessibility Options.
What Are Regional Settings?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** In Windows XP Professional, users can change the format for elements such as dates and currency, and they can change the language that they use when they input text. These elements are known collectively as regional settings. Regional options When you select a region, Windows XP Professional automatically adjusts the format settings for dates, times, numbers, and currency. To change a region, use the Regional Options tab in Regional and Language Options in Control Panel. When you install Windows XP Professional, you must select a language setting. This language setting determines the input language, which is the format of the text that you type and the accents that you can use. To select a different input language, use the Language tab in Regional and Language Options in Control Panel. For more information about the regional and language settings in Windows XP Professional, see Regional and Language Options overview in the Help and Support Center. For more information about the new locale and language features in Windows XP Professional, see the Microsoft Global Development and Computing Portal at http://www.microsoft.com/globaldev/reference/ winxp/XPLocLang.mspx.
Input languages
Additional reading
How to Support Multiple Languages
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Adding multiple languages Most of an organizations employees work only in one language; however, some employees are required to work in multiple languages on the same computer. To add another language in Windows XP Professional: 1. Click Start, and then click Control Panel. 2. Click Date, Time, Language, and Regional Options, and then click Regional and Language Options. 3. Click the Languages tab, and then click Details. 4. In the Text Services and Input Languages dialog box, under Installed Services, click Add. 5. In the Input language list and the Keyboard layout/IME list, click the appropriate elements, and then click OK three times. Windows XP Professional installs the files for most common input languages. However, if you want to work with East Asian languages, such as Chinese or Japanese, or the complex script and right-to-left languages, such as Arabic and Hebrew, you must install the language files from the Windows XP Professional compact disc. To add support for these languages, select the appropriate check box on the Languages tab in the Regional Options dialog box.
Adding keyboard layouts
Each language has a default keyboard layout, but many languages have alternate versions of keyboard layouts. Changing your keyboard layout affects which characters appear when you press the keys on the keyboard. When you select an alternate keyboard layout, an Input Method Editor (IME) is automatically selected. An IME is a program that enables you to enter the thousands of characters in written Asian languages by using a standard 101-key keyboard. To add a new keyboard layout: 1. Click Start, click Control Panel, click Date, Time, Language, and Regional Options, and then click Regional and Language Options. 2. On the Languages tab, click Details. 3. In the Text Services and Input Languages dialog box, under Installed Services, click the language for which you want to change the keyboard layout, and then click Add. 4. In the Add Input Language dialog box, in the list, select a keyboard layout, and then click OK three times.
Elements of the Start Menu
*****************************ILLEGAL FOR NON-TRAINER USE****************************** When you click the Start button, a menu is displayed that enables users to easily gain access to the most frequently used elements on the computer. You can customize this menu for individual users or for all users. Key points The left frame of the Start menu consists of three sections. The top section displays pinned programs, which are programs that are manually attached to the top left portion of the menu. The default e-mail program and browser always appear as pinned programs. Beneath the pinned programs are the recently used programs. The Start menu is color-coded. The white area of the menu is user-based and can be customized. The light-blue area is operating-system-based, and cannot be customized. When you customize the Start menu for all users, anyone logged on to the computer can use the customizations. If you customize the Start menu for a particular user, only that individual can see and use the customizations.
10
How to Customize the Start Menu
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You can customize the Start menu by adding submenu folders for all users or for individual users, adding shortcuts for often-used programs, and adding elements to the Startup folder. To add a submenu folder and program shortcut for all users: 1. Right-click Start, and then click Open All Users. 2. Double-click the Programs folder. When you place a program shortcut or a subfolder in the Programs folder above the Startup folder, it is listed on the Start menu in the All Programs menu. 3. On the File menu, point to New, and then click Folder. 4. In the highlighted box, type a name for the new folder, and then press ENTER. 5. Right-click any program or shortcut in the Programs folder, and then drag it to the new folder. 6. Click Copy Here. 7. Close the Programs folder. 8. Click Start, point to All Programs, and then verify that the new submenu folder appears at the bottom of the programs list. 9. Point to the new submenu folder to view the program or shortcut that you just copied into it.
Adding submenu elements for all users
11
Adding submenu folders for individual users
To add a submenu folder for an individual user: 1. Right-click Start, and then click Explore All Users. 2. In the left pane, expand the folder with the name of the user whose Start menu you want to customize, and then click the users Start Menu folder. When you place the submenu folder in the Start Menu folder, it becomes pinned to the top of the All Programs menu for that user. 3. On the File menu, point to New, and then click Folder. 4. In the highlighted box, type a name for the new submenu folder, and then press ENTER. 5. Close the Start Menu folder. 6. Click Start and verify that the new folder is not pinned on your menu. (Remember, the user whose folder you selected earlier is the only person who will see this new folder.)
Adding shortcuts for individual users
To add a Start menu shortcut for the user who is logged on: 1. On the desktop, create a shortcut for the menu item you wish to add. 2. Drag the new shortcut from the desktop to the Start menu until the menu opens, then drag the shortcut to the All Programs menu until that menu opens, and then drag the shortcut to the desired location on the menu.
Customizing the Startup folder
If users always use a particular program as soon as they log on, it might be convenient for the program to start automatically when the user logs on. To enable a program to start automatically upon logon, you place a shortcut to that program in the Startup folder. You can customize the Startup folder for all users or individual users. To add a program to the Startup folder: 1. On the desktop, create a shortcut for the menu item you want to add. 2. Drag the new shortcut from the desktop to the Start menu until the menu opens, then drag the shortcut to the All Programs menu until that menu opens; next, drag the icon over the Startup folder until that menu opens, and then drop the icon into the menus contents. 3. Click Start, click Log Off, and then click Log Off again. 4. Log on. The desired program window will open automatically.
Additional reading
For more information about customizing the Start menu, see Customizing your computer in the Help and Support Center.
12
Ways to Customize the Taskbar
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Areas of the taskbar The Windows XP Professional taskbar consists of the following three distinct areas:
!
The main part of the taskbar includes buttons for each open document, folder, and application. Quick Launch is a toolbar that you can add to the taskbar, which contains buttons for frequently used programs that you open by clicking. The notification area of the taskbar is usually where the time is displayed, in addition to icons that indicate the status of certain programs and events.
Customizing taskbar properties
You can customize the following elements of the taskbar:

! ! !
Automatically hiding the taskbar Hiding inactive icons Controlling the display of individual icons in the notification area
To customize the taskbar: 1. Right click the taskbar, and click Properties. 2. Make the required changes on the Taskbar tab. 3. Click Customize to make changes to the properties of a notification icon.
13
Adding program buttons to Quick Launch
To add buttons for frequently used programs to the Quick Launch toolbar: 1. If necessary, add the Quick Launch toolbar: Right-click an empty area on the taskbar, point to Toolbars, and then click Quick Launch. 2. Right-click the Quick Launch toolbar, and then click Open Folder. 3. Create a new shortcut. 4. Type the location of, or browse to, the required program. Note You can also drag any program icon to the Quick Launch toolbar to automatically create a program button.
Adding toolbars to the taskbar
There are different toolbars that you can add to the taskbar. The following table describes the functions of each toolbar and how to customize them.
Toolbar Address Function Provides a Web browser address bar into which you can type the URL (uniform resource locator) of a Web site that you want to open. Provides a quick way to open Web pages, shortcuts, and other elements. To customize Each time you type a URL into this toolbar, the URL is added to a list that you can choose from.
Links
Drag the Web pages icon from the Address toolbar to the Links toolbar. Alternatively, drag any link from a Web page, your Favorites, or the desktop to the Links toolbar. Because this toolbar shows all items on the desktop, you can change the number of buttons on the toolbar by adding or removing items from the desktop. Users who do not like a crowded desktop can hide all items on the desktop and open them from this toolbar. This toolbar automatically appears when any of the appropriate programs is installed. The buttons that are displayed depend on which programs are installed.
Desktop
Provides easy access to all items on the desktop.
Language Band
Provides easy access to text programs such as IMEs and writing and speech recognition programs. It also provides a way to switch between languages and keyboard layouts. Provides a quick link to any folder or network resource on your computer.
New Toolbar
Right-click the taskbar, point to Toolbars, click New Toolbar, click the required resource, and then click OK. The toolbar has the same name as the resource, and you can access everything in that resource from the toolbar.
14
How to Customize My Documents
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points The My Documents folder is a users personal folder. It contains two specialized personal folders: My Pictures and My Music. Windows XP Professional creates these personal folders for every user on a computer. When more than one person uses a computer, each personal folder is identified by the users name. You can customize the My Documents folder by:
! ! !
Changing its location. Sharing it securely with other network users. Customizing its attributes.
Example
If John and Jane use the same computer, there will be two sets of personal folders: Johns Documents, Music, and Pictures; and Janes Documents, Music, and Pictures. When John is logged on to the computer, his personal folders appear as My Documents, My Pictures, and My Music; Janes folders appear as Janes Documents, Janes Pictures, and Janes Music. In Windows XP Professional, the My Documents folder is an alternative for home folders but it does not replace them. When a user tries to save or open a file, most programs determine whether to use the home folder or the My Documents folder in one of two ways:
!
My Documents and home folders
Some programs first look in the home folder for files that match the type of file that is to be opened or saved (for example, *.doc or *.txt). If the program finds a file with that extension, the program opens the home folder and bypasses the My Documents folder. If the program does not find a file with that extension, the program opens the My Documents folder. Some programs bypass the home folder entirely, and look only in the My Documents folder for files.
15
How to change the location of My Documents
You can change the location of the My Documents folder from its usual position in Documents and Settings\username\My Documents to:
!
A local drive other than the one on which programs reside, so that programs and user data are stored separately. A network share, to prevent the loss of data if the local disk becomes corrupted.
To change the location of My Documents, open the properties of the My Documents folder and, on the Target tab, click Move. How to share My Documents securely You can share your My Documents folder to grant other network users access to it. To share the folder securely, set its NTFS security permissions to ensure that only authorized users have access. Note You can control all settings of the My Documents folder by using Group Policy. Important When you set permissions or configure security, always set the most restrictive permissions possible. For example, if other users should only be able to read the documents in the folder, set all permissions to Read. On an NTFS file system partition, a users My Documents folder is available only to that user and the administrators by default. How to customize My Documents attributes The My Documents folder, like all folders on an NTFS partition, has four important attributes that you can customize. The following table describes these attributes.
Attribute Archiving Description Specifies that the contents of the folder are archived when the contents change. Some programs on a computer (for example, Backup) use this attribute to determine which folders and documents to back up. Enables documents in the folder to be found during a search of files on the computer. Compresses the documents in the folder to save disk space. Enables only the user who encrypted the folder to access the contents of the folder.
Indexing Compression Encryption
To change the attributes of the My Documents folder: 1. Click Start, right-click My Documents, and then click Properties. 2. On the General tab, click Advanced, then select or clear the appropriate check boxes for the required attributes. 3. Click OK twice. Note If you are working with a FAT partition, there is no Security tab on the My Documents Properties dialog box, and there is no Advanced button on the General tab.
16
Practice: Customizing Menus and Folders
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup In this practice, you will customize the Start menu and modify the location of the My Documents folder. The London and Vancouver virtual machines should be running. On Vancouver, you should be logged on to the nwtraders domain as VancouverUser. The department that you support has just received new computers running Windows XP Professional. Several users have asked you to help them change the Start menus on these computers to resemble the Start menu in Windows 2000. Additionally, the standard policy for the organization is for users to store documents and files on servers rather than locally, so that all work is backed up on a regular basis. On each of the new computers, you must modify the location of the My Documents folder to a shared folder that is located on a server running Windows 2000 Server.
Scenario
! Customize the Start menu

1. On Vancouver, right-click Start, and then click Properties. 2. In the Taskbar and Start Menu Properties dialog box, click Classic Start Menu, and then click OK. 3. Click Start to display the Classic Windows Start menu. 4. Right-click Start, and then click Properties. 5. In the Taskbar and Start Menu Properties dialog box, click Start menu, then click Customize. 6. In the Customize Start Menu dialog box, click the Advanced tab. 7. In the Start menu items list, select the My Network Places check box.
17
8. Scroll to Network Connections and click Display as Connect to menu. 9. Scroll to System Administrative Tools and click Display on the All Programs menu and the Start menu. 10. Click OK twice.
! Change the location of the My Documents folder

1. Click Start, right-click My Documents, and then click Properties. 2. In the My Documents Properties dialog box, click Move. 3. On the Select a Destination page, expand My Network Places, expand Entire Network, expand Microsoft Windows Network, expand Nwtraders, and then expand London. 4. Click Home, and then click Make New Folder. 5. Right-click New Folder, and then click Rename. 6. In the highlighted box, type DomainUser and then press ENTER to finish changing the name. With DomainUser selected, click OK. 7. In the My Documents Properties dialog box, click OK. 8. When the Move Documents message box appears, click Yes.
! Save a document in the My Documents folder and change the location

back to the default location 1. Click Start, point to All Programs, point to Accessories, and then click WordPad. 2. Type some text in the WordPad document, click File, and then click Save. 3. In the Save As dialog box, in the File Name box, type My Documents Location and then click Save. 4. Close WordPad. 5. Click Start, and then click My Computer. 6. Under Other Places, click My Documents to see the WordPad document that you saved. 7. Under Other Places, click My Network Places, click Entire Network, in the detail pane, double-click Microsoft Windows Network, double-click Nwtraders, double-click London, double-click Home, and then doubleclick DomainUser to see the WordPad document that you saved. 8. Close all open windows. 9. Click Start, right-click My Documents, and then click Properties. 10. In the My Documents Properties dialog box, click Restore Default. 11. Click OK. 12. When the Move Documents message box appears, click Yes.
18
Lesson: Configuring System Settings
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction System performance can vary over time because of changes in workload and resource use. Windows XP Professional includes configuration options that enable you to optimize system performance. After completing this lesson, you will be able to:
!
Lesson objectives
Describe how environment variables work and modify them at the system and user level. Configure system failure settings to support debugging.
19
How Environment Variables Work
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Environment variable behavior In Windows XP Professional, you can change the location of the systems temporary files to optimize space. Some programs have variables that you must configure for each user. However, if multiple users share a computer, you can configure the required settings at the system level without configuring each users settings individually. During startup, Windows XP Professional searches the startup files and sets environment variables in the following order: 1. Autoexec.bat variables 2. System environment variables 3. User environment variables Modifying environment variables To modify environment variables, open the System Properties dialog box, click the Advanced tab, and then click Environment Variables. The Environment Variables dialog box contains specific configuration information, such as the location of temporary files that the operating system and certain applications use. There are two types of environment variables that you can configure in this dialog box:
!
User variables. These variables specify the locations of the current users temp files. Users can modify their individual variables. System variables. These variables specify the location of particular computer files and folders. Only administrators can modify system variables.
20
Example
This example shows how the order in which variables are processed affects the resulting value of the variable settings. 1. Administrator adds SET TMP=C:\ to Autoexec.bat. 2. User sets TMP=X:\TEMP. The user environment variable setting of TMP=X:\TEMP overrides the SET TMP=C:\ setting in the Autoexec.bat file.
Additional reading
For more information on setting environment variables, see Managing your computers performance in the Help and Support Center.
21
System Failure Settings
*****************************ILLEGAL FOR NON-TRAINER USE****************************** System failure settings You configure system failure settings to indicate what actions a computer should take if the operating system stops unexpectedly and generates a Stop error, a severe error that causes the operating system to stop all processes. The following table describes the system failure settings options.
System failure setting Write an event to the system log Send an administrative alert Automatically restart Write debugging information Overwrite any existing file Description Records the source of the Stop error in the system log for review at a later time. Specifies that your system administrator is notified of an unexpected Stop error. Restarts the computer as part of the recovery process. Sends information to a file named Memory.dmp that support engineers use for debugging. Overwrites the Memory.dmp file when a Stop event occurs. If you do not select this option, the file is not overwritten, and you can create a new log file by typing a different file name.
22
Debugging information options
You can choose the type of debugging information you want recorded. This information is then stored in a dump file, the file that contains the debugging information, in a location that you choose. The following table describes the different types of debugging information.
Debug information type Small Memory Dump Recorded information and location Records the smallest set of useful information that will help to identify the reason that the system stopped unexpectedly. This option requires a paging file of at least 2 MB on the boot partition of the computer, and specifies that Windows XP Professional create a new file each time the system stops. A history of these files is stored in the path specified in the Small dump directory box. Records only kernel memory, which speeds up the process of recording information in a log. Depending on the amount of RAM in the computer, there must be between 50 MB and 800 MB available for the paging file on the computers boot partition. Records the entire contents of system memory when the computer unexpectedly stops. If you choose this option, the paging file on the boot partition must be large enough to hold all of the physical RAM, plus 1 MB.
Kernel Memory Dump
Complete Memory Dump
Utilities for interpreting the Memory.dmp file
The Memory.dmp file contains the debugging information that you choose to record. Two utilities in the Windows XP Resource Kit can help you to interpret the information in this file:
!
Dumpchk. This utility converts the hexadecimal file to text so that it is readable. Dumpexam. This utility displays the contents of the file.
Changing system failure settings
To configure system failure settings: 1. Open Performance and Maintenance in Control Panel and then click System. 2. In the System Properties dialog box, click the Advanced tab, and then change the Startup and Recovery settings. 3. Modify your system failure settings as required.
23
Lesson: Managing User Profiles
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction If you are responsible for supporting users, you must understand how profiles work and how you can control them by using Group Policy. When you control user profiles, it is important to balance a users work style with the organizations requirements for consistent business processes. Profiles and Group Policy can affect a users ability to customize the desktop environment. After completing this lesson, you will be able to:
! ! !
Lesson objectives
Explain the different types of user profiles. Describe how Group Policy can limit user customization of desktops. Manage user profiles.
24
Types of User Profiles
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points All user-specific settings are saved in the user profile in the Documents and Settings folder. When a user logs off from a computer, the user profile is updated on that computer. User profiles maintain the desktop settings for each users work environment on the local computer. Types of profiles include:
!
Default user profile. This user profile is the basis for all user profiles. Every user profile begins as a copy of the default user profile, which is stored on each computer running Windows XP Professional. You can modify this profile if your organization requires a customized default user profile. Local user profile. This user profile is created the first time a user logs on to a computer and is stored on the local computer. Any changes to the local user profile are specific to the computer on which the changes are made. Multiple local user profiles can exist on one computer. An administrator can delete these profiles if required. Roaming user profile. This user profile is created by the system administrator and is stored on a server. It is available every time a user logs on to any computer on the network. If a user changes his or her desktop settings, the user profile is updated on the server when the user logs off. Roaming profiles function best in a domain environment, where there is a single, centralized user account. Mandatory user profile. This user profile is created by the system administrator to specify particular settings for a user or users. You can make roaming profiles mandatory by changing the profile file name from Ntuser.dat to Ntuser.man. This makes the file read-only, which means that users can modify desktop settings when they are logged on, but the changes are not saved when they log off.
Additional reading
For more information on user profiles, see Course 2274, Managing a Microsoft Windows Server 2003 Environment, and Course 2275, Maintaining a Microsoft Windows Server 2003 Environment.
25
How Group Policy Controls Desktop Customization
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Using Group Policy to control customization Group Policy is the collection of network configuration settings that support organizational and network policies by assigning the policies to specific objects. You can apply these policies to one or more objects in the Microsoft Active Directory directory service, such as user accounts, groups, and computers. You can use Group Policy settings to define users desktop environments, including:
! ! ! !
User desktop settings Environment variables System settings Restricted access to files, folders, and system settings in Windows XP Professional
It is easier to support and maintain your organizations computers if the desktop configuration and system settings are consistent. However, when you control your users desktop environments using Group Policy, you must remember to balance a users work style with the organizations requirements for consistent business processes. Additional reading For more information about Windows XP Professional policy settings, see article 292504, Policy Settings for the Start Menu in Windows XP, in the Microsoft Knowledge Base at http://support.microsoft.com/ default.aspx?scid=kb%3Ben-us%3B292504.
26
How to Manage User Profiles
*****************************ILLEGAL FOR NON-TRAINER USE****************************** You can manage user profiles by customizing profiles, copying profiles, modifying the default profile, and deleting unneeded profiles. Creating and customizing a user profile You can customize the profile for a new user account. To create and customize a user profile: 1. Create a new user account. 2. Log on as the new user and configure the desktop environment as desired. 3. Log off. Copying a user profile If you want to transfer the settings in one user profile to another user profile, you can copy the profile. To copy a user profile: 1. Log on as a local Administrator. 2. Open the System Properties dialog box. 3. On the Advanced tab, under User Profiles, click Settings. 4. Select the profile you want to copy, verify that its type is Local, and then click Copy To. 5. In the Copy To dialog box, click Browse, expand Local Disk (C:), expand Documents and Settings, click the name of the target profile, and then click OK. 6. In the Copy To dialog box, under Permitted to use, click Change. 7. In the Select User or Group dialog box, enter the name of the target user, click Check Names, and then click OK. 8. In the Copy To dialog box, click OK. 9. In the Confirm Copy message box, click Yes. 10. Click OK twice. 11. Log on as the target user to verify the profile settings.
27
Modifying the default user profile
You can modify the default user profile so that all new users get the same custom profile settings. To modify the default user profile: 1. Create and customize a new user profile. 2. Log on as a local Administrator. 3. Copy the new user profile to the Default User profile. 4. Add the Everyone group to the Permitted to use list. 5. Click Yes to overwrite the existing Default User profile. 6. Click OK twice.
Deleting a user profile
You can delete unneeded profiles. In the User Profiles dialog box, select the profile, and then click Delete.
28
Practice: Managing Local User Profiles
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective In this practice, you will create a local user profile and then copy one users local profile to another users profile so that they are the same. You will test the copied profile to make sure that it works, and then delete the original local user profile. The London and Vancouver virtual machines should be running. On Vancouver, you should be logged on to the nwtraders domain as VancouverUser. You support a department of users that has just received new computers running Windows XP Professional. One of the users has experience using Windows, and she has created a custom desktop for herself. Another user has asked you to set up his desktop just like the other users desktop.
Practice Setup
Scenario
! Create and customize a local user profile

1. On Vancouver, right-click the desktop, then click Properties. 2. On the Desktop tab, change the background to Coffee Bean, and then click Customize Desktop. 3. Under Desktop icons, select the My Computer, My Network Places, and Internet Explorer check boxes to add those icons to the desktop, and then click OK. 4. Click OK to close the Display Properties dialog box. 5. Right-click Start, click Properties, click Classic Start menu, and then click OK. 6. Log off the computer. (Click Start, click Shut Down, select Log off VancouverUser, and then click OK.)
29
A customized local user profile exists for VancouverUser. You will now create another user profile, and copy VancouverUsers customized profile to the new user profile.
! Create another local user profile

1. Log on to the local Vancouver computer as Administrator with the password P@ssw0rd. 2. Click Start, right-click My Computer, and then click Properties. 3. On the Advanced tab, under User Profiles, click Settings, and then verify that the VancouverUser profile exists and that its type is Local. 4. Close all open windows. 5. Click Start, right-click My Computer, and then click Manage. 6. Expand Local Users and Groups, right-click Users, and then click New User. 7. Create a new user called OtherUser with the password P@ssw0rd, clear the User must change password at next logon check box, and then click Create. 8. Click Close to close the New User dialog box, and then close Computer Management. 9. Log off and then log on to the local computer as OtherUser with the password P@ssw0rd. Note that this user is currently using the standard default user profile and has a Windows XP Professional desktop and Start menu.
! Copy the first customized user profile to the new user profile
1. Log off and then log on to the local computer as Administrator with the password P@ssw0rd. 2. Click Start, right-click My Computer, and then click Properties. 3. On the Advanced tab, under User Profiles, click Settings, and then verify that the OtherUser profile exists and that its type is Local. 4. Select the VancouverUser profile, and then click Copy To. 5. In the Copy To dialog box, click Browse, expand Local Disk (C:), expand Documents and Settings, click OtherUser, and then click OK. 6. In the Copy To dialog box, under Permitted to use, click Change. 7. In the Select User or Group dialog box, click Locations. 8. When prompted to enter a network logon and password, click Cancel. 9. In the Locations dialog box, click Vancouver, and then click OK. 10. Under Enter the object name to select, type OtherUser, click Check Names, and then click OK. 11. In the Copy To dialog box, click OK.
30
12. In the Confirm Copy message box, click Yes. 13. Click OK to close User Profiles, then click OK to close System Properties. 14. Log off the computer. You have just copied the VancouverUser customized profile to the OtherUser profile location. All desktop and Start menu configuration changes that VancouverUser made are now applied to OtherUser.
! Test the copied user profile

1. Log on to the local computer as OtherUser with the password P@ssw0rd. 2. Click Start and verify that it is the Classic Start menu style. Verify that the My Computer, My Network Places, and Internet Explorer icons are on the desktop. 3. Right-click the desktop, and then click Properties. 4. On the Display Properties sheet, click Desktop and verify that the background is Coffee Bean, and then click OK. You can see that all settings from the VancouverUser profile have now been applied to the OtherUser profile. 5. Log off the computer.
! Delete a local user profile

1. Log on to the local computer as Administrator with the password P@ssw0rd. 2. Click Start, right-click My Computer, and then click Properties. 3. In the System Properties dialog box, click Advanced, and then under User Profiles, click Settings. 4. Select the VancouverUser profile, and then click Delete. 5. Click Yes to confirm the deletion. 6. Click OK to close User Profiles, click OK to close System Properties, and then log off from the computer. 7. Log on to the nwtraders domain as VancouverUser with the password P@ssw0rd. When you log on this time, it takes longer for the desktop to appear, and the new profile will be the default user profile. This delay occurs because the system has to build a new profile for your user because you deleted the original user profile. 8. Log off the domain.
31
Lesson: Using Remote Administration
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Remote administration can streamline your administrative tasks by enabling you to support multiple computers from a single computer console. This lesson introduces the concept of performing remote administration by using Windows XP administrative tools. There are some issues that can arise when performing remote administration of computers that run Windows XP with Service Pack 2 installed; this lesson explains those issues and how you can resolve them. After completing this lesson, you will be able to:
! ! !
Lesson objectives
Identify the primary functionality of remote administration. Identify the remote administration issues related to Service Pack 2. Use remote administration.
32
What Is Remote Administration?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Definition Remote administration is any administrative task performed on one computer by using tools and utilities installed on another computer. Remote administration requires a network connection between the two computers. The remote administrator also needs to have administrative privileges on the remote computer in order to accomplish administrative tasks. There are many tools and utilities within Windows XP that can be used for remote administration, including Computer Management, Group Policy, and a variety of command-line tools. Example For example, an administrative user on the Glasgow virtual computer could use the Connect to another computer command in Computer Management to connect to the remote computer Vancouver and perform computer-management tasks.
33
Remote Administration Issues Related to Service Pack 2
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points In order to use common administrative tools to remotely administer computers, the remote computer must allow incoming network traffic on TCP port 445. Many firewall systems, including the default configuration of Windows Firewall in Windows XP Service Pack 2, block incoming network traffic on TCP port 445. Therefore, there may be issues performing remote administrative tasks on remote Windows XP computers with Service Pack 2 installed. You might receive any of a number of error messages that indicate that access was denied, or that the object or network path could not be found. The administrative tools that can be affected include Computer Management, Device Manager, Disk Management, Event Viewer, Group Policy, Local Users and Groups, Shared Folders, and a number of standard dialog boxes. To use these tools to remotely connect to a computer running Windows XP with Windows Firewall enabled, you might need to open TCP port 445 in the firewall on the remote computer. You can use the netsh command-line tool to modify the network configuration of the firewall. Enabling remote administration services To open TCP port 445 to enable remote administration services: 1. Click Start, point to All Programs, point to Accessories, and then click Command Prompt. 2. At the command prompt, type
netsh firewall set portopening TCP 445 ENABLE
3. Press ENTER and close the Command Prompt window. Important Opening firewall ports can create a security vulnerability. You should carefully plan and test any such configuration change before it is implemented.
34
How to Use Remote Administration
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Performing remote administration The exact procedures for using remote administration will vary depending on the tool you are using to perform the administrative tasks. The general steps are: 1. Run the administrative tool on the local computer. 2. Connect to the remote computer by name. 3. Provide administrative credentials for the remote computer if you are prompted. Performing remote administration with command-line tools To perform remote administration with a command-line tool, you will need to use the appropriate syntax for that tool. The syntax might include switches and variables that enable you to specify the remote computer and provide the remote administrative credentials. For the syntax of a particular tool, see Command-line reference in the Help and Support Center.
35
Practice: Using Remote Administration
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup Scenario In this practice, you will manage accounts on another computer in the domain. The London, Glasgow, and Vancouver virtual machines should be running. If Glasgow is paused, resume it. You should not be logged on. You have been given the responsibility to periodically review, archive, and clear event logs on the computers running Windows XP Professional in your department. The log files should be saved as text files on your own computer for later review and reporting. You would like to perform this task by using remote administration from your own computer. Your corporate security standard authorizes opening TCP port 445 in Windows Firewall on computers that need to be administered remotely.
! Open TCP port 445 on Glasgow

1. On Glasgow, log on to the nwtraders domain as Administrator with the password P@ssw0rd. 2. Click Start, point to All Programs, point to Accessories, and then click Command Prompt. 3. In the command prompt window, type netsh firewall set portopening TCP 445 ENABLE and then press ENTER. 4. After you receive the OK message, close the Command Prompt window.
36
! Open Event Viewer on Vancouver

1. On Vancouver, log on to the nwtraders domain as VancouverAdmin with the password P@ssw0rd. 2. Click Start, and then click Control Panel. 3. In Control Panel, click Performance and Maintenance, click Administrative Tools, right-click Event Viewer, and then click Run as. 4. Click The following user, and in the User name box, type Vancouver\Administrator. In the Password box, type P@ssw0rd and then click OK.
! Connect to Glasgow
1. Right-click Event Viewer (Local), and then click Connect to another computer. 2. In the Select Computer dialog box, ensure that Another computer is selected, and then click Browse. 3. Type Glasgow and then click Check Names. 4. If prompted, log on as GlasgowAdmin with the password P@ssw0rd. 5. Click OK twice.
! View, save, and clear the system log through the remote connection
1. Under Event Viewer (Glasgow), click System. 2. Right-click System, and then click Clear all Events. 3. Click Yes to save the file. 4. Save the file to drive C of Vancouver as a text file named Glasgowsystemlog.txt. 5. Close Event Viewer and Administrative Tools, and then log off.
37
Lesson: Using Remote Assistance in Windows XP Professional
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction As an IT professional, you are responsible for providing technical support to users within your department. At times, many of these users may be new and have limited computer experience. They will frequently ask questions about how to perform certain tasks. Use the Remote Assistance feature in Windows XP Professional to reduce the amount of time that you spend supporting these users. After completing this lesson, you will be able to:
! ! ! !
Lesson objectives
Explain the purpose and the limitations of Remote Assistance. Securely start a Remote Assistance session. Send and receive files while using Remote Assistance. Explain the best practices for using Remote Assistance.
38
What Is Remote Assistance?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points Remote Assistance enables you to provide technical support to users without spending too much time traveling or conducting troubleshooting tasks over the telephone with novice users. For security reasons, Remote Assistance supports sharing control of the users computer. It does not provide a method to take control of the users computer. Communication between the user and the helper usually begins through the Chat function. To share control of a users computer to help solve a problem, you must first request permission. Additional reading For more information about Remote Assistance, see Remote Assistance under Security and administration in the Help and Support Center.
39
How to Establish a Remote Assistance Session
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Establishing a session Before you can remotely assist a user, the user must initiate a Remote Assistance session. To establish a Remote Assistance session, the user requests help by sending an invitation: 1. The user uses the Help and Support function to invite someone to help him or her by means of Remote Assistance. 2. The user selects a method to send the invitation. Users can choose between sending a Windows Messenger message, sending an e-mail using Microsoft Office Outlook, or saving the invitation as a file and then sending it to the recipient over the network or on removable media. 3. The user enters the details of the problem (and possibly a message), sets the expiration time for the invitation, sets a secure password, and then sends or saves the invitation. Warning To ensure that they can trust the person from whom they are accepting help in Remote Assistance, users should always use strong passwords when establishing a session. Strong passwords should include a mixture of letters, numbers, and symbols, and should not include part of your user name or common words found in a dictionary.
40
To respond to the Remote Assistance request, the helper performs the following steps: 1. Opens the invitation file or message. 2. Enters the correct password. 3. Attempts to connect to the other users computer. The user then accepts the helpers assistance, and the helper views the users screen and communicates by using the Chat function. Important If Windows Firewall is enabled on your Internet connection, you will need a firewall exception for Remote Assistance in order to permit Remote Assistance traffic. This exception is enabled by default. If you need to enable the exception, open the Internet connections Properties dialog box and click Settings on the Advanced tab to open the Windows Firewall dialog box. On the Exceptions tab, select the Remote Assistance check box, and then click OK. Additional reading For more information about Windows XP Professional Remote Assistance and troubleshooting, see the Microsoft Web site at http://www.microsoft.com/ technet/itsolutions/msit/deploy/hlpratcs.mspx.
41
How to Send and Receive Files by Using Remote Assistance
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points When you use Remote Assistance to provide support, the helper and the user can exchange files by using the Remote Assistance console. For example, a help desk support engineer can send a user an updated driver file, a missing system file, or a document explaining how to perform a particular task. When you send files using this method, it is best practice to inform the user before you send a file and also to identify the file. This prepares the user to expect a file and reduces the opportunity for hackers to fool your users by sending them malicious files that they do not expect. To send a file: 1. The helper uses Chat, the telephone, or e-mail to inform the user which file he or she is sending and why. 2. The helper selects a file in the Remote Assistance console and sends it. 3. The user saves the file and chooses whether to open it. 4. The helper automatically receives an acknowledgement that the file has been sent. Caution In any network environment, users should know to accept only files that they know have been sent from trusted sources. Additional reading For more information about how to use Remote Assistance in Windows XP Professional, see the Microsoft Web site at http://www.microsoft.com/ technet/itsolutions/msit/deploy/hlpratcs.mspx.
42
Best Practices for Using Remote Assistance
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Educate your users and support staff to follow these best practice guidelines whenever they use Remote Assistance. This will make it less likely that social engineering hackers will fool your users and will help to keep users systems secure. The following are best practices to follow when using Remote Assistance:
!
Best practices
The helper must always set a password and expiration time because leaving the system open is an invitation for hackers. Whether you are the user or the helper, insist that the Remote Assistance invitation contains a password and an expiration time. To eradicate social engineering hacking, the user should permit only a helper whom they trust to connect to their computer. Users must never share their logon names or passwords by means of Remote Assistance. Control should be shared only as a last resort. Helpers should try to talk users through the tasks. This is a more secure process, and it helps users become self-reliant. Helpers must always inform users whenever sending files to them. This prepares users to expect files, and reduces the opportunity for hackers to trick users by sending them malicious files that they do not expect. The helper must always disconnect at the end of a session. The user then deletes or closes the invitation. The disconnection ensures that no one can use the invitation to obtain unauthorized access to the users computer.
Additional reading
For more information on keeping your systems secure, see the Microsoft Security home page at http://www.microsoft.com/security.
43
Lab A: Using Remote Assistance to Configure a Computer Running Windows XP Professional
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives After completing this lab, you will be able to:
! ! !
Send a Remote Assistance invitation. Respond to a Remote Assistance invitation. Use the Remote Assistance console to help a user change his or her desktop and system failure settings.
Note This lab focuses on the concepts in this module. As a result, this lab might not comply with Microsoft security recommendations. Prerequisites Before working on this lab, you must have:
! !
A computer running Microsoft Windows XP Professional. A shared folder on the London computer called RAHelp, which has Full Control permissions.
Lab setup Scenario
The London, Glasgow, and Vancouver virtual machines should be running. You are responsible for providing technical support to users within your department. Many of these users are new and have limited computer experience. They frequently ask questions about how to perform certain tasks. To avoid spending too much time traveling to where their computers are located and supporting them locally, you are going to use Remote Assistance to show the users how to make the changes themselves. Note An answer key containing a detailed solution for this lab is available in the Appendices folder of the Student Materials compact disc.
Estimated time to complete this lab: 30 minutes
44
Exercise 1 Sending a Remote Assistance Invitation

In this exercise, each partner will send an invitation to the other partner by using Remote Assistance.
Task
1.
Specific instructions
a.
Use the Help and Support Center to send a Remote Assistance invitation to your partner.
On Vancouver, log on to the domain as VancouverUser with the password P@ssw0rd. logon.
b. Map a network drive Z to \\london\RAHelp, but do not reconnect at c.
Close the RAHELP window. Assistance to connect to your computer and help you.
d. In the Help and Support Center, invite someone to use Remote e. f. g.
Select the option to save the invitation as a file. Verify that your domain user name appears and that the expiration time is set to 1 hour. Ensure that the recipient uses P@ssw0rd as the password, and save the invitation to the RAHelp on the London Z drive as Vanrahelp. Close the Help and Support Center.
h. View the status of all of your invitations. i.
45
Exercise 2 Responding to a Remote Assistance Invitation

In this exercise, you will now take the role of helper and respond to the invitation that was sent.
Task
Specific instructions Important: This task is for the helper.
1.
Respond to the Remote Assistance invitation.
a.
On Glasgow, log on to the domain as GlasgowUser with the password P@ssw0rd. logon.
b. Map a network drive to \\london\RAHelp, but do not reconnect at c.
Open the invitation file VANrahelp. was set in the previous exercise, and agree to connect to the users computer.
d. In the Invitation dialog box, type the Remote Assistance password that
46
Exercise 3 Supporting a User by Using the Remote Assistance Console

In this exercise, the helper provides support to the user by using the Remote Assistance console. You will take both roles, alternating between them; the helper will be GlasgowUser on Glasgow and the user will be VancouverUser on Vancouver.
Tasks
Important: Task 1 is for the user, VancouverUser on the Vancouver virtual machine.
1.
Allow the helper to see your screen and chat with you, and then ask for help.
a. c.
Switch to Vancouver. To ask for help from the helper, type the following text in the Chat box, and then send it: Hello. Could you please help me make my screen and menus look like they used to when I had Windows 2000 on my computer?
b. Allow the helper to view your screen and chat with you.
Important: Task 2 is for the helper, GlasgowUser on the Glasgow virtual machine.
2.
Respond to the users request for help, and then take control of his or her desktop.
a.
Switch to Glasgow. send it: Yes, I can explain it to you.
b. Type the following response to the users request for help, and then
Important: Task 3 is for the user.

3.
Ask the helper to show you how to make the changes.
a.
Switch to Vancouver. following text in the Chat box, and then send it: My Windows skills are not very good yet so can you do it for me?
b. Ask the helper to show you how to make the changes by typing the
Important: Task 4 is for the helper.

4.
Respond to the users request for help again.
a.
Switch to Glasgow. send it: OK, Im going to show you how to do it this time, and then next time you can do it yourself.
b. Type the following response to the users request for help, and then
c.
Attempt to click any element on the users computer. Notice that at this point, you can view only the desktop. Request to take control of the users desktop.
d. Hide the Chat window. e.
Module 4: Configuring the Desktop Environment (continued)
47
Tasks

5.
Let the helper take control of your computer.
a.
Switch to Vancouver. At this point, the helper has control of the users computer. The user can still perform tasks on the computer, but will be sharing control with the helper.
b. When prompted, let the helper take control of your computer.

6.
Change the desktop and the Start menu on the users computer.
a. c.
Switch to Glasgow. Change the users desktop theme to Windows Classic, and change the users Start menu to Classic Start menu.
b. In the Remote Assistance message box, click OK.
d. Show the user the changes that you made and how you made them.

7.
Ask the helper to change your system failure settings to perform a complete memory dump and set your computer to not automatically restart.
a.
Switch to Vancouver. your department manager by typing the following text in the Chat box, and then send it: Could you also change my system failure settings to meet the new department standards?
b. Ask the helper to change your system failure settings as requested by

8.
Change the users system settings as requested, and then disconnect from the Remote Assistance session.
a.
Switch to Glasgow. enter NWTRADERS\Administrator as the user name with the password P@ssw0rd.
b. In Control Panel, open System by using the Run as command, and
c. e.
Change the Startup and Recovery settings as requested. Close the Remote Assistance console.
d. Relinquish control of the users computer, and then disconnect from it.

9.
Close the Remote Assistance console.
a.
Switch to Vancouver.
b. Confirm the disconnection and close the Remote Assistance console.

Contents Overview Lesson: Configuring Security and Connection Settings for Internet Explorer Lesson: Customizing and Deploying Internet Explorer Settings Lesson: Supporting Applications in Windows XP Professional Course Evaluation 1 2 15 26 36
iii
Instructor Notes
Presentation: 60 minutes This module introduces students to the security and connection settings for Microsoft Internet Explorer. Students will learn the methods for deploying and enforcing Internet settings. This module also provides students with information about using Add or Remove Programs filtering, configuring applications that are designed for earlier versions of Microsoft Windows, and gathering information by using the Dr. Watson program-error debugging utility. Lab: 00 minutes Objectives There is no lab for this module.

! !
Configure the security and connection settings for Internet Explorer. Use the Internet Explorer Administration Kit and Group Policy to customize and deploy Internet Explorer settings. Perform application support tasks on computers that run Windows XP Professional.
Required materials
The following materials are required for teaching this module:

! !
Microsoft PowerPoint file 2285B_05.ppt The Drwtsn32.log file on the Trainer Materials compact disc
! ! !
Read all of the materials for this module. Complete the practices. Read the materials listed under Additional reading for each topic.
iv

This section contains information that will help you to teach this module. For some topics in this module, references to additional information appear in notes at the end of the topic. Read this additional information when preparing to teach the module. During class, ensure that students are aware of that additional information.
Lesson: Configuring Security and Connection Settings for Internet Explorer

This section describes the instructional methods for teaching this lesson. This lesson teaches students the basic methods of configuring Internet Explorer for security and connections. Focus on the reasons for making the settings and how to make settings on a computer-by-computer basis. Components of a Secure Internet Connection The slide for this topic depicts a high-level view of a secure network topology and shows that configuring the client is only part of a corporate security policy. Briefly describe:
! ! ! !
The dangers of active content. Firewall rules, and how they protect corporate computers. How to improve Internet access by using a proxy server. How dial-up connections from the desktop can bypass the outbound security and access features of a firewall and a proxy server.
Security Zones for Internet Explorer
To introduce security zones, briefly demonstrate the settings on the Security Zones tab and the other tabs in the Internet Options dialog box. Indicate that students can manage certificates on the Content tab, but do not discuss certificates, which are beyond the scope of this course. Students will investigate the Local intranet security zone in the practice for this lesson, so focus your demonstrations on the other zones. When you describe the security options in a security zone, refer to discussions about harmful content from the previous topic.
Connection Settings for Internet Explorer
This topic gives students an understanding of the connections that are used for dial-up and virtual private network (VPN) access, and why such connections are typically not used in a local area network (LAN). Concentrate on a proxy configuration for the dial-up connections, the VPN connections, and the LAN settings. Briefly demonstrate how to set up a proxy server for different protocols, but advise students that they will usually configure a single proxy for all protocols. List the major enhancements to Internet Explorer that are included in Service Pack 2. Ensure that students understand the concepts of pop-ups, untrusted publishers, and add-ons, and how the new Internet Explorer management tools for these items improve security as well as enhance the user experience. Point out how the Information Bar consolidates similar messages and dialog boxes to present a centralized source of information. Present the procedures and configuration options for blocking pop-ups.
Service Pack 2 Enhancements to Internet Explorer
How to Block Pop-Ups
How to Block Untrusted Publishers
Present the procedure for blocking untrusted publishers when users are prompted to download code. Explain that this option adds the publishers certificate to the untrusted publishers list, and show students how to access the list and unblock a publisher. Present the procedures and configuration options for managing Internet Explorer add-ons. In this practice, students will configure Internet Explorer security options. If time permits, encourage students to investigate settings that are not presented in the practice.
How to Manage Add-Ons Practice: Configuring Security Settings for Internet Explorer
Lesson: Customizing and Deploying Internet Settings

This section describes the instructional methods for teaching this lesson. Methods for Customizing and Deploying Internet Explorer Settings Introduce the following methods for maintaining the Internet Explorer security options that you configured manually in the previous lesson, and discuss when you might use them. Note that the IECW and the IEAK Profile Manager are located in the Internet Explorer Administration Kit (IEAK):
! !
The Internet Options menu in Internet Explorer. Internet Explorer Customization Wizard (IECW), which creates custom packages for distributing Internet Explorer. IEAK Profile Manager, which maintains the deployed browsers. IEM policy settings in Group Policy. Using Group Policy to maintain Internet Explorer settings requires Microsoft Active Directory directory service and Group Policy.
! !
How to Customize Internet Explorer
In this topic, describe the IECW and how it creates browser packages. Before teaching this topic, download IEAK Service Pack1 at http://www.microsoft.com/windows/ieak/downloads/ieak6/ieak6sp1.mspx. After downloading the IEAK, familiarize yourself with the versions and licensing of the kit. If you want to provide a brief demonstration of IEAK, select Flat for the Media Selection and use Connections Customization for the feature selection. Students will use Security Zones and Content ratings in the practice that follows this topic. Discuss the concepts of Group Policy, and how the linking of Group Policy objects (GPOs) to appropriate container objects in Active Directory enforces settings and software configuration for all objects in the Active Directory container. Explain that, by using the Internet Explorer Maintenance (IEM) extension to Group Policy, students can maintain browsers by making settings that Group Policy objects can deploy. Reiterate that the IEM extension requires Active Directory.
Practice: Configuring Internet Explorer Settings by Using Internet Explorer Customization Wizard
In this practice, students will use the IECW to configure Internet Explorer settings.
vi
What Is the GPMC?
Describe the Group Policy Management Console (GPMC) to students. GPMC is a tool for managing GPOs. The GPMC consists of IEM, the Microsoft Management Console (MMC) extension discussed in the previous topic, and a set of scriptable interfaces for managing Group Policy. Advise students that GPMC is a separate component from Microsoft Windows Server 2003. They can install and use it on computers running Windows XP Professional as a tool for managing Group Policy from client workstations. In this practice, students will explore the capabilities of the GPMC to manage Group Policy and will use the GPMC to examine domain Group Policy settings that can be used to configure Internet Explorer. Discuss the best practices for configuring Internet Explorer. Best practices include setting restrictions that apply an organizations acceptable-use policy. Best practices must also include enforcing settings by disabling a users ability to change the browsers security-related settings. Discuss the policies of the students current organizations to give students an opportunity to learn from each other.
Practice: Managing Group Policy with the GPMC Guidelines for Configuring Internet Explorer
Lesson: Supporting Applications in Microsoft Windows XP Professional

In this lesson, explain to students that you have finished the discussion about security issues with browsers, and that this lesson addresses information about applications. What Is Add or Remove Programs Filtering? What Is Program Compatibility? In this topic, explain the benefits of the new Add/Remove Programs filter feature available in Service Pack 2. Program compatibility involves applying small pieces of code that enable programs written for earlier versions of Windows to run on Windows XP Professional. Show students that they can ensure program compatibility either manually or by using a wizard. Demonstrate the manual method by using Notepad. In this topic, describe how to run the Program Compatibility Wizard. Explain that it is only necessary to configure program compatibility if you are having difficulty running a program written for a previous version of Windows. In this topic, describe the Dr. Watson utility and how to use it. It is unlikely that students are application developers, so focus on using Dr. Watson to diagnose problems and create reports for support organizations. The examples in the text are also located in a log file on the Trainer Materials compact disc. In this topic, present the procedures and configuration options for Dr. Watson and the procedures for accessing the Dr. Watson log files. In this practice, students will configure Dr. Watson, open the Dr. Watson for Windows dialog box, and view a sample log file. Point out the different parts of the file, including the application exception, system information, task list, module list, state dump, and symbol table.
How to Use the Program Compatibility Wizard What Is Dr. Watson?
How to Configure Dr. Watson Practice: Configuring Dr. Watson
vii
Assessment
There are assessment questions for each lesson in this module located on the Student Materials compact disc. You can use them as pre-instruction assessments to help students identify areas of difficulty, or you can use them as post-instruction assessments to validate learning. Consider using assessment questions to reinforce learning at the end of each day. You can also use them at the beginning of the day as a review of the information that you taught on the previous day.
Overview
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction In this module, you will learn how to configure security and connection settings for Microsoft Internet Explorer to ensure that users have appropriate access to the Internet and intranet. You will also learn how to support applications on computers running Microsoft Windows XP Professional. After completing this module, you will be able to:
! !
Objectives
Configure security and connection settings for Internet Explorer. Use the Internet Explorer Administration Kit (IEAK) and Group Policy to customize and deploy Internet settings. Perform application support tasks on computers running Windows XP Professional.
Lesson: Configuring Security and Connection Settings for Internet Explorer
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Your organizations acceptable-use policy describes when users can download and run software from other hosts, and whether application components must be digitally signed. Configure Internet Explorer to support this policy, to support and augment network security, and to protect individual users desktop computers. After completing this lesson, you will be able to:
!
Lesson objectives
Identify the components of a secure Internet connection, including the security and connection settings for Internet Explorer. Describe Internet Explorer security zones. Configure security and connection settings for Internet Explorer. Describe the major Service Pack 2 enhancements to Internet Explorer. Block pop-up windows. Block untrusted publishers. Manage add-ons.
! ! ! ! ! !
Components of a Secure Internet Connection
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Internet topology Each type of Internet content carries risk. The preceding illustration shows a typical network topology built to mitigate these risks. This topology includes:
!
The Microsoft Internet Security and Acceleration (ISA) firewall that controls access to the Internet and protects the internal network from unauthorized access and attacks. The server cache that provides proxy server capability, enabling high-speed access to World Wide Web content. Client computers running Windows XP Professional, Internet Explorer, and ISA client software.
Browser settings
You can set browser security and connection settings to:

! ! ! !
Block harmful content. Configure encryption and certificate use. Set the use of temporary files. Enable a proxy server to access the Internet.
Example
When you configure a proxy server to access the Internet, you set Internet Explorer to send packets destined for external Web sites to an intermediate device on your network, the proxy server. The proxy server accepts the packets and translates them to ensure that no servers outside your network can identify the originator.
Internet Information Services in Windows XP Professional
You can install Internet Information Services (IIS) if you want to use a computer running Windows XP Professional as a Web server. To install IIS, in Control Panel, click Add or Remove Programs and then click Add/Remove Windows Components. You should implement high security on any Windows XP Professional computer running IIS by:
! !
Installing Service Pack 2. Running the IIS Lockdown Tool, available for download from Microsoft at http://www.microsoft.com/technet/security/tools/locktool.mspx. The IIS Lockdown Tool provides an automated method for reducing the attack surface of IIS by turning off unnecessary features. It includes URLscan to provide multiple layers of protection against attackers.
Additional reading
For more information about using the ISA Server as a proxy and ISA firewalls, see the Microsoft Internet Security and Acceleration Server home page at http://www.microsoft.com/isaserver/evaluation/default.asp. For more information about using Windows XP Professional as a secure Web Server, see the section entitled Internet Information Services in Windows XP with SP2 in the Microsoft white paper Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet, which is located in the Additional Reading section of the Student Materials compact disc. For more information on IIS security features in Service Pack 2, see Part 7: Other Technologies in the Microsoft white paper Changes to Functionality In Microsoft Windows XP Service Pack 2, which is located in the Additional Reading section of the Student Materials compact disc.
Security Zones for Internet Explorer
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Security zones Internet Explorer classifies online content by security zones. You can assign a unique security level to each zone to define the level of browser access. Internet Explorer security settings for accessing a Web site are based on the zone to which a Web site belongs. For each zone, you can control settings for:
! ! ! !
Managing ActiveX controls, cookies, scripts, and Java capabilities. Downloading files. Authenticating passwords. Providing cross-frame security.
Recommended settings
Use the following guidelines to select settings for the zones in Internet Explorer and to place Web sites in their appropriate security zones:
!
Local intranet zone. This zone contains sites that you trust that are located on your organizations intranet. You probably want to allow users to run all types of active content from this location. To provide this capability, set the Local intranet zone to Low. Internet zone. This zone contains all sites that you have not placed in other zones. Assign a higher security level to the Internet zone, such as Medium or High, to prevent users from running active content and downloading code. Trusted sites zone. This zone contains specific sites that you trust. You can place Uniform Resource Locators (URLs) or entire domains in the Trusted sites zone. Although your organization does not own these sites, you probably want to allow users to run all types of content from this zone. To provide this capability, set the Trusted sites zone to Low. Restricted sites zone. This zone contains Internet sites that include potentially harmful Web content. Assign the highest security levels to the Restricted sites zone to prevent users from downloading and running active content.
Important Be sure to configure the Local intranet zone to correspond to the network and firewall configuration of your organization. The default settings for the Local intranet zone may not match your network configuration, and there is no method for Internet Explorer to detect your firewall automatically. Configuring security zones Set the security level for a zone on the Security tab of the Internet Properties dialog box. To configure custom security features for a zone, click Custom Level. Tip In the Windows XP Professional Security Center window, you can click Internet Options to open the dialog box with the Security tab already selected. Service Pack 2 security zone enhancements Windows XP Service Pack 2 includes enhancements to the security zone configuration options:
!
Feature Control security zone settings Service Pack 2 includes three custom security features: MIME sniffing, zone elevation, and Windows restrictions. You can enable these features in the registry and then control them by customizing security zone settings.
Local Machine Zone Lockdown Files on the local hard disk are considered to be part of the Local Machine zone. Service Pack 2 includes Local Machine Zone Lockdown, a lockdown feature that provides security for files that Web-based applications access from the local hard disk. This feature is enabled in the registry.
Additional reading
For more information on potentially dangerous Internet content, see Module 6, Securing Internet Applications and Components, in Course 2810, Fundamentals of Network Security. For more information about all of the new Internet Explorer features available in Service Pack 2, see Part 5: Enhanced Browsing Security in the Microsoft white paper Changes to Functionality in Microsoft Windows XP Service Pack 2, found in the Additional Reading section of the Student Materials compact disc.
Connection Settings for Internet Explorer
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points Use connection settings to identify the dial-up or virtual private network (VPN) connection to be used for accessing the Internet. Connection settings will vary, depending on user needs:
!
A typical user who works away from the office has two dial-up connections, one to an Internet service provider (ISP) and one to the corporate network. A VPN is typically used when the only access to the corporate network is through an Internet connection. Local-area-network-based computers typically have no dial-up and VPN connections.
A proxy server is a computer that connects to the Internet without compromising the security of your internal network. Use connection settings to identify the proxy servers to use for various protocolsfor example, Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP) for the local area network (LAN) and for each connection. Typically, the same proxy server is used for all Internet protocols. Additional reading For more information about using VPNs, see the article Use Virtual Private Networks for Secure Internet Data Transfer on the Microsoft Web site at http://www.microsoft.com/windowsxp/pro/using/howto/gomobile/vpns.asp. For more information about proxy servers, see the Microsoft ISA Server product information page at http://www.microsoft.com/isaserver/ evaluation/productguide.asp.
Service Pack 2 Enhancements to Internet Explorer
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Windows XP Service Pack 2 includes several enhancements to Internet Explorer that not only increase security but also improve the browsing experience for the end user. With Service Pack 2 installed, Internet Explorer includes the Pop-up Blocker to suppress the display of unwanted pop-up windows that can appear while browsing the Web. The Pop-up Blocker is enabled by default. When Internet Explorer begins to install code that has been digitally signed, it presents the user with a security dialog box to confirm the installation. Users can confirm the individual installation or choose always to trust content from a given publisher. With the Untrusted Publisher Blocker in Service Pack 2, users can also perform the opposite action and block all code from a given publisher. Add-ons are helper programs that can be loaded by Internet Explorer to add browser features or to add functionality to a Web page. The Service Pack 2 Add-on Management tool enables users to view and precisely control the list of add-ons. This includes add-ons such as:
! ! ! !
Pop-up Blocker
Untrusted Publisher Blocker
Add-on Management
Browser help objects. ActiveX controls. Toolbar extensions. Browser extensions.
Internet Explorer Information Bar
The Internet Explorer Information Bar is a central notification tool that replaces many of the common dialog boxes that displayed user information and prompts before Service Pack 2. Information Bar notifications appear under the Address bar when users download files, run active content, or install or run an ActiveX control, or when a pop-up window is blocked. Users can then click the notification and select an appropriate action. You cannot completely disable the Information Bar, but you can turn off specific Information Bar notifications. For more information, see Microsoft Internet Explorer Help.
How to Block Pop-Ups
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Enabling Pop-up Blocker Pop-up Blocker is enabled by default. You can enable it manually if necessary, and you can configure custom settings for the feature. You can use any of the following methods to enable Pop-up Blocker manually:
!
In Internet Explorer, on the Tools menu, click Pop-up Blocker, and then click Turn On Pop-up Blocker. On the Tools menu, click Internet Options. On the Privacy tab, select the Block Pop-ups check box. If Pop-up Blocker is disabled, Internet Explorer will display a prompt to enable it before displaying the first pop-up window in a browser session.
Configuring Pop-up Blocker
You can use either of the following methods to access the Pop-up Blocker configuration settings:
!
In Internet Explorer, on the Tools menu, click Pop-up Blocker, and then click Pop-up Blocker Settings. On the Tools menu, click Internet Options. On the Privacy tab, under Pop-up Blocker, click Settings.
10
Pop-up Blocker configuration options
You can configure the following Pop-up Blocker options:

!
Add specific sites from which you will allow pop-up windows to the Allowed sites list. Select how to be notified of pop-ups: with a sound, by a notification in the Information Bar, or both. Select a filtering level for pop-ups: High will block all pop-ups, even those that appear when a user specifically clicks a link. You can override this for specific links by pressing CTRL while clicking the link. Medium is the default level and will block most automatic pop-ups. Low will allow pop-ups from secure sites. The addresses for these sites begin with https://.
Managing blocked pop-ups
When you are notified that a pop-up has been blocked, you can click the notification in the Information Bar and decide whether you want to show the blocked pop-up, or allow pop-ups from that site.
11
How to Block Untrusted Publishers
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Blocking a publisher When prompted to install signed code, Internet Explorer users can add the security certificate for the codes publisher to the untrusted publishers list. This will block the installation of any content from that publisher. To block a publisher: 1. When you are prompted to confirm the installation of downloaded code, in the security warning dialog box, click More options. 2. Select the Never install software from PublisherName check box. Unblocking a publisher You can remove publishers from the untrusted publishers list. To unblock a publisher: 1. In Internet Explorer, on the Tools menu, click Internet Options. 2. Click the Content tab, and then click Publishers. 3. On the Untrusted Publishers tab, click the publisher you want to unblock, and then click Remove. 4. Click Yes to confirm that you want to remove the publishers certificate from the list of untrusted publishers.
12
How to Manage Add-Ons
*****************************ILLEGAL FOR NON-TRAINER USE****************************** The add-on management capability in Service Pack 2 enables you to see the complete list of add-ons in Internet Explorer, to enable or disable selected addons, and to update ActiveX add-on components. To manage Internet Explorer add-ons: 1. In Internet Explorer, click Tools, and then click Manage Add-ons. 2. From the Show list, select which of two groups of add-ons you want to see: Select Add-ons that have been used by Internet Explorer to show all installed add-ons. Select Add-ons currently loaded in Internet Explorer to show only the currently-loaded add-ons. 3. To enable or disable an add-on, select the add-on in the list and then click Enable or Disable. Important Add-ons can be disabled, but it is difficult to remove them. 4. To update an ActiveX add-on component, select the add-on and click Update ActiveX.
13
Practice: Configuring Security Settings for Internet Explorer
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup Scenario In this practice, you will adjust the security settings in Internet Explorer to protect users from active content. The London and Vancouver virtual machines should be running. You must configure various security settings in Internet Explorer to prevent users from installing and running active content that they access from the Internet on their local computer.
! View the Local intranet zone settings

1. On Vancouver, if necessary, log on to the nwtraders domain as VancouverUser with the password P@ssw0rd. 2. Right-click Start, click Properties, and in the Taskbar and Start Menu Properties dialog box, on the Start Menu tab, click Start menu and then click OK. 3. Click Start, and then click Control Panel. 4. Verify that Control Panel is in Category View. 5. On the Pick a Category page, click Network and Internet Connections. 6. Press SHIFT, right-click Internet Options, and then click Run as to open Internet Options with administrator privileges. 7. In the Run as box, select The following user. In the User name box, type Vancouver\Administrator, and in the Password box, type P@ssw0rd and then click OK. 8. On the Security tab, select Local intranet, move the security-level slider to Low, and then click Apply. 9. Click Custom Level and record the settings in the table in step 13.
14
10. Under Reset custom settings, in the Reset to box, select Medium, click Reset, and then record the settings in the table in step 13. Note If a warning dialog box appears, asking you to confirm that you want to change the security settings for this zone, click Yes. 11. Under Reset custom settings, in the Reset to box, select High, click Reset, and then record the settings in the table in step 13. 12. Click Cancel. 13. Note the different settings for each level in the following table.
Setting Download signed ActiveX controls Download unsigned ActiveX controls File download Low Medium High
Active scripting
Logon
! Change the Internet zone settings

1. In Internet Options, on the Security tab, select Internet. 2. Click Custom Level. 3. In the Settings list, disable the following settings: Download signed ActiveX controls File download Active scripting 4. When you have finished configuring settings, click OK. 5. In the warning dialog box, click Yes. 6. On the Security tab, ensure that Internet is selected, click Default level, and then click Apply. 7. Click OK to close the Internet Options dialog box. 8. Close all open windows, and then log off from the domain.
15
Lesson: Customizing and Deploying Internet Explorer Settings
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You can use the Internet Explorer Administration Kit (IEAK) and Group Policy to create custom browsers with preset options. This lesson provides information on using the IEAK and Group Policy to configure security zones, proxy settings, and privacy settings. You will also learn how to prevent users from modifying these settings. After completing this lesson, you will be able to:
!
Lesson objectives
Identify the methods for customizing and deploying Internet Explorer settings. Customize Internet Explorer by using the Internet Explorer Administration Kit (IEAK) and Group Policy settings. Describe the functions of the GPMC. Describe the guidelines for configuring security for Internet Explorer.
! !
16
Methods for Customizing and Deploying Internet Explorer Settings
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Overview There are three methods for customizing Internet Explorer: the Internet Options menu, the IEAK, and the Internet Explorer Maintenance (IEM) extension for Group Policy. These methods allow you to configure several Internet Explorer settings, including:
! ! ! ! !
The user interface and the appearance of the browser. Connection settings, such as dial-up and LAN connections. Custom URLs, such as the home page. Security settings, such as security zones and content ratings. Default programs for common Internet tasks, such as reading e-mail and viewing newsgroups.
Internet Options menu
Use the Internet Options menu to customize browser settings. The advantage of using this method is that the interface is part of Internet Explorer and therefore requires no additional programs or utilities. The limitations of this manual method are that you cannot restrict users from changing settings, and it is difficult to maintain the settings in a large environment.
17
Internet Explorer Administration Kit
Use the IEAK to create customized browsers with preset options and to prevent users from modifying these settings. The Microsoft Internet Explorer 6 Resource Kit CD-ROM contains the following IEAK programs and tools:
!
Internet Explorer Customization Wizard. This wizard guides you through the process of creating custom browser packages. When these packages are installed on desktop computers, users access Internet Explorer with the settings and options that you have chosen. IEAK Profile Manager. This tool enables you to change deployed browser settings and restrictions automatically. IEAK Toolkit. This toolkit contains programs and sample files that you can use to extend IEAK functionality for your organization. IEAK Help. This Help file includes conceptual and procedural topics that you can view and print.
An advantage of the IEAK is that you can create a custom installation package that includes software in addition to browser settings. The IEAK is not the most efficient way to maintain browser settings, however, because a change requires that you use an update package on the affected computers. Note You can download the IEAK software from the IEAK home page at http://www.microsoft.com/windows/ieak/default.asp. IEM extension for Group Policy Additional reading In an Active Directory environment, use Microsoft Management Console (MMC) with the IEM extension. The extension adds Internet Explorer settings to the MMC, which enables you to change those settings in Group Policy. For more information on the IEAK, see the product documentation for Internet Explorer or the IEAK home page at http://www.microsoft.com/windows/ ieak/default.asp.
18
How to Customize Internet Explorer
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Manual setup When you first set up computers running Windows XP Professional, you can use a disk image to set up each computer. When you configure the reference computer, use the Internet Options menu in Internet Explorer to customize the browser settings. It is important to remember that using a manual setup does not prevent the user from changing Internet Explorer settings. Software and settings maintenance IEAK programs and wizards make it easy for you to create and deploy custom browser packages on existing computers, and to manage the browser after you install Internet Explorer. Use the IEAK to prevent users from changing Internet Explorer settings. The Internet Explorer Customization Wizard (IECW) builds custom browser packages. These packages contain custom versions of Internet Explorer that you distribute to users. You can create packages in multiple languages and distribute them on various types of media. The IECW also enables you to customize existing installations of Internet Explorer. Each custom browser package includes the following files:
! ! !
Program files that you have downloaded The setup file, IE6Setup.exe The branding cabinet file, which consists of custom files for original equipment manufacturers (OEMs) The component information cabinet file, IEcif.cab, which includes components and settings
19
Settings maintenance
In an Active Directory environment, use the Group Policy IEM MMC extension to maintain Internet Explorer settings. Group Policy ensures that the settings are applied every time the user logs on, and that the settings are automatically distributed throughout the network. Also use Group Policy to prevent users from changing Internet Explorer settings. For more information on securing Web settings, see Module 6, Securing Internet Applications and Components, in Course 2810, Fundamentals of Network Security. For complete information about the MMC in Active Directory and the IEM extension for Group Policy, see the product documentation for Windows XP Professional and Windows 2000.
Additional reading
20
Practice: Configuring Internet Explorer Settings by Using Internet Explorer Customization Wizard
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup Scenario In this practice, you will use the Internet Explorer Customization Wizard (IECW) to create a custom Internet Explorer package. The London and Vancouver virtual machines should be running. The IEAK must be installed and the IECW must have been run at least once. You need to deploy Internet Explorer to 100 new desktop computers. To meet the requirements of your organizations acceptable-use policy, you must configure the security zones correctly. To ensure that the correct configuration for Internet Explorer is available as soon as it is deployed, use the IECW to create a custom Internet Explorer package.
! Run the Internet Explorer Customization Wizard, Stage 1

1. On Vancouver, log on to the nwtraders domain as Administrator with the password P@ssw0rd. 2. Click Start, point to All Programs, point to Microsoft IEAK 6, and then click Internet Explorer Customization Wizard. 3. On the Welcome page, read the information, and then click Next. 4. On the Stage 1 - Gathering Information page, click Next. 5. On the File Locations page, note the file location for the browser package that you create. 6. Click Advanced Options, clear Check for latest components via Automatic Version Synchronization, and then click OK. 7. On the File Locations page, click Next. 8. On the Language Selection page, ensure that English is the target language, and then click Next.
21
9. On the Media Selection page, read all available options, select Flat, clear any other check boxes, and then click Next. 10. On the Feature Selection page, click Clear All, select Security Zones and Content Ratings, and then click Next.
! Run the Internet Explorer Customization Wizard, Stage 2

1. On the Stage 2 - Specifying Setup Parameters page, click Next. 2. On the Automatic Version Synchronization page, click Next. Note Stage 3 is displayed only if you selected options during Stage 1 that allow for customizing the setup.
! Complete the Internet Explorer Customization Wizard, Stage 4

1. On the Stage 4 - Customizing the Browser page, click Next. 2. In the Security Zones and Privacy area, click Import the current security zones and privacy settings, and then click Modify Settings. 3. In the Internet Properties dialog box, click Local intranet, click Default Level, move the slider to High, and then click OK. 4. On the Security and Privacy Settings page, click Next. 5. On the Wizard Complete page, click Next. 6. After the wizard generates your custom Internet Explorer package, note the location of the file, and then click Finish.
! View the custom Internet Explorer package

1. Use Windows Explorer to browse to the folder where your custom package is located. 2. Expand the folder and view the files to verify that the package was created.
22
What Is the GPMC?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points The Group Policy Management Console (GPMC) simplifies the management of Group Policy by providing a single solution for multiple management tasks. The GPMC can be installed on client computers running Windows XP Professional to enable remote Group Policy management in Microsoft Windows Server 2003 domain environments. The GPMC provides:
! ! ! ! ! !
A user interface that makes Group Policy easy to use. Backup and restore of Group Policy objects (GPOs). Import and export, and copy and paste of Group Policy objects. Simplified management of Group Policyrelated security. HTML reporting of GPO settings and Resultant Set of Policy (RSoP) data. Scripting of GPO operations that are exposed in GPMC, but not scripting of settings with a GPO.
Before using GPMC to configure Internet Explorer settings, you should set up a reference computer, which will allow you to import the current settings without modifying them when you create the installation package. This precaution can be useful because if you use GPMC to change some settings, such as security zones, the settings also change on the computer that is running GPMC. Installing the GPMC You can install the GPMC on a computer running Windows XP Professional by running the GPMC installation package, GPMC.msi. You can download this installation package from the Microsoft Download Center at http://www.microsoft.com/downloads/.
23
Practice: Managing Group Policy by Using the GPMC
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup Scenario In this practice, you will examine how to use the Internet Explorer Group Policy Management Console (GPMC). The London and Vancouver virtual machines should be running. You should be logged on to the nwtraders domain as Administrator. Your organization will be implementing Group Policy to manage Internet Explorer settings on user desktops. You want to familiarize yourself with these policy settings in addition to the capabilities of the Group Policy management tool, the GPMC.
! View the Internet Explorer computer configuration

1. On Vancouver, click Start, and then click Run. 2. In the Open box, type GPMC.msc and then click OK. 3. Expand Forest: nwtraders.msft, expand Domains, expand nwtraders.msft, and then expand Group Policy Objects. 4. Right-click any GPO in the nwtraders.msft domain, and click Edit. 5. Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Internet Explorer to view the settings. Note This section of the Group Policy editor is used to restrict certain browser activities and describes what the user is allowed to change. 6. Double-click Security Zones: Use only machine settings, and then click the Explain tab. Describe the use of this setting. Move the Security Zone dialog box so that it does not hide the elements in the Settings pane.
24
7. Repeat the previous steps to view the other settings. (In the Security Zone dialog box, you can click Next Setting to avoid double-clicking elements.) Note When you click a setting, the appropriate item is highlighted in the Settings pane. 8. When you have viewed each of the settings, click Cancel to close the dialog box.
! View the Internet Explorer user configuration

1. Under User Configuration, expand Administrative Templates, expand Windows Components, and then click Internet Explorer to view the settings. 2. Expand the Internet Explorer folder to display the subfolders in the tree. 3. Click several subfolders and view the settings. 4. When you have finished viewing settings, click Cancel to close any open dialog boxes.
! Set security zones

1. Under User Configuration, expand Windows Settings, expand Internet Explorer Maintenance, and then click Security to view the settings. 2. In the right pane, double-click Security Zones and Content Ratings. 3. In the Security Zones and Content Ratings dialog box, under Security Zones and Privacy, click Import the current security zones and privacy settings, and then click Modify Settings. Note GPMC changes the settings on the computer where it is running. 4. Click Cancel twice. 5. View the other subfolders, including the Connection folder. Note By importing connection settings, you also import the information in Automatic Browser Configuration and Proxy Settings. 6. Close the Group Policy editor window and exit the GPMC.
25
Guidelines for Configuring Internet Explorer
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Guidelines To protect your network from potentially dangerous Internet content, consider the following guidelines when configuring Internet Explorer:
!
Restrict active content. You can specify in Internet Explorer how you want it to download and run active content. For example, you can specify trusted sources for necessary controls. Restrict cookies. Because cookies often track private information, you can disable cookies on a computer. By disabling all cookies, however, a user cannot access some sites. You can specify which cookies to block or which to allow in Internet Explorer. Use an online virus checker. By checking files that are copied to a computer, a virus checker protects the computer and the network from malicious content while the user browses the Internet. Disable users ability to change Internet Explorer security-related settings. Users often attempt to configure settings manually. In Internet Explorer, misconfigured security-related settings could allow harmful content into the network.
Enforcing Web browser settings
An organizations acceptable-use policy usually describes when users may download and execute software from other hosts, limitations on the kinds of information that users may include in e-mail messages, and whether application components must be digitally signed. You can enforce some of these Web client settings in either the Active Directory directory service by using Group Policy or in Internet Explorer by using the IEAK. You can also use the IEAK to create customized browsers with preset options, including security zone, proxy settings, and privacy settings that users cannot modify.
Additional reading
For more information on Group Policy, see the Microsoft TechNet article Group Policy in Windows Server 2003 at http://www.microsoft.com/ technet/prodtechnol/windowsserver2003/technologies/management/ gp/default.mspx.
26
Lesson: Supporting Applications in Windows XP Professional
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction As a support professional, you might be called upon to assist users with issues involving applications running in Windows XP Professional. This lesson presents some tools you can use to support and troubleshoot applications. After completing this lesson, you will be able to:
! ! !
Lesson objectives
Describe the purpose of Add or Remove Programs filtering. Describe the Program Compatibility feature in Windows XP Professional. Use the Program Compatibility feature to configure application compatibility. Describe how Dr. Watson works. Configure Dr. Watson to obtain troubleshooting information.
! !
27
What Is Add or Remove Programs Filtering?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** On computers running Windows XP with Service Pack 2 installed, the Add or Remove Programs tool enables you to show or hide updates to Windows in the list of currently installed programs. If there are many updates installed on a system, the list of installed programs can become quite long and difficult to read. Hiding updates in Add or Remove Programs makes it easier for users to locate and identify relevant applications in the list. By default, Add or Remove Programs is configured to filter out the display of installed updates. To show updates in the list, select the Show Updates check box in Add or Remove Programs. How to turn off filtering You can edit the registry to turn off the filter feature. To turn off filtering: 1. Click Start, click Run, type regedit and then click OK. 2. Navigate to the following registry key: \\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows \CurrentVersion\Policies\Uninstall If the Uninstall key does not exist, create it. 3. Select the DontGroupPatches value entry. If the value entry does not exist, create it. 4. Change the DWORD value to 1. 5. Close Registry Editor. Caution Incorrectly editing the registry may damage your system. Whenever you choose to edit the registry, you should first back up the registry and any valuable data on the computer.
28
What Is Program Compatibility?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Overview Users in your organization who have computers running Windows XP Professional may require applications that were developed for earlier versions of Windows. If a user has problems with an application that worked on an earlier version of Windows, you can use the Program Compatibility feature in Windows XP Professional to help resolve the issue. The Program Compatibility Wizard helps you to select and test compatibility settings that can fix compatibility problems. The wizard resolves the most common issues that prohibit earlier versions of programs from working correctly. You can use the Program Compatibility Wizard to test your programs in different modes (software environments). For example, if a program was designed to run on Windows 95, you are prompted to set the compatibility mode to Windows 95 and again try running your program. If the test succeeds, the program will start in that mode each time. You can also use the Program Compatibility feature to manually set the compatibility properties for a program. The settings are the same as the options in the Program Compatibility Wizard. The Program Compatibility feature supports the following operating systems:
! ! ! ! !
Windows 95 Microsoft Windows NT 4 (Service Pack 5) Windows 98 Windows Millennium Edition Windows 2000
29
Example
If an application does not function correctly in Windows XP Professional, try different settings, such as switching the display to 256 colors and the screen resolution to 640 x 480 pixels. After selecting the application, you can run the program to test the settings. If the test is not successful, try different compatibility settings. For more information on application compatibility technologies and the Application Compatibility Toolkit, see the Windows XP Application Compatibility Technologies home page at http://www.microsoft.com/technet/ prodtechnol/winxppro/plan/appcmpxp.mspx.
Additional reading
30
How to Use Program Compatibility
*****************************ILLEGAL FOR NON-TRAINER USE****************************** The Program Compatibility Wizard creates a temporary data file that contains information about the application in question, the program compatibility settings, and whether it solved the problems that the user was experiencing. You may want to send this data file to Microsoft, which is building a database of programs that work and do not work with program compatibility settings. To run the Program Compatibility Wizard, click Start, point to All Programs, click Accessories, and then click Program Compatibility Wizard. To set the compatibility properties for a program manually: 1. On the Start menu, right-click the program shortcut, and then click Properties. 2. Click the Compatibility tab, and then change the compatibility settings for your program. Additional reading For more information on troubleshooting program compatibility, see the article Using Program Compatibility Mode on the Microsoft Web site at http://www.microsoft.com/windowsxp/using/helpandsupport/ learnmore/appcompat.mspx. For more information on setting compatibility properties manually, see Getting older programs to run on Windows XP in the Windows XP product documentation. To download the Application Compatibility Toolkit, see the Microsoft Web site at http://msdn.microsoft.com/compatibility.
31
What Is Dr. Watson?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Overview If you cannot resolve a problem with an application, you can collect and send information about the problem to a technical support group for diagnosis. You can use the Dr. Watson tool to detect such information about system errors and record that information in a log file. Dr. Watson for Windows is a program-error debugger. To diagnose a program error, technical support groups require the information that Dr. Watson obtains and logs. Dr. Watson works most efficiently when you can reproduce an error. Run Dr. Watson and configure appropriate settings. Try to reproduce the error, and then use the information in the Dr. Watson log file to diagnose the cause of the error. For intermittent problems, run Dr. Watson constantly. The default location of the Dr. Watson log file is C:\Documents and Settings\ All Users\Application Data\Microsoft\Dr Watson. Additional reading For more information about changing Dr. Watson settings, see the Dr. Watson topics in the Help and Support Center.
32
How to Configure Dr. Watson
*****************************ILLEGAL FOR NON-TRAINER USE****************************** You can use the Dr. Watson for Windows dialog box to configure Dr. Watson settings and to view the Dr. Watson log file. You can also view the log file by opening it manually in Notepad. Configuring Dr. Watson by using the Dr. Watson dialog box To configure Dr. Watson using the Dr. Watson for Windows dialog box: 1. On the Start menu, click Run. 2. In the Run window, type drwtsn32 and then click OK. 3. In the Dr. Watson for Windows dialog box, select or modify: The log file path The crash dump path The number of instructions and errors to save in the file The crash dump type Options for notification when an application error occurs Any errors in the log file Using the Dr. Watson dialog box to open a Dr. Watson log file To view the log file by using the Dr. Watson for Windows dialog box: 1. In the Application Errors list, if an error file exists, click the error file. 2. Click View to see the log file for that particular application. Opening a Dr. Watson log file manually To open a log file manually: 1. Open Windows Explorer and browse to the log file location. 2. Open the log file with Notepad.
33
Practice: Configuring Dr. Watson
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup In this practice, you will configure options for Dr. Watson and then view a Dr. Watson log file. The London and Vancouver virtual machines should be running. On Vancouver, you should be logged on to the nwtraders domain as Administrator. One of the applications that was recently deployed in your department has been crashing periodically. You need to configure the Dr. Watson options to gather information about the crash and then view and understand the results of a Dr. Watson log file.
Scenario
! Configure Dr. Watson

1. On Vancouver, click the Start menu, and then click Run. 2. In the Run window, type drwtsn32 and then click OK. 3. In the Dr. Watson for Windows dialog box, for the Log File Path, click Browse. Click My Documents and then click OK. 4. For the Crash Dump, click Browse, click My Documents, type drwatson and then click Open. 5. Change the Crash Dump Type to Full. 6. Select Dump Symbol Table, Visual Notification, and Sound Notification, and then click OK. Note You can view the log file by using the Dr. Watson for Windows dialog box or by opening the file in a text editor.
34
! Examine a log file

1. Click Start, and then click Run. 2. In the Open box, type notepad e:\moc\2285\democode\drwtsn32.log and then click OK. 3. View the following areas and close Notepad when you are done. Application exception occurred
Application exception occurred: App: C:\Windows\System32\hkcmd.exe (pid=3980) When: 3/20/2003 @ 14:43:39.000 Exception number: c0000005 (access violation)
System information
*----> System Information <----* Computer Name: EVO310XP User Name: IM7User Terminal Session Id: 1 Number of Processors: 1 Processor Type: x86 Family 15 Model 1 Stepping 3 Windows Version: 5.1 Current Build: 2600 Service Pack: 1 Current Type: Uniprocessor Free Registered Organization: Registered Owner:
List of tasks
*----> Task List <----* 0 System Process 4 System 624 smss.exe 688 csrss.exe 712 winlogon.exe 756 services.exe 768 lsass.exe 936 svchost.exe 1036 svchost.exe
List of modules
*----> Module List <----* (0000000000400000 - 000000000041f000: C:\Windows\System32\hkcmd.exe (0000000000900000 - 0000000000925000: C:\Windows\System32\igfxdev.dll (00000000009d0000 - 0000000000a1e000: C:\Windows\System32\igfxsrvc.dll (0000000010000000 - 000000001001d000: C:\Windows\System32\hccutils.DLL (000000005ad70000 - 000000005ada4000: C:\Windows\System32\uxtheme.dll (0000000070a70000 - 0000000070ad4000: C:\Windows\system32\SHLWAPI.dll
35
State dump
*----> State Dump for Thread Id 0xbc0 <----* eax=0077006f ebx=00000104 ecx=02020e0e edx=00092f0e esi=00000001 edi=00000000 eip=01010586 esp=00c7e030 ebp=00c7f360 iopl=0 up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000297 function: ieak6wiz 0101056b fd 0101056c ffff 0101056e 50 0101056f ff3570e80301 [ieak6wiz+0x3e870 (0103e870)] 01010575 ff15e8130001 [ieak6wiz+0x13e8 (010013e8)] 0101057b 83f804 0101057e 74c2 ieak6wiz+0x10542 (01010542) 01010580 33f6 01010582 5b 01010583 8b45fc FAULT ->01010586 8b08 ds:0023:0077006f=???????? 01010588 8d55f8 0101058b 52
nv
std ??? push push call cmp jz xor pop mov mov lea push
eax dword ptr dword ptr eax,0x4
esi,esi ebx eax,[ebp-0x4] ecx,[eax] edx,[ebp-0x8] edx
Symbol table
function: <nosymbols> 7ffe02f2 0000 7ffe02f4 0000 7ffe02f6 0000 *SharedUserSystemCall: 7ffe02f8 0000 7ffe02fa 0000 7ffe02fc 0000 7ffe02fe 0000 7ffe0300 8bd4 7ffe0302 0f34 add add add [eax],al [eax],al [eax],al
add [eax],al add [eax],al add [eax],al add [eax],al mov edx,esp sysenter
36
Course Evaluation
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Your evaluation of this course will help Microsoft understand the quality of your learning experience. At a convenient time before the end of the course, please complete a course evaluation, available at http://www.coursesurvey.com. Microsoft will keep your evaluation strictly confidential and will use your responses to improve your future learning experience.
Contents Overview Lesson: Configuring Windows XP Professional for a Workgroup Lesson: Configuring Local Security Lesson: Configuring Windows Firewall Lesson: Configuring Network Options in a Workgroup Lesson: Joining a Domain

1 2 14 23 35 45
iii
Instructor Notes
Presentation: 90 minutes This module provides students with the skills necessary to configure Microsoft Windows XP Professional to operate in a workgroup or in a domain. The module explains user accounts and the Microsoft Management Console (MMC). There is no lab for this module.
Lab: 00 minutes Objectives

! ! ! !
Configure Windows XP Professional for a workgroup. Configure security settings on individual accounts and computers. Configure Windows Firewall settings. Use the Network Setup Wizard to configure network options when operating in a workgroup. Configure Windows XP Professional for a domain.
Required materials
To teach this module, you need Microsoft PowerPoint file 2285B_06.ppt. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, slides may not appear correctly.
Preparation tasks

! ! !
Read all of the materials for this module. Complete the practices and the demonstration. Read all of the materials listed under Additional reading for each topic.
iv

This section contains information that will help you to teach this module. For some topics in this module, references to additional information appear in notes at the end of the topic. Read this additional information when preparing to teach the module. During class, ensure that students are aware of the additional information.
Lesson: Configuring Windows XP Professional for a Workgroup

This section describes the instructional methods for teaching this lesson. What Is a Workgroup? Explain what a workgroup is. Define peer-to-peer network and stand-alone server. Ensure that students understand the advantages and limitations of workgroups. Describe the characteristics of a local user account. Describe the local Security Account Manager (SAM) and cite the resources listed under Additional reading. Describe the different types of user accounts. Explain that the default types are created by using the Computer Management Console and Control Panel. Emphasize that when you create accounts by using the User Accounts tool in Control Panel, the default account type is an Administrator account with no password, and that this type of account can pose a security risk. Recommend the following guidelines to increase security:
! !
What Is a Local User Account? Account Types and Privileges
Users must change their passwords after their initial logon. The administrator must disable idle accounts.
What Is the Computer Management Console? The Authentication Process Logon Options in a Workgroup
Describe the Computer Management Console. When you list the tasks that you can perform using the Computer Management Console, illustrate the tasks with examples. Describe the authentication process for local accounts. Explain what an access token is. Emphasize that changes to accounts in a workgroup must occur on all computers in the workgroup. Identify the options that are available in Windows XP Professional only when it operates in a workgroup. Explain that these options are not available in a domain. Note Fast User Switching is available only when you enable Use the Welcome Screen. If you disable Use the Welcome Screen as the easy logon option, you also disable the Use Fast User Switching option. You also cannot use Fast User Switching when Offline Files is enabled.
Practice: Configuring Microsoft Windows XP Professional for a Workgroup
In this practice, students will configure a computer as a workgroup member, configure local logon options, and create and configure a local account. Assign students to work in pairs for this practice. Under the Configure Fast User Switching task, if offline files are not enabled, students do not need to perform steps 35.
Lesson: Configuring Local Security

What Is Local Security Configuration? Guidelines for Configuring Local Policies Guidelines for Configuring CTRL+ALT+DEL Security Options Practice: Configuring Account Policies Describe the MMC, then give an overview of the process of configuring local security. Describe the settings that you can configure to increase security for local policies. Explain the differences between User Rights Assignments and Security Options. Describe the CTRL+ALT+DEL security template options. Explain each setting in the table.
In this practice, students will use the tables as job aids to choose the correct settings for their password and account policies. Explain that students can use the procedures and the tables to choose the correct account policies for most circumstances.
Lesson: Configuring Windows Firewall

This section describes the instructional methods for teaching this lesson. What Is Windows Firewall? What Is a Windows Firewall Exception? How to Configure Windows Firewall Explain the primary functionality of Windows Firewall and present the default Windows Firewall configuration settings. Define Windows Firewall exceptions. Explain that exceptions are used to permit incoming traffic that would otherwise be blocked. Give examples, such as an offer of Remote Assistance, or a network-based application. Present the various options and procedures for configuring Windows Firewall. Windows Firewall can be configured through the Windows Firewall dialog box, at the command line, or through Group Policy. In addition to these methods, the firewall can also be configured programmatically, by using the Windows Firewall APIs. Present the procedures for configuring Windows Firewall exceptions. There are several types of exceptions; students should understand that port-based exceptions are static, but that program-based exceptions can assign ports dynamically. Mention to students that they can use the command-line netsh utility to open individual ports; remind them that they used this method in an earlier module. Present information about the security policies on the domain and local levels that can affect Windows Firewall configuration. Remind students that domain policies will override local policies. Discuss the benefits of configuring the firewall by using policy settings. Present the guidelines and best practices for configuring the firewall to ensure a high default level of security. In this practice, students will use the Windows Firewall user interface to configure firewall settings and exceptions.
How to Configure Windows Firewall Exceptions
Windows Firewall Security Policies
Best Practices for Configuring Windows Firewall Practice: Configuring Windows Firewall
vi
Lesson: Configuring Network Options in a Workgroup

How Workgroup Configuration Works What Is Internet Connection Sharing? Emphasize that you must configure a network before you can enable file- and print-sharing in a workgroup. Describe the tasks involved when you configure networking options in a workgroup. Mention the Home and Small Office Network Setup checklist and the need for a computer descriptionyou will not explain these points later in the module. Describe how Internet Connection Sharing (ICS) works. Be prepared to answer questions from students who want to know more about the technology behind ICS. In particular, mention Universal Plug and Play (UPnP), even though you will not actually present UPnP in the lesson. Also describe the two methods of connecting to the Internet: ICS and the Other option in the Network Setup Wizard. Prepare real-life examples to illustrate each method. Note ICS Discovery and Control uses Universal Plug and Play (UPnP). ICS clients can discover the ICS host, control the connection status of the ICS host to the Internet Service Provider (ISP), and view basic statistical information about the Internet connection. Demonstration: Configuring Internet Connection Sharing Manually Demonstrate how to enable ICS manually by using Control Panel. Explain that this is an alternative to using the Network Setup Wizard to configure ICS, and that the wizard is a more comprehensive network configuration method. Point out that you are creating a second connection to simulate a workgroup environment in which the ICS host machine has a dial-up connection to the Internet and a local area connection to other computers in the workgroup. Perform this demonstration on the Glasgow virtual machine logged on to the nwtraders domain as Administrator. You can use Contoso for the ISP name, and if you are configuring a dial-up connection, you can use 5551234 for the phone number. If the computer attempts to connect, click Cancel. After finishing the demonstration, you might want to check to see if the local area connection settings have changed from using Dynamic Host Configuration Protocol (DHCP) to using a static address, and, if so, change the settings so that they once again obtain an IP address automatically. After completing this demonstration, pause Glasgow in anticipation of the following practice. Practice: Configuring Network Options in a Workgroup In this practice, students will use the Network Setup Wizard to configure network options for a workgroup.
Guidelines for Selecting an Internet Connection Method
vii
Lesson: Joining a Domain

What Is the Impact of Joining a Domain? How Users Log On to a Domain Practice: Joining a Domain Describe the differences between workgroups and domains, and explain the requirements for joining a domain. Explain how the Welcome screen differs from the Log on to Windows screen. Describe the authentication process in a domain. Also, explain what cached credentials are and how they are used. In this practice, students will join a domain. If Glasgow cannot find the NWTRADERS domain when attempting to join the domain, verify that the TCP/IP settings are still configured to obtain an IP address automatically. If the computer hangs after reboot with a message indicating that the NWTRADERS domain name user list is being created, on the Action menu, click Ctrl+Alt+Del, and then continue with the logon.
Assessment
Overview
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To configure Microsoft Windows XP Professional to operate in a workgroup or a domain, you must correctly create and configure user accounts and configure the security of the network. As an Information Technology (IT) professional, you must understand the similarities and differences between workgroups and domains so that you can configure Windows XP Professional to operate properly in your network environment. After completing this module, you will be able to:
! ! ! ! !
Objectives
Configure Windows XP Professional for a workgroup. Configure security settings on individual accounts and computers. Configure Windows Firewall. Configure network options in a workgroup. Configure Windows XP Professional for a domain.
Lesson: Configuring Windows XP Professional for a Workgroup
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To configure Windows XP Professional to operate in Windows networks, you must understand how a workgroup environment affects configuration. You must also differentiate among the types of user accounts and their capabilities. After completing this lesson, you will be able to:
! ! ! ! ! !
Lesson objectives
Describe a workgroup. Describe local user accounts. Describe local account types and account privileges. Describe how the Computer Management Console works. Describe the local authentication process. Join a workgroup and set workgroup logon options.
What Is a Workgroup?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Advantages There are two advantages of using a workgroup. In smaller organizations where computers in a workgroup share resources, there is no need to dedicate a computer as a server. This saves the organization the expense of a server and server software. Workgroups are also appropriate for organizations with decentralized resource and account administration. Note Stand-alone servers are computers running server software in a workgroup. Limitation The limitation of workgroups is that they are difficult to manage if more than 10 computers are on a network. In a workgroup, all user accounts are local user accounts. If five workers use five computers in a workgroup and they require access to each others resources, there are 25 user accounts in the workgroup because each computer duplicates the five user accounts. When you make a change to one user account in a workgroup, you must also make the change on each computer in the workgroup.
What Is a Local User Account?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points A user account contains a users unique credentials. It enables a user to:
!
Use a specific computer in a workgroup to access resources on that computer. Log on to a domain to access network resources.
In workgroup environments, all user accounts are local user accounts. A local user account is created on the computer on which it is used, and enables the user to access resources on that computer. It resides in a security account database, called the Security Account Manager (SAM), on the computer on which it was created. Because the local user account resides locally, it controls access only to local resources, which are resources that reside on the local computer. A local user account is authenticated against the credentials in the local SAM. Additional reading For more information about administering user accounts, see Module 1, Introduction to Windows 2000 Administration, and Module 2, Setting Up User Accounts, in Course 2028, Basic Administration of Microsoft Windows 2000.
Account Types and Privileges
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Default account types In a workgroup, the default account type depends on how you create the user:
!
If you create the user account by using the Computer Management Console, the default account type is Limited user. If you create the account using the User Accounts tool in Control Panel, the default account type is Computer Administrator, with no password. This account type can pose a security risk; therefore, create all user accounts by using the Computer Management Console.
Account privileges
The following table lists the three account types and their associated privileges.
Account Type Limited Group Users Privileges Limited users can: Change the pictures for their accounts. Change their passwords. Remove their passwords. Standard Power Users Standard users have Limited user privileges, and can also make basic changes to computer settings (for example, modify display properties and power options). Computer Administrators have Standard user privileges, and they can also: Create, change, and delete accounts. Make computer-wide changes, and access all files on a computer. Install all hardware and software.
Computer Administrator
Administrators
Note You cannot create a Standard user account by using Control Panel. To grant a user the privileges of a Standard user, you must add the user to the Power Users group in the Computer Management Console.
What Is the Computer Management Console?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points The Computer Management Console combines several administration utilities into a console tree, which provides easy access to these administrative properties and utilities. The console tree, which is in the left pane, shows a hierarchical view of the features of the Computer Management Console. You can use Computer Management Console to:
! ! ! !
Monitor system events, such as logon times and application errors. Create and manage shared resources. View a list of users who are connected to a local or remote computer. Start and stop system services, such as Scheduled Tasks and Indexing Service. Set properties for storage devices. View device configurations and add device drivers. Manage applications and services.
! ! !
The Authentication Process
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points When a user logs on to a local computer, the authentication process is as follows: 1. The user provides a user name and a password, and Windows XP Professional forwards the information to the SAM on the local computer. 2. Windows XP Professional compares the logon information with the user information in the SAM. 3. If the information matches and the user account is valid, Windows XP Professional creates an access token for the user. An access token is the users identification for that local computer and contains the users security settings. These settings enable the user to access resources and perform specific system tasks. If you make a change to a user account, such as a password change, the workgroup authentication process requires you to make the same change on each computer to which the user requires access.
Logon Options in a Workgroup
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Use the Welcome Screen and Use Fast User Switching are two logon options in a workgroup environment. The Welcome screen The Welcome screen has several functions:
! !
Provides a quick and easy method for users to log on Allows users to select their user accounts and immediately type their passwords Displays all valid user accounts on the local computer Note By default, the Administrator account appears on the Welcome screen. If another account has administrator privileges, the Administrator account does not appear. If you want to log on as an administrator and the user account is not listed, press CTRL+ALT+DEL twice to display the logon dialog box.
Provides a user icon for each account that the user can set to any graphic; for example, the icon can be a photograph of the user.
Important The Welcome screen presents the list of user accounts on the computer. This list is visible to anyone who can see the computer monitor, which presents a security risk. Use the Welcome screen only in environments where minimal security is acceptable.
10
Fast User Switching
Fast User Switching enables users to switch among user accounts without closing programs or logging off. The main features of Fast User Switching are:
! !
It is enabled by default. When it is enabled, the user sees Switch User in the Log Off Windows dialog box. It enables users who must perform administrative functions to access an account with administrative privileges, perform the administrative function, log off the administrator account, and then return to their own accounts without shutting down programs or logging off. It provides an additional tab, Users, in the Windows Task Manager. Users can use this tab to log off, and users with administrative privileges can log off themselves or other users.
Note When multiple users are simultaneously logged on and running programs, the performance of the computer depends on the speed of the computer and the amount of memory available.
11
Practice: Configuring Microsoft Windows XP Professional for a Workgroup
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup Scenario In this practice, you will configure Windows XP Professional for a workgroup. The London, Glasgow, and Vancouver virtual machines should be running. When computers running Windows XP Professional were installed in your department, the installation team did not have the correct network configuration information for your departments workgroup. You therefore need to configure the computers as members of the correct workgroup. In your workgroup, you want users to be able to log on using Fast User Switching. Also, one of the users on the Vancouver computer needs to be an administrative user. Your task is to reconfigure the computers into the correct workgroup, enable Fast User Switching, and change one user to an administrative user.
! Reconfigure the computers into a workgroup

1. On Vancouver, log on as Administrator with the password P@ssw0rd. Note You log on as Administrator for this practice because you require administrator privileges to perform some of the steps. 2. Click Start, right-click My Computer, and then click Properties. 3. In the System Properties dialog box, click Computer Name. 4. On the Computer Name tab, click Change. 5. Click Workgroup, type WORKGROUP as the workgroup name, and then click OK. 6. In the Computer Name Changes dialog box, type Administrator as the user name, type P@ssw0rd as the password, and then click OK.
12
7. In the Welcome to the WORKGROUP workgroup message box, click OK. 8. In the You must restart this computer for the changes to take effect message box, click OK. 9. Click OK to close the System Properties dialog box, and then click Yes to restart the computer. 10. Follow the same steps on Glasgow to add it to the WORKGROUP workgroup.
! Log on to the workgroup computer with a local user account

1. On Vancouver, press right-ALT+DEL to open the Log On to Windows dialog box. 2. Click Options twice to hide and then display the logon options. Notice that the Log on to logon option does not appear. You can only log on to the local computer, not to the domain. 3. Log on as Administrator with the password P@ssw0rd. 4. On Glasgow, log on as Administrator with the password P@ssw0rd.
! Create another local user account

1. Click Start, right-click My Computer, and then click Manage. 2. In the Computer Management window, expand Local Users and Groups. Note Again, you log on as Administrator for this practice because you require administrator privileges to perform some of the steps and to eliminate the steps necessary when creating a second limited test user. Restrict the use of the Administrator account in production environments. 3. Right-click Users, and then click New User. 4. In the New User box, type FastSwitchUser and in the Password and Confirm password boxes, type P@ssw0rd 5. Clear the User must change password at next logon check box, and then click Create. 6. Close the New User dialog box, click Users, and view FastSwitchUser in the list of users. 7. Close all open windows.
! Configure Fast User Switching

1. Click Start, click Control Panel, and then click User Accounts. 2. On the Pick a Task page, click Change the way users log on or off. 3. In the User Accounts dialog box, click OK. 4. Clear the Enable Offline Files check box, and then click OK. 5. Click Change the way users log on or off again. 6. On the Select logon and logoff options page, select Use the Welcome screen, select Use Fast User Switching, and then click Apply Options.
13
7. Close the User Accounts window and close Control Panel. 8. Click Start, click Log Off, and then click Switch User.
! Test Fast User Switching

The logon screen lists all users on the computer. To log on, you click a user and type a password. When you use Fast User Switching, you are not required to press CTRL+ALT+DEL to log on. 1. Click FastSwitchUser, and then log on with the password P@ssw0rd. 2. Click Start, point to All Programs, point to Accessories, and then click WordPad. 3. Type some text into the WordPad document, and do not close or save the new document. 4. Click Start, click Log off, and in the Log Off Windows message box, click Switch User. On the Welcome screen, notice that both Administrator and FastSwitchUser are logged on and FastSwitchUser has one running program. 5. Log on as Administrator with the password P@ssw0rd. 6. Open WordPad and type some text into a new document, but do not close or save the new document. 7. Click Start, click Log off, and in the Log Off Windows message box, click Switch User. On the Welcome screen, notice that both Administrator and FastSwitchUser are logged on and that each has one program running. 8. Log on as FastSwitchUser with the password P@ssw0rd. Notice that WordPad is still running and that the text you typed is still there. 9. Close WordPad, and in the Save changes to Document message box, click No. 10. Click Start, click Log off, and in the Log Off Windows message box, click Log Off. 11. Log on as Administrator with the password P@ssw0rd. 12. Close WordPad, and in the Save changes to Document message box, click No.
! Change account types

An administrative user can change the account type of a local user account in a workgroup. 1. Click Start, click Control Panel, click User Accounts, and then click Change an account. 2. Click FastSwitchUser, and then click Change the account type. 3. Click Computer administrator, click Change Account Type, and notice the new account type beneath the user name. 4. Close the User Accounts and Control Panel windows.
14
Lesson: Configuring Local Security
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To configure local security, you must configure Group Policy settings. In this lesson, you will learn how to configure security settings on individual accounts and individual computers. After completing this lesson, you will be able to:
! ! ! !
Lesson objectives
Describe local security features. Describe the guidelines for increasing security for local policies. Describe the guidelines for using the CTRL+ALT+DEL security options. Configure local security.
15
What Is Local Security Configuration?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Local security configuration allows you to modify security settings for users and computers. Using the Microsoft Management Console To modify security settings, you must use the Microsoft Management Console (MMC) to access the appropriate administrative snap-ins. The MMC allows you to create customized snap-ins, called consoles. Each console focuses on a specific administrative taskfor example, local security. To configure local security, you must:
! !
Configuring local security
Create a custom console. Add the Group Policy snap-in to the console, with the focus on the Local Computer group policy object. This snap-in will appear in the console as Local Computer Policy. Add the Local Users and Groups snap-in to the console.
Managing local security
To manage local security, use the custom console to:

! ! ! !
Create and manage users and groups. Set policies on individual accounts and computers. Configure account policies and local policies. Configure security options, such as CTRL+ALT+DEL options.
Additional reading
For additional information on recommended baseline security settings and security-configuration techniques, see the Microsoft Security home page at http://www.microsoft.com/security/default.mspx. To learn how to use security templates to implement local system security, see the article Security Templates overview on the Microsoft Web site at http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/ en-us/sag_scewhatis.mspx.
16
Guidelines for Configuring Local Policies
*****************************ILLEGAL FOR NON-TRAINER USE****************************** You can configure local policies to control security on a computer. Configuring local policies In a console that includes the Group Policy snap-in, you can configure the following settings:
!
User Rights Assignment. These settings enable you to grant permission to users or groups who must be able to perform specific actions on the computer. Security Options. These settings enable you to define security settings on the local computer.
User Rights Assignment
The following table describes some of the User Rights Assignment settings that are important for local security.
Setting Access this computer from the network Deny access to this computer from the network Deny logon locally Description Enables all users or groups listed to access the computer from the network. Denies access from the network to any user or group listed. Deny properties override all other access properties. Denies local logon capability to any user or group listed. Deny properties override all other access properties. Enables any user or group listed to log on locally.
Log on locally
Important Deny is the first permission that is applied, and it overrides any other permission. If you remove a user from the list of users who are granted access, it is a different action than if you denied access to that user.
17
Security Options
The following table describes the Security Options settings that are important for local security.
Setting Interactive logon: Do not display last user name Interactive logon: Message text for users attempting to log on Interactive logon: Message title for users attempting to log on Devices: Unsigned driver installation behavior Description Indicates whether a previous users name is shown on the logon screen Displays a message box that includes the specified text Supplies a title for a message that appears to users Indicates computer action when a user attempts to install an unsigned driver Recommended value Enabled
Enabled, if required
Enabled when any message text appears at logon Warn, but allow installation
18
Guidelines for Configuring CTRL+ALT+DEL Security Options
*****************************ILLEGAL FOR NON-TRAINER USE****************************** CTRL+ALT+DEL options determine which buttons are active in the Windows Security dialog box that appears when a user presses CTRL+ALT+DEL. To access CTRL+ALT+DEL Options:
!
Open a customized console that contains the Local Computer Policy snap-in. Expand Local Computer Policy, expand User Configuration, expand Administrative Templates, expand System, and then click CTRL+ALT+DEL Options.
19
Using CTRL+ALT+DEL settings
The following table describes the circumstances when you should use CTRL+ALT+DEL Options.
Setting Remove Task Manager Description If users try to open Task Manager, displays a message that explains that a policy prevents the action. Use this setting when You do not want users to: Start and stop programs by using Task Manager. Monitor their computers performance. Find the executable names of programs. Change the priority of the process in which programs run. Remove Lock Computer Prevents users from locking their computers. (When a user locks a computer, only that user or an administrator can unlock it.) Prevents users from changing their Windows passwords on demand. Users can, however, change their passwords when prompted by the system. Prevents users from logging off Windows XP Professional. You do not want users to lock a computerfor example, when multiple people must use a single computer. You want users to change their passwords only at specified times.
Remove Change Password
Remove Logoff
Logging off prevents users from accessing necessary programs (for example, when a computer is set up as a kiosk on which many people access particular programs and are not required to log on).
20
Practice: Configuring Account Policies
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives Practice setup Scenario In this practice, you will configure password policies and account policies. The Vancouver virtual machine should be running. You should be logged on as Administrator with the password P@ssw0rd. Based on the results of a departmental security audit, you are required to change the password policy for computers running Windows XP Professional. The new policy must ensure that users cannot re-use their last three passwords, must use 8-character passwords, cannot use their user names as passwords, and are locked out if they use the wrong password three times.
! Create a customized local security console

1. On Vancouver, click Start, click Run, type mmc and then click OK. 2. On the File menu, click Add/Remove Snap-in. 3. In the Add/Remove Snap-in window, click Add. 4. In the Add Standalone Snap-in window, click Group Policy, and then click Add. 5. In the Select Group Policy Object window, verify that Local Computer is displayed, and then click Finish. 6. In the Add Standalone Snap-in window, select Local Users and Groups, and then click Add. 7. With Local computer selected, click Finish. 8. Close the Add Standalone Snap-in window. 9. In the Add/Remove Snap-in window, click OK. 10. On the File menu, click Save, type Local Security Console and then click Save.
21
! Use the Group Policy snap-in to access Account Policies

Expand Local Computer Policy, expand Computer Configuration, expand Windows Settings, expand Security Settings, and then expand Account Policies. Note Account Policies consists of Password Policy settings and Account Lockout Policy settings.
! Configure Password Policy settings

1. Click Password Policy. 2. Double-click Enforce password history. 3. Change passwords remembered to 3, and then click OK. 4. Double-click Minimum password length, change it to 8 characters, and then click OK. 5. Double-click Password must meet complexity requirements, click Enabled, and then click OK. Verify that the new password policy meets the recommended values as shown in the following table.
Setting Enforce password history Maximum password age Minimum password age Description The number of passwords that a user must use before repeating a previous password. Values are 0 to 24. The maximum number of days that a user may use the same password. Values are 0 (never expires) to 999. The minimum number of days that a user must use the same password. A value of zero indicates that the password may be changed immediately. The value must be less than the maximum password age. The minimum number of characters in a password. Values are 0 to 14. Requires that passwords: Comply with length and age settings. Contain capital letters, numbers, or special characters. Do not contain the users user name or full name. Store password using reversible encryption for all users in a domain Not applicable for workgroups. Not applicable for workgroups Recommended value At least 3
No more than 42 (default) 0 (default)
Minimum password length Password must meet complexity requirements
8 characters Enabled
22
! Configure Account Lockout Policy settings

1. Click Account Lockout Policy. 2. In the details pane, double-click Account Lockout Threshold, and then change Account will lock out after to 3 invalid attempts, and then click OK. 3. If the Suggested Value Changes dialog box is displayed, click OK. Verify that the Account Lockout Policy settings now meet the recommended values as shown in the following table, then close the Local Security MMC window without saving changes.
Setting Account lockout threshold Description The number of invalid logon attempts permitted before the user account is locked out. A value of 0 indicates that the account will never be locked out. The number of minutes that the account is locked out. Values are 0 to 99999 (69.4 days). A value of 0 indicates that an account is locked out until an administrator resets it. The number of minutes to wait before resetting the account lockout counter. Recommended value No more than 5
Account lockout duration
At least 30 minutes
Reset account lockout counter after
At least 30 minutes
23
Lesson: Configuring Windows Firewall
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This lesson introduces the functionality of Windows Firewall and shows you how to configure firewall features. Protecting the network and keeping the environment secure is an important responsibility for system administrators. Windows Firewall is a powerful tool that enables administrators to ensure a high default level of security on their networks. After completing this lesson, you will be able to:
! ! ! ! ! !
Lesson objectives
Identify the primary functionality of Windows Firewall. Define Windows Firewall exceptions. Configure Windows Firewall. Configure Windows Firewall exceptions. Describe the security policies that pertain to Windows Firewall. Identify best practices for configuring Windows Firewall.
24
What Is Windows Firewall?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points A firewall is a boundary that protects against potentially unsafe network traffic. It protects computers by checking incoming traffic and dropping traffic that is not permitted. Windows Firewall, included with Windows XP Service Pack 2, is a software-based firewall that can protect computers from traffic from both local networks and from remote networks, including the Internet. By default, Windows Firewall is configured to block all incoming network traffic except:
!
Solicited traffic that is sent in response to a specific request by the computer. Excepted traffic that you have specifically configured the firewall to accept, based on factors such as the originating application or the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port used.
Note Windows Firewall does not block outgoing traffic. Windows Firewall configuration options enable you to:
! ! ! !
Log Windows Firewall activity. Specify how to manage Internet Control Message Protocol (ICMP) traffic. Specify on a per-application and per-port basis which traffic to allow. Configure firewall settings separately for each network connection or globally for all connections on a computer.
Default Windows Firewall configuration
When Windows Firewall is installed with its default settings, it is enabled on all network connections. All ports are blocked, and the only application specifically unblocked is Remote Assistance (sessmgr.exe).
25
What Is a Windows Firewall Exception?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Overview By default, Windows Firewall blocks most unsolicited traffic. To enable remote administrative tasks or some network-based programs, you may need to allow some unsolicited traffic on your network. Windows Firewall exceptions enable you to control exactly which traffic is allowed through the firewall. A Windows Firewall exception is a firewall configuration setting that specifies on a per-program or per-port basis a type of unsolicited traffic that can be permitted through the firewall. There are some default Windows Firewall exceptions that you can choose to enable or disable. You can also create custom exceptions to meet the needs of your particular network environment. Note Some programs assign ports dynamically. Program-based exceptions enable the program to dynamically unblock ports as needed. Port-based exceptions are static. Remote Assistance exceptions Windows Firewall configures and enables a default exception for the Remote Assistance service. This exception permits users to request help through Remote Assistance. But to permit administrators to offer Remote Assistance help to a user, you need to create and enable additional custom exceptions to permit the unsolicited Remote Assistance traffic. For more information on Remote Assistance firewall exceptions, see article 555179, Windows XP SP2 Firewall blocks offers of Remote Assistance, in the Microsoft Knowledge Base at http://support.microsoft.com/ default.aspx?scid=kb;en-us;555179.
Additional reading
26
How to Configure Windows Firewall
*****************************ILLEGAL FOR NON-TRAINER USE****************************** The Windows Firewall is enabled by default on all network connections. You can enable or disable the firewall for the entire system, or selectively enable or disable it on specific network connections. You can also enable firewall logging. Enabling Windows Firewall for all network connections You can manually enable Windows Firewall in the Windows Firewall dialog box: 1. Access the dialog box by using one of the following methods: Double-click the Windows Security Alerts icon in the notification area of the taskbar, and then click Windows Firewall. Click Start, click Control Panel, click Security Center, and then click Windows Firewall. Click Start, click Control Panel, click Network and Internet Connections, and then click Windows Firewall. In the Network Connections window, right-click a connection and then click Properties. On the Advanced tab, in the Windows Firewall section, click Settings. 2. On the General tab, select On (recommended) to enable the firewall on all network connections. 3. Select the Dont Allow Exceptions check box if you do not want to enable any exceptions to the default firewall configuration. 4. Click OK. Important You can disable the firewall on all network connections by selecting Off (not recommended). You should consider the implications of this choice carefully, because disabling the firewall is a security risk.
27
Enabling or disabling Windows Firewall for a specific network connection
You can enable or disable the firewall for individual network connections: 1. Open the Windows Firewall dialog box, and click the Advanced tab. 2. In the Network Connection Settings section, select the check box for a network connection to enable the firewall for that connection. Clear the check box to disable the firewall. You can configure Windows Firewall to log firewall events. This can help you identify the specific ports that a program or service is using. To configure Windows Firewall logging: 1. Open the Windows Firewall dialog box, and click the Advanced tab. 2. In the Security Logging section, click Settings. 3. Configure the log settings, including: Logging for dropped packets or successful connections. The name and path to the log file. The default path and filename is C:\WINDOWS\pfirewall.log. The maximum size of the log. The default maximum size is 4,096 KB. 4. When you have finished configuring log settings, click OK twice. 5. To view the contents of the log file, open the file in Notepad.
Configuring Windows Firewall logging
Configuring Windows Firewall at the command line
You can use the netsh command-line configuration tool to configure Windows Firewall at the command line. For more information, see Configuring Windows Firewall from the command line in the Help and Support Center.
28
How to Configure Windows Firewall Exceptions
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Windows Firewall exceptions permit unsolicited incoming traffic to pass through the firewall. You can configure default exceptions, custom program or service exceptions, port exceptions, or ICMP exceptions. Configuring a default exception There are several predefined exceptions that you can enable or disable. To configure any of the default exceptions: 1. Open the Windows Firewall dialog box, and click the Exceptions tab. 2. The default programs and services for which you can configure exceptions appear in the Programs and Services list. Select each check box to enable an exception, or clear the check box to disable the exception, and then click OK. There are default exceptions for: File and Printer Sharing Remote Assistance (enabled by default) Remote Desktop UPnP Framework
29
Defining custom program exceptions and open ports
You can define custom exceptions for programs, or to open specific firewall ports. To define custom exceptions for programs: 1. Open the Windows Firewall dialog box, and click the Exceptions tab. 2. Click Add Program to add an exception for a specific program. 3. Select the program from the list of installed programs. 4. Click Change Scope to specify the scope for the exception. There are three types of scope: Any computer (including those on the Internet). This is the default scope. My network (subnet) only. Custom list. This is where you can add specific IP addresses to the list. 5. Click OK to return to the Windows Firewall dialog box. The new exception appears in the Programs and Services list. The check box for the new exception should be selected by default. To open a port: 1. On the Exceptions tab of the Windows Firewall dialog box, click Add Port. 2. Enter the name and port number, and select TCP or UDP. 3. Click Change Scope to specify the scope for the open port. Tip You can edit an exception or delete a custom exception by selecting the exception and clicking Edit or Delete. You can only delete custom exceptions; you cannot delete the default Windows Firewall exceptions.
Configuring ICMP exceptions
If you need to use ICMP requests to troubleshoot network connectivity, you can enable ICMP exceptions to allow specific types of ICMP traffic, and disable them after you have completed troubleshooting. To configure exceptions for ICMP traffic: 1. Open the Windows Firewall dialog box, and click the Advanced tab. 2. In the ICMP section, click Settings. 3. Select the ICMP exceptions for the types of traffic you want to allow, and then click OK twice.
Configuring exceptions for specific connections
You can configure, edit, or delete exceptions for specific network connections. On the Advanced tab of the Windows Firewall dialog box, in the Network Connection Settings section, click the connection you want to configure and then click Settings. Configure service exceptions on the Services tab and configure ICMP exceptions on the ICMP tab. To restore all Windows Firewall settings to their defaults, open the Windows Firewall dialog box and click the Advanced tab. In the Default Settings section, click Restore Defaults.
Restoring Windows Firewall defaults
30
Windows Firewall Security Policies
*****************************ILLEGAL FOR NON-TRAINER USE****************************** When you install Windows XP Service Pack 2, additional Windows Firewall policy settings are installed to enable you to configure Windows Firewall through the Local Computer Policy. The policy settings enable you to:
! ! ! ! !
Enable or disable the firewall. Allow or prevent all exceptions. Configure each of the default exceptions. Define custom program, ICMP, and port exceptions. Control the display of user notifications when Windows Firewall blocks a program. Configure or prohibit firewall logging. Allow or block unicast responses to multicast or broadcast messages.
! !
Windows Firewall policy profiles
Windows Firewall policy settings are grouped into two separate policy profiles in the policy object. One profile (the Domain profile) is used when a domain member computer is connected to the domain; the other (the Standard profile) is used in all other cases. Each profile contains the same set of policy settings, which can be configured differently in each profile. Windows XP with Service Pack 2 automatically determines the computers network status, and applies the appropriate profile.
31
The following table describes the function of each policy profile.

Policy profile Domain profile Description The Domain profile is the set of Windows Firewall settings that are needed when a domain member computer is connected to the managed network, which is the network that contains the domain controllers of the organization. For example, the Domain profile might contain exceptions to permit traffic for the applications needed by a managed computer in an enterprise network. The Standard profile is the set of Windows Firewall settings that are needed when a domain member computer is not connected to the managed network. It is also the set of Windows Firewall settings used for workgroup computers. The Standard profile should contain more restrictive settings than the Domain profile. For example, a user working at home might connect directly to the Internet using a public broadband Internet service provider.
Standard profile
Configuring Windows Firewall policy settings
You can configure policy settings for Windows Firewall on individual systems by editing the Local Computer Policy. To configure Windows Firewall policy settings: 1. Click Start, click Run, type gpedit.msc and then click OK. 2. In the left pane of the Group Policy window, expand Computer Configuration, expand Administrative Templates, expand Network, expand Network Connections, and then expand Windows Firewall. 3. Select Domain Profile or Standard Profile. 4. In the right pane, double-click each policy setting to configure it. 5. Close Group Policy. Important In an Microsoft Active Directory domain, you should configure Windows Firewall policies in Active Directory Group Policy objects rather than in the local policy. You must update the Group Policy objects to include the new Windows Firewall policy settings. If a computer running Windows XP is a member of a domain, any Windows Firewall policies set in domain Group Policy objects will override locally-set policies.
Additional reading
For complete information on configuring each of the Windows Firewall security policies and on updating Active Directory Group Policy objects with the Service Pack 2 Windows Firewall policy settings, see the white paper Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2, located in the Additional Reading section of the Student Materials compact disc.
32
Best Practices for Configuring Windows Firewall
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Best practices To keep your network traffic as secure as possible, you should follow these best practices for configuring Windows Firewall:
!
To fully protect network traffic, enable Windows Firewall on all network connections on all computers. Do not assume that traffic on the internal network is safe and does not need to be restricted. Test your applications on systems with Windows Firewall enabled before deploying Service Pack 2 throughout your organization. This helps ensure that there will be no interruption of service for any application once the service pack is deployed. Start with the tightest security, and only create exceptions that are absolutely necessary. Globally unblocking ports or applications without a clear reason for doing so can leave your systems open to damage by malicious traffic. In a domain, use domain-based Group Policy settings to manage the firewall configuration of all member computers. This will ensure consistency as well as make it easier to check or update settings. If you are in a domain, make the settings in the Standard group policy profile the most restrictive. This ensures that a computer has the highest level of protection if it is ever used outside your managed network. If you need to loosen settings, do so in the Domain profile only.
Additional reading
For a list of the specific recommended Group Policy settings for Windows Firewall, see the white paper Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2, located in the Additional Reading section of the Student Materials compact disc.
33
Practice: Configuring Windows Firewall
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives In this practice, you will:

! ! ! !
Edit firewall port and program exceptions and their scope. Add and delete port exceptions. Configure Windows Firewall logging. Check firewall settings from the command line with the netsh command.
The Vancouver virtual machine should be running. You should be logged on as Administrator with the password P@ssw0rd. You have been asked to configure the company firewall to enable file and print sharing, remote assistance, and local File Transfer Protocol (FTP) access. Logging should also be enabled for tracking dropped packets and successful connections.
! Edit existing exceptions

1. On Vancouver, click Start, click Control Panel, click Network and Internet Connections, and then click Change Windows Firewall settings. 2. Click the Exceptions tab. 3. Select the File and Printer Sharing check box. 4. With File and Printer Sharing selected, click Edit to view the configuration of the exception. The ports that need to be opened for this are listed. 5. Click Change scope, click My network (subnet) only, and then click OK twice. 6. Click Remote Assistance, and then click Edit. The program needed to get through the firewall is listed. 7. Click Cancel.
34
! Add a port exception

1. On the Exceptions tab, click Add Port. 2. In the Name box, type local ftp and in the Port number box, type 21. Verify that TCP is selected, and then click Change Scope. 3. Click My network (subnet) only, and then click OK twice.
! Delete a port exception

1. On the Exceptions tab, click local ftp. 2. Click Delete. 3. In the Delete a Port message box, click Yes.
! Configure Windows Firewall logging

1. Click the Advanced tab. 2. In the Security Logging section, click Settings. 3. Select the Log dropped packets check box. 4. Select the Log successful connections check box. 5. Click OK twice. 6. Close the Network and Internet Connections window.
! Check firewall settings from the command line

1. Open a Command Prompt window. 2. Type netsh /? and then press ENTER to display the options. 3. Type netsh firewall show and press ENTER. 4. Type netsh firewall show logging and press ENTER. 5. Type netsh firewall show state and press ENTER. 6. Type netsh firewall show state verbose=enable and press ENTER. 7. Close the Command Prompt window.
35
Lesson: Configuring Network Options in a Workgroup
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Lesson objectives In this lesson, you will learn how to use the Network Setup Wizard to enable file- or print-sharing and Internet Connection Sharing (ICS). After completing this lesson, you will be able to:
! ! ! !
Describe how workgroup configuration works. Describe how ICS works. Select an appropriate Internet connection method for your network. Configure network options in a workgroup.
36
How Workgroup Configuration Works
*****************************ILLEGAL FOR NON-TRAINER USE****************************** In Windows XP Professional, you can configure a number of workgroup network options. You configure these options by using the Network Setup Wizard or Control Panel. Workgroup configuration process To configure workgroup options:
!
Gather the information that you require to configure your network. To plan the steps that you must take to configure your network, use the Home and Small Network Setup checklist. This checklist presents the steps required to set up a home or small office network, and the order in which you should complete the steps. To access the checklist, search the Help and Support Center or use the Network Setup Wizard. Configure your connection to the Internet. ICS enables you to share a single Internet connection between all of the computers on your network. Enable Windows Firewall. Enable Windows Firewall on any computer that connects to the Internet, to secure the internal network and protect your Internet connection. Enable the network bridge. Enable the network bridge if a computer has multiple network adapters installed. Name your computer and provide a description. Each computer on the network must have a unique computer name, and every computer in a workgroup must have the same workgroup name. Configure folder sharing. This step enables users on the network to share folders. Configure printer sharing. This step enables users on the network to access printers on the network.
Additional reading
For more information on configuring home and small networks, see the Microsoft TechNet article Home or small office network overview at http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/ en-us/hnw_overview.mspx.
37
What Is Internet Connection Sharing?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points When you configure ICS, one computer connects directly to the Internet and shares its connection with the other computers on the network. This computer is called the ICS host. The ICS host computer also manages network addressing. The ICS host computer:
! !
Assigns itself a permanent address. Acts as a Dynamic Host Configuration Protocol (DHCP) server to the ICS clients and assigns a unique address to each client computer.
ICS enhances security because the ICS host computer:

! !
Is the only computer visible on the Internet. Hides the addresses of the client computers from the Internet.
38
Guidelines for Selecting an Internet Connection Method
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Options in Network Setup Wizard When you run the Network Setup Wizard to configure network options, you must choose whether the computer:
! ! !
Is the ICS host computer. Is an ICS client computer. Uses a connection method other than ICS.
ICS connection methods
The Network Setup Wizard offers two ICS connection method options:
!
The computer connects directly to the Internet. If you choose this option, other computers on the network will connect to the Internet through this computer. The Network Setup Wizard configures this computer to use Windows Firewall to protect it from intrusions from the Internet. Select this option if the computer is the ICS host. Select the network adapter that is connected to the Internet.
The connection is through another computer on the network or through a residential gateway. If you choose this option, the computer performs as if it is connected directly to the Internet. Select this option if the computer is a client of the ICS host or a residential gateway. A residential gateway is a hardware device that is similar to a host computer. If you have more than one network adapter, use the bridging feature of Windows XP Professional to enable communication among all the computers on the network.
39
Other connection methods
If you select Other in the Network Setup Wizard, the wizard offers three connection options that do not use ICS:
!
The computer connects to the Internet directly or through a network hub. If you choose this option, all computers on the network connect to the Internet directly or through a hub. Select this option if each computer on the network has a direct connection to the Internet by way of a network hub and a Digital Subscriber Line (DSL) or cable modem connection. Important This option is not recommended because it directly exposes all computers on the network to the Internet, which can create security problems. It is recommended that you use a secure host device, such as a computer running Windows XP Professional with ICS and Windows Firewall enabled.
The computer connects directly to the Internet. Select this option if you have only one computer and it has an Internet connection. You should ensure that Windows Firewall is enabled on the Internet connection.
The computer belongs to a network that does not have an Internet connection. Select this option if you have two or more computers on a network and none of them has an Internet connection. If you have more than one network adapter, you can use the bridging feature of Windows XP Professional.
Bridging
If you have different network adapter types, such as Ethernet, home phone line network adapters (HPNA), or wireless installed on a computer running Windows XP Professional, the Network Setup Wizard creates a network bridge to enable all of the computers on your network to communicate.
40
Demonstration: Configuring Internet Connection Sharing Manually
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Adding an Internet connection This demonstration shows you how to enable ICS by using Control Panel rather than the Network Setup Wizard. 1. Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections. 2. Click Create a new connection. 3. Click Next. 4. Click Connect to the Internet, and then click Next. 5. Click Set up my connection manually, and then click Next. 6. Click either Connect using a dial-up modem or Connect using a broadband connection that requires a username and password, and then click Next. 7. Type the ISP name, and then click Next. 8. If creating a dial-up connection, type the phone number, and then click Next. 9. If the Connection Availability page appears, click Next. 10. Enter the user name and password, and then click Next. 11. Click Finish.
41
Enabling ICS
1. Right-click the dial-up or broadband connection for which you want to enable ICS, and then click Properties. 2. If prompted, click Yes to save the password. 3. On the Advanced tab, under Internet Connection Sharing, select the Allow other network users to connect through this computers Internet connection check box. 4. Select or clear these Internet Connection Sharing options as needed for your network: Establish a dial-up connection whenever a computer on my network attempts to access the Internet. Allow other network users to control or disable the shared Internet connection. 5. To configure which services are available through the ICS connection, click Settings, select the desired services, and then click OK twice. Note The option to enable ICS on the Advanced tab of the Network Connections dialog box is available only if the computer has multiple network adapters, or if the connection is a dial-up or virtual private network (VPN) connection that is shared without multiple network adapters.
42
Practice: Configuring Network Options in a Workgroup
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives In this practice, you will use the Network Setup Wizard to configure a small home or office network. You will also create and share folders and files on your computer. The Glasgow and Vancouver virtual machines should be running. You should be logged on to Vancouver as Administrator with the password P@ssw0rd. A department in your organization installed Windows XP Professional. The department uses a workgroup. The installation team installed the computers into a default workgroup. You now must create a small office network and set up and test a shared folder.
! Configure a home or small office network

1. On Vancouver, click Start, click Control Panel, and then click Network and Internet Connections. 2. Under Pick a task, click Set up or change your home or small office network. 3. On the Welcome to the Network Setup Wizard page, click Next. 4. On the Before you continue page, view the checklist for creating a network, and then click Next. 5. On the Select a connection method page, click Other, and then click Next. 6. On the Other Internet connection methods page, click This computer belongs to a network that does not have an Internet connection, and then click Next. 7. On the Give this computer a description and name page, in the Computer description box, type Your_Names Computer (where Your_Names is the possessive form of your first name), verify that the computer name is correct, and then click Next.
43
8. On the Name your network page, in the Workgroup name box, type WORKGROUP and then click Next. 9. On the File and Printer Sharing page, click Turn on file and printer sharing, and then click Next. 10. On the Ready to apply network settings page, verify that all entries are correct, and then click Next. 11. On the You're almost done page, click Just finish the wizard, and then click Next. 12. On the Completing the Network Setup Wizard page, click Finish. 13. Close any open windows, and then restart the computer.
! Create and share a folder on your computer

1. Press Right-ALT+DEL twice to display the logon box, and then log on as Administrator with the password P@ssw0rd. 2. Click Start, right-click My Computer, and then click Explore. 3. In the Folders list, click Local Disk (C:). 4. If the details pane displays These files are hidden, click Show the contents of this folder. 5. Click File, point to New, and then click Folder. 6. In the details pane, rename New Folder to Practice6. 7. Right-click Practice6, and then click Sharing and Security. 8. On the Practice6 Properties page, select Share this folder on the network, and after the share name defaults to Practice6, select Allow network users to change my files, and then click OK. Note A hand now appears under the Practice6 folder, which indicates that this is a shared network folder. 9. Close Windows Explorer.
44
! Open WordPad and save a file to the shared folder

1. Click Start, point to All Programs, point to Accessories, and then click WordPad. 2. Type some text into the WordPad document, click File, and then click Save As. 3. In the Save in box, click the down arrow, click Local Disk (C:), doubleclick Practice6, and then click Save. 4. Close WordPad.
! From Glasgow, open the saved document in the shared folder

1. Log on to Glasgow as Administrator with the password P@ssw0rd. 2. Click Start, click My Computer, click My Network Places, and then click View workgroup computers. A list of the computers in the workgroup is displayed. 3. Double-click Your_Names computer (Vancouver), double-click Practice6, and then double-click the document in the Practice6 folder. You can access the shared folder on Vancouver from Glasgow. 4. Close all open windows and log off the computer.
45
Lesson: Joining a Domain
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction When a computer joins a domain, users with domain user accounts can access the resources in that domain. In this lesson, you will learn the differences between logging on to a workgroup and logging on to a domain. After completing this lesson, you will be able to:
! ! !
Lesson objectives
Describe the effects of and requirements for joining a domain. Describe what happens when a user logs on to a domain. Configure Windows XP Professional for a domain.
46
What Is the Impact of Joining a Domain?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Domain and workgroup differences When a computer joins a domain, users with domain user accounts can access the resources in that domain. The computer and the users are subject to the Group Policy, account policies, and security settings configured for the domain rather than for each individual computer. Before you join a computer to a domain, you must have the following:
!
Requirements for joining a domain
A domain name. You must have the exact name of the domain to which you want to join the computer. A computer account. Before you join a computer to a domain, it must have an account in the domain. You can create the account in two ways: As domain administrator, using the unique computer name During installation, if you have appropriate privileges If you create the account during installation, Setup prompts you for the name and password of a user account that has the authority to add domain computer accounts.
A DNS server. You must have an available domain controller and a server running the Domain Name System (DNS) Server service. When you install a computer in a domain, at least one domain controller in the domain that you are joining and one DNS server must be online.
47
How Users Log On to a Domain
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Logon Domain users have the choice of logging on to:
! !
The local computer. A domain of which the computer is a member.
These choices are not available on the Welcome screen that workgroups use. In a domain, users must press CTRL+ALT+DEL to open the Log on to Windows dialog box. The user can then:
! !
Enter a valid user name and password. Choose whether to log on to the local computer or a domain.
Note If a domain computer account does not exist, a user cannot use the computer to log on to the domain, even if the user has a valid domain user account. Authenticate When users log on to a domain, their credentials are checked against the domain security subsystem, which is the Microsoft Active Directory directory service. Active Directory stores all of the credential information for computer and user accounts in the domain, in addition to other security information. Because users credentials are authenticated against this centralized database, users in a domain can log on from any computer in the domain, except those computers on which they are specifically denied access.
48
Cache credentials
When a domain user logs on to a computer, a copy of the users credentials is cached in a secure area of the local computer registry. These cached credentials enable the user to log on to the computer even if Active Directory is not available to authenticate the user. Active Directory may become unavailable when:
! ! !
The domain controller is offline. There are other network problems. The computer is not connected to the networkfor example, when mobile users travel.
49
Practice: Joining a Domain
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup In this practice, you will configure a computer running Windows XP Professional to join a domain. The London, Glasgow, and Vancouver virtual machines should be running. On the Vancouver virtual machine, you should be logged on to the local computer as Administrator An installation team installed Windows XP Professional throughout the department that you support. The team members did not have domain administrative authority when they performed the installation, so they installed the computers into a workgroup. Your job is to reconfigure the computers to operate in your organizations domain.
Scenario
! Join a domain
1. On Vancouver, log on as FastSwitchUser with the password P@ssw0rd. 2. Open Control Panel, and click Performance and Maintenance. 3. Hold down the SHIFT key, right-click System, and then click Run as to open System with administrator privileges. 4. In the Run As box, click The following user. 5. In the User name box, type NWTRADERS\Administrator. In the Password box, type P@ssw0rd and then click OK. 6. On the System Properties page, click Computer Name, and then click Change. 7. Click Domain, type NWTRADERS and then click OK. 8. In the Computer Name Changes dialog box, type Administrator as the user name and P@ssw0rd as the password, and then click OK. 9. In the Computer Name Changes message box that displays Welcome to the NWTRADERS domain, click OK.
50
10. In the Computer Name Changes message box that displays You must restart this computer for the changes to take effect, click OK. 11. Click OK to close the System Properties page. 12. In the System Settings Change message box, click Yes to restart the computer. 13. Switch to Glasgow, log on as Administrator with the password P@ssw0rd, and then follow the above steps to join the Glasgow computer to the NWTRADERS domain.
! As a domain user, verify that the computer is operating correctly in the

domain Note After the computer restarts, notice that the logon dialog box has changed to a classic Windows logon, where you press CTRL+ALT+DEL to begin. 1. On Vancouver, press Right-ALT+DEL, and in the Log on to box, select NWTRADERS. By default, the first time that you log on after joining a domain, the Log On to option defaults to the local computer. 2. Log on to the nwtraders domain as VancouverUser with the password P@ssw0rd. 3. On Glasgow, log on to the nwtraders domain as GlasgowUser with the password P@ssw0rd. 4. On Vancouver, click Start, click My Computer, and then click My Network Places. 5. In the My Network Places window, click Entire Network, and then doubleclick Microsoft Windows Network. Note On the Microsoft Windows Networks page, you will see NWTRADERS and possibly WORKGROUP from the previous lab. The workgroup entry has not timed out and will continue to appear for a short time. 6. Double-click NWTRADERS, and verify that both computers joined the domain. 7. Double-click London, and see the available resources on that computer. 8. Close all open windows.

Contents Overview Lesson: Configuring Hardware for Mobile Computing Lesson: Configuring Power Management for Mobile Computing Lesson: Making Files and Web Sites Available Offline Course Evaluation 1 2 7 14 27
iii
Instructor Notes
Presentation: 75 minutes Lab: 00 minutes Objectives This module provides students with the skills necessary to support mobile users of Microsoft Windows XP Professional. There is no lab for this module.

! ! !
Configure hardware for mobile computing. Configure power management for mobile computing. Make files, folders, and Web sites available offline.
Required materials
To teach this module, you need Microsoft PowerPoint file 2285B_07.ppt. Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, slides may not be displayed correctly.
Preparation tasks

! ! !
Read all of the materials for this module. Complete the practices and demonstrations. Read all of the materials listed under Additional reading for each topic.
iv

This section contains information that will help you to teach this module. For some topics in this module, references to additional information appear in notes at the end of the topic. Read this additional information when preparing to teach the module. During class, ensure that students are aware of the additional information.
Lesson: Configuring Hardware for Mobile Computing

What Are Hardware Profiles and Warm Docking? Demonstration: Creating Hardware Profiles This section describes the instructional methods for teaching this lesson. Explain to students that the improved hardware recognition and Plug and Play technologies in Windows XP Professional should reduce the need to create hardware profiles. Demonstrate the process for creating a hardware profile, and discuss how you must restart the computer and choose that profile to configure it. Perform this demonstration on the Glasgow virtual machine logged on to the nwtraders domain as Administrator. After you have completed this demonstration, pause Glasgow.
Lesson: Configuring Power Management for Mobile Computing

This section describes the instructional methods for teaching this lesson. Power Management Options Power Schemes Present information about ACPI and APM, the power-management hardware standards supported by Windows XP. Introduce students to power schemes and settings and their appropriate use. Describe to students the differences between the standby option, which is available only on mobile computers, and the hibernation option. Emphasize that because students are not working on mobile computers, the power management options that they see will differ from the interface described in the module. Remind students that not all power-management options will appear on every computer. (In the practice that follows, students will practice creating custom power schemes. The students will not practice other power-management tasks, such as enabling hibernation, because those functions are not supported in the virtual machine environment.) In this practice, students will create a custom power scheme.
How to Configure Power Management for Mobile Computing
Practice: Creating a Custom Power Scheme
Lesson: Making Files and Web Sites Available Offline

This section describes the instructional methods for teaching this lesson. How Offline File Access Works Use the slide for this topic to discuss the steps for offline file access. Explain what happens when the offline or online version of the same file changes. Point out that there are three components for making files and folders available offline: configuration of the network share, configuration of the client computer, and configuration of the specific files and folders. Use this topic to discuss best practices for configuring Offline Files settings. The best practices should include the three headings listed on the slide. You may choose to lead a discussion on the use of offline files in the students organizationsthis is a great opportunity for students to learn from each other. Use this demonstration to configure offline files and folders on Windows XP Professional. Explain the differences in Windows 2000. Do not configure the same options that students will use in the following practice. Perform this demonstration on the Glasgow virtual machine logged on to the nwtraders domain as Administrator. You can use the \\London\Home shared folder as the remote folder to make available offline. After you have completed this demonstration, you can pause the Glasgow virtual machine. Practice: Configuring Caching Options for Offline Files Demonstration: Configuring Synchronization In this practice, students configure files and folders for offline use.
Guidelines for Configuring Cache Settings Demonstration: Configuring Files and Folders for Offline Use
Use this demonstration to emphasize and configure file synchronization as delivered in the previous topic. Also, demonstrate the ways to handle possible conflicts between files. Perform this demonstration on Glasgow logged on to the nwtraders domain as Administrator. After you have completed this demonstration, pause Glasgow.
Practice: Managing File Synchronization
In this practice, students will practice file synchronization. In the Make the file available offline section of this practice, note that the wizard was already run on Glasgow as part of the previous demonstration, so it will not reappear on the instructor computer if you key the practice along with students. Explain why it is important for some users to have offline access to Web content. Explain how to use Microsoft Internet Explorer to make Web pages and related links available for offline access, and how you can specify the level of content to make available offline.
How to Make Web Sites Available for Offline Use
vi
Assessment
Overview
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction A growing number of employees regularly perform work on mobile computers. As a support professional, you will need to be able to help users configure and customize their laptop computers for mobile computing. Microsoft Windows XP Professional includes advanced power management capabilities that extend the battery life of a mobile computer. Also, because Windows XP Professional makes files, folders, and Web sites available offline, users can work on files, folders, or Web sites whether they are connected or disconnected, and can easily manage the synchronization of those resources. Objectives After completing this module, you will be able to:
! ! !
Configure hardware for mobile computing. Configure power management for mobile computing. Make files, folders, and Web sites available offline.
Lesson: Configuring Hardware for Mobile Computing
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Lesson objectives To optimize boot time and maximize battery life on a mobile computer, you must limit the impact of unnecessary hardware and drivers. After completing this lesson, you will be able to:
! !
Describe hardware profiles and warm docking. Create hardware profiles for mobile computing users.
What Are Hardware Profiles and Warm Docking?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Hardware profiles A hardware profile is a set of instructions that informs Windows which devices to initialize when you start your computer, or which settings to use for each device. Windows XP Professional uses Plug and Play to recognize all attached devices. Every device installed on your computer is enabled in the default profile:
! !
For desktop computers, the default hardware profile is named Profile 1. For laptop computers, the default hardware profile is named either Docked Profile or Undocked Profile, depending on whether your computer can read a Dock ID from a docking-station device.
Why create new hardware profiles?
Creating profiles is sometimes necessary to avoid the startup delay that occurs when Windows searches for a missing device. To avoid this delay, you can run a Windows computer with two profiles, one with the device and settings included, and another without the device. When you start the computer and the device is not attached, you can improve start times by choosing the appropriate profile. Also, although Windows 2000 and Windows XP Professional automatically detect Plug and Play hardware on most mobile computers, if Windows cannot detect the hardware for a setting in which the computer is used, you can create a hardware profile for that setting.
Warm docking
Windows XP Professional has built-in support for docking stations. A user can dock and undock a computer without restarting it. This procedure is called warm docking. Warm docking is helpful when you move a portable computer from one environment to another. For example, you can move a portable computer from an office docking station to a conference room for a presentation and then back again without restarting the computer. Users can eject their computers from docking stations by using the Undock PC command on the Start menu. A message is displayed to indicate that it is safe to undock the computer. If the docking station is motorized, the computer automatically undocks. If not, the user must undock the computer manually. Note Some docking stations also have an eject button. Pressing the eject button undocks the computer. For more information about the eject procedure, see the manufacturers documentation.
Docking with a switch box
A switch box is a device that enables more than one computer to use the same mouse, keyboard, and monitor. Windows XP Professional may not be able to detect the peripheral devices connected to a switch box, and therefore cannot properly enable those devices during warm docking. If you use a docking station that is connected to a switch box, you may need to shut down the computer before redocking it. For more information about wireless networking in Windows XP Professional with Service Pack 2, see the white paper Changes to Functionality in Microsoft Windows Service Pack 2, which is located in the Additional Reading section of the Student Materials compact disc.
Additional reading
Demonstration: Creating Hardware Profiles
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Creating a hardware profile This demonstration shows you how to create hardware profiles. To modify a hardware profile, you must start the computer by using that profile. 1. Click Start, click Control Panel, click Performance and Maintenance, and then click System. 2. In the System Properties dialog box, on the Hardware tab, click Hardware Profiles. 3. Under Available hardware profiles, click Profile 1 (current). This profile gives you a model for creating hardware profiles. 4. Click Copy, and in the To box, type Demo Profile and then click OK. 5. Under When Windows starts, verify that the Select the first profile listed if I dont select a profile in x seconds radio button is selected (where x is the number of seconds the computer waits before selecting the default profile). Leave the default number of seconds and click OK. 6. Click OK to close the System Properties dialog box. 7. Close any open windows. Now when a user starts the computer, either the default hardware profile starts or the user can manually select a different profile. The only device drivers that load are those that are enabled for the selected hardware profile. 8. Restart the computer, and then select the Demo Profile hardware profile at startup.
Modifying a hardware profile:
1. Log on, and then open the System Properties dialog box. 2. On the Hardware tab, click Device Manager. 3. In the Device Manager window, expand the Network Adapters icon, and then double-click the network card. 4. In the devices Properties dialog box, on the General tab, in the list for device usage, click Do not use this device in the current hardware profile (disable), and then click OK. 5. Close the Device Manager window. 6. Close any open windows. 7. Restart the computer, and then select the Demo Profile hardware profile at startup.
Using a hardware profile:
1. Log on, and then open a Command Prompt window. 2. Type ping 192.168.1.200 (this is the IP address of the London virtual machine). You should receive four messages saying that the destination host is unreachable. This proves that the network adapter is disabled. 3. Close all open windows. 4. Restart the computer, and then select the default hardware profile at startup. 5. Log on, and then open a Command Prompt window. 6. Type ping 192.168.1.200 to prove that the network adapter is now reenabled. You should receive four replies from the computer.
Lesson: Configuring Power Management for Mobile Computing
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Mobile users have special needs when managing the power that is used by their portable computers when the computers are running on batteries. You can reduce the power consumption of computer devices or an entire system by choosing a power scheme, or by adjusting the individual settings in a power scheme. After completing this lesson, you will be able to:
! !
Lesson objectives
Describe power management options. Explain the available power schemes and settings and when they are appropriate. Configure power management for a mobile computer by using power schemes, standby, and hibernation.
Power Management Options
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Windows XP Professional provides power management options to manage the power state of both portable and desktop computers. The operating system supports both advanced configuration and power interface (ACPI) and advanced power management (APM) hardware. ACPI ACPI is an open industry specification that defines a hardware interface for the motherboard. ACPI enables Windows to manage all of the power-management resources for computer subsystems and peripheral devices. ACPI is designed for portable and desktop computers. APM consists of one or more layers of software to support computers with hardware that can be configured to conserve power. APM defines the software interface between the hardware-specific power-management software and the power-management policy driver provided by the operating system. If you want to use APM, the hardware manufacturer must supply power-management software. APM is designed for portable computers. For more information on ACPI and APM, see the Microsoft Web site at http://www.microsoft.com/whdc/system/pnppwr/powermgmt/default.mspx.
APM
Additional reading
Power Schemes
*****************************ILLEGAL FOR NON-TRAINER USE****************************** You can use power schemes to reduce power consumption, which helps to conserve battery life on portable computers. Definition A power scheme is a collection of settings that manages a computers power consumption. Power schemes enable users to balance their computers battery life and performance in a way that best meets their needs. Each power scheme uses a different combination of idle time limits and selective shutdowns to control power consumption. The following table lists standard power schemes and usage.
Power schemes Home/Office Desk Usage This scheme provides the best solution for most desktop computer configurations and battery-powered computers that are mostly used while on line voltage. This scheme provides the best solution for a batterypowered computer frequently used both on line voltage and on battery power. This scheme provides the best solution for any computer used for presentations. This scheme provides the best solution for a batterypowered computer on which standby and hibernation have been disabled. This scheme provides the best solution for a batterypowered computer with extended battery capability. This scheme provides the best solution for a batterypowered computer with minimal battery capability.
Portable/Laptop
Presentation Always On
Minimal Power Management Max Battery
10
Standby and hibernation
If you plan to be away from your computer for a short time, put it on standby, which puts the computers operating system in a low-power state. If you plan to be away from your computer for an extended time, put it in hibernation. Hibernation saves your desktop to the hard drive, turns off your monitor and hard disk, and then turns off your computer. Note To use standby and hibernation in Windows XP Professional, you must have a computer that supports them. Check the documentation provided with your computer to determine whether your computer supports these options.
11
How to Configure Power Management for Mobile Computing
*****************************ILLEGAL FOR NON-TRAINER USE****************************** To reduce the power consumption of a workstation or mobile computer, you can choose an existing power scheme or you can create a custom scheme. You can also configure settings for standby and hibernation. Selecting and customizing a power scheme To select and customize a power scheme: 1. In Control Panel, click Performance and Maintenance, and then click Power Options. 2. In the Power Options Properties dialog box, on the Power Schemes tab, under Power Schemes, view the power schemes. 3. Select one of the schemes. 4. Preset time settings appear under Turn off monitor and Turn off hard disks on the Power Schemes tab. To change these settings, click the arrow next to the list, click the time that you want, and then click Apply.
12
Configuring standby
To configure standby on a mobile computer: 1. In the Power Options Properties dialog box, on the Advanced tab, under Power buttons, select one of the following options that determines how the computer behaves when the power button is pressed: Do nothing Ask me what to do Stand by Note The options that appear on the Advanced tab vary depending on the computer. For example, hibernate and shut down options might also be listed. For information about the options for your computer, such as the Sleep button, see the manufacturers documentation. 2. On the Power Schemes tab, under System standby, click the desired standby period. 3. Click Apply.
Configuring hibernation
To enable hibernation and to be prompted for a password when the system resumes: 1. In the Power Options Properties dialog box, on the Hibernate tab, select the Enable hibernation check box, and then click Apply. 2. On the Advanced tab, ensure that the Prompt for password when computer resumes from standby check box is selected, and then, if necessary, click Apply. 3. On the Power Schemes tab, select a time for System hibernates. The computer will hibernate after it has been idle for the period specified for System hibernates.
Testing hibernation or standby manually
To make a computer hibernate or stand by manually: 1. Click Start, and then click Shut Down. 2. In the Shut Down Windows dialog box, click Hibernate or Stand by, and then click OK.
13
Practice: Creating a Custom Power Scheme
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice setup In this practice, you will create a custom power scheme. The London and Vancouver virtual machines should be running. On Vancouver, you should be logged on to the nwtraders domain as VancouverUser with a password of P@ssw0rd. Some of the users whom you support have asked you to help them change a power scheme. You will create a custom power scheme for these users that will display a power management icon on their taskbars and turn off their monitors after ten minutes of idle use.
Scenario
! Create a custom power scheme

1. Click Start, click Control Panel, and verify that the Control Panel is displayed in Classic view. 2. Hold down the SHIFT key, right-click Power Options, and then click Run as to open the tool with administrator privileges. 3. In the Run As box: a. Click The following user. b. In the User name box, if necessary, type Vancouver\Administrator c. In the Password box, type P@ssw0rd and then click OK. 4. In the Power Options Properties dialog box, on the Advanced tab, select the Always show icon on the taskbar check box. 5. On the Power Schemes tab, click Save As. 6. In the Save Scheme dialog box, type Mobile User and then click OK. 7. Under Settings for Mobile User power scheme, configure the monitor to turn off after 10 minutes. 8. In the Power Options Properties dialog box, click OK, and then close Control Panel.
14
Lesson: Making Files and Web Sites Available Offline
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Mobile users cannot always be connected to a network. The Windows XP Professional Offline Files feature provides users with continuous access to network files and programs, even when those users are not connected to a network. Using offline files is not a substitute for document version control. If two users work with the same offline file at the same time, and then synchronize the file with the network version, one users changes may be lost. Lesson objectives After completing this lesson, you will be able to:
! ! !
Explain how offline file access works. Select the correct cache settings for offline files. Make files and Web sites available for offline use.
15
How Offline File Access Works
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points A file on a network can be configured for offline use, provided that the Offline Files feature is enabled for the folder in which it resides. When users configure files for offline use, they work with network versions of the files while they are connected to the network and with locally cached versions of the files when they are not. The three stages of the Offline Files feature are:
!
User logs off. When the user logs off the network, Windows XP Professional synchronizes the network files with local cached copies of the files. The cached copies are stored in the client-side cache (CSC) folder, which is located in the Windows folder. User is disconnected. Whenever the computer is disconnected from the network, the user works with the local cached copies of the files. User logs on. When the user again logs on to the network, Windows XP Professional synchronizes any offline files that the user has modified with the network version of the files. If a file has been modified on both the network and the users computer, Windows XP Professional prompts the user to choose which version of the file to keep, or the user can rename one version of the file and keep both versions.
16
Guidelines for Configuring Cache Settings
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points You should set caching options for a shared folder to meet the recommendations described in the following table.
Option Automatic caching of documents Description Opened files are automatically downloaded and made available when the user is working offline. Older copies of files are automatically deleted to create space for newer and more recently accessed files. To ensure proper file sharing, the server version of the file is always open. Opened files are automatically downloaded and made available when the user is working offline. Older copies of files are automatically deleted to create space for newer and more recently accessed files. File sharing is not ensured. Users must manually specify any files that they want to be available when working offline. The server version of a file is always open to ensure proper file sharing. Recommended for Folders containing user documents
Automatic caching of programs and documents
Folders with read-only data or run-from-thenetwork applications
Manual caching
Folders containing user documents
17
Demonstration: Configuring Files and Folders for Offline Use
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This demonstration shows you that you can make individual files in a shared network folder or an entire shared network folder available for offline use. After the Offline Files feature is enabled on the server, you must configure the client computer to use offline files. 1. In Windows Explorer, create a new folder or select an existing folder, rightclick the folder, and then click Sharing and Security. 2. On the Sharing tab, click Share this folder, and then click Caching. 3. Demonstrate how to set each of the following options: Automatic caching of documents Automatic caching of programs and documents Manual caching Configuring the client computer for offline files 1. Click Start, and then click My Computer. 2. On the Tools menu, click Folder Options. 3. In the Folder Options dialog box, on the Offline Files tab, note that the Enable Offline Files check box is selected by default.
Enabling offline files
18
4. Select the options listed in the following table to accomplish the synchronization actions described.
Option Synchronize all offline files when logging on (Enabling this option is a best practice.) Synchronize all offline files before logging off (Enabling this option is a best practice.) Display a reminder every xx minutes Select when you want Changes made to the local cached copy of the file synchronized with the network version upon logon. To ensure that the latest network version is cached on the local computer when disconnecting from the network. To be reminded that you are working on an offline file. Set the number of minutes between reminders. To create a shortcut to offline files on the desktop. To help keep offline files secure from intruders who may gain unauthorized access to your computer.
Create an Offline Files shortcut on the desktop Encrypt offline files to secure data (Enabling this option is a best practice.)
5. Set the Amount of disk space to use for temporary offline files, and then click OK. Making files available offline: 1. In My Computer or My Network Places, select the shared network file or folder on another computer that you want to make available offline. 2. On the File menu, click Make Available Offline. Note The first time that you make a shared network file or folder available offline, you are prompted to complete the Offline Files Wizard. Using this wizard, you can choose to synchronize offline files automatically when you log on to and log off the computer and create a shortcut to the Offline Files folder on the desktop. Configuring how offline files respond to network disconnection: 1. On the client computer, click Start, and then click My Computer. 2. On the Tools menu, click Folder Options. 3. In the Folder Options dialog box, on the Offline Files tab, click Advanced. 4. Under When a network connection is lost, configure the computers default behavior by selecting one of the following: Notify me and begin working offline (to be notified if you lose connectivity and continue working with offline files) Never allow my computer to go offline (to make offline files and folders unavailable if you lose connectivity) 5. To make an exception to the default behavior that you established in step 4: a. Under Exception list, click Add. b. In the Computer box, type the name of the network computer for which you want to make the exception. c. Under When a network connection is lost, select an option, and then click OK three times.
19
Practice: Configuring Caching Options for Offline Files
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives Practice setup Scenario In this practice, you will create a shared folder manually and then configure caching options on the shared folder. The London and Vancouver virtual machines should be running. You have several files that you would like other users in your department to be able to access whether they are connected to the network or not. You want to ensure that the files are organized in a single folder, and that users can access files from that folder when they are disconnected from the network.
! Create a shared folder manually

1. On Vancouver, log on to the nwtraders domain as Administrator with the password P@ssw0rd. 2. Click Start, right-click My Computer, and then click Manage. 3. In Computer Management, expand Shared Folders, right-click Shares, and then click New File Share. 4. On the Create a Shared Folder Wizard page, click Next. 5. In the Create Shared Folder dialog box, in the Folder to share box, type C:\OFFLINEFILES 6. In the Share name box, type OFFLINEFILES and then click Next. 7. In the message box asking if you want to create the C:\OFFLINEFILES path, click Yes. 8. In the Shared Folder Permissions dialog box, click Customize permissions, click Custom, and then select Everyone. 9. Verify that Full control is selected, click OK, click Next, and then click Finish.
20
! Configure caching options on the shared folder

1. In Computer Management, under Shared Folders, click Shares. 2. In the details pane, right-click OFFLINEFILES, and then click Properties. 3. In the OFFLINEFILES Properties dialog box, on the General tab, click Caching. 4. Verify that Manual caching of documents is selected, and then click OK. 5. Click OK to close the OFFLINEFILES Properties dialog box, and then close Computer Management.
21
Demonstration: Configuring Synchronization
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This demonstration shows you how synchronization quickly scans the local and network versions of files, and if it detects changes, automatically updates the resources, which speeds the synchronization process. 1. Click Start, point to All Programs, point to Accessories, and then click Synchronize. 2. In the Items to Synchronize dialog box, select the check boxes for the offline items that you want to synchronize. 3. Click Setup. 4. In the Synchronization Settings dialog box, on the Logon/Logoff tab, select LAN connection. 5. To accomplish the tasks in the following table, perform the actions described.
To Select files to synchronize for a particular connection Perform this action On the On Idle tab, under When I am using this network connection, click the network connection that you want to use. Under Synchronize the following checked items, select the check boxes beside the offline items that you want to synchronize. On the Logon/Logoff tab, click When I log on to my computer. On the Logon/Logoff tab, click When I log off my computer.
Configuring synchronization settings
Synchronize when logging on Synchronize when logging off
22
Module 7: Configuring Windows XP Professional for Mobile Computing (continued) To Prompt user before automatically synchronizing offline items Schedule synchronization when the system is idle or for specific times Perform this action On the Logon/Logoff tab, select the Ask me before synchronizing the items check box. On the Scheduled tab, click Add to start the Scheduled Synchronization Wizard. The wizard will assist you in creating a synchronization schedule.
6. After selecting the appropriate options, click OK, and then click Close.
23
Practice: Managing File Synchronization
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives In this practice, you will:

! !
Create offline documents manually and automatically. Disconnect from the network and then modify the offline documents created manually and automatically. Reconnect to the network and synchronize the documents.
Prerequisite Practice setup Scenario
Before working on this practice, you must have completed the previous practice, Configuring Caching Options for Offline Files. The London, Glasgow, and Vancouver virtual machines should be running. You need to store files on a shared folder in a co-workers computer, and you will be accessing those files when you are disconnected from the network. After you have worked with the offline files, you need to ensure that the original copy and the offline copy of the file are synchronized.
! Enable offline files

1. On Glasgow, log on to the nwtraders domain as Administrator with the password P@ssw0rd. 2. Click Start, and then click My Computer. 3. On the Tools menu, click Folder Options. 4. On the Offline Files tab, verify that the Enable Offline Files check box is selected, and then click OK. 5. Close My Computer.
24
! Create a file manually and save it to a shared folder on Vancouver

1. Click Start, click Run, type \\Vancouver\OFFLINEFILES and then click OK. 2. In the OFFLINE FILES on Vancouver window, on the File menu, point to New, and then click Wordpad Document. 3. Type Glasgow Offline File and then press ENTER to rename the new file. 4. Double-click Glasgow Offline File. 5. In WordPad, type This is a test of offline files and folders 6. On the File menu, click Save. 7. Close WordPad.
! Make the file available offline

1. Right-click the file that you just saved (\\Vancouver\Glasgow Offline File), and then click Make Available Offline. 2. In the Offline Files Wizard, click Next. 3. Verify that the Automatically synchronize the Offline Files when I log on and log off my computer check box is not selected, and then click Next. 4. Verify that the Enable reminders check box is selected, select Create a shortcut to the Offline Files folder on my desktop, and then click Finish. Synchronization occurs. Notice that the offline icon appears on the offline file. 5. Close the OFFLINEFILES on Vancouver window.
! Create an offline file automatically

1. On the desktop, double-click Shortcut to Offline Files. 2. Double-click Glasgow Offline File. 3. Close Glasgow Offline File. 4. Close the Offline Files folder.
! Disconnect from the network

1. Click Start, and then click Control Panel. 2. Click Network and Internet Connections, and then click Network Connections. 3. Right-click Local Area Connection, and then click Disable. 4. When the local area connection is shown as Disabled, minimize the Network Connections window.
25
! Make changes to the offline files

1. On the taskbar, in the notification area, point to the computer icon. You should see Offline Files The network is not available. 2. On the desktop, double-click Shortcut to Offline Files. 3. Double-click Glasgow Offline File. 4. In the WordPad document, type This is another test of Offline Files 5. Save the changes to your document, and then close WordPad. 6. Close the Offline Files folder. 7. In the notification area, click the Offline Files Status icon. The Offline File Status dialog box appears. If you click OK at this point, the files attempt to synchronize. 8. Select the Work online without synchronizing changes check box, and then click OK.
! Synchronize files
1. Maximize the Network Connections window. 2. Right-click Local Area Connection, and then click Enable. Synchronization takes place as soon as the local area connection is enabled. 3. Close the Network Connections window.
! Verify synchronization
1. Click Start, click Run, type \\Vancouver\OFFLINEFILES and then click OK. 2. Open the Glasgow offline file. The file contains the changes you made while working offline. 3. Close WordPad and the OFFLINEFILES on Vancouver window.
! Disable offline files

1. In Control Panel, click Appearance and Themes. 2. On the Tools menu, click Folder Options. 3. In the Folder Options dialog box, on the Offline Files tab, clear the Enable Offline Files check box, and then click OK. 4. Close Control Panel, and then log off.
26
How to Make Web Sites Available for Offline Use
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Web sites contain information that is vital to the job performance of many organizations employees. When employees are working offline, they cannot access this important information unless Web pages are configured for offline use. To make a Web site available for offline use: 1. Open Microsoft Internet Explorer. 2. Access the Web page or Web site that you want to make available offline. 3. On the Favorites menu, click Add to Favorites. 4. Select the Make available offline check box. 5. To specify a schedule for updating the page and how much content to download, click Customize. 6. Follow the instructions in the Offline Favorite Wizard.
27
Course Evaluation
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Your evaluation of this course will help Microsoft understand the quality of your learning experience. To complete a course evaluation, go to http://www.CourseSurvey.com. Microsoft will keep your evaluation strictly confidential and will use your responses to improve your future learning experience.
Index
Note: Numbers preceding the hyphens indicate the module in which the entry can be found.
A
access tokens, 6-8 accessibility options configuring, 4-3 to 4-5 Magnifier, 4-4 Narrator, 4-4 StickyKeys, 4-5 Accessibility Wizard, starting, 4-3 Account Lockout Policy settings, configuring, 6-22 account policies accessing using Group Policy snap-in, 6-21 configuring, 6-20 to 6-22 ACPI hardware, 7-8 activating Windows XP Professional, 1-8 active content in Internet Explorer, security guidelines, 5-25 Active Directory, when unavailable, 6-48 ActiveX components, updating, 5-12 Add Hardware Wizard, 2-5, 2-10 to 2-11 Add or Remove Programs filtering, 5-27 add-ons, 5-8, 5-12 Address toolbar, adding to taskbar, 4-13 administration, remote. See remote administration administrative alerts, 4-21 Administrator account location of, 1-6 missing from Welcome screen, 6-9 Advanced RISC Computing (ARC) paths, in Boot.ini file, 3-15 Always On power scheme, 7-9 answer files, 1-12 creating, using Setup Manager Wizard, 1-13, 1-15 to 1-17 Setup uses for, 1-14 verifying, 1-18 viewing, 1-18 antivirus software. See virus protection software APM hardware, 7-8 applications earlier versions, supporting. See Program Compatibility supporting, 5-26 to 5-35 Arabic language, installing, 4-7 archiving My Documents folder, 4-15 Asian languages entering characters in, 4-8 installing, 4-7 assisting users remotely. See Remote Assistance authentication defined, 6-8 for domains, 6-47 automatic caching, 7-16 Automatic Updates configuring, 1-43 enhancement in Service Pack 2, 1-39 policy settings, 1-43 automating Windows XP Professional installations, 1-11 to 1-19 answer files. See answer files components of installation, 1-12 multiple computers, 1-12 Service Pack 2, including when, 1-36 Uniqueness Database Files (UDFs). See Uniqueness Database Files (UDFs)
B
backwards compatibility support. See Program Compatibility basevideo boot switch, 3-15 batteries, conserving. See power schemes blocking pop-ups. See Pop-up Blocker publishers, 5-11 Bluetooth devices, installing, 2-6 Boot Logging, 3-10 boot process, 3-1 advanced options, 3-10 to 3-12 Boot.ini file. See Boot.ini file kernel initiation sequence, 3-6 multimedia presentation explaining, 3-3 boot sector, repairing, 3-21 boot switches, 3-15 to 3-16. See also specific switch names adding to operating systems, 3-19 modifying, 3-18 to 3-19 Boot.ini file, 3-13 to 3-19 Advanced RISC Computing (ARC) paths, 3-15 components, 3-14 default values, modifying, 3-17 defined, 3-14 editing, 3-14, 3-17 modifying, 3-17 switches. See boot switches time-out values, modifying, 3-17 bootlog boot switch, 3-15 bridging, 6-39
C
cache credentials, 6-48 caching automatic, 7-16 configuring, 7-16 manual, 7-16 offline files, 7-19 to 7-20 shared folders, options for, 7-16 checklist for configuring network, 6-36 CloneControlSet, 3-4, 3-5 cold-swap hardware connecting, 2-5 defined, 2-3 color depth, changing, 2-14 command-line tools configuring Windows Firewall using, 6-27 netsh. See netsh command-line tool remote administration using, 4-34 comparing answer files, 1-18 complete memory dump, 4-22 compressing My Documents folder, 4-15 Computer Administrator user accounts. See Administrator account Computer Management Console, 6-5, 6-7 computers common threats against, 1-38 configuring as workgroup, 6-11 laptop, 7-3. See also mobile computing locking, 6-19
configurations
Phone and Modem Options, 2-13 Printers and Faxes, 2-13 control sets. See also specific control sets configurations. See configurations default, 3-5 defined, 3-4 registry entries pointing to. See configurations viewing in registry, 3-7 cookies, security guidelines for, 5-25 copying user profiles, 4-26 CTRL+ALT+DEL settings, 6-19 currency settings, 4-6 CurrentControlSet, 3-5 customizing folders, 4-16 to 4-17 Internet Explorer, 5-18 to 5-19 menus, 4-16 to 4-17 My Documents folder, 4-14 to 4-15 power schemes, 7-11, 7-13 Start menu, 4-4, 4-9 to 4-11 Startup folder, 4-11 taskbar, 4-12 to 4-13 toolbars on taskbar, 4-13
computers, continued network access, enabling/denying, 6-16 power consumption, reducing. See power management; power schemes starting, using Recovery Console, 3-20 to 3-24 configurations changing, 3-5 current, 3-5 default, 3-5 defined, 3-4 failed, 3-5 LastKnownGood. See LastKnownGood configuration configuring accessibility options, 4-3 to 4-5 Account Lockout Policy settings, 6-22 account policies, 6-20 to 6-22 Automatic Updates, 1-43 caching, 7-16 device drivers, 2-7 device resource settings, manually, 2-9 devices, manually, 2-8 display settings, 2-14 Dr. Watson, 5-32 to 5-35 Fast User Switching, 6-12 files, for offline use, 7-15 hardware, 2-7, 7-2 to 7-6 hibernation, 7-12 ICMP firewall exceptions, 6-29 Internet Connection Sharing (ICS), manually, 6-40 Internet Explorer, 5-2 to 5-6 guidelines for, 5-25 Internet Explorer Customization Wizard. See Internet Explorer Customization Wizard (IECW) local policies, 6-16 local security, 6-14 to 6-22 lockout policy settings, 6-22 logon message text or message title, 6-17 modems, 2-13 monitors, 2-14, 2-15 network checklist for, 6-36 for workgroups, 6-36, 6-42 to 6-44 Password Policy, 6-21 Plug and Play device resource settings, 2-8 Pop-up Blocker, 5-9 power management, for mobile computing, 7-7 to 7-13 printers, 2-13 security, in Internet Explorer, 5-6 Security Center, 1-42 to 1-43 standby, 7-12 synchronization, 7-21 to 7-22 system failure settings, 4-22 system settings, 4-18 to 4-22 telephony, 2-13 user account lockout settings, 6-22 user desktop settings, 4-2 to 4-17 Windows Firewall, 6-23 to 6-34 exceptions, 6-28 to 6-29 logging, 6-27, 6-34 security policy, 6-31 Windows XP Professional for workgroups, 6-2 to 6-13 connecting to the Internet, 6-38 to 6-39 consoles creating customized local, 6-20 security, configuring and managing using, 6-15 Control Panel configuring modems, 2-13 Display, 2-14
D
Data Execution Prevention (DEP) settings, 3-16 date settings, 4-6 debug boot switch, 3-15 debugger. See Dr. Watson debugging. See Dr. Watson Memory.dmp file, 4-22 options for recording information, 4-22 Debugging Mode, 3-10 default control set, 3-5 default user profile defined, 4-24 modifying, 4-27 deleting port firewall exceptions, 6-34 sos boot switch, 3-19 user profiles, 4-26 denying network access, 6-16 deploying images, 1-21, 1-22 to 1-23 desktop background, changing, 2-14 configuring settings for individual users, 4-2 to 4-17 customizing, using Group Policy, 4-25 themes, changing, 2-14 Desktop toolbar, adding to taskbar, 4-13 device drivers, 2-4 configuring, 2-7 displaying while loading, 3-16 installing, 2-5 non-Plug and Play, 2-4 obtaining, 2-5, 2-18 Plug and Play, 2-4 rolling back, 2-21 to 2-23 security settings for installing unsigned, 6-17 signed, 2-17 troubleshooting, 2-16 to 2-23 unsigned, 2-17, 6-17 updating, 2-18 to 2-20 Device Manager, 2-7 devices. See also hardware Bluetooth, installing, 2-6 configuring, manually, 2-8 disabling, 2-24 to 2-30
Home and Small Network Setup checklist

drivers. See device drivers enabling, 2-25 installing, 2-2 to 2-11 non-Plug and Play, installing, 2-11 resource settings, 2-8, 2-9 types of, 2-3 uninstalling, 2-24 to 2-30 disabled users. See accessibility options disabling. See also uninstalling add-ons, in Internet Explorer, 5-12 defined, 2-25 devices, 2-24 to 2-30 hardware, 2-24 to 2-30 offline files, 7-25 serial mouse detection, 3-15 Windows Firewall all network users, 6-26 specific network connection, 6-27 disconnecting from network, 7-24 disk images. See images disk imaging applications, 1-21. See also images disk partitioning, 1-4 display names, modifying, 3-18 to 3-19 display settings, configuring, 2-14 docking using switch boxes, 7-4 warm, 7-3 without restarting, 7-3 domains accounts, creating, 6-46 authentication, 6-47 cache credentials, 6-48 joining, 6-45 to 6-50 logging on to, 6-47 to 6-48 vs. workgroups, 6-46 downloading Service Pack 2, 1-35 Dr. Watson, 5-31 to 5-35 configuring, 5-32 to 5-35 log file, examining, 5-34 drivers. See device drivers Dumpchk utility, 4-22 Dumpexam utility, 4-22 duplicating hard disks. See images exceptions, Windows Firewall, 6-25 configuring, 6-28 to 6-29 custom, defining, 6-29 default, 6-28 editing, 6-33 ICMP, 6-29 port, adding/deleting, 6-34 Remote Assistance, 4-40, 6-25
F
failure settings. See system failure settings Fast User Switching, 6-10 configuring, 6-12 testing, 6-13 FAST Wizard, 1-25 fastdetect boot switch, 3-15 file system, choosing, 1-4 files offline, viewing. See offline files synchronizing. See synchronization viewing when offline. See offline files filtering level, setting for Add or Remove Programs list, 5-27 firewalls, 6-24. See also Windows Firewall folders customizing, 4-16 to 4-17 sharing, 6-43. See also shared folders
G
Group Policy Automatic Updates settings, 1-43 defined, 4-25 desktop environments, customizing using, 4-25 Internet Explorer Maintenance (IEM) MMC extension, 5-17 My Documents folder settings, 4-15 Group Policy Management Console (GPMC), 5-22 to 5-24 installing, 5-22 Internet Explorer computer configuration, viewing, 5-23 user configuration, viewing, 5-24
H
hard disks, duplicating. See images hardware. See also devices cold-swap, 2-3 configuring, 2-7, 7-2 to 7-6 device drivers. See device drivers disabling, 2-24 to 2-30 hot-swap, 2-3 hot-swap, uninstalling using safe removal, 2-28 installing, 2-2 to 2-11 installing, using Add Hardware Wizard, 2-5 recommended for Windows XP Professional, 1-4 types, 2-3 uninstalling, 2-24 to 2-30 Hardware Compatibility List (HCL), 1-4 hardware profiles creating, 7-3, 7-5 default, 7-3 defined, 7-3 modifying, 7-6 Hebrew language, installing, 4-7 hibernation, 7-10 configuring, 7-12 password protecting, 7-12 testing manually, 7-12 Home and Small Network Setup checklist, 6-36
E
editing Boot.ini file, 3-14, 3-17 registry, 5-27 Windows Firewall exceptions, 6-33 e-mail attachments, as virus source, 1-38 enabling add-ons, in Internet Explorer, 5-12 devices, 2-25 Internet Connection Sharing (ICS), 6-40 network access, 6-16 offline files, 7-17 Pop-up Blocker, 5-9 remote administration, 4-33 Windows Firewall, 1-42 all network users, 6-26 specific network connection, 6-27 encrypting My Documents folder, 4-15 enforcing Internet Explorer settings, 5-25 environment variables, 4-19 to 4-20 errors, fixing. See Dr. Watson Event Viewer, opening, 4-36
home folders
Customization Wizard. See Internet Explorer Customization Wizard (IECW) customizing, 5-18 to 5-19 enhancements in Service Pack 2, 1-40 Group Policy Management Console (GPMC). See Group Policy Management Console (GPMC) Information Bar, 5-8 Options menu, 5-16 pop-ups, blocking. See Pop-up Blocker proxy servers, configuring, 5-7 publishers, blocking and unblocking, 5-11 security settings, configuring, 5-2 to 5-6, 5-13 to 5-14 security zones, 5-5 to 5-6 Service Pack 2 enhancements, 5-8 settings customizing, 5-16 to 5-17 enforcing, 5-25 maintaining using Group Policy, 5-19 user configuration, viewing in Group Policy Management Console, 5-24 Internet Explorer Administration Kit (IEAK), 5-17 Internet Explorer Customization Wizard (IECW), 5-18, 5-20 to 5-21 Internet Information Services (IIS), 5-4 Internet Options menu in Internet Explorer, 5-16 Internet zone, 5-5 inviting Remote Assistance user, 4-39
home folders, 4-14. See also My Documents folder Home/Office Desk power scheme, 7-9 hot-swap hardware, 2-3 connecting, 2-5 uninstalling, using safe removal, 2-28
I
ICMP firewall exceptions, 6-29 IIS Lockdown Tool, 5-4 images creating, 1-22 to 1-23 defined, 1-20 to 1-21 deploying, 1-21, 1-22 to 1-23 installing Windows XP Professional from, 1-20 to 1-23 Mini-Setup Wizard, 1-23 preparing hard disk before creating, 1-23 preserving custom user settings when creating, 1-22 reference computers, configuring, 1-22 indexing My Documents folder, 4-15 INF scripts, object specification syntax, 1-28 Information Bar, Internet Explorer, 5-8 input language, 4-7. See also language settings Input Method Editor (IME), 4-8 installing Bluetooth devices, 2-6 device drivers, 2-5. See also device drivers devices, 2-2 to 2-11. See also devices Group Policy Management Console (GPMC), 5-22 hardware, 2-2 to 2-11. See also hardware Internet Information Services (IIS), 5-4 languages, 4-7 non-Plug and Play devices, 2-11 Plug and Play devices, 2-10 Recovery Console, 3-23 to 3-24 Service Pack 2, 1-29 to 1-36 Setup Manager Wizard, 1-13 signed code, 5-11 unsigned device drivers, security settings for, 6-17 updates, from Windows Update, 1-34 Windows XP Professional, 1-2 automating. See automating Windows XP Professional installations configuration options, 1-13 from image, 1-20 to 1-23 from network server, 1-6 pre-installation process, 1-4 Internet Connection Sharing (ICS), 6-37 to 6-41 configuring manually, 6-40 connection method, choosing, 6-38 enabling, 6-41 host, defined, 6-37 Internet connections secure, 5-3 to 5-4 selecting method for, 6-38 to 6-39 Internet Explorer active content, security guidelines for, 5-25 add-ons, 5-8 ActiveX, 5-12 enabling and disabling, 5-12 computer configuration, viewing in Group Policy Management Console, 5-23 configuring, guidelines for, 5-25 connection settings, 5-7 cookies, 5-25
J-K
joining a domain, 6-45 to 6-50 kernel debugger, loading, 3-15 kernel memory dump, 4-22 keyboard layouts, adding to operating systems, 4-8
L
Language Band toolbar, adding to taskbar, 4-13 language settings, 4-7 to 4-8 input language, 4-7 installing languages, 4-7 to 4-8 keyboard layouts, adding, 4-8 laptop computers, 7-3. See also mobile computing LastKnownGood configuration defined, 3-5 to 3-6 when to use, 3-8 Limited user accounts, 6-5 Links toolbar, adding to taskbar, 4-13 LoadState.exe, 1-27 Local intranet zone defined, 5-5 settings, viewing, 5-13 Local Machine Zone Lockdown, 5-6 local policies, configuring, 6-16 local security configuring, 6-14 to 6-22 consoles. See consoles local user accounts. See also workgroup user accounts changing type, 6-13 creating, 6-12 defined, 6-4 local user profile, 4-24 locking computers, 6-19 lockout policy settings, configuring, 6-22 logging boot process, 3-10 system events, 4-21
proxy servers
logging off, preventing, 6-19 logging on authentication. See authentication denying permission to users or groups, 6-16 to domains, 6-47 to 6-48 Fast User Switching. See Fast User Switching message text, configuring, 6-17 message title, configuring, 6-17 security settings, 6-16 to 6-17 Welcome screen, 6-9 to workgroups, 6-9 to 6-10 network bridges, 6-39 New Toolbar toolbar, adding to taskbar, 4-13 noExecute boot switch, 3-16 noguiboot boot switch, 3-16 notification area of the taskbar, 4-12 NTFS file system, 1-4 number settings, 4-6
O
offline files accessing, 7-15 caching, 7-19 to 7-20 configuring, 7-15 creating, automatically, 7-24 disabling, 7-25 enabling, 7-17 Web sites, 7-26 opening Event Viewer, 4-36 ports, using Windows Firewall, 6-29 Security Center, 1-42 TCP ports, 4-35 operating systems boot switches. See boot switches display names, modifying, 3-18 to 3-19 Outlook Express, enhancements in Service Pack 2, 1-40
M
Magnifier program, 4-4 mandatory user profile, 4-24 manual caching, 7-16 manually installing Windows XP Professional, 1-9 to 1-10 configuration options, 1-13 pre-installation process, 1-4 master boot record, repairing, 3-21 Max Battery power scheme, 7-9 maxmem boot switch, 3-15 memory dumps, 4-22 Memory.dmp file, 4-22 menus, customizing, 4-16 to 4-17 Microsoft Internet Explorer. See Internet Explorer Microsoft Management Console (MMC) consoles. See consoles Internet Explorer Maintenance (IEM) extension for Group Policy, 5-17 security settings, modifying using, 6-15 Microsoft Windows XP Professional. See Windows XP Professional Microsoft Windows XP Service Pack 2. See Service Pack 2 Minimal Power Management power scheme, 7-9 mobile computing. See also laptop computers configuring hardware for, 7-2 to 7-6 power management for, 7-7 to 7-13 modems, configuring, 2-13 monitoring security status. See Security Center monitors configuring, 2-14 multiple, 2-14 arranging on desktop, 2-15 configuring, 2-14, 2-15 moving items between, 2-15 msconfig.exe, 3-17 multiple monitors. See monitors, multiple My Documents folder. See also home folders attributes, 4-15 customizing, 4-14 to 4-15 location, changing, 4-15, 4-23 sharing securely, 4-15
P
Password Policy, configuring, 6-21 passwords for hibernation, 7-12 preventing users from changing, 6-19 security settings for, 6-21 Plug and Play devices configuring resource settings, 2-8 drivers for, 2-4 installing, 2-10 policies, local, 6-16 Pop-up Blocker configuring, 5-9 enabling, 5-9 filtering level, setting, 5-10 Portable/Laptop power scheme, 7-9 ports, opening using Windows Firewall, 6-29 power management ACPI, 7-8 APM, 7-8 configuring, for mobile computing, 7-7 to 7-13 hibernation, 7-10 options, 7-8 power schemes. See power schemes standby, 7-10 power schemes, 7-9 to 7-10 creating, 7-13 customizing, 7-11, 7-13 Presentation power scheme, 7-9 printers, configuring, 2-13 profiles hardware. See hardware profiles security policy, 6-30 user. See user profiles Program Compatibility, 5-28 to 5-30 program shortcuts. See shortcuts, adding programs. See applications proxy servers, 5-7
N
Narrator program, 4-4 netsh command-line tool, 4-33 checking Windows Firewall settings using, 6-34 configuring Windows Firewall using, 6-27 configuring Windows Firewall logging using, 6-34 network configuring checklist for, 6-36 workgroups, 6-36, 6-43 to 6-44 disconnecting from, 7-24
Quick Launch toolbar

Security Center, 1-37 to 1-45 accessing, 1-42 Automatic Updates, configuring using, 1-43 configuring, 1-42 to 1-43 help, 1-44 unavailable options on domain computers, 1-41 security policies local, 6-16 Windows Firewall, 6-30 to 6-31 security status, monitoring. See Security Center security zones in Internet Explorer, 5-5 to 5-6. See also specific zones recommended settings, 5-5 Service Pack 2 enhancements, 5-6 setting, 5-24 settings, changing, 5-14 SELECT key, viewing, 3-7 sending files using Remote Assistance, 4-41 serial mouse detection, disabling, 3-15 servers, stand-alone, 6-3 Service Pack 2 automated installation, 1-36 defined, 1-30 downloading, 1-35 features, 1-31 installing, 1-29 to 1-36 Internet Explorer enhancements, 5-8 remote administration and, 4-33 Security Center. See Security Center security components, 1-39 to 1-40 security zone enhancements, 5-6 service packs, 1-7 Setup, automating. See automating Windows XP Professional installations Setup Manager Wizard, 1-6, 1-13 to 1-17 shared folders accessing, 6-44 caching options, 7-16, 7-20 creating, 6-43, 7-19 sharing folders, 6-43. See also shared folders My Documents folder, securely, 4-15 sharing Internet connections. See Internet Connection Sharing (ICS) shortcuts, adding to Quick Launch toolbar, 4-13 to Start menu, 4-11 to Start menu, for individual users, 4-11 to Startup folder, 4-11 signed code, installing, 5-11 signed device drivers, 2-17 small memory dump, 4-22 social engineering defined, 1-38 preventing, when using Remote Assistance, 4-42 software, malicious, guarding against, 1-38. See also viruses Software Update Services (SUS), 1-33 sos boot switch defined, 3-16 deleting, 3-19 stand-alone servers, 6-3 Standard user accounts, 6-5 standby, 7-10 configuring, 7-12 testing manually, 7-12
Q-R
Quick Launch toolbar, 4-12 to 4-13 RAM, specifying amount used by Windows, 3-15 receiving files using Remote Assistance, 4-41 Recovery Console defined, 3-21 installing, 3-23 to 3-24 starting, 3-22 starting computer using, 3-20 to 3-24 testing, 3-24 reference computers, configuring, 1-22. See also images regional settings, 4-6. See also language settings multiple languages, adding, 4-7 registry control sets in, 3-4 editing, 5-27 entries that point to control sets. See configurations remote administration, 4-31 to 4-36 enabling, 4-33 Service Pack 2 and, 4-33 TCP port 445, 4-33 using command-line tools, 4-34 Windows Firewall and, 4-33 Remote Assistance, 4-37 to 4-42 best practices, 4-42 establishing session, 4-39 to 4-40 files, exchanging via, 4-41 firewall exception, enabling, 4-40 Windows Firewall exceptions for, 6-25 removable storage devices, safely removing, 2-27 removing. See deleting; disabling; uninstalling repairing boot sector, 3-21 master boot record, 3-21 residential gateway, 6-38 Restricted sites zone, 5-5 roaming user profile, 4-24 rolling back device drivers, 2-21 to 2-23
S
Safe Mode, 3-10, 3-11 to 3-12 accessing, 3-11 with networking, 3-11 options, 3-11 when to use, 3-11 safeboot boot switch, 3-16 SAM. See Security Account Manager (SAM), user accounts in ScanState.exe, 1-27 screen resolution, changing, 2-14 screen saver, changing, 2-14 security common threats, 1-38 consoles. See consoles CTRL+ALT+DEL settings, 6-19 Internet connections, 5-3 to 5-4 Internet Explorer settings, 5-2 to 5-6 Internet Information Services (IIS), implementing for, 5-4 local, configuring, 6-14 to 6-22 passwords. See passwords policies. See also security policies local, 6-16 Service Pack 2 and, 1-39 to 1-40 settings, modifying using Microsoft Management Console, 6-15 of Welcome screen, 6-9 Security Account Manager (SAM), user accounts in, 6-4
viruses
Start menu, 4-9 to 4-11 customizing, 4-9, 4-10 to 4-11 pinned programs, 4-9 shortcuts adding, 4-11 adding for current user, 4-11 submenu folder adding, 4-10 adding for individual users, 4-11 starting Accessibility Wizard, 4-5 Add Hardware Wizard, 2-5 computers, using Recovery Console, 3-22 to 3-26 Magnifier program, 4-4 Narrator program, 4-4 Recovery Console, 3-22 Startup folder, customizing, 4-11 StickyKeys, 4-11 supporting applications, 5-26 to 5-35 surprise device removal, 2-26 to 2-27 switch boxes, docking with, 7-4 switching between user accounts without logging off. See Fast User Switching synchronization, 7-23 to 7-25 configuring, 7-21 to 7-22 verifying, 7-25 System Configuration utility, advanced options, 3-17 system failure settings, 4-21 to 4-22 configuring, 4-22 options, 4-21 system log, writing events to, 4-21 system requirements for Windows XP Professional, 1-4 system settings configuring, 4-18 to 4-22 failure. See system failure settings system variables, modifying, 4-19 troubleshooting device drivers, 2-16 to 2-23 remotely. See Remote Assistance Trusted sites zone, 5-5
U
unattended installations. See automating Windows XP Professional installations undocking, 7-4 uninstalling. See also disabling defined, 2-25 device drivers, 2-21 to 2-23 devices, 2-24 to 2-30 hardware, 2-24 to 2-30 hot-swap hardware, using safe removal, 2-29 Uniqueness Database Files (UDFs) defined, 1-12 Setup uses for, 1-14 unsigned device drivers defined, 2-17 security settings for installing, 6-17 updating ActiveX components, 5-12 device drivers, 2-18 to 2-20 Windows, 1-33 to 1-34 URL toolbar, 4-13 user accounts, 6-4 local. See local user accounts lockout settings, configuring, 6-22 switching between, without logging off. See Fast User Switching in workgroups, 6-5 user desktop settings, configuring, 4-2 to 4-17 user files and settings. See user states user profiles, 4-23 to 4-30. See also specific user profiles copying, 4-26 creating, 4-26 deleting, 4-27 managing, 4-26 to 4-30 testing, 4-30 types of, 4-24 User Rights Assignment settings, 6-16 user states defined, 1-24 transferring using command-line tools, 1-27 using FAST Wizard vs. USMT, 1-25 using USMT. See USMT user variables, modifying, 4-19 USMT, 1-27 to 1-28 defined, 1-25 executable files, 1-27 .inf files, 1-28
T
Task Manager, deactivating, 6-19 taskbar areas in, 4-12 customizing, 4-12 to 4-13 notification area, 4-12 Quick Launch toolbar. See Quick Launch toolbar toolbars, adding to, 4-13 TCP ports, opening, 4-35 technical support, remote. See Remote Assistance telephony, configuring, 2-13 testing Fast User Switching, 6-13 hibernation, manually, 7-12 Recovery Console, 3-24 standby, manually, 7-12 user profiles, 4-30 themes, desktop, 2-14 time settings, 4-6 toolbars on taskbar, 4-13 transferring user states, 1-24 to 1-28 FAST Wizard vs. USMT, 1-25 USMT. See USMT using command-line tools, 1-27 Trojan horses, 1-38
V
variables. See environment variables; system variables, modifying; user variables, modifying verifying answer files, 1-18 VGA Mode, 3-10 virus protection software defined, 1-7 Service Pack 2 and, 1-39 viruses, 1-38
warm docking
Windows XP Professional accessibility options. See accessibility options activating, 1-8 boot process. See boot process configuring for workgroups, 6-2 to 6-13 disk partitioning, 1-4 file system, choosing, 1-4 installation location, 1-4 installing, 1-9 to 1-10, 1-2 automating. See automating Windows XP Professional installations configuration options for, 1-13 demonstration of, 1-3 from image, 1-20 to 1-23 from network server, 1-6 pre-installation process, 1-4 security status, monitoring. See Security Center service packs, 1-7 Setup Manager Wizard, 1-6 system requirements, 1-4 system settings. See system settings as Web server, 5-4 Windows XP Service Pack 2. See Service Pack 2 workgroup user accounts, 6-5. See also local user accounts workgroups authentication. See authentication configuring Windows XP Professional for, 6-2 to 6-13 defined, 6-3 vs. domains, 6-46 logging on, options for, 6-9 to 6-10 network, configuring, 6-36 setting up, 6-11 user accounts in, 6-5 worms, 1-38
W
warm docking, 7-3 Web pages, adding to Links toolbar, 4-13 Web servers, Windows XP Professional computers as, 5-4 Web sites, offline. See offline files Welcome screen, 6-9 Windows Firewall, 1-39 checking, from command line, 6-34 command-line configuring, 6-27 configuring, 6-23 to 6-34 default configuration, 6-24 defaults, restoring, 6-29 defined, 6-24 dialog box, accessing, 6-26 disabling for all network users, 6-26 for specific network connection, 6-27 Domain profile, 6-31 enabling, 1-42 for all network users, 6-26 for specific network connection, 6-27 exceptions. See exceptions, Windows Firewall logging, configuring, 6-27, 6-34 port, opening, 6-29 remote administration and, 4-33 Remote Assistance exceptions, 6-25 security policies, 6-30 to 6-31 security policy profiles, 6-30 Standard profile, 6-31 Windows Task Manager, Users toolbar, 6-10 Windows Update, 1-33 to 1-34 Windows Update Web site, installing device drivers from, 2-18 Windows updates, filtering out of Add or Remove Programs list, 5-27
Z
zip drives. See removable storage devices, safely removing zones. See security zones in Internet Explorer

2285B

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

2285B

Încărcat de

Drepturi de autor:

Formate disponibile

2285B: Installing, Configuring, and Administering Microsoft Windows XP Professional

Course Number: 2285B Part Number: X11-01707 Released: 12/2004

You shall mean Trainer.

Installing, Configuring, and Administering Microsoft Windows XP Professional

Module 1: Installing Windows XP Professional

Module 2: Adding Hardware to Windows XP Professional Clients

Module 3: Resolving Boot Process Issues

Module 4: Configuring the Desktop Environment

Installing, Configuring, and Administering Microsoft Windows XP Professional

Module 5: Configuring Internet Explorer and Supporting Applications

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network

Module 7: Configuring Windows XP Professional for Mobile Computing

2285A: Installing, Configuring, and Administering Microsoft Windows XP Professional

About This Course

2285A: Installing, Configuring, and Administering Microsoft Windows XP Professional

After completing this course, the student will be able to:

2285A: Installing, Configuring, and Administering Microsoft Windows XP Professional

2285A: Installing, Configuring, and Administering Microsoft Windows XP Professional

Trainer Materials DVD Contents

2285A: Installing, Configuring, and Administering Microsoft Windows XP Professional

Student Materials Compact Disc Contents

2285A: Installing, Configuring, and Administering Microsoft Windows XP Professional

ALL CAPITALS monospace

Trainer Materials digital video disc (DVD)

To prepare for this course, you must:

How to Teach This Module

Demonstration: Using Microsoft Virtual PC

Practice: Starting and Logging on to Virtual PC 2004

Microsoft Learning Product Types

Microsoft Certified Professional program Facilities

*****************************ILLEGAL FOR NON-TRAINER USE******************************

What is Microsoft Operations Framework (MOF)?

The MOF Process Model

MOF Process Model quadrants

Supporting quadrant mission of service

SMFs in the supporting quadrant

Operating quadrant mission of service

SMFs in the operating quadrant

Demonstration: Using Microsoft Virtual PC

Practice: Starting and Logging on to Virtual PC 2004

! To start Virtual PC 2004

! To log on to Virtual PC 2004

Microsoft Learning Product Types

Microsoft Certified Professional Program

Acquiring the skills tested by an MCP exam

*****************************ILLEGAL FOR NON-TRAINER USE******************************

THIS PAGE INTENTIONALLY LEFT BLANK

Module 1: Installing Windows XP Professional

Module 1: Installing Windows XP Professional

Lab: 00 minutes Objectives

After completing this module, students will be able to:

To teach this module, the following materials are required:

Module 1: Installing Windows XP Professional

How to Teach This Module

Module 1: Installing Windows XP Professional

Demonstration Pages, Practices, and Labs

Module 1: Installing Windows XP Professional

Lesson: Manually Installing Windows XP Professional

The Pre-Installation Process

How to Install Windows XP Professional

How to Activate Windows XP Professional Practice: Installing Windows XP Professional

Module 1: Installing Windows XP Professional

Lesson: Automating a Windows XP Professional Installation

*ILLEGAL FOR NON-TRAINER USE**

*ILLEGAL FOR NON-TRAINER USE**